What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-22 18:07:52 | European Cybersecurity in Context: A Policy-Oriented Comparative Analysis (lien direct) | >I’m proud to have contributed to the “European Cybersecurity in Context: A Policy-Oriented Comparative Analysis“ Worldwide connectivity has unleashed global digitalisation, creating cross-border social networks for communicating and spreading information. The use of digital identity for democratic procedures is becoming a reality and public services are shifting towards using digital tools to implement simplified procedures. […] | |||
|
2022-08-22 17:50:43 | 8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe (lien direct) | >Researchers shared details of an eight-year-old flaw dubbed DirtyCred, defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University (Zhenpeng Lin | PhD Student,Yuhang Wu | PhD Student, Xinyu Xing | Associate Professor) disclosed an eight-year-old security vulnerability in the Linux kernel, dubbed DirtyCred, which they defined “as nasty as Dirty Pipe.” The Dirty Pipe flaw, tracked […] | Vulnerability | ||
|
2022-08-22 16:37:25 | Group-IB CEO will remain in jail – complaint denied (lien direct) | >On August 18, a Russian judge decided that Ilya Sachkov, founder and CEO of the Russian-led Group-IB, will remain in jail. Ilya Sachkov, founder and CEO of the Russian-led Group-IB will remain in jail following the judge's decision on August 18th after his defense team filed a complaint according to TASS (Russian Media Agency). Starting […] | |||
|
2022-08-22 06:47:28 | Donot Team cyberespionage group updates its Windows malware framework (lien direct) | >The Donot Team threat actor, aka APT-C-35, has added new capabilities to its Jaca Windows malware framework. The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In October 2021, a report released by the Amnesty International revealed that the […] | Malware | ||
|
2022-08-21 23:56:05 | Fake DDoS protection pages on compromised WordPress sites lead to malware infections (lien direct) | >Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages […] | Malware | ||
|
2022-08-21 17:40:20 | Threat actors are stealing funds from General Bytes Bitcoin ATM (lien direct) | >Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers. Threat actors have exploited a zero-day flaw in General Bytes Bitcoin ATM servers that allowed them to hijack transactions associated with deposits and withdrawal of funds. GENERAL BYTES is the world's largest Bitcoin, Blockchain, and […] | Vulnerability Threat | ||
|
2022-08-21 08:35:30 | Grandoreiro banking malware targets Mexico and Spain (lien direct) | >A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. Grandoreiro is a modular backdoor that supports the following capabilities: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific […] | Malware | ||
|
2022-08-21 07:18:34 | White hat hackers broadcasted talks and hacker movies through a decommissioned satellite (lien direct) | >Hackers took control of a decommissioned satellite and broadcasted hacking conference talks and hacker movies. During the latest edition of the DEF CON hacking conference held in Las Vegas, the group of white hat hackers Shadytel demonstrated how to take control of a satellite in geostationary orbit. The group used a satellite called Anik F1R, which […] | ★★★★ | ||
|
2022-08-20 16:56:39 | CISA added 7 new flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | >The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added seven new flaws to its Known Exploited Vulnerabilities Catalog, including a critical SAP security vulnerability tracked as CVE-2022-22536. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday […] | Vulnerability | ||
|
2022-08-20 08:28:30 | TA558 cybercrime group targets hospitality and travel orgs (lien direct) | >TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America. The group is a small crime threat actor, that has been […] | Malware Threat | ||
|
2022-08-19 23:20:33 | Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users (lien direct) | >Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported that the Russia-linked Cozy Bear cyberespionage group (aka APT29, CozyDuke, and Nobelium), has targeted Microsoft 365 accounts in espionage campaigns. The experts pointed out that APT29 devised new advanced tactics, techniques, and procedures to evade detection. […] | APT 29 | ||
|
2022-08-19 15:44:07 | CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog (lien direct) | >US CISA added a critical SAP flaw to its Known Exploited Vulnerabilities Catalog after its details were disclosed at the Black Hat and Def Con conferences. The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability, tracked as CVE-2022-22536, to its Known Exploited Vulnerabilities Catalog a few days after researchers shared details […] | |||
|
2022-08-19 11:56:41 | A flaw in Amazon Ring could expose user\'s camera recordings (lien direct) | Amazon addressed a high-severity flaw in its Ring app for Android that could have exposed sensitive information and camera recordings. In May, Amazon fixed a high-severity vulnerability in its Ring app for Android that could have allowed a malicious app installed on a user’s device to access sensitive information and camera recordings. The Ring app […] | Vulnerability | ||
|
2022-08-19 09:04:18 | Cisco fixes High-Severity bug in Secure Web Appliance (lien direct) | >Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […] | Malware Vulnerability | ||
|
2022-08-19 08:33:28 | Bumblebee attacks, from initial access to the compromise of Active Directory Services (lien direct) | >Threat actors are using the Bumblebee loader to compromise Active Directory services as part of post-exploitation activities. The Cybereason Global Security Operations Center (GSOC) Team analyzed a cyberattack that involved the Bumblebee Loader and detailed how the attackers were able to compromise the entire network. Most Bumblebee infections started by users executing LNK files which use a system binary to […] | |||
