What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-17 12:36:00 | Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials (lien direct) | The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The | Threat | ★★ | |
 |
2023-03-17 07:22:00 | APT Profile: Cozy Bear / APT29 (lien direct) | >Advanced Persistent Threat (APT) groups are widely classified as organizations that lead “attacks on a... | Threat Guideline | APT 29 APT 29 | ★★ |
|
2023-03-16 21:00:00 | Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (lien direct) | Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver commercial adversary simulation software. The development comes as | Malware Threat | ★★ | |
 |
2023-03-16 19:00:00 | Netskope Threat Coverage: BlackSnake Ransomware (lien direct) | >Summary BlackSnake is a ransomware-as-a-service (RaaS) group that first appeared in a hacking forum in August 2022, where the operators were seeking affiliates and stating that they would take 15% of the profit, which is below the typical average of 20-30%. On February 28, 2023, a new variant of BlackSnake was spotted, and is notable […] | Ransomware Threat | ★★★ | |
 |
2023-03-16 15:00:00 | Rapid7 Acquires Minerva Labs to Extend Leading Managed Detection and Response Service (lien direct) | Minerva's robust technology and talented engineering team extend Rapid7's end-to-end managed threat detection and orchestration capabilities from the endpoint to the cloud. | Threat | ★★ | |
 |
2023-03-16 13:46:09 | Webinar Today: How to Build Resilience Against Emerging Cyber Threats (lien direct) | >Join us for this webinar as we walk through three recent use cases where a new threat caught organizations off-guard. | Threat | ★★ | |
|
2023-03-16 12:04:00 | Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency (lien direct) | Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC). | Vulnerability Threat | ★★ | |
 |
2023-03-16 11:00:00 | Fortinet Zero-Day et Custom Maleware utilisés par un acteur chinois suspecté dans l'opération d'espionnage Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation (lien direct) |
Les acteurs de la menace cyber-espionnage continuent de cibler les technologies qui ne prennent pas en charge les solutions de détection et de réponse (EDR) telles que les pare-feu, dispositifs IoT , hypervisors et VPN Technologies (par exemple Fortinet , Sonicwall , Pulse Secure et autres).Mandiant a enquêté sur des dizaines d'intrusions à Defense Industrial Base (DIB), le gouvernement, la technologie et les organisations de télécommunications au cours des années où les groupes de Chine-Nexus suspectés ont exploité des vulnérabilités zéro-jours et déployé des logiciels malveillants personnalisés pour voler des informations d'identification et maintenir un accès à long terme et déployéaux environnements victimes.
nous
Cyber espionage threat actors continue to target technologies that do not support endpoint detection and response (EDR) solutions such as firewalls, IoT devices, hypervisors and VPN technologies (e.g. Fortinet, SonicWall, Pulse Secure, and others). Mandiant has investigated dozens of intrusions at defense industrial base (DIB), government, technology, and telecommunications organizations over the years where suspected China-nexus groups have exploited zero-day vulnerabilities and deployed custom malware to steal user credentials and maintain long-term access to the victim environments. We |
Malware Vulnerability Threat Industrial | ★★★ | |
 |
2023-03-16 10:50:30 | UK small business growth held back by cost-of-living, skills shortage and increased cyber threat (lien direct) | New research from IONOS, European digitalisation partner for small and medium-sized businesses, has found that while UK SMEs consider digitalisation to be important for the future viability of their business, there are growing concerns around the cost of living crisis, shortage of skilled workers and increased threat of cyberattack. - Special Reports | Threat | ★★ | |
 |
2023-03-16 10:30:00 | NCSC Calms Fears Over ChatGPT Threat (lien direct) | Tool won't democratize cybercrime, agency argues | Tool Threat | ChatGPT ChatGPT | ★★ |
|
2023-03-16 10:23:41 | Mettez à jour votre Outlook pour vous protéger contre les cyberattaques Russes attribuées à l\'APT28 par Mandiant (lien direct) | Mettez à jour votre Outlook pour vous protéger contre les cyberattaques Russes attribuées à l'APT28 par Mandiant - Malwares | Threat | APT 28 APT 28 | ★★ |
|
2023-03-16 10:17:00 | CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution. "Adobe ColdFusion | Vulnerability Threat | ★★ | |
 |
2023-03-16 09:55:26 | Visern d'hiver |Découvrir une vague d'espionnage mondial Winter Vivern | Uncovering a Wave of Global Espionage (lien direct) |
Sentinellabs découvre un ensemble de campagnes d'espionnage auparavant inconnu menées par Winter Livern Advanced Persistance Menace (APT) Group.
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group. |
Threat | ★★★★ | |
 |
2023-03-16 06:12:33 | 2022 Threat Trend Report on Kimsuky (lien direct) | In comparison to 2021, 2022 was a year filled with invisible activities, new attack types, Fully Qualified Domain Names (FQDN), and attack preparations. AhnLab identified a significantly higher number of these activities in comparison to 2021. One of these cases involved an incorrect configuration of C2 servers, causing the files within the said servers to be exposed and allowing AhnLab to procure samples, server information files, and variant samples that had never been known externally. The threat actors are using... | Threat Prediction | ★★ | |
|
2023-03-16 06:11:08 | Threat Trend Report on Region-Specific Ransomware (lien direct) | Background Currently, ransomware creators include individuals, cyber criminal gangs and state-supported groups. Out of these individuals and groups, cyber criminal gangs are the most proactive in ransomware development, while individuals and state-supported groups are less so. Privately developed ransomware is most often for research purposes with the intention of destroying data. Some state-sponsored threat groups also develop ransomware. The purpose of these cases is not for financial gain either but for data destruction, and Wipers, which do not allow recovery,... | Ransomware Threat Prediction | ★★ | |
 |
2023-03-16 00:49:59 | Check Point Research conducts Initial Security Analysis of ChatGPT4, Highlighting Potential Scenarios For Accelerated Cybercrime (lien direct) | >Highlights: Check Point Research (CPR) releases an initial analysis of ChatGPT4, surfacing five scenarios that can allow threat actors to streamline malicious efforts and preparations faster and with more precision. In some instances, even non-technical actors can create harmful tools. The five scenarios provided span impersonations of banks, reverse shells, C++ malware and more. Despite… | Malware Threat | ChatGPT | ★★ |
|
2023-03-15 19:56:02 | CPX 360 in München (lien direct) | Check Point möchte in der Lage sein, Angriffe zu verhindern, anstatt sie nur zu erkennen, und entwickelt daher seine Lösungen so, dass die gesamte Sicherheitsumgebung, also Netzwerk, Cloud und Remote-Benutzer sofort lernen und handeln, selbst wenn nur über einen einzigen Vektor angegriffen wird. Die Herausforderung liegt hier eindeutig in der zunehmenden Anzahl von Permutationen, denen Check Point mit 30 Jahren Threat Intelligence zu begegnen versucht. Das eigene Infinity Portal umfasst Quantum für die Absicherung des Netzwerks, Cloudgard für die Cloud-Sicherheit und Harmony für die Benutzer- und Gerätesicherheit, die alle zusammenarbeiten können, um eine ganzheitliche Cybersicherheitslösung zu gewährleisten. - Sonderberichte / affiche | Threat Cloud | ★ | |
|
2023-03-15 19:37:00 | Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns (lien direct) | An unpatched Microsoft Web server allowed multiple cybersecurity threat groups to steal data from a federal civilian executive branch. | Data Breach Threat | ★★★ | |
|
2023-03-15 19:19:00 | YoroTrooper Stealing Credentials and Information from Government and Energy Organizations (lien direct) | A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials from multiple applications, browser histories and cookies, system information and screenshots," Cisco | Threat Threat | ★★★★ | |
 |
2023-03-15 19:00:00 | Microsoft: Russian hackers may be readying new wave of destructive attacks (lien direct) | >The warning comes as part of an overview of cyberattacks carried out by Russian-linked actors over the past year. | Threat | ★★★ | |
|
2023-03-15 16:46:20 | Hoxhunt ChatGPT / Cybersecurity Research Reveals: Humans 1, AI 0 (lien direct) | Hoxhunt ChatGPT / Cybersecurity Research Reveals: Humans 1, AI 0 Research Highlights Need for Accelerating Security Behavior Change Outcomes with Evolving Threat Landscape - Special Reports | Threat | ChatGPT ChatGPT | ★★ |
|
2023-03-15 14:53:00 | Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company (lien direct) | A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which | Malware Threat | ★★★ | |
 |
2023-03-15 14:21:03 | Silicon Valley Bank collapse poses challenge for cybersecurity defenders, firms (lien direct) | Pas de details / No more details | Threat | ★★★ | |
 |
2023-03-15 14:06:14 | Hacker selling data allegedly stolen in US Marshals Service hack (lien direct) | A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service (USMS) servers. [...] | Hack Threat | ★★★★ | |
 |
2023-03-15 13:37:00 | Scammers used compromised police accounts in extortion scheme, prosecutors say (lien direct) |
Two men broke into a federal law enforcement database and a Bangladeshi police officer's email account to conduct extortion schemes, U.S. law enforcement officials say. A federal court in New York [unsealed an indictment](https://www.justice.gov/usao-edny/pr/two-men-charged-breaching-federal-law-enforcement-database-and-posing-police-officers) Tuesday against 19-year-old Sagar Steven Singh and 25-year-old Nicholas Ceraolo, who are accused of illegally collecting personal information about specific people |
Threat | ★★★ | |
 |
2023-03-15 13:00:00 | What is Reverse Tabnabbing and What Can You Do to Stop It? (lien direct) | >Tabnabbing is a phishing method in which attackers take advantage of victims’ unattended browser tabs. After hijacking an inactive tab and redirecting it to malicious URLs, an attacker can perform a phishing attack and execute scripts. With reverse tabnabbing, on the other hand, attackers can actually rewrite the source page after a victim clicks a […] | Threat | ★★★ | |
|
2023-03-15 12:17:00 | Ransomware gang exploited a zero-day in Microsoft security feature, Google says (lien direct) |
Financially motivated hackers are using a previously undocumented bug in Microsoft's SmartScreen security feature to spread the Magniber ransomware, according to a new report. The cybercriminals have been able to exploit the zero-day vulnerability in SmartScreen since December, researchers from Google's Threat Analysis Group (TAG) said. The Google team [reported](https://blog.google/threat-analysis-group/magniber-ransomware-actors-used-a-variant-of-microsoft-smartscreen-bypass/) its findings about the bug |
Ransomware Vulnerability Threat Threat | ★★ | |
 |
2023-03-15 12:02:06 | Detection Engineering Weekly #15 - Emotet\'s Return (lien direct) | Last week's news and how-tos in the art and science of Detection Engineering | Threat | ★★★ | |
|
2023-03-15 10:00:00 | Phishing Campaigns Use SVB Collapse to Harvest Crypto (lien direct) | Experts warn users to be on their guard | Threat | ★★ | |
 |
2023-03-15 09:44:16 | Évolution inquiétante des outils pirates (lien direct) | En février 2022, les experts en sécurité de l'information ont détecté l'arrivée du banquier pirate Xenomorph. Armé pour usurper, par superposition, les applications de 56 banques, le malware a rapidement été propagé grâce à des droppers publiés sur Google Play. | Malware Threat | ★★★ | |
|
2023-03-15 09:30:00 | Microsoft Patches Two Zero Days This Month (lien direct) | They include one likely exploited by Russian-linked threat actors | Threat | ★★ | |
 |
2023-03-15 08:40:31 | Un nouveau code pirate pour distributeurs de billets de banque ! (lien direct) | La découverte d'un nouveau malware nommé FiXS met à mal la sécurité de distributeurs de billets de banque. Ce logiciel malveillant cible les guichets automatiques de billets en Amérique latine, notamment les banques mexicaines depuis le début du mois de février 2023.... | Malware Threat | ★★ | |
|
2023-03-15 08:30:08 | L\'activité Emotet a repris après une interruption de trois mois (lien direct) | Des experts ont remarqué que le code malveillant Emotet a repris son activité de spammeurs après une " accalmie " de trois mois. Emotet, le retour. Après une pause de trois mois, l’outil malveillant refait surface via des vagues de spams dont il a le secret. Jusqu’à présent, les spécialistes de la sécurité de l’information n’ont trouvé … Continue reading L’activité Emotet a repris après une interruption de trois mois | Threat | ★★★ | |
 |
2023-03-15 03:43:57 | What is CSAF (Common Security Advisory Framework)? (lien direct) | The world of security advisories is disjointed, with disparate systems holding critical documentation in various formats. To make matters more challenging, despite living in a digital-first era, most of these documents are not legible for machines and must be parsed, reviewed, or referenced by humans. As system administrators contend with a rapidly changing threat landscape and the need to remain agile in the face of innovative cyber criminals, manually reading advisories, reviewing listed products and versions, and evaluating risk and potential actions is burdensome, at best. In the world of... | Threat | ★★ | |
 |
2023-03-14 22:27:50 | Threat Intelligence: A CISO ROI Guide - Automate to Increase Productivity (lien direct) | Automate Threat Intelligence to Stay Ahead of the Pack Introduction In our last several entries we talked about how threat hunting... | Threat | ★★★ | |
|
2023-03-14 22:27:18 | Threat Intelligence: A CISO\'s ROI - Avoid Inheriting a Security Problem with M&A Acquisitions (lien direct) | Elite Threat Hunting Teams Track Down Hidden Threats in M&A Situations By now we have discussed several areas of proactive security and... | Threat | ★★ | |
|
2023-03-14 22:26:26 | Threat Intelligence: A CISO ROI Guide - Elite Threat Hunters Prevent Supply Chain Breaches (lien direct) | Up the Ante Against Supply Chain Attacks and Still Have Time to Save the World Introduction In our first post we talked about how... | Threat | ★★ | |
|
2023-03-14 22:25:16 | Threat Intelligence: A CISO ROI Guide - Focus on Real-Time Threat Intelligence (lien direct) | Stop the Budget Drain and Strain of Old Threat Data you Don't Use In our first post, we talked about how cyber threat intelligence can... | Threat | ★★ | |
|
2023-03-14 22:21:37 | Threat Intelligence: A CISO ROI Guide - Prevent Data Breaches (lien direct) | Threat Reconnaissance that Saves your Butt and the Budget Threat hunting and reconnaissance often seems like another hard to explain... | Threat | ★★ | |
|
2023-03-14 18:20:00 | New threat group hacked EU healthcare agency and embassies, researchers say (lien direct) |
A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research. Cisco's Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization (WIPO). |
Threat | ★★★ | |
 |
2023-03-14 17:32:00 | Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam (lien direct) |
Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam, and More.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, DLL side-loading, Iran, Linux, Malvertising, Mobile, Pakistan, Ransomware, and Windows. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions
(published: March 10, 2023)
Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network.
Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor.
MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture
Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android
Cobalt Illusion Masquerades as Atlantic Council Employee
(published: March 9, 2023)
A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | APT 35 ChatGPT ChatGPT APT 36 APT 42 | ★★ |
|
2023-03-14 17:32:00 | GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks (lien direct) | A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range," Palo Alto Networks Unit 42 researchers said. "The threat actor | Malware Threat | ★★★ | |
|
2023-03-14 17:30:00 | YoroTrooper Espionage Campaigns Target CIS, EU Countries (lien direct) | The threat actors mainly targeted organizations across Azerbaijan, Tajikistan and Kyrgyzstan | Threat | ★★★ | |
|
2023-03-14 17:22:00 | The Prolificacy of LockBit Ransomware (lien direct) | Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension first | Ransomware Threat | ★★★ | |
|
2023-03-14 17:00:00 | DEV-1101 Updates Open Source Phishing Kit (lien direct) | The kit is written in NodeJS and has automated setup and detection evasion capabilities | Threat | ★★★★ | |
|
2023-03-14 15:41:00 | Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (lien direct) | An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target's | Threat | ★★★ | |
|
2023-03-14 14:53:29 | VERT Threat Alert: March 2023 Patch Tuesday Analysis (lien direct) | Today's VERT Alert addresses Microsoft's March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th. In-The-Wild & Disclosed CVEs CVE-2023-24880 Up first this month is a publicly disclosed and exploited vulnerability impacting Windows SmartScreen. SmartScreen prompts you when running certain files downloaded from the Internet to warn you that you should exercise caution before proceeding. SmartScreen is able to do this using the zone identifier Alternate Data Stream (ADS) or Mark of the Web. When the Zone... | Vulnerability Threat | ★★★ | |
|
2023-03-14 14:11:00 | Hackers target South Asian government entities with KamiKakaBot malware (lien direct) |
Suspected government-backed hackers are attacking military and government organizations in South Asia with malware called KamiKakaBot that is designed to steal sensitive information. Researchers from Amsterdam-based cybersecurity firm EclecticIQ [attributed](https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries#A1) the attacks to the advanced persistent threat (APT) group Dark Pink. The group's previous victims include military, government, religious and non-profit organizations in Cambodia, Indonesia, |
Malware Threat | ★★ | |
|
2023-03-14 14:08:34 | Ontinue Wins its Second Consecutive Gold Cybersecurity Excellence Award for Best MDR Service (lien direct) | Ontinue Wins its Second Consecutive Gold Cybersecurity Excellence Award for Best MDR Service Ontinue ION Recognized for Delivering Nonstop SecOps for Faster Detection and Response and More Proactive Threat Protection with Greater Efficiencies - Business News | Threat | ★★ | |
|
2023-03-14 14:03:45 | Ping Identity\'s response to GCHQ warning ChatGPT is a security threat (lien direct) | About ChatGPT and its security implications, a comment from Aubrey Turner, Executive Advisor at Ping Identity - Opinion | Threat | ChatGPT ChatGPT | ★★ |
To see everything:
Our RSS (filtrered)
