What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-28 08:26:13 | NUVOLA: the new Cloud Security tool (lien direct) | >nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa (@_notdodo_), Security Engineer at Prima Assicurazioni. The tool was released during the RomHack 2022 security conference in Rome. The tool helps the […] | Tool | ||
|
2022-09-28 07:43:33 | Meta dismantled the largest Russian network since the war in Ukraine began (lien direct) | >Meta dismantled a network of Facebook and Instagram accounts spreading disinformation across European countries. Meta announced to have taken down a huge Russian network of Facebook and Instagram accounts used to spread disinformation published on more than 60 websites impersonating news organizations across Europe. The disinformation operation began in May 2022, the network targeted primarily […] | |||
|
2022-09-27 20:39:33 | North Korea-linked Lazarus continues to target job seekers with macOS malware (lien direct) | >North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The attackers aimed at stealing credentials for the victims’ wallets. Last week, SentinelOne researchers discovered a decoy documents advertising positions […] | Malware | APT 38 | |
|
2022-09-27 15:37:51 | Defense firm Elbit Systems of America discloses data breach (lien direct) | >Elbit Systems of America, a subsidiary of defense giant Elbit Systems, disclosed a data breach after Black Basta ransomware gang claimed to have hacked it. In late June, the Black Basta ransomware gang claimed to have hacked Elbit Systems of America, the extortion group added the name of the company to its Tor leak site. […] | Ransomware Data Breach | ||
|
2022-09-27 13:13:23 | WhatsApp fixed critical and high severy vulnerabilities (lien direct) | >WhatsApp has addressed two severe Remote Code Execution vulnerabilities affecting the mobile version of the software. WhatsApp has published three security advisories for 2022, two of which are related to CVE-2021-24042 and CVE-2021-24043 vulnerabilities discovered in January and February, and the third one is related to CVE-2022-36934 and CVE-2022-27492 fixed by the company in September. The […] | |||
|
2022-09-27 09:40:39 | (Déjà vu) Erbium info-stealing malware, a new option in the threat landscape (lien direct) | >The recently discovered Erbium information-stealer is being distributed as fake cracks and cheats for popular video games. Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat […] | Malware Threat | ||
|
2022-09-27 07:57:31 | Mandiant identifies 3 hacktivist groups working in support of Russia (lien direct) | >Researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the GRU. Mandiant researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the Russian Main Intelligence Directorate (GRU). The experts assess with moderate confidence that moderators of the […] | |||
|
2022-09-26 18:37:27 | Russia prepares massive cyberattacks on the critical infrastructure of Ukraine and its allies (lien direct) | >The Ukrainian military intelligence warns that Russia is planning to escalate cyberattacks targeting Ukraine and Western allies. The Main Directorate of Intelligence of the Ministry of Defence of Ukraine (HUR MO) warns that Russia is planning to escalate cyberattacks targeting the critical infrastructure of Ukraine and western countries. According to the Ukrainian military intelligence service, […] | |||
|
2022-09-26 14:58:22 | China-linked TA413 group targets Tibetan entities with new backdoor (lien direct) | >China-linked cyberespionage group TA413 exploits employ a never-before-undetected backdoor called LOWZERO in attacks aimed at Tibetan entities. A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat), is exploiting recently disclosed flaws in Sophos Firewall (CVE-2022-1040) and Microsoft Office (CVE-2022-30190) to deploy a never-before-detected backdoor called LOWZERO in attacks aimed at Tibetan entities. The TA413 APT group is known to be focused […] | |||
|
2022-09-26 10:38:12 | (Déjà vu) Metador, a never-before-seen APT targeted ISPs and telco for about 2 years (lien direct) | >A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked as Metador, that primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. The experts pointed out that […] | Threat | ||
|
2022-09-26 06:22:16 | Exmatter exfiltration tool used to implement new extortion tactics (lien direct) | >Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample […] | Malware Tool Threat | ||
|
2022-09-25 16:34:04 | Attackers impersonate CircleCI platform to compromise GitHub accounts (lien direct) | >Threat actors target GitHub users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. GitHub is warning of an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The company learned of the attacks against its users on September […] | |||
|
