This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T20:38:51+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. The ransomware was employed in a targeted attack against one of […] ]]> 2022-08-28T05:06:36+00:00 https://securityaffairs.co/wordpress/134911/cyber-crime/agenda-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=6587220 False Ransomware,Threat None 3.0000000000000000 Security Affairs - Blog Secu Twilio hackers also compromised the food delivery firm DoorDash, the attackers had access to company data, including customer and employee info. On-demand food delivery service DoorDash disclosed a data breach, the threat actors behind the Twilio hack gained access to the company’s data. DoorDash declared that malicious hackers stole credentials from employees of a third-party vendor, then […] ]]> 2022-08-27T16:14:51+00:00 https://securityaffairs.co/wordpress/134905/data-breach/twilio-hackers-breached-doordash.html www.secnews.physaphae.fr/article.php?IdArticle=6573227 False Hack,Threat None None Security Affairs - Blog Secu Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. Threat actors abused a vulnerable anti-cheat driver, named mhyprot2.sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. The driver provides anti-cheat functions, but […] ]]> 2022-08-27T07:06:40+00:00 https://securityaffairs.co/wordpress/134884/malware/anti-cheat-driver-disable-antivirus.html www.secnews.physaphae.fr/article.php?IdArticle=6563515 False Threat None None Security Affairs - Blog Secu The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported. Most of the victims are organizations providing IT, software development, and cloud services. The campaign, codenamed 0ktapus, […] ]]> 2022-08-26T06:58:36+00:00 https://securityaffairs.co/wordpress/134851/hacking/0ktapus-phishing-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=6537030 False Threat None None Security Affairs - Blog Secu Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical […] ]]> 2022-08-25T23:18:15+00:00 https://securityaffairs.co/wordpress/134858/data-breach/lastpass-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=6529872 False Threat LastPass None Security Affairs - Blog Secu Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.  The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that […] ]]> 2022-08-25T17:11:38+00:00 https://securityaffairs.co/wordpress/134838/apt/nobelium-magicweb-tool.html www.secnews.physaphae.fr/article.php?IdArticle=6524118 False Malware,Threat APT 29 None Security Affairs - Blog Secu Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server. Tox has been used in […] ]]> 2022-08-25T06:59:38+00:00 https://securityaffairs.co/wordpress/134806/malware/tox-p2p-c2-server.html www.secnews.physaphae.fr/article.php?IdArticle=6515464 False Threat None None Security Affairs - Blog Secu The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and […] ]]> 2022-08-24T23:12:45+00:00 https://securityaffairs.co/wordpress/134814/data-breach/plex-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=6509871 False Data Breach,Threat None None Security Affairs - Blog Secu The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services were spotted targeting Google G Suite users. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user […] ]]> 2022-08-24T17:48:20+00:00 https://securityaffairs.co/wordpress/134796/cyber-crime/aitm-phishing-g-suite.html www.secnews.physaphae.fr/article.php?IdArticle=6505116 False Threat None None Security Affairs - Blog Secu Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers. Threat actors have exploited a zero-day flaw in General Bytes Bitcoin ATM servers that allowed them to hijack transactions associated with deposits and withdrawal of funds. GENERAL BYTES is the world's largest Bitcoin, Blockchain, and […] ]]> 2022-08-21T17:40:20+00:00 https://securityaffairs.co/wordpress/134664/hacking/general-bytes-bitcoin-atm-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=6459309 False Vulnerability,Threat None None Security Affairs - Blog Secu TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America. The group is a small crime threat actor, that has been […] ]]> 2022-08-20T08:28:30+00:00 https://securityaffairs.co/wordpress/134622/cyber-crime/ta558-targets-hospitality-travel.html www.secnews.physaphae.fr/article.php?IdArticle=6430507 False Malware,Threat None None Security Affairs - Blog Secu A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones. BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data leak site. It is interesting to note that the group introduced some novelties in the […] ]]> 2022-08-18T15:24:11+00:00 https://securityaffairs.co/wordpress/134531/cyber-crime/blackbyte-ransomware-v2.html www.secnews.physaphae.fr/article.php?IdArticle=6395062 