What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-11 06:24:43 | Night Sky ransomware uses Log4j bug to hack VMware Horizon servers (lien direct) | The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. [...] | Ransomware Hack Vulnerability | ||
 |
2022-01-07 15:47:57 | Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns (lien direct) | A threat actor attempted to exploit the Log4Shell vulnerability to hack VMWare Horizon servers at UK NHS and deploy web shells. The security team at the UK National Health Service (NHS) announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. “An unknown threat group has […] | Hack Vulnerability Threat | ||
 |
2022-01-07 01:00:47 | Rights Group Verifies Polish Senator Was Hacked With Spyware (lien direct) | Amnesty International said Thursday it has independently confirmed that powerful spyware from the Israeli surveillance software maker NSO Group was used to hack a Polish senator multiple times in 2019 when he was running the opposition's parliamentary election campaign. | Hack | ||
 |
2022-01-05 19:55:00 | Anomali Cyber Watch: $5 Million Breach Extortion, APTs Using DGA Subdomains, Cyberespionage Group Incorporates A New Tool, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Data breach, DGA, Infostealer, Phishing, Rootkit, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Fintech Firm Hit by Log4j Hack Refuses to Pay $5 Million Ransom
(published: December 29, 2021)
The Vietnamese crypto trading, ONUS, was breached by unknown threat actor(s) by exploiting the Log4Shell (CVE-2021-44228) vulnerability between December 11 and 13. The exploited target was an AWS server running Cyclos, which is a point-of-sale software provider, and the server was only intended for sandbox purposes. Actors were then able to steal information via the misconfigured AWS S3 buckets containing information on approximately two million customers. Threat actors then attempted to extort five million dollars (USD).
Analyst Comment: Although Cyclos issued a warning to patch on December 13, the threat actors had already gained illicit access. Even though Log4Shell provided initial access to the compromised server, it was the misconfigured buckets the actors took advantage of to steal data.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203
Tags: ONUS, Log4Shell, CVE-2021-44228,
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
(published: December 29, 2021)
Palo Alto Networks Unit42 researchers have published a report based on their tracking of strategically-aged malicious domains (registered but not used until a specific time) and their domain generation algorithm (DGA) created subdomains. Researchers found two Pegasus spyware command and control domains that were registered in 2019 and were not active until July 2021. A phishing campaign using DGA subdomains that were similar to those used during the SolarWinds supply chain attack was also identified.
Analyst Comment: Monitor your networks for abnormal DNS requests, and have bandwidth limitations in place, if possible, to prevent numerous connections to DGA domains. Knowing which DGAs are most active in the wild will allow you to build a proactive defense by detecting any DGA that is in use. Anomali can detect DGA algorithms used by malware to assist in defending against these types of threats.
MITRE ATT&CK: [MITRE ATT&CK] Dynamic Resolution - T1568 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Application Layer Protocol - T1071
Tags: DGA , Pegasus, Phishing
Implant.ARM.iLOBleed.a
(published: December 28, 2021)
Amnpardaz researchers discovered a new rootkit that has been targeting Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server managemen |
Malware Hack Tool Vulnerability Threat | LastPass | |
|
2022-01-04 21:05:11 | UScellular discloses the second data breach in a year (lien direct) | UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. UScellular has disclosed a data breach after the attack that compromised the company’s billing system in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over […] | Data Breach Hack | ||
|
2022-01-04 12:07:08 | UScellular discloses data breach after billing system hack (lien direct) | UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. [...] | Data Breach Hack | ||
 |
2021-12-31 12:01:41 | (Déjà vu) PIT HackTheBox Walkthrough (lien direct) | Pit is a CTF Linux box with difficulty rated as a medium on Hack The Box platform. Let’s deep dive into breaking down this machine. | Hack | ||
|
2021-12-29 17:21:27 | Chinese Spies Exploit Log4Shell to Hack Major Academic Institution (lien direct) | China-linked cyberespionage group Aquatic Panda was recently observed exploiting the Log4Shell vulnerability to compromise a large academic institution, CrowdStrike's Falcon OverWatch team reports. | Hack Vulnerability | ||
|