2022-09-25 12:08:04 | OpIran: Anonymous declares war on Teheran amid Mahsa Amini\'s death (lien direct) | >OpIran: Anonymous launched Operation Iran against Teheran due to the ongoing crackdown on dissent after Mahsa Amini's death. Anonymous launched OpIran against Iran due to the ongoing crackdown on dissent after Mahsa Amini's death. The protests began after the death of Mahsa Amini from Saqqez in Kurdistan province after her arrest by Iran's morality police […] | |||
|
2022-09-24 21:44:32 | ISC fixed high-severity flaws in the BIND DNS software (lien direct) | >The Internet Systems Consortium (ISC) fixed six remotely exploitable vulnerabilities in the BIND DNS software. The Internet Systems Consortium (ISC) this week released security patches to address six remotely exploitable vulnerabilities in BIND DNS software. Four out of six flaws, all denial-of-service (DoS) issue, have been rated as 'high' severity. One of the issues, tracked […] | |||
|
2022-09-24 16:44:31 | Ukraine: SSU dismantled cyber gang that stole 30 million accounts (lien direct) | >The cyber department of Ukraine ‘s Security Service (SSU) dismantled a gang that stole accounts of about 30 million individuals. The cyber department of Ukraine ‘s Security Service (SSU) has taken down a group of hackers that is behind the theft of about 30 million individuals. The gang was offering the stole accounts for sale […] | |||
|
2022-09-24 13:58:18 | London Police arrested a teen suspected to be behind Uber, Rockstar Games breaches (lien direct) | >The City of London Police this week announced the arrest of a 17-year-old teenager on suspicion of hacking. Is he the Uber hacker? The City of London Police on Friday announced to have arrested a 17-year-old teenager on suspicion of hacking, however, experts believe the arrest could be linked to the recent security breaches suffered […] | Uber Uber | ||
|
2022-09-23 21:43:32 | Sophos warns of a new actively exploited flaw in Firewall product (lien direct) | >Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. The CVE-2022-3236 flaw resides in the User Portal and Webadmin of Sophos Firewall, […] | Vulnerability | ||
|
2022-09-23 15:40:55 | Anonymous claims to have hacked the website of the Russian Ministry of Defense (lien direct) | >The popular collective Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked data of 305,925 people. The #OpRussia (#OpRussia) launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the popular collective claims to have hacked the website of the Russian Ministry of Defense. The group of […] | |||
|
2022-09-23 15:13:49 | CISA adds Zoho ManageEngine flaw to its Known Exploited Vulnerabilities Catalog (lien direct) | >CISA added a security flaw in Zoho ManageEngine, tracked as CVE-2022-35405, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a recently disclosed security flaw in Zoho ManageEngine, tracked as CVE-2022-35405 (CVSS score 9.8), to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of […] | |||
|
2022-09-23 13:54:46 | Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw (lien direct) | >Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide. In February, Adobe […] | Vulnerability | ||
|
2022-09-23 11:02:00 | Australian Telecoms company Optus discloses security breach (lien direct) | >Australian telecoms company Optus disclosed a data breach, threat actors gained access to former and current customers. Optus, one of the largest service providers in Australia, disclosed a data breach. The intruders gained access to the personal information of both former and current customers. The company is a subsidiary of Singtel with 10.5 million subscribers as of 2019. […] | Threat | ||
|
2022-09-22 21:10:33 | AttachMe: a critical flaw affects Oracle Cloud Infrastructure (OCI) (lien direct) | >A critical vulnerability in Oracle Cloud Infrastructure (OCI) could be exploited to access the virtual disks of other Oracle customers. Wiz researchers discovered a critical flaw in Oracle Cloud Infrastructure (OCI) that could be exploited by users to access the virtual disks of other Oracle customers. An attacker can trigger the flaw to exfiltrate sensitive […] | Vulnerability | ||
|
2022-09-22 13:27:22 | A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects (lien direct) | >More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. The issue is a Directory traversal vulnerability that resides in the ‘extract’ […] | Vulnerability | ||
|
2022-09-22 11:06:42 | Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign (lien direct) | >Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a […] | |||
|
2022-09-22 05:19:24 | A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder (lien direct) | >A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of […] | Ransomware | ||
|
2022-09-21 15:45:32 | Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign (lien direct) | >Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache. The tool is not designed to be exposed on the Internet, however, researchers spotted […] | Tool | ||
|