False Ransomware,Threat None 2.0000000000000000 Security Affairs - Blog Secu Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited by threat actors. Apple did not share details about these attacks. The two flaws are: CVE-2022-32893 – An out-of-bounds issue in WebKit which. An attacker can trigger the […] ]]> 2022-08-18T08:36:30+00:00 https://securityaffairs.co/wordpress/134527/security/apple-zero-day-flaws-2.html www.secnews.physaphae.fr/article.php?IdArticle=6389742 False Threat None None Security Affairs - Blog Secu Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. The Microsoft Threat Intelligence Center (MSTIC) has disrupted activity by SEABORGIUM (aka ColdRiver, TA446), a Russia-linked threat actor that is behind a persistent hacking campaign targeting people and organizations in NATO countries. SEABORGIUM has been active since at least 2017, […] ]]> 2022-08-15T21:46:10+00:00 https://securityaffairs.co/wordpress/134414/apt/seaborgiums-targets-nato.html www.secnews.physaphae.fr/article.php?IdArticle=6345368 False Threat None None Security Affairs - Blog Secu Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control another machine remotely. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a […] ]]> 2022-08-15T18:01:21+00:00 https://securityaffairs.co/wordpress/134408/hacking/vnc-critical-infrastructures-at-risk.html www.secnews.physaphae.fr/article.php?IdArticle=6343492 False Threat None None Security Affairs - Blog Secu China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a new campaign conducted by a China-linked threat actor Iron Tiger that employed a  backdoored version of the cross-platform messaging app MiMi Chat App to infect Windows, Mac, and Linux systems. The Iron Tiger APT (aka Panda Emissary, […] ]]> 2022-08-15T07:02:20+00:00 https://securityaffairs.co/wordpress/134366/apt/iron-tiger-apt-is-behind-a-supply-chain-attack-that-employed-messaging-app-mimi.html www.secnews.physaphae.fr/article.php?IdArticle=6335813 False Threat APT 27 5.0000000000000000 Security Affairs - Blog Secu The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 […] ]]> 2022-08-14T06:52:55+00:00 https://securityaffairs.co/wordpress/134350/cyber-crime/zeppelin-ransomware-joint-alert.html www.secnews.physaphae.fr/article.php?IdArticle=6311917 False Ransomware,Threat None None Security Affairs - Blog Secu Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […] ]]> 2022-08-11T17:58:58+00:00 https://securityaffairs.co/wordpress/134295/security/palo-alto-networks-pan-os-dos.html www.secnews.physaphae.fr/article.php?IdArticle=6253782 False Threat None None Security Affairs - Blog Secu Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA keys on devices running Cisco ASA Software and […] ]]> 2022-08-11T05:47:24+00:00 https://securityaffairs.co/wordpress/134287/security/cisco-flaw-asa-ftd.html www.secnews.physaphae.fr/article.php?IdArticle=6244329 False Vulnerability,Threat None None Security Affairs - Blog Secu Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat […] ]]> 2022-08-10T21:20:53+00:00 https://securityaffairs.co/wordpress/134278/hacking/yanluowang-ransomware-hacked-cisco.html www.secnews.physaphae.fr/article.php?IdArticle=6236967 False Ransomware,Threat None None Security Affairs - Blog Secu 2022-08-10T15:14:01+00:00 https://securityaffairs.co/wordpress/134253/malware/pypi-malicious-packages-3.html www.secnews.physaphae.fr/article.php?IdArticle=6231955 False Threat None None Security Affairs - Blog Secu China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in some cases compromised their IT infrastructure, […] ]]> 2022-08-09T14:52:06+00:00 https://securityaffairs.co/wordpress/134180/apt/china-apt-attacks-industrial-enterprises.html www.secnews.physaphae.fr/article.php?IdArticle=6212250 False Threat None None Security Affairs - Blog Secu Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack. Twilio is […] ]]> 2022-08-08T18:16:46+00:00 https://securityaffairs.co/wordpress/134147/data-breach/twilio-discloses-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=6204814 True Data Breach,Threat None None Security Affairs - Blog Secu LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters […] ]]> 2022-08-08T15:11:18+00:00 https://securityaffairs.co/wordpress/134141/hacking/logokit-phishing-open-redirect.html www.secnews.physaphae.fr/article.php?IdArticle=6203650 False Spam,Threat None None Security Affairs - Blog Secu Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] ]]> 2022-08-05T22:08:30+00:00 https://securityaffairs.co/wordpress/134087/data-breach/twitter-zero-day-data-leak.html www.secnews.physaphae.fr/article.php?IdArticle=6150012 False Data Breach,Vulnerability,Threat None None Security Affairs - Blog Secu