What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-02 13:26:40 | Another Ransomware For Linux Likely In Development (lien direct) | >Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware […] | Ransomware Threat | ||
|
2022-09-02 12:54:09 | Experts link Raspberry Robin Malware to Evil Corp cybercrime gang (lien direct) | >Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp. Raspberry Robin is a Windows worm discovered […] | Malware | ||
|
2022-09-02 10:48:48 | Google Chrome issue allows overwriting the clipboard content (lien direct) | >A security issue in the Google Chrome browser could allow malicious web pages to automatically overwrite clipboard content. A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically overwrite the clipboard content without any user interaction and consent simply visiting them. According to a blog post […] | Vulnerability | ||
|
2022-09-02 07:25:46 | Attack infrastructure used in Cisco hack linked to Evil Corp affiliate (lien direct) | >Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022. The experts also speculate that the […] | Hack | ||
|
2022-09-01 21:10:54 | Researchers analyzed a new JavaScript skimmer used by Magecart threat actors (lien direct) | >Researchers from Cyble analyzed a new, highly evasive JavaScript skimmer used by Magecart threat actors. Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter a new JavaScript skimmer developed by the Magecart threat group used to target Magento e-commerce websites. In Magecart attacks against Magento e-stores, attackers attempt to exploit vulnerabilities […] | Threat | ||
|
2022-09-01 15:27:41 | Ragnar Locker ransomware gang claims to have stolen data from TAP Air Portugal (lien direct) | >The Ragnar Locker ransomware gang claims to have hacked the Portuguese state-owned flag carrier airline TAP Air Portugal and stolen customers’ data. The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data. On August 26, the Portugues company announced via […] | Ransomware | ||
|
2022-09-01 14:01:47 | 1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials (lien direct) | >Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec’s Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials that allowed access to private cloud services. The experts pointed out that most of the apps containing hard-coded Amazon Web Services […] | Threat | ||
|
2022-09-01 09:36:00 | FBI is helping Montenegro in investigating the ongoing cyberattack (lien direct) | >A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive cyberattack. A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating the recent massive cyber attack that hit the government infrastructure last week. “This is another confirmation […] | |||
|
2022-09-01 08:06:38 | Apple released patches for recently disclosed WebKit zero-day in older iPhones and iPads (lien direct) | >Apple released new security updates for older iPhone and iPad devices addressing recently fixed WebKit zero-day. Apple has released new updates to backport patches released this month to older iPhone and iPad devices addressing the CVE-2022-32893 flaw. The CVE-2022-32893 flaw is an out-of-bounds issue that impacts WebKit. An attacker can trigger the flaw by tricking target devices into processing maliciously crafted web […] | |||
|
2022-08-31 22:31:33 | A flaw in TikTok Android app could have allowed the hijacking of users\' accounts (lien direct) | Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw (CVE-2022-28799) in the TikTok Android app, which could have allowed attackers to hijack users' accounts with a single click. The experts state that the vulnerability would have required the chaining with other […] | Vulnerability Guideline | ||
|
2022-08-31 19:42:45 | Threat actors breached the network of the Italian oil company ENI (lien direct) | >Italian oil giant Eni was hit by a cyber attack, attackers compromised its computer networks, but the consequences appear to be minor. Italian oil giant company Eni disclosed a security breach, threat actors gained access to its network, but according to the company the intrusion had minor consequences because it was quickly detected. “The internal […] | Threat | ★★ | |
|
2022-08-31 16:43:57 | GO#WEBBFUSCATOR campaign hides malware in NASA\'s James Webb Space Telescope image (lien direct) | A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. The phishing emails contain a Microsoft Office attachment that includes an external reference […] | Malware Threat | ||
|
2022-08-31 14:52:12 | Experts spotted five malicious Google Chrome extensions used by 1.4M users (lien direct) | >Researchers spotted 5 malicious Google Chrome extensions used to track users’ browsing activity and profit of retail affiliate programs. McAfee researchers discovered five malicious Google Chrome extensions with a total install base of over 1,400,000. The malicious Google Chrome extensions were masquerading as Netflix viewers, website coupons, and apps for taking screenshots of a website. […] | |||
|
2022-08-31 13:03:30 | China-linked APT40 used ScanBox Framework in a long-running espionage campaign (lien direct) | >Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South China Sea. Proofpoint's Threat Research Team uncovered a cyber espionage campaign targeting entities across the world that was orchestrated by a China-linked threat actor. The campaign aimed at entities in Australia, Malaysia, and Europe, as […] | Threat | APT 40 | |
|
2022-08-31 08:00:52 | Russian streaming platform Start discloses a data breach impacting 7.5M users (lien direct) | >The Russian subscription-based streaming service Start discloses a data breach affecting 7.5 million users. The Russian media streaming platform START disclosed a data breach that impacted 7.5 millions of its users. According to the company, the attackers stole a 2021 database from its infrastructure and also shared a samples online to demonstrate the authenticity of […] | Data Breach | ||
|
2022-08-30 16:50:57 | A new Google bug bounty program now covers Open Source projects (lien direct) | >Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source projects of the IT giant. The company will pay up to $31,337 […] | Vulnerability | ||
|
2022-08-30 15:00:45 | Three campaigns delivering multiple malware, including ModernLoader and XMRig miner (lien direct) | >Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims. ModernLoader is a .NET remote access trojan that […] | |||
|
2022-08-30 13:30:27 | A study on malicious plugins in WordPress Marketplaces (lien direct) | >A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites. A team of researchers from the Georgia Institute of Technology has analyzed the backups of more than 400,000 unique web servers and discovered 47,337 malicious plugins installed on 24,931 unique WordPress websites. The experts studied […] | |||
|
2022-08-30 09:47:59 | World\'s largest distributors of books Baker & Taylor hit by ransomware (lien direct) | Baker & Taylor, one of the world’s largest distributors of books, revealed that it was hit by a ransomware attack. Baker & Taylor, one of the world’s largest distributors of books worldwide, suffered a ransomware attack on August 23. The incident impacted the company’s phone systems, offices, and service centers. On August 24, the company […] | Ransomware | ||
|
2022-08-30 05:26:17 | Crooks are increasingly targeting DeFi platforms to steal cryptocurrency (lien direct) | >The U.S. FBI warns investors that crooks are increasingly exploiting security issues in Decentralized Finance (DeFi) platforms to steal cryptocurrency. The U.S. Federal Bureau of Investigation (FBI) published a Public Service Announcement (PSA) to warn investors that cybercriminals are increasingly exploiting security flaws in Decentralized Finance (DeFi) platforms to steal cryptocurrency. Threat actors are exploiting […] | Threat | ||
|
2022-08-29 20:48:55 | US FTC sued US data broker Kochava for selling sensitive and geolocation data (lien direct) | >The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. The U.S. Federal Trade Commission (FTC) filed a lawsuit against the US-based data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. “Defendant's violations […] | |||
|
2022-08-29 15:25:45 | Twilio breach let attackers access Authy two-factor accounts of 93 users (lien direct) | >Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through […] | Hack Threat | ||
|
2022-08-29 13:11:48 | Nitrokod crypto miner infected systems across 11 countries since 2019 (lien direct) | >Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines across 11 countries The threat actors dropped the malware from popular software available on dozens of free software websites, including Softpedia and […] | Malware Threat | ||
|
2022-08-29 09:03:36 | CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | >The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including a high-severity security flaw (CVE-2021-38406 CVSS score: 7.8) impacting Delta Electronics industrial automation software. According to Binding Operational Directive (BOD) 22-01: […] | |||
|
2022-08-29 07:43:12 | Scammers used a deepfake AI hologram of Binance executive to scam crypto projects (lien direct) | >Scammers used a deepfake AI hologram of the Binance chief communications officer for fraudulent activities. Patrick Hillmann, chief communications officer of Binance, confirmed that scammers used his Deepfake AI hologram to trick users into online meetings and target the projects of clients of the company. Hillmann explained in a blog post that the attack was […] | |||
|
2022-08-29 07:26:06 | COVID-19 data put for sale on Dark Web (lien direct) | >Researchers discovered leaked PII stolen from Thailand's Department of Medical Sciences containing information about citizens with COVID-19. Resecurity, a California-based cybersecurity company protecting Fortune 500, has identified leaked PII stolen from Thailand's Department of Medical Sciences containing information about citizens with COVID-19 symptoms. The incident was uncovered last week and shared with Thai CERT. The […] | |||
|
2022-08-28 21:51:02 | Surveillance firm\'s leaked docs show the purchase of an $8M iOS RCE zero-day exploit (lien direct) | Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. The Vx-undergroud researchers shared some images of several confidential documents that appear to be […] | |||
|
2022-08-28 15:36:36 | Experts warn of the first known phishing attack against PyPI (lien direct) | >The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates. The Python Package Index, PyPI, this week warned of an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to the packages in the repository. “Today we received reports of a phishing […] | |||
|
2022-08-28 05:06:36 | New Agenda Ransomware appears in the threat landscape (lien direct) | >Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. The ransomware was employed in a targeted attack against one of […] | Ransomware Threat | ★★★ | |
|
2022-08-27 16:14:51 | Twilio hackers also breached the food delivery firm DoorDash (lien direct) | >Twilio hackers also compromised the food delivery firm DoorDash, the attackers had access to company data, including customer and employee info. On-demand food delivery service DoorDash disclosed a data breach, the threat actors behind the Twilio hack gained access to the company’s data. DoorDash declared that malicious hackers stole credentials from employees of a third-party vendor, then […] | Hack Threat | ||
|
2022-08-27 08:15:39 | Unprecedented cyber attack hit State Infrastructure of Montenegro (lien direct) | >The state Infrastructure of Montenegro was hit by a massive and “unprecedented” cyber attack, authorities announced. An unprecedented cyber attack hit the Government digital infrastructure in Montenegro, the government has timely adopted measures to mitigate its impact. Montenegro immediately reported the attack to other members of the NATO alliance. “Certain services were switched off temporarily […] | |||
|
2022-08-27 07:06:40 | Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus (lien direct) | >Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. Threat actors abused a vulnerable anti-cheat driver, named mhyprot2.sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. The driver provides anti-cheat functions, but […] | Threat | ||
|
2022-08-26 23:08:15 | Critical flaw impacts Atlassian Bitbucket Server and Data Center (lien direct) | >Atlassian addressed a critical vulnerability in Bitbucket Server and Data Center that could lead to malicious code execution on vulnerable instances. Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 (CVSS score 9.9), that could be explored to execute malicious code on vulnerable installs The flaw is a command injection vulnerability that can be exploited via […] | Vulnerability Guideline | ||
|
2022-08-26 17:19:35 | Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access (lien direct) | >An Iran-linked Mercury APT group exploited the Log4Shell vulnerability in SysAid applications for initial access to the targeted organizations. The Log4Shell flaw (CVE-2021-44228) made the headlines in December after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library. The flaw can be exploited […] | Vulnerability | ||
|
2022-08-26 08:30:53 | GoldDragon campaign: North-Korea linked Kimsuky APT adopts victim verification technique (lien direct) | >The North Korea-linked Kimsuky APT is behind a new campaign, tracked as GoldDragon, targeting political and diplomatic entities in South Korea in early 2022. Researchers from Kaspersky attribute a series of attacks, tracked as GoldDragon, against political and diplomatic entities located in South Korea in early 2022 to the North Korea-linked group Kimsuky. Kimsuky cyberespiona group […] | |||
|