2021-12-29 13:03:09 | BountyHunter HackTheBox Walkthrough (lien direct) | Bounty hunter is a CTF Linux machine with an Easy difficulty rating on the Hack the Box platform. So let’s get started and take a | Hack | ||
|
2021-12-29 07:07:07 | Fintech firm hit by log4j hack refuses to pay $5 million ransom (lien direct) | One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish the customer data should ONUS refuse to comply. [...] | Hack | ||
 |
2021-12-24 10:25:00 | Former Uber CSO Faces New Charge for 2016 Breach (lien direct) | US feds accuse Joe Sullivan of using bug bounty to conceal 2016 hack and breach | Hack | Uber Uber | |
 |
2021-12-21 17:42:17 | How to display seconds in the Windows 11 system clock despite Microsoft\'s wishes (lien direct) | Microsoft decided to block a Registry File hack that allows users to display seconds in the Windows 11 system clock. Now to get seconds to display, Windows 11 users have to install a third-party app. | Hack | ||
|
2021-12-21 12:19:11 | Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors (lien direct) | Walk-through metal detectors made by Garrett are affected by potentially serious vulnerabilities that can be exploited to hack the devices and alter their configuration. | Hack | ||
|
2021-12-17 10:00:00 | Conti ransomware uses Log4j bug to hack VMware vCenter servers (lien direct) | Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. [...] | Ransomware Hack | ||
 |
2021-12-16 14:45:51 | The DHS is inviting hackers to break into its systems, but there are rules of engagement (lien direct) | The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks. Read more in my article on the Tripwire State of Security blog. | Hack | ||
|
2021-12-16 00:08:09 | Smashing Security podcast #256: Virgin Media just won\'t take no for an answer, NFT apes, and bad optics (lien direct) | After a brief discussion of the Log4Shell vulnerability panic, we discuss how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your girlfriend's facial recognition. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley. | Hack Vulnerability | ||
 |
2021-12-14 23:10:21 | Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit (lien direct) | It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug. | Hack | ||
|
2021-12-13 20:45:23 | Seal HackTheBox Walkthrough (lien direct) | Seal is a CTF Linux machine rated as medium difficulty on Hack the Box platform. So let get started and deep dive into breaking down | Hack | ||
|
2021-12-13 19:28:00 | SANS Opens Free Holiday Hack Challenge (lien direct) | Cybersecurity training institute invites world to help Santa defeat cyber-villains | Hack | ||
|
2021-12-13 19:21:50 | How to display version information on the Windows 11 desktop (lien direct) | A simple hack of the Windows 11 Registry File allows you to display OS version information directly on the desktop, which can come in handy when you're troubleshooting. | Hack | ||
|
2021-12-10 10:34:27 | Saudi Activist Sues 3 Former U.S. Officials Over Hacking (lien direct) | Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured. | Hack | ||
 |
2021-12-09 10:30:33 | SnapHack: Watch out for those who can hack into anyone\'s Snapchat! (lien direct) | Oh snap! This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder. | Hack | ||
|
2021-12-07 20:58:46 | Explore Hackthebox Walkthrough (lien direct) | “Explore” is a Capture the Flag challenge that we’ll be solving today. (HTB) Hack the Box is where you can get your hands on one, | Hack | ||
|
2021-12-06 13:46:47 | France warns of Nobelium cyberspies attacking French orgs (lien direct) | The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021. [...] | Hack | ||
 |
2021-12-06 11:22:48 | BitMart hacked in “large-scale security breach” (lien direct) | BitMart, a trusted cryptocurrency trading platform has been the latest to suffer a breach, resulting in the loss of approximately $150 million. The hack was confirmed on Saturday, when BitMart confirmed in a statement that hackers had withdrawn a large amount in assets. The company added that withdrawals had been temporarily suspended and that a […] | Hack | ||
 |
2021-12-04 16:10:18 | A Planned Parenthood LA Hack Affects 400,000 Patients (lien direct) | Plus: A Ubiquiti hack revelation, predictive policing, and more of the week's top security news. | Hack | ||
|
2021-12-03 10:26:13 | Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack (lien direct) | A former employee of Ubiquiti Networks has been arrested and charged in connection with a hack that stole gigabytes of data and attempted to extort US $2 million from the firm. Read more in my article on the Hot for Security blog. | Data Breach Hack | ||
 |