The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable networks. The Emergency Alert System […] ]]> 2022-08-05T14:10:06+00:00 https://securityaffairs.co/wordpress/134067/hacking/emergency-alert-system-bugs-alert.html www.secnews.physaphae.fr/article.php?IdArticle=6143532 True Threat None None Security Affairs - Blog Secu A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor. The attackers exploited the flaw in an attack […] ]]> 2022-08-05T08:49:59+00:00 https://securityaffairs.co/wordpress/134033/hacking/tac-040-ljl-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=6138932 False Threat None None Security Affairs - Blog Secu An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw (CVE-2022-30190). The assumption […] ]]> 2022-08-04T19:13:13+00:00 https://securityaffairs.co/wordpress/134014/intelligence/woody-rat-targets-russia-orgs.html www.secnews.physaphae.fr/article.php?IdArticle=6128945 False Malware,Threat None None Security Affairs - Blog Secu The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its funds. Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad. Nomad Bridge is a cross-chain bridge between Ethereum, Moonbeam, Avalanche, Evmos and Milkomeda. The project […] ]]> 2022-08-04T11:21:00+00:00 https://securityaffairs.co/wordpress/133988/hacking/nomad-cyber-heist.html www.secnews.physaphae.fr/article.php?IdArticle=6123096 False Threat None None Security Affairs - Blog Secu Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. Talos researchers observed a Chinese threat actor using a new offensive framework called Manjusaka (which can be translated to “cow flower” from the Simplified Chinese writing) that is similar to Sliver and Cobalt Strike tools. The […] ]]> 2022-08-03T17:15:45+00:00 https://securityaffairs.co/wordpress/133953/hacking/manjusaka-attack-tool.html www.secnews.physaphae.fr/article.php?IdArticle=6109996 False Tool,Threat None None Security Affairs - Blog Secu An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. The attackers initially compromise the target […] ]]> 2022-08-02T12:30:55+00:00 https://securityaffairs.co/wordpress/133925/cyber-crime/lockbit-3-0-abuse-windows-defender.html www.secnews.physaphae.fr/article.php?IdArticle=6089536 False Tool,Threat None None Security Affairs - Blog Secu Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies. At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows […] ]]> 2022-08-02T07:34:52+00:00 https://securityaffairs.co/wordpress/133911/malware/austria-investigates-dsirf-firm.html www.secnews.physaphae.fr/article.php?IdArticle=6086659 False Threat None 2.0000000000000000 Security Affairs - Blog Secu The Federal Communications Commission (FCC) warned Americans of the rising threat of smishing (robotexts) attacks. The Federal Communications Commission (FCC) issued an alert to warn Americans of the rising threat of smishing (robotexts) attacks aimed at stealing their personal information or for financial scams. “The FCC's Robocall Response Team is alerting consumers to the rising […] ]]> 2022-08-01T06:13:32+00:00 https://securityaffairs.co/wordpress/133865/cyber-crime/fcc-warns-smishing-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6073398 False Threat None None Security Affairs - Blog Secu North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims’ email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims’ Gmail and AOL email accounts. Researchers from cybersecurity firm Volexity tracked the threat actors as SharpTongue, but […] ]]> 2022-07-31T08:43:16+00:00 https://securityaffairs.co/wordpress/133837/apt/sharptongue-spy-gmail-aol.html www.secnews.physaphae.fr/article.php?IdArticle=6053086 False Threat None None Security Affairs - Blog Secu 2022-07-30T19:40:21+00:00 https://securityaffairs.co/wordpress/133827/malware/enisa-threat-landscape-for-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6040800 False Ransomware,Threat None None Security Affairs - Blog Secu Threat actors are devising new attack tactics in response to Microsoft’s decision to block Macros by default. In response to Microsoft’s decision steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default in Microsoft Office applications, threat actors are adopting new attack techniques. Researchers from Proofpoint reported that […] ]]> 2022-07-28T17:34:58+00:00 https://securityaffairs.co/wordpress/133764/hacking/attacks-after-microsoft-blocked-macros.html www.secnews.physaphae.fr/article.php?IdArticle=5994369 False Threat None None Security Affairs - Blog Secu Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […] ]]> 2022-07-28T11:04:36+00:00 https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5988226 False Malware,Threat None None Security Affairs - Blog Secu Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish covert