2022-08-26 06:58:36 | 0ktapus phishing campaign: Twilio hackers targeted other 136 organizations (lien direct) | >The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported. Most of the victims are organizations providing IT, software development, and cloud services. The campaign, codenamed 0ktapus, […] | Threat | ||
|
2022-08-25 23:18:15 | LastPass data breach: threat actors stole a portion of source code (lien direct) | >Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical […] | Threat | LastPass | |
|
2022-08-25 17:11:38 | Nobelium APT uses new Post-Compromise malware MagicWeb (lien direct) | >Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that […] | Malware Threat | APT 29 | |
|
2022-08-25 08:19:53 | GAIROSCOPE attack allows to exfiltrate data from Air-Gapped systems via ultrasonic tones (lien direct) | >GAIROSCOPE: An Israeli researcher demonstrated how to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. The popular researcher Mordechai Guri from the Ben-Gurion University of the Negev in Israel devise an attack technique, named GAIROSCOPE, to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. The attack requires that the […] | |||
|
2022-08-25 06:59:38 | Threat actors are using the Tox P2P messenger as C2 server (lien direct) | >Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server. Tox has been used in […] | Threat | ||
|
2022-08-24 23:12:45 | Plex discloses data breach and urges password reset (lien direct) | >The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and […] | Data Breach Threat | ||
|
2022-08-24 17:48:20 | AiTM phishing campaign also targets G Suite users (lien direct) | >The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services were spotted targeting Google G Suite users. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user […] | Threat | ||
|
2022-08-24 07:56:58 | VMware fixed a privilege escalation issue in VMware Tools (lien direct) | >VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. The virtualization giant VMware this week released patches to address an important-severity flaw, tracked as CVE-2022-31676, which impacts the VMware Tools suite of utilities. VMware Tools is a set of services and modules that enable several features in company […] | Vulnerability | ||
|
2022-08-24 07:01:06 | France hospital Center Hospitalier Sud Francilien suffered ransomware attack (lien direct) | >A French hospital, the Center Hospitalier Sud Francilien (CHSF), suffered a cyberattack on Sunday and was forced to refer patients to other structures. The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients […] | Ransomware | ||
|
2022-08-23 23:25:15 | Microsoft publicly discloses details on critical ChromeOS flaw (lien direct) | >Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8). The flaw is an out-of-bounds write issue in OS Audio Server that could be exploited to trigger […] | Vulnerability | ||
|
2022-08-23 17:45:41 | GitLab fixed a critical Remote Code Execution (RCE) bug in CE and EE releases (lien direct) | >DevOps platform GitLab fixed a critical remote code execution flaw in its GitLab Community Edition (CE) and Enterprise Edition (EE) releases. DevOps platform GitLab has released security updates to fix a critical remote code execution vulnerability, tracked as CVE-2022-2884 (CVSS 9.9), affecting its GitLab Community Edition (CE) and Enterprise Edition (EE) releases. An authenticated attacker […] | |||
|
2022-08-23 16:50:11 | Over 80,000 Hikvision cameras can be easily hacked (lien direct) | >Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. […] | Vulnerability | ||
|
2022-08-23 08:04:03 | CISA adds Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog (lien direct) | >US Cybersecurity and Infrastructure Security Agency (CISA) added a flaw, tracked as CVE-2022-0028, affecting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. According to Binding Operational […] | |||
|
2022-08-23 07:03:34 | Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business (lien direct) | >Experts found backdoors in budget Android device models designed to target WhatsApp and WhatsApp Business messaging apps. Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct […] | Malware | ||
|
2022-08-23 00:02:06 | Lockbit leak sites hit by mysterious DDoS attack after Entrust hack (lien direct) | >LockBit ransomware gang claims to have hacked the IT giant Entrust and started leaking the stolen files. Entrust Corp., provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificated for websites, mobile credentials, and connected devices. The Lockbit ransomware […] | Ransomware Hack |
To see everything:
Our RSS (filtrered)