2021-12-02 14:32:36 | Smart Contract Bug Results in $31 Million Loss (lien direct) | A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens. When the swap is completed, the price of tokenInthat is, the token sent by the userdecreases and the price of tokenOutor the token received by the userincreases. By using the same token for both tokenIn and tokenOut, the hacker greatly inflated the price of the MONO token because the updating of the tokenOut overwrote the price update of the tokenIn. The hacker then exchanged the token for $31 million worth of tokens on the Ethereum and Polygon blockchains... | Hack | ||
|
2021-12-02 11:52:34 | Former Employee Accused of Being Behind Ubiquiti Hack (lien direct) | The hacker attack disclosed by Ubiquiti in January 2021 was actually conducted by a former employee, according to the Justice Department, which announced charges against the individual on Wednesday. | Hack | ||
|
2021-11-30 13:00:00 | Think Climate Change Is Messy? Wait Until Geoengineering (lien direct) | Someone's bound to hack the atmosphere to cool the planet. So we urgently need more research on the consequences, says climate scientist Kate Ricke. | Hack | ||
 |
2021-11-30 01:36:45 | Panasonic Suffers Data Breach After Hackers Hack Into Its Network (lien direct) | Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company said in a short statement published on November 26. | Data Breach Hack | ||
|
2021-11-29 22:23:51 | How to disable (again) the blur effect on the Windows 11 login screen (lien direct) | We used a Registry File hack in Windows 10 to disable the blur effect on the login screen, but the Windows 11 update restored the default. We'll show you how to fix it again. | Hack | ||
|
2021-11-29 09:40:21 | Panasonic discloses data breach after network hack (lien direct) | Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month. [...] | Data Breach Hack Threat | ||
 |
2021-11-27 09:31:26 | Video: SANS Holiday Hack Challenge 2021 Q&A with Ed Skoudis, (Sat, Nov 27th) (lien direct) | The 2021 SANS Holiday Hack Challenge begins mid-December, but you can already watch "SANS Holiday Hack Challenge 2021 Q&A with Ed Skoudis" on YouTube. | Hack | ||
|
2021-11-24 15:29:13 | Apple Sues NSO Group (lien direct) | Piling more on NSO Group’s legal troubles, Apple is suing it: The complaint provides new information on how NSO Group infected victims' devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers. More news: Apple's legal complaint provides new information on NSO Group's FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim's Apple device and install the latest version of NSO Group's spyware product, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto. ... | Hack Vulnerability | ||
|
2021-11-23 08:29:16 | GoDaddy hack exposes accounts of 1.2 million customers (lien direct) | Web-hosting firm and domain registrar GoDaddy has revealed that it has suffered cyber attack which saw a hacker gain access to details of over one million customers. Read more in my article on the Hot for Security blog. | Hack | ||
|
2021-11-22 15:55:47 | Researchers Hack Conti Ransomware Infrastructure (lien direct) | Prodaft security researchers exploited a vulnerability in the recovery servers used by the Conti Ransomware-as-a-Service (RaaS), which allowed them to gain insight into the inner workings of the ransomware. | Ransomware Hack Vulnerability | ||
|
2021-11-22 11:43:08 | GoDaddy hack causes data breach affecting 1.2 million customers (lien direct) | GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [...] | Data Breach Hack | ||
|
2021-11-19 12:00:00 | Locked Out of \'God Mode\', Runners Hack Their Treadmills (lien direct) | NordicTrack customers were watching Netflix using a simple trick-until the company blocked their access. | Hack | ||
|
2021-11-15 19:51:13 | How to restore the full context menu to File Explorer in Windows 11 (lien direct) | The full right-click context menu in File Explorer can be restored in Windows 11 with a specific code and an unusual and slightly tricky hack of the Windows Registry File. | Hack | ||
|
2021-11-11 21:43:11 | Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant (lien direct) | Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a | Hack Threat | ||
 |
2021-11-10 14:00:00 | Breach and Attack Simulation: Hack Yourself to a More Secure Future (lien direct) | Getting breached is the surest way to learn your organization’s cybersecurity vulnerabilities. And that’s why you need to hack yourself before threat actors do. A cyber breach and attack simulation, also called red teaming, is best to understand vulnerabilities in practice, rather than just theory. What can you do before, during and after a simulated […] | Hack Threat | ||
|
2021-11-10 12:08:04 | Lazarus hackers target researchers with trojanized IDA Pro (lien direct) | A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application. [...] | Hack | APT 38 APT 28 | |
|
2021-11-04 14:58:51 | (Déjà vu) Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto (lien direct) | The US DoJ charged the suspected Twitter hacker ‘PlugWalkJoe’ with the theft of $784,000 worth of cryptocurrency using SIM swap attacks. The US Department of Justice has indicted Joseph James O’Connor, a suspected Twitter hacker also known as ‘PlugWalkJoe,’ for also stealing $784,000 worth of cryptocurrency using SIM swap attacks. Crooks conduct SIM swapping attacks to take […] | Hack | ||