backdoors into servers and maintain persistence in the target networks. IIS backdoors are also hard to detect because they follow the same […] ]]> 2022-07-27T20:17:57+00:00 https://securityaffairs.co/wordpress/133727/hacking/iis-extensions-backdoors.html www.secnews.physaphae.fr/article.php?IdArticle=5975762 False Threat None None Security Affairs - Blog Secu Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals and organizations that operate on Facebook's Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to […] ]]> 2022-07-27T14:51:28+00:00 https://securityaffairs.co/wordpress/133715/malware/ducktail-operation-facebook-business.html www.secnews.physaphae.fr/article.php?IdArticle=5970569 False Threat None None Security Affairs - Blog Secu The U.S. State Department increased rewards for information on any North Korea-linked threat actors to $10 million. In April 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released a joint advisory that is warning organizations worldwide about the 'significant cyber threat' posed by the North Korean nation-state actors […] ]]> 2022-07-26T18:57:31+00:00 https://securityaffairs.co/wordpress/133688/apt/us-north-korea-rewards.html www.secnews.physaphae.fr/article.php?IdArticle=5955290 False Threat None None Security Affairs - Blog Secu Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform PrestaShop by exploiting a zero-day flaw, tracked as CVE-2022-36408, that can allow to execute arbitrary code and potentially steal customers’ payment information. PrestaShop is currently used by 300,000 shops worldwide […] ]]> 2022-07-26T06:22:58+00:00 https://securityaffairs.co/wordpress/133669/hacking/prestashop-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=5946467 False Vulnerability,Threat None None Security Affairs - Blog Secu Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor.  Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […] ]]> 2022-07-25T23:10:18+00:00 https://securityaffairs.co/wordpress/133658/malware/cosmicstrand-uefi-firmware-rootkit.html www.secnews.physaphae.fr/article.php?IdArticle=5944102 False Malware,Threat None None Security Affairs - Blog Secu North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka […] ]]> 2022-07-24T13:53:53+00:00 https://securityaffairs.co/wordpress/133605/apt/apt37-stiffbizon-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5923023 False Threat,Cloud APT 37,APT 28 None Security Affairs - Blog Secu Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale […] ]]> 2022-07-24T08:29:58+00:00 https://securityaffairs.co/wordpress/133593/data-breach/twitter-leaked-data.html www.secnews.physaphae.fr/article.php?IdArticle=5918894 False Vulnerability,Threat None None Security Affairs - Blog Secu The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […] ]]> 2022-07-23T18:27:23+00:00 https://securityaffairs.co/wordpress/133587/cyber-warfare-2/fbi-seized-bitcoin-maui-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5906151 False Ransomware,Threat None None Security Affairs - Blog Secu 2022-07-22T11:27:57+00:00 https://securityaffairs.co/wordpress/133559/hacking/radio-hacked-fake-news-zelensky-health.html www.secnews.physaphae.fr/article.php?IdArticle=5876180 False Threat None None Security Affairs - Blog Secu A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a […] ]]> 2022-07-22T05:45:39+00:00 https://securityaffairs.co/wordpress/133535/apt/ta4563-group-evilnum-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5870359 True Malware,Threat None None Security Affairs - Blog Secu The Council of the European Union (EU) warns of malicious cyber activities conducted by threat actors in the context of the ongoing conflict between Russia and Ukraine. The Council of the European Union (EU) warns of the risks associated with the malicious cyber activities conducted by threat actors in the context of the ongoing conflict […] ]]> 2022-07-20T05:51:49+00:00 https://securityaffairs.co/wordpress/133436/cyber-warfare-2/eu-warns-ukraine-spillover.html www.secnews.physaphae.fr/article.php?IdArticle=5827810 False Threat None None Security Affairs - Blog Secu The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country’s defense and interior ministries. The Minister for Foreign Affairs of Belgium revealed that multiple China-linked APT groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the […] ]]> 2022-07-20T05:39:58+00:00 https://securityaffairs.co/wordpress/133425/apt/belgium-claims-china-hit-its-ministries.html www.secnews.physaphae.fr/article.php?IdArticle=5827811 False Threat None None Security Affairs - Blog Secu Russia-linked threat actors APT29 are using the Google Drive cloud storage service to evade detection. Palo Alto Networks researchers reported that the Russia-linked APT29 