2022-09-21 14:54:44 | Hackers stole $160 Million from Crypto market maker Wintermute (lien direct) | >Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute. Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute. The company made the headlines after that threat actors have stolen around $160 million worth of digital assets. […] | Threat | ||
|
2022-09-21 12:18:32 | U.S. gov adds more Chinese Telecom firms to the Covered List (lien direct) | >The U.S. Federal Communications Commission (FCC) has added more Chinese telecom firms to the Covered List. The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the Covered List. The Covered List, published by Public Safety and Homeland Security Bureau published, included products and […] | |||
|
2022-09-21 09:15:22 | Imperva blocked a record DDoS attack with 25.3 billion requests (lien direct) | >Cybersecurity company Imperva announced to have mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests. Cybersecurity firm Imperva mitigated a DDoS attack with over 25.3 billion requests on June 27, 2022. According to the experts, the attack marks a new record for Imperva's application DDoS mitigation solution. The attack targeted an unnamed […] | |||
|
2022-09-20 20:49:10 | Russian Sandworm APT impersonates Ukrainian telcos to deliver malware (lien direct) | >Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Multiple security firms have reported that the Sandworm APT continues to target Ukraine with multiple means, including custom malware and botnet like Cyclops […] | Malware | ||
|
2022-09-20 13:17:36 | Uber believes that the LAPSUS$ gang is behind the recent attack (lien direct) | >Uber disclosed additional details about the security breach, the company blames a threat actor allegedly affiliated with the LAPSUS$ hacking group. Uber revealed additional details about the recent security breach, the company believes that the threat actor behind the intrusion is affiliated with the LAPSUS$ hacking group. Over the last months, the Lapsus$ gang compromised […] | Threat | Uber Uber | |
|
2022-09-20 11:31:54 | Analyzing IP Addresses to Prevent Fraud for Enterprises (lien direct) | >How can businesses protect themselves from fraudulent activities by examining IP addresses? The police would track burglars if they left calling cards at the attacked properties. Internet fraudsters usually leave a trail of breadcrumbs whenever they visit websites through specific IP addresses. They reveal their physical location and the device they used to connect to […] | |||
|
2022-09-20 10:52:13 | American Airlines disclosed a data breach (lien direct) | >American Airlines disclosed a data breach, threat actors had access to an undisclosed number of employee email accounts. American Airlines recently suffered a data breach, threat actors compromised a limited number of employee email accounts. The intruders had access to sensitive personal information contained in the accounts, but the company’s data breach notification states that it is not aware […] | Data Breach Threat | ||
|
2022-09-20 05:11:39 | IT giants warn of ongoing Chromeloader malware campaigns (lien direct) | >VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect user traffic. The malware is able to redirect the user's traffic and hijacking user search queries to popular […] | Malware | ||
|
2022-09-19 16:26:21 | Revolut security breach: data of +50,000 users exposed (lien direct) | >Revolut has suffered a cyberattack, threat actors have had access to personal information of tens of thousands of customers. The financial technology company Revolut suffered a ‘highly targeted’ cyberattack over the weekend, threat actors had access to the personal information of 0.16% of its customers (approximately 50,000 users). The company states that it has already contacted the […] | Threat | ||
|
2022-09-19 07:11:18 | (Déjà vu) Alleged Grand Theft Auto 6 (GTA6) gameplay videos and source code leaked online (lien direct) | >Threat actors leaked source code and gameplay videos of Grand Theft Auto 6 (GTA6) after they have allegedly breached Rockstar Game. Threat actors allegedly compromised Rockstar Game’s Slack server and Confluence wiki and leaked Grand Theft Auto 6 gameplay videos and source code. On September 18, 2022, threat actors that go on GTAForums as 'teapotuberhacker' […] | Threat | Uber | |
|
2022-09-19 05:09:43 | TeamTNT is back and targets servers to run Bitcoin encryption solvers (lien direct) | >AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 […] | Malware | ||
|
2022-09-19 05:05:15 | Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes (lien direct) | >Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. Researchers from Necrum Security Labs discovered a couple of critical vulnerabilities, tracked as CVE–2022–36158 and CVE–2022–36159, impacting the Contec Flexlan FXA3000 and FXA2000 series LAN devices. The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec […] | |||
|
2022-09-18 13:26:03 | Netgear Routers impacted by FunJSQ Game Acceleration Module flaw (lien direct) | >Multiple Netgear router models are impacted by an arbitrary code execution via FunJSQ, which is a third-party module for online game acceleration. Researchers at security and compliance assessment firm Onekey warns of an arbitrary code execution via FunJSQ, which is a third-party module developed by Xiamen Xunwang Network Technology for online game acceleration, that impacts […] | |||
|
2022-09-18 11:58:11 | Uber says there is no evidence that users\' private information was compromised (lien direct) | Uber hack update: There is no evidence that users’ private information was compromised in the data breach. Uber provided an update regarding the recent security breach of its internal computer systems, the company confirmed that there is no evidence that intruders had access to users’ private information. “We have no evidence that the incident involved […] | Hack | Uber Uber | |
|
2022-09-17 18:11:10 | LastPass revealed that intruders had internal access for four days during the August hack (lien direct) | >The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days […] | Hack Threat | LastPass | |
|
2022-09-17 15:11:55 | CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog (lien direct) | >The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including the bug used in the Stuxnet attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of vulnerabilities added to the catalog: CVE-2022-40139: Trend […] | |||
|
2022-09-16 20:02:03 | Bitdefender releases Universal LockerGoga ransomware decryptor (lien direct) | >Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. “We're pleased to announce the availability of a new decryptor […] | Ransomware | ||
|
2022-09-16 16:40:56 | North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp (lien direct) | >North Korea-linked threat actor UNC4034 is spreading tainted versions of the PuTTY SSH and Telnet client. In July 2022, Mandiant identified a novel spear phish methodology that was employed by North Korea-linked threat actor UNC4034. The attackers are spreading tainted versions of the PuTTY SSH and Telnet client. The attack chain starts with a fake […] | Threat | ||
|
2022-09-16 07:22:27 | Uber hacked, internal systems and confidential documents were allegedly compromised (lien direct) | >Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] | Vulnerability Threat | Uber Uber | |
|
2022-09-15 21:32:33 | Akamai mitigated a new record-breaking DDoS attack against a Europen customer (lien direct) | >Akamai announced to have recently blocked a new record-breaking distributed denial-of-service (DDoS) attack. On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. The malicious traffic peaked at 704.8 Mpps and appears to originate from the same threat actor behind the previous record that Akamai blocked […] | Threat | ||
|
2022-09-15 15:32:00 | Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube (lien direct) | >Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners Researchers from Kaspersky have spotted a self-extracting archive, served to gamers looking for cheats on YouTube, that was employed to deliver the RedLine Stealer information-stealing malware and crypto miners. The RedLine malware allows operators to steal several […] | Malware | ||
|
2022-09-15 13:43:49 | Russia-linked Gamaredon APT target Ukraine with a new info-stealer (lien direct) | >Russia-linked Gamaredon APT targets employees of the Ukrainian government, defense, and law enforcement agencies with a custom information-stealing malware. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) is targeting employees of the Ukrainian government, defense, and law enforcement agencies with a piece of a custom-made information stealer implant. The malicious code was designed to […] | |||
|
2022-09-15 08:48:25 | FBI: Millions in Losses resulted from attacks against Healthcare payment processors (lien direct) | >The FBI has issued an alert about threat actors targeting healthcare payment processors in an attempt to hijack the payments. The Federal Bureau of Investigation (FBI) has issued an alert about cyber attacks against healthcare payment processors to redirect victim payments. Threat actors used employees' publicly-available Personally Identifiable Information (PII) and social engineering techniques to […] | Threat | ||
|
2022-09-15 05:22:07 | Crooks are using lures related to Her Majesty Queen Elizabeth II in phishing attacks (lien direct) | >Threat actors are exploiting the death of Queen Elizabeth II as bait in phishing attacks to steal Microsoft account credentials from victims. Researchers from Proofpoint are warning of threat actors that are using the death of Queen Elizabeth II as bait in phishing attacks. The attackers aim at tricking recipients into visiting sites designed to […] | Threat |
To see everything:
Our RSS (filtrered)
