What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-14 20:16:05 | CISA added 2 more security flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | >CISA added more security flaws to its Known Exploited Vulnerabilities Catalog, including Windows and iOS flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, a Windows privilege escalation vulnerability, tracked as CVE-2022-37969, and an arbitrary code execution issue, tracked as CVE-2022-32917, affecting iPhones and Macs. According to Binding […] | |||
|
2022-09-14 15:19:37 | SparklingGoblin APT adds a new Linux variant of SideWalk implant to its arsenal (lien direct) | >China-linked SparklingGoblin APT was spotted using a Linux variant of a backdoor known as SideWalk against a Hong Kong university. Researchers from ESET discovered a Linux variant of the SideWalk backdoor, which is a custom implant used by the China-linked SparklingGoblin APT group. The SparklingGoblin APT is believed to be a group that operated under […] | |||
|
2022-09-14 07:14:48 | Twitter former head of security told the Senate of severe security failings by the company (lien direct) | >Twitter whistleblower, and former head of security, Peiter Zatko, told the US Congress that the platform ignored his security concerns. Peiter 'Mudge' Zatko, former head of security, testified in front of Congress on Tuesday, sustaining that the platform ignored his security concerns and was vulnerable to cyber attacks. Zatko filed a whistleblower complaint in July with […] | |||
|
2022-09-14 05:21:01 | Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin (lien direct) | >Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites. The WPGateway plugin is a premium plugin that allows users of […] | Vulnerability Threat | ||
|
2022-09-14 05:16:20 | Microsoft September 2022 Patch Tuesday fixed actively exploited zero-day (lien direct) | >Microsoft released September 2022 Patch Tuesday security updates to address 64 flaws, including an actively exploited Windows zero-day. Microsoft September 2022 Patch Tuesday security updates address 64 vulnerabilities, including an actively exploited Windows zero-day. The flaws fixed by the IT giant impact Microsoft Windows and Windows Components; Azure and Azure Arc; .NET and Visual Studio […] | |||
|
2022-09-13 15:43:18 | Cyber espionage campaign targets Asian countries since 2021 (lien direct) | >A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. “A distinct group of espionage attackers who were formerly associated with the […] | Threat | ||
|
2022-09-13 14:05:21 | Trend Micro addresses actively exploited Apex One zero-day (lien direct) | >Trend Micro addressed multiple vulnerabilities in its Apex One endpoint security product, including actively exploited zero-day flaws. Trend Micro announced this week the release of security patches to address multiple vulnerabilities in its Apex One endpoint security product, including a zero-day vulnerability, tracked as CVE-2022-40139 (CVSS 3.0 SCORE 7.2), which is actively exploited. The CVE-2022-40139 […] | |||
|
2022-09-13 10:43:49 | Iran-linked TA453 used new Multi-Persona Impersonation technique in recent attacks (lien direct) | >Iran-linked threat actors target individuals specializing in Middle Eastern affairs, nuclear security and genome research. In mid-2022, Proofpoint researchers uncovered a cyberespionage campaign conducted by Iran-linked TA453 threat actors. The campaign aimed at individuals specializing in Middle Eastern affairs, nuclear security and genome research. Threat actors used at least two actor-controlled personas on a single […] | Threat | ||
|
2022-09-13 07:09:17 | Montenegro and its allies are working to recover from the massive cyber attack (lien direct) | >A massive cyberattack hit Montenegro, officials believe that it was launched by pro-Russian hackers and the security services of Moscow. A massive cyberattack hit Montenegro, the offensive forced government headquarters to disconnect the systems from the Internet. The attack started on August 20 and impacted online government information platforms. According to the media, the critical […] | |||
|
2022-09-13 05:15:31 | Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel (lien direct) | >The hacktivist collective GhostSec claimed to have compromised 55 Berghof PLCs used by Israeli organizations. Pro-Palestinian Hacking Group GhostSec claimed to have compromised 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a Free Palestine campaign. On September, 4th, 2022, GhostSec announced on social media and its Telegram channel that it has compromised […] | |||
|
2022-09-12 20:21:09 | Apple fixed the eighth actively exploited zero-day this year (lien direct) | >Apple has addressed the eighth zero-day vulnerability that is actively exploited in attacks against iPhones and Macs since January. Apple has released security updates to fix a zero-day vulnerability, tracked as CVE-2022-32917, which is actively exploited in attacks against iPhone and Mac devices. This is the eighth zero-day vulnerability fixed by the IT giant since […] | Vulnerability | ||
|
2022-09-12 16:36:52 | Google announced the completion of the acquisition of Mandiant for $5.4 billion (lien direct) | >Google completed the acquisition of the threat intelligence firm Mandiant, the IT giant will pay $5.4 billion. Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “RESTON, Va., March 8, 2022 – Mandiant, Inc. (NASDAQ: MNDT) today announced that it has entered into […] | Threat | ||
|
2022-09-12 08:57:15 | (Déjà vu) Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems (lien direct) | >Cisco confirmed the May attack and that the data leaked by the Yanluowang ransomware group was stolen from its systems. In August, Cisco disclosed a security breach, the Yanluowang ransomware gang breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed […] | Ransomware | ||
|
2022-09-12 07:27:53 | Some firmware bugs in HP business devices are yet to be fixed (lien direct) | >Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago. […] | |||
|
2022-09-11 21:35:47 | Albania was hit by a new cyberattack and blames Iran (lien direct) | >Albania blamed Iran for a new cyberattack that hit computer systems used by the state police on Friday. Albania blamed the government of Teheran for a new cyberattack that hit computer systems used by the state police on Saturday. “The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, […] | |||
|
2022-09-11 13:31:49 | Iran-linked APT42 is behind over 30 espionage attacks (lien direct) | >Iran-linked APT42 (formerly UNC788) is suspected to be the actor behind over 30 cyber espionage attacks against activists and dissidents. Experts attribute over 30 cyber espionage attacks against activists and dissidents to the Iran-linked APT42 (formerly UNC788). The campaigns have been conducted since 2015 and are aimed at conducting information collection and surveillance operations against […] | APT 42 | ||
|
2022-09-10 14:28:19 | IHG suffered a cyberattack that severely impacted its booking process (lien direct) | >InterContinental Hotels Group PLC (IHG) discloses a security breach, parts of its IT infrastructure has been subject to unauthorised activity The hospitality conglomerate, InterContinental Hotel Group (IHG) manages 17 hotel chains, including the Regent, Crowne Plaza, Holiday Inn, and Candlewood Suites. IHG operates 6,028 hotels in more than 100 different countries. The company announced that […] | |||
|
2022-09-10 13:32:07 | China-Linked BRONZE PRESIDENT APT targets Government officials worldwide (lien direct) | >China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware. Attacks part of this campaign were spotted […] | |||
|
2022-09-10 11:25:34 | Scammers live-streamed on YouTube a fake Apple crypto event (lien direct) | >Scammers live-streamed on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. Cybercriminals were live-streaming on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. The interview […] | |||
|
2022-09-09 19:48:51 | US Treasury sanctioned Iran \'s Ministry of Intelligence over Albania cyberattack (lien direct) | >The U.S. Treasury Department sanctioned Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the Albania cyberattack. The U.S. Treasury Department announced sanctions against Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the cyber attack that hit Albania in July. MOIS is the primary intelligence […] | |||
|
2022-09-09 16:09:44 | $30 Million worth of cryptocurrency stolen by Lazarus from Axie Infinity was recovered (lien direct) | >US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover more than $30 million worth of cryptocurrency stolen by North Korean-linked APT group Lazarus from online video game Axie […] | Guideline | APT 38 | |
|
2022-09-09 11:50:31 | Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin (lien direct) | >Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and […] | Vulnerability Threat | ||
|
2022-09-09 08:57:47 | Iran-linked DEV-0270 group abuses BitLocker to encrypt victims\' devices (lien direct) | Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 (Nemesis Kitten) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a […] | Ransomware Threat | ||
|
2022-09-08 22:05:52 | CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | >CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 12 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including four vulnerabilities in D-Link routers, two Chrome zero-day issues, and a recently disclosed flaw in the QNAP Photo Station. According to Binding Operational […] | |||
|
2022-09-08 20:36:59 | Classified NATO documents sold on darkweb after they were stolen from Portugal (lien direct) | >Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA). After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were offered for sale on the darkweb, the Portuguese agency discovered it has suffered a cyberattack. The Armed Forces […] | |||
|
2022-09-08 15:12:53 | North Korea-linked Lazarus APT targets energy providers around the world (lien direct) | >North Korea-linked Lazarus APT group is targeting energy providers around the world, including organizations in the US, Canada, and Japan. Talos researchers tracked a campaign, orchestrated by North Korea-linked Lazarus APT group, aimed at energy providers around the world, including organizations in the US, Canada, and Japan. The campaign was observed between February and July 2022. The attacks […] | APT 38 | ||
|
2022-09-08 11:24:22 | Cisco will not fix the authentication bypass flaw in EoL routers (lien direct) | >Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 […] | Vulnerability | ||
|
2022-09-08 09:10:20 | Ex-members of the Conti ransomware gang target Ukraine (lien direct) | >Some members of the Conti ransomware gang were involved in financially motivated attacks targeting Ukraine from April to August 2022. Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. The activities overlap with operations […] | Ransomware Threat | ||
|
2022-09-08 08:12:59 | Albania interrupted diplomatic ties with Iran over the mid-July attack (lien direct) | >Albania interrupted diplomatic ties with Iran and expelled the country's embassy staff over the mid-July attack. Albanian Prime Minister Edi Rama announced that Albania interrupted diplomatic ties with Iran and expelled the country's embassy staff over the massive cyber attack that hit the country in mid-July. The cyberattack hit the servers of the National Agency […] | |||
|
2022-09-07 16:38:18 | Experts spotted a new stealthy Linux malware dubbed Shikitega (lien direct) | >A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. The malware outstands for its multistage infection chain, threat actors use it to can gain full control of the system […] | Malware Threat | ||
|
2022-09-07 11:55:01 | Challenges of User Authentication: What You Need to Know (lien direct) | >In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. As virtually every aspect of day-to-day life and business is conducted online, the added convenience has also brought added risk. Information privacy, data sovereignty, […] | |||
|
2022-09-07 08:53:00 | Zyxel addressed a critical RCE flaw in its NAS devices (lien direct) | >Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. An attacker can exploit […] | Vulnerability | ||
|
2022-09-07 07:59:07 | Moobot botnet is back and targets vulnerable D-Link routers (lien direct) | >The Moobot botnet is behind a new wave of attacks that started in early August and that target vulnerable D-Link routers. Palo Alto Network's Unit 42 researchers reported a new wave of attacks launched by the Moobot botnet that target vulnerable D-Link routers. The Mirai-based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February […] | |||
|
2022-09-06 18:33:30 | The Los Angeles Unified School District hit by a ransomware attack (lien direct) | >One of the US largest School districts, the Los Angeles Unified School District, suffered a ransomware attack during the weekend. The Los Angeles Unified School District is one of the largest school distinct in the US, it was hit by a ransomware attack during the Labor Day weekend. The security breach took place a few […] | Ransomware | ||
|
2022-09-06 16:23:32 | A new Android malware used to spy on the Uyghur Community (lien direct) | >Experts spotted new Android spyware that was used by China-linked threat actors to spy on the Uyghur community in China. Researchers from Cyble Research & Intelligence Labs (CRIL) started their investigation after MalwareHunterTeam experts shared information about a new Android malware used to spy on the Uyghur community. The malware disguised as a book titled “The China […] | Malware Threat | ||
|
2022-09-06 13:51:43 | Experts discovered TeslaGun Panel used by TA505 to manage its ServHelper Backdoor (lien direct) | >Researchers discovered a previously undocumented software control panel, named TeslaGun, used by a cybercrime gang known as TA505. Researchers from cybersecurity firm PRODAFT have discovered a previously undocumented software control panel, tracked as TeslaGun, used by a cybercrime group known as TA505. Russian TA505 hacking group, aka Evil Corp, has been active since 2014 focusing on Retail and banking […] | |||
|
2022-09-06 08:37:02 | China accuses the US of cyberattacks (lien direct) | >China accuses the United States of conducting tens of thousands of cyberattacks on its country, including cyberespionage campaigns. The Government of Beijing accused the United States of launching tens of thousands of cyberattacks on China. The attacks aimed at stealing sensitive data from government entities and universities. In the past, the US Government has accused […] | |||
|
2022-09-06 07:23:28 | Interpol dismantled sextortion ring in Asia (lien direct) | >Interpol arrested 12 individuals which are suspected to be core members of a transnational sextortion ring. Interpol announced the arrest of 12 individuals suspected to be core members of a transnational sextortion ring. The arrests took place in July and August as a result of a joint investigation conducted by Interpol’s cybercrime division and police […] | ★★★★ | ||
|
2022-09-05 20:43:48 | QNAP warns new Deadbolt ransomware attacks exploiting zero-day (lien direct) | >QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […] | Ransomware Vulnerability Threat | ||
|
2022-09-05 18:03:10 | TikTok denies data breach following leak of user data (lien direct) | >Threat actors published a sample of data allegedly stolen from TikTok, but the company denies it was breached. The hacking collective AgainstTheWest recently published a post on Breach Forums message board claiming to have hacked TikTok and stolen source code and user data. The group published screenshots of an alleged stolen data, it claims to […] | Data Breach | ||
|
2022-09-05 11:44:19 | Windows Defender identified Chromium, Electron apps as Hive Ransomware (lien direct) | >Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware. Multiple users reported […] | Ransomware Malware | ||
|
2022-09-05 08:39:46 | EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web (lien direct) | >Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Original post: https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark […] | Hack Guideline | ||
|
2022-09-05 08:02:25 | A new SharkBot variant bypassed Google Play checks again (lien direct) | >Experts spotted an upgraded version of the SharkBot malware that was uploaded to the official Google Play Store. Fox IT researchers have spotted an upgraded version of a SharkBot dropper that was uploaded to the official Google Play Store. While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, […] | Malware | ||
|
2022-09-04 22:25:04 | A new phishing scam targets American Express cardholders (lien direct) | >Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The messages use a malicious attachment and their content attempt to trick cardholders into opening it. The subject of the emails reads “Important Notification About Your Account” in an attempt to urge recipients […] | |||
|
2022-09-04 13:23:48 | Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow (lien direct) | >The popular collective Anonymous and the IT Army of Ukraine hacked the Yandex Taxi app causing a massive traffic jam in Moscow. This week Anonymous announced to have hacked the Yandex Taxi app, the largest taxi service in Russia, and used it to cause a massive traffic jam in Moscow. The threat actors ordered all […] | Threat | ||
|
2022-09-04 10:37:25 | (Déjà vu) IRS mistakenly published confidential info for roughly 120K taxpayers (lien direct) | >The Internal Revenue Service (IRS) mistakenly leaked confidential information for approximately 120,000 taxpayers. Bad news for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns, the Internal Revenue Service has accidentally leaked their confidential information. Form 990-T is a form that a tax exempt organization files with the IRS to report its unrelated business income and to figure the tax owed on that income. On Friday, the IRS announced it has […] | |||
|
2022-09-04 09:14:26 | Alleged Iranian threat actors leak the code of their CodeRAT malware (lien direct) | >The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the SafeBreach Labs researchers recently analyzed a new targeted attack aimed at Farsi-speaking code developers. […] | Malware Threat | ||
|
2022-09-03 15:37:55 | Google rolled out emergency fixes to address actively exploited Chrome zero-day (lien direct) | >Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in the wild. Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild. The CVE-2022-3075 flaw is caused by insufficient data […] | Vulnerability | ||
|
2022-09-02 22:38:44 | (Déjà vu) Samsung discloses a second data breach this year (lien direct) | >Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal […] | Data Breach Threat | ||
|
2022-09-02 17:31:54 | The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals (lien direct) | >The information-stealing malware Prynt Stealer contains a backdoor that allows stealing the data it has infiltrated from victims. Zscaler researchers discovered Telegram channel-based backdoor in the information stealing malware, Prynt Stealer, which allows to secretly steal a copy of the data exfiltrated from the victims. “Zscaler ThreatLabz researchers have uncovered the Prynt Stealer builder, also […] | Malware |
To see everything:
Our RSS (filtrered)