group, tracked by the researchers as Cloaked Ursa, started using the Google Drive cloud storage service to evade detection. The Russia-linked APT29 group (aka SVR, Cozy Bear, and The Dukes) has been active since at least […] ]]> 2022-07-19T13:41:49+00:00 https://securityaffairs.co/wordpress/133409/apt/apt29-google-drive-dropbox.html www.secnews.physaphae.fr/article.php?IdArticle=5825713 False Threat APT 29 None Security Affairs - Blog Secu Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record. The analysis of the […] ]]> 2022-07-17T19:24:43+00:00 https://securityaffairs.co/wordpress/133339/cyber-crime/crooks-stole-375k-from-premint-nft-it-is-one-of-the-biggest-nft-hacks-ever.html www.secnews.physaphae.fr/article.php?IdArticle=5803062 False Threat None None Security Affairs - Blog Secu CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller. CISA urges users and administrators to review the Juniper Networks security advisories page and apply security updates available for some products, including Junos Space, Contrail Networking and NorthStar Controller. Threat actors can exploit some of these vulnerabilities […] ]]> 2022-07-16T14:16:22+00:00 https://securityaffairs.co/wordpress/133301/security/juniper-networks-critical-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5773531 False Threat None None Security Affairs - Blog Secu Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in the Rest Phone Apps (restapps) module to implant […] ]]> 2022-07-16T13:14:26+00:00 https://securityaffairs.co/wordpress/133293/hacking/digium-phones-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5772481 False Vulnerability,Threat None None Security Affairs - Blog Secu Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine […] ]]> 2022-07-15T22:27:19+00:00 https://securityaffairs.co/wordpress/133281/malware/sality-malware-industrial-systems.html www.secnews.physaphae.fr/article.php?IdArticle=5756154 False Vulnerability,Threat None None Security Affairs - Blog Secu Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. The […] ]]> 2022-07-15T14:33:04+00:00 https://securityaffairs.co/wordpress/133267/hacking/wpbakery-page-builder-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5747300 False Vulnerability,Threat None None Security Affairs - Blog Secu Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware […] ]]> 2022-07-15T12:08:14+00:00 https://securityaffairs.co/wordpress/133255/hacking/holy-ghost-ransomware-north-korea.html www.secnews.physaphae.fr/article.php?IdArticle=5745126 False Ransomware,Threat None None Security Affairs - Blog Secu Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. RedAlert (aka N13V) targets both Windows and Linux VMWare ESXi servers of target organizations. The name RedAlert comes after a string […] ]]> 2022-07-15T07:26:04+00:00 https://securityaffairs.co/wordpress/133248/cyber-crime/lilith-redalert-0mega-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5739657 False Ransomware,Threat None None Security Affairs - Blog Secu Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to […] ]]> 2022-07-13T18:29:04+00:00 https://securityaffairs.co/wordpress/133191/malware/qakbot-continues-to-evolve.html www.secnews.physaphae.fr/article.php?IdArticle=5700264 False Malware,Threat None None Security Affairs - Blog Secu A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user's sign-in session, and bypass the authentication process even when the victim has enabled the MFA. In AiTM phishing, threat actors set up a proxy […] ]]> 2022-07-13T05:56:54+00:00 https://securityaffairs.co/wordpress/133154/hacking/aitm-phishing-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=5684511 False Threat None None Security Affairs - Blog Secu Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. Threat actors are attempting to compromise a large number of cloud-based systems to mine cryptocurrency with a significant […] ]]> 2022-07-12T07:26:21+00:00 https://securityaffairs.co/wordpress/133125/malware/cryptocurrency-mining-cloud-infrastructure.html www.secnews.physaphae.fr/article.php?IdArticle=5667156 False Threat None None Security Affairs - Blog Secu Threat actors used a fake job offer on LinkedIn to target an employee at Axie Infinity that resulted in the theft of $540 Million. In March, threat actors stole almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity's Ronin network bridge. The attack took place on March 23rd, but […] ]]> 2022-07-11T14:42:18+00:00 https://securityaffairs.co/wordpress/133113/cyber-crime/axie-infinity-hack-fake-job-offer.html www.secnews.physaphae.fr/article.php?IdArticle=5661536 False Threat None None Security Affairs - Blog Secu French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services.  The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services.  