|
2022-08-19 07:05:40 | Estonia blocked cyberattacks claimed by Pro-Russia Killnet group (lien direct) | >Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector. The Pro-Russia hacker […] | |||
|
2022-08-18 22:37:20 | Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild (lien direct) | >Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893. The flaw is an out-of-bounds write issue in WebKit and the IT giant fixed it with improved bounds […] | Vulnerability | ||
|
2022-08-18 17:57:36 | Google blocked the largest Layer 7 DDoS reported to date (lien direct) | >Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google announced to have blocked the largest ever HTTPs DDoS attack that hit one of its Cloud Armor customers. The IT giant revealed that the attack reached 46 million requests per second (RPS). The attack took […] | |||
|
2022-08-18 15:24:11 | BlackByte ransomware v2 is out with new extortion novelties (lien direct) | >A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones. BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data leak site. It is interesting to note that the group introduced some novelties in the […] | Ransomware Threat | ★★ | |
|
2022-08-18 08:36:30 | Apple fixed two new zero-day flaws exploited by threat actors (lien direct) | >Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited by threat actors. Apple did not share details about these attacks. The two flaws are: CVE-2022-32893 – An out-of-bounds issue in WebKit which. An attacker can trigger the […] | Threat | ||
|
2022-08-18 07:10:57 | PoC exploit code for critical Realtek RCE flaw released online (lien direct) | >Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek's RTL819x system on a chip was released online. The issue resides in the Realtek's SDK for […] | Vulnerability | ||
|
2022-08-17 22:58:33 | China-linked RedAlpha behind multi-year credential theft campaign (lien direct) | >A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor tracked RedAlpha. The campaign targeted global humanitarian, think tank, and government organizations. Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of […] | |||
|
2022-08-17 17:58:53 | Bugdrop dropper includes features to circumvent Google\'s security Controls (lien direct) | Researchers have discovered a previously undocumented Android dropper, dubbed BugDrop, that’s still under development. Recently, researchers from ThreatFabric discovered a previously undetected Android dropper, dubbed BugDrop, which is under active development and was designed to bypass security features that will be implemented in the next release of the Google OS. The experts noticed something unusual in the […] | |||
|
2022-08-17 17:01:18 | Google fixed a new Chrome Zero-Day actively exploited in the wild (lien direct) | >Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. The actively exploited flaw, tracked as CVE-2022-2856, is an Insufficient validation […] | |||
|
2022-08-17 08:31:52 | North Korea-linked APT targets Job Seekers with macOS malware (lien direct) | >The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages […] | Malware Medical | APT 38 | |
|
2022-08-17 07:10:07 | ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data (lien direct) | >Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak (CVE-2022-21233) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs. ÆPIC Leak works on […] | Guideline | ||
|
2022-08-17 06:57:36 | Zoom fixed two flaws in macOS App that were disclosed at DEF CON (lien direct) | >Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher […] | |||
|
2022-08-16 17:38:33 | Clop gang targeted UK drinking water supplier South Staffordshire Water (lien direct) | >A cyber attack disrupted the IT operations of South Staffordshire Water, a company supplying drinking water to 1.6M consumers daily. South Staffordshire Water has issued a statement confirming the security breach, the company pointed out that the attack did not impact the safety and water distribution systems. South Staffordshire Water plc known as South Staffs […] | |||
|
2022-08-16 08:15:55 | Russia-linked Gamaredon APT continues to target Ukraine (lien direct) | >Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign. Symantec and TrendMicro first discovered the Gamaredon […] | Malware | ||
|
2022-08-16 06:56:04 | Phone numbers of 1,900 Signal users exposed as a result of Twilio security breach (lien direct) | >For about 1,900 users, Twilio hackers could have attempted to re-register their number to another device or learned that their number was registered to Signal. Communication company Twilio provides Signal with phone number verification services, and recent security breach it has suffered had also impacted some users of the popular instant-messaging app. Twilio hackers could […] | |||
|
2022-08-15 21:46:10 | Microsoft disrupts SEABORGIUM \'s ongoing phishing operations (lien direct) | >Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. The Microsoft Threat Intelligence Center (MSTIC) has disrupted activity by SEABORGIUM (aka ColdRiver, TA446), a Russia-linked threat actor that is behind a persistent hacking campaign targeting people and organizations in NATO countries. SEABORGIUM has been active since at least 2017, […] | Threat | ||
|
2022-08-15 18:01:21 | VNC instances exposed to Internet pose critical infrastructures at risk (lien direct) | >Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control another machine remotely. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a […] | Threat | ||
|
2022-08-15 15:22:28 | SOVA Android malware now also encrypts victims\' files (lien direct) | Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time. The latest version of the […] | Ransomware Malware | ||
|
2022-08-15 08:16:31 | A new PyPI Package was found delivering fileless Linux Malware (lien direct) | >Security Researchers discovered a new PyPI Package designed to drop fileless cryptominer to Linux systems. Sonatype researchers have discovered a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems. The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since […] | Malware | ||
|
2022-08-15 07:02:20 | Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi (lien direct) | >China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a new campaign conducted by a China-linked threat actor Iron Tiger that employed a backdoored version of the cross-platform messaging app MiMi Chat App to infect Windows, Mac, and Linux systems. The Iron Tiger APT (aka Panda Emissary, […] | Threat | APT 27 | ★★★★★ |
|
2022-08-14 17:51:11 | A flaw in Xiaomi phones using MediaTek Chips could allow to forge transactions (lien direct) | >Flaws in Xiaomi Redmi Note 9T and Redmi Note 11 models could be exploited to disable the mobile payment mechanism and even forge transactions. Check Point researchers discovered the flaws while analyzing the payment system built into Xiaomi smartphones powered by MediaTek chips. Trusted execution environment (TEE) is an important component of mobile devices designed to process […] | |||
|
2022-08-14 06:52:55 | CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks (lien direct) | >The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 […] | Ransomware Threat | ||
|
2022-08-13 16:51:53 | Killnet claims to have breached Lockheed Martin (lien direct) | >Russian hacker group Killnet claims to have launched a DDoS attack on the aerospace and defense giant Lockheed Martin. The Moscow Times first reported that the Pro-Russia hacker group Killnet is claiming responsibility for a recent DDoS attack that hit the aerospace and defense giant Lockheed Martin. The Killnet group also claims to have stolen […] | |||
|
2022-08-13 09:39:35 | Three flaws allow attackers to bypass UEFI Secure Boot feature (lien direct) | >Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that can be exploited to bypass the UEFI Secure Boot feature. Secure Boot is […] | Vulnerability | ||
|
2022-08-12 08:00:43 | Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite (lien direct) | >Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide. Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries. Yesterday, August 11, CISA has […] | Hack | ||
|
2022-08-12 06:25:03 | BazarCall attacks have revolutionized ransomware operations (lien direct) | >The Conti ransomware gang is using BazarCall phishing attacks as an initial attack vector to access targeted networks. BazarCall attack, aka call back phishing, is an attack vector that utilizes targeted phishing methodology and was first used by the Ryuk ransomware gang in 2020/2021. The BazarCall attack chain is composed of the following stages: Stage […] | Ransomware | ||
|
2022-08-11 17:58:58 | Palo Alto Networks warns of Reflected Amplification DoS issue in PAN-OS (lien direct) | >Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […] | Threat | ||
|
2022-08-11 05:50:14 | Ex Twitter employee found guilty of spying for Saudi Arabian government (lien direct) | >A former Twitter employee was found guilty of spying on certain Twitter users for Saudi Arabia. A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. “Ahmad Abouammo, a US resident born in Egypt, was found guilty by a jury Tuesday […] | |||
|
2022-08-11 05:47:24 | Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key (lien direct) | >Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA keys on devices running Cisco ASA Software and […] | Vulnerability Threat | ||
|
2022-08-10 21:20:53 | Cisco was hacked by the Yanluowang ransomware gang (lien direct) | >Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat […] | Ransomware Threat | ||
|
2022-08-10 17:17:14 | Risky Business: Enterprises Can\'t Shake Log4j flaw (lien direct) | >70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch them. Eight months later many Global 2000 firms are still fighting to mitigate the digital assets and business risks associated with Log4j. The ease of […] | |||
|
2022-08-10 15:14:01 | Experts found 10 malicious packages on PyPI used to steal developers\' data (lien direct) | 10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have discovered ten malicious packages on the Python Package Index (PyPI). The packages install info-stealers that allow threat actors to steal the private data and personal credentials of the developers. The researchers provide details about […] | Threat | ||
|
2022-08-10 13:48:54 | Hackers behind Twilio data breach also targeted Cloudflare employees (lien direct) | >Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one that hit Twilio. The content delivery network and DDoS mitigation company Cloudflare revealed this week that at least 76 employees and their family members received text messages on their personal and work phones. According to […] | Data Breach | ||
|
2022-08-10 10:39:16 | (Déjà vu) CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog (lien direct) | >US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed security flaw, tracked as CVE-2022-30333 (CVSS score: 7.5), in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The CVE-2022-30333 flaw is a path traversal […] | |||
|
2022-08-10 07:46:08 | VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656 (lien direct) | >VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The flaw was discovered by security researcher Petrus Viet from VNG Security, […] |
To see everything:
Our RSS (filtrered)