 |
2021-11-02 14:09:27 | Champion Spotlight: Cris Rodriguez (lien direct) | This interview was cross-posted from the Veracode Community. Join us in congratulating Cris, the latest Secure Code Champion in the Veracode Community! The Secure Code Champion is an award that recognizes individuals with three championships in the Veracode Community's Secure Coding Challenge competitions. Cris is a principal-level Application Security engineer in a large global travel technology company. In this role, he focuses on application penetration testing and setting the strategy for migrating their apps over to Google Cloud. Before entering the security space, he was a software developer for five years. In this interview, we asked Cris about this experience participating in the Secure Coding Challenges and his career change story. He talked about how he made the career switch from a developer to become a security engineer, and what he thinks is important for someone to be successful in this role. For developers considering a similar career move, he also shared the resources that he found most helpful. About Your Experience in the Secure Coding Challenge What brought you to the Secure Coding Challenge? I got an email about the competition and I enjoy a good challenge. What did you find most valuable in participating in the Challenge? Since there were multiple languages, we were able to experience different solutions for a single bug class. That was helpful since most companies use many languages for their apps. What's your suggestion for participants to stand out in the competition? Trust your instincts and be familiar with using a command line and coding project directory tree. As a security engineer, you'll need to be able to dig into your organization's code if you want to be able to help your developers succeed. About Your Experience Becoming a Security Engineer How have you grown from a software developer into a Security engineer? What are the skillsets and knowledge required for this career change? How did you acquire those skills? I was a software developer for five years before I switched over to security. When I made the switch, I was focusing on penetration so I read as many bug bounty write-ups as I could find and watched many more YouTube tutorials. Hack the box and pentester academy have been very helpful in my learnings. What are the top 3 qualities of a successful security engineer? Attention to detail:We are looking for bugs in code that work so you have to understand what makes a component vulnerable. Communication:The developers are going to push back sometimes so being able to communicate with them is key Vulnerability Knowledge:When the developers push back on a vulnerability you really need to have the knowledge of why it is important to fix it. It also helps if you can demonstrate how the vulnerability can be exploited. Is there any tool, resource, forum/meet-up, or course you'd recommend for developers looking to break into the security world? Read the disclosed write-ups at HackerOne and Bugcrowd. Also, here is a link to a great repo that gathered a lot of write-ups. https://github.com/devanshbatham/Awesome-Bugbounty-Writeups Questions about becoming a security engineer? Or, if you're a fellow security engineer, let's connect! You can follow me on Twitter @Nimbus689 or connect with me on LinkedIn. https://www.linkedin.com/mwlite/in/cristobal-rodriguez-03b3b079 | Hack Vulnerability | ||
|
2021-11-01 13:52:42 | How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash (lien direct) | Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws Wincor Cineo ATMs that could be exploited to bypass Black-Box attack protections and withdraw cash. “According to Vladimir Kononovich, some manufacturers rely on security through […] | Hack | ||
|
2021-10-29 21:35:39 | An Apparent Ransomware Hack Puts the NRA in a Bind (lien direct) | The group behind the reported attack is under sanctions from the US Treasury, which means a payout could come with penalties for the victim. | Ransomware Hack | ||
 |
2021-10-29 13:38:04 | Microsoft documents “SHROOTLESS” hack patched in latest Apple updates (lien direct) | We'd have called this bug "SHROOTMORE", but naming it wasn't our call. | Hack | ||
|
2021-10-27 14:58:52 | Microsoft warns of new supply chain attacks by Russian-backed Nobelium group (lien direct) | The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May. | Hack | ★★★★★ | |
|
2021-10-27 13:26:12 | Twitter employees required to use security keys after 2020 hack (lien direct) | Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year's hack. [...] | Hack |
To see everything:
Our RSS (filtrered)