The company pointed out that threat actors may have accessed data of its customers, […] ]]> 2022-07-10T16:07:44+00:00 https://securityaffairs.co/wordpress/133080/cyber-crime/la-poste-mobile-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5648528 False Ransomware,Threat None None Security Affairs - Blog Secu Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global Security Operations Center (GSOC) Team published the Cybereason Threat Analysis Reports that investigates the threat landscape and provides recommendations to mitigate their attacks. The researchers focused on the evolution of the Lockbit ransomware, they detailed two infections occurring […] ]]> 2022-07-09T04:59:16+00:00 https://securityaffairs.co/wordpress/133027/cyber-crime/lockbit-2-0-evolution.html www.secnews.physaphae.fr/article.php?IdArticle=5622937 False Ransomware,Threat None None Security Affairs - Blog Secu Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts […] ]]> 2022-07-08T07:23:07+00:00 https://securityaffairs.co/wordpress/132989/malware/checkmate-ransomware-targets-qnap-nas.html www.secnews.physaphae.fr/article.php?IdArticle=5606964 False Ransomware,Threat None None Security Affairs - Blog Secu Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi, that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts. The researchers uncovered […] ]]> 2022-07-07T20:08:30+00:00 https://securityaffairs.co/wordpress/132983/cyber-crime/cuteboi-cryptomining-campaign-npm.html www.secnews.physaphae.fr/article.php?IdArticle=5599211 False Threat None None Security Affairs - Blog Secu US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of […] ]]> 2022-07-07T13:49:58+00:00 https://securityaffairs.co/wordpress/132978/malware/maui-ransomware-joint-alert.html www.secnews.physaphae.fr/article.php?IdArticle=5594661 False Ransomware,Threat None None Security Affairs - Blog Secu I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology. Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual […] ]]> 2022-07-07T10:16:53+00:00 https://securityaffairs.co/wordpress/132973/security/enis-athreat-landscape-methodology.html www.secnews.physaphae.fr/article.php?IdArticle=5592779 False Threat None None Security Affairs - Blog Secu Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties. The attacker compromised the network at the BWI Airport Marriott Maryland  (BWIA), […] ]]> 2022-07-06T23:08:11+00:00 https://securityaffairs.co/wordpress/132943/data-breach/marriott-new-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=5585378 False Data Breach,Threat None None Security Affairs - Blog Secu Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong […] ]]> 2022-07-06T17:34:14+00:00 https://securityaffairs.co/wordpress/132929/cyber-crime/cyberattacks-against-law-enforcement.html www.secnews.physaphae.fr/article.php?IdArticle=5581263 False Threat None None Security Affairs - Blog Secu Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] ]]> 2022-07-04T18:37:06+00:00 https://securityaffairs.co/wordpress/132860/data-breach/chinese-residents-data-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=5553246 False Data Breach,Threat None None Security Affairs - Blog Secu Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] ]]> 2022-07-04T18:37:06+00:00 https://securityaffairs.co/wordpress/132860/data-breach/chinese-residents-data-hacking-forum.html www.secnews.physaphae.fr/article.php?IdArticle=5568431 True Data Breach,Threat None None Security Affairs - Blog Secu The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is supported by a […] ]]> 2022-07-04T08:05:41+00:00 https://securityaffairs.co/wordpress/132842/security/threat-report-portugal-q2-2022.html www.secnews.physaphae.fr/article.php?IdArticle=5548929 False Threat None None Security Affairs - Blog Secu A cyber attack forced the American publishing giant Macmillan to shut down its IT systems.  The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted […] ]]> 2022-07-02T05:03:39+00:00 https://securityaffairs.co/wordpress/132792/cyber-crime/macmillan-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5505715 False Ransomware,Threat None None Security Affairs - Blog Secu Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed notable updates to […] ]]> 2022-07-01T14:44:34+00:00 https://securityaffairs.co/wordpress/132777/cyber-crime/8220-cryptomining-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5493209 False Threat None None Security Affairs - Blog Secu North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms.  Harmony's […] ]]> 2022-06-30T17:58:47+00:00 https://securityaffairs.co/wordpress/132759/hacking/harmony-hack-lazarus-apt.html www.secnews.physaphae.fr/article.php?IdArticle=5473880 False Hack,Threat APT 38 None Security Affairs - Blog Secu A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […] ]]> 2022-06-28T21:24:18+00:00 https://securityaffairs.co/wordpress/132709/hacking/zuorat-soho-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5447076 False Malware,Threat None None Security Affairs - Blog Secu Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […] ]]> 2022-06-27T14:46:33+00:00 https://securityaffairs.co/wordpress/132665/malware/matanbuchus-loader.html www.secnews.physaphae.fr/article.php?IdArticle=5419215 False Malware,Threat None None Security Affairs - Blog Secu Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms.  Harmony's Horizon […] ]]> 2022-06-27T08:12:53+00:00 https://securityaffairs.co/wordpress/132642/hacking/harmony-crypto-assets.html www.secnews.physaphae.fr/article.php?IdArticle=5416181 False Threat None None Security Affairs - Blog Secu A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by the Rapid7 Threat Intelligence team […] ]]> 2022-06-26T18:27:26+00:00 https://securityaffairs.co/wordpress/132637/cyber-crime/access-vulnerable-networks-atlassian-0day.html www.secnews.physaphae.fr/article.php?IdArticle=5405453 False Threat None None Security Affairs - Blog Secu Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. The explosion took place at […] ]]> 2022-06-26T09:32:45+00:00 https://securityaffairs.co/wordpress/132608/security/liquefied-natural-gas-plant-texas-explosion.html www.secnews.physaphae.fr/article.php?IdArticle=5398111 False Threat None None Security Affairs - Blog Secu Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization.  The attackers exploited a remote code execution zero-day vulnerability on the Mitel […] ]]> 2022-06-25T11:59:00+00:00 https://securityaffairs.co/wordpress/132588/hacking/mitel-voip-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5379054 False Ransomware,Vulnerability,Threat None None Security Affairs - Blog Secu Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with […] ]]> 2022-06-24T07:14:03+00:00 https://securityaffairs.co/wordpress/132553/malware/rcs-labs-spyware-spreads.html www.secnews.physaphae.fr/article.php?IdArticle=5355446 True Threat None None Security Affairs - Blog Secu Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption of user data MEGA has addressed multiple vulnerabilities in its cloud storage service that could have allowed threat actors to decrypt user data stored in encrypted form. Data on Mega services is end-to-end encrypted client-side […] ]]> 2022-06-23T07:53:28+00:00 https://securityaffairs.co/wordpress/132523/hacking/mega-flaws-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5338343 False Threat None None Security Affairs - Blog Secu Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors have switched most of their operations server-side to avoid detection of security firms. However, Malwarebytes researchers warn that the Client-side Magecart attacks are still targeting organizations, but are more covert. The researchers recently uncovered two […] ]]> 2022-06-22T13:49:09+00:00 https://securityaffairs.co/wordpress/132512/cyber-crime/magecart-attacks-difficult-detect.html www.secnews.physaphae.fr/article.php?IdArticle=5325993 False Threat None None Security Affairs - Blog Secu Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware. Since January 2022, the Bitdefender Cyber Threat Intelligence Lab observed operators behind the RIG Exploit Kit pushing the Dridex banking trojan instead of the Raccoon Stealer. The switch occurred in February when Raccoon Stealer temporarily halted […] ]]> 2022-06-22T09:21:23+00:00 https://securityaffairs.co/wordpress/132498/malware/rig-exploit-kit-dridex.html www.secnews.physaphae.fr/article.php?IdArticle=5323273 False Threat None None Security Affairs - Blog Secu Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020. Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The threat […] ]]> 2022-06-21T15:05:21+00:00 https://securityaffairs.co/wordpress/132482/apt/toddycat-apt.html www.secnews.physaphae.fr/article.php?IdArticle=5309256 False Threat None None Security Affairs - Blog Secu Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain. The DFSCoerce attack relies on the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to […] ]]> 2022-06-21T12:01:07+00:00 https://securityaffairs.co/wordpress/132473/hacking/dfscoerce-attacks-windows-domains.html www.secnews.physaphae.fr/article.php?IdArticle=5307202 False Threat None None Security Affairs - Blog Secu A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability […] ]]> 2022-06-19T22:31:24+00:00 https://securityaffairs.co/wordpress/132417/hacking/wordpress-ninja-forms-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5286131 False Vulnerability,Threat None None Security Affairs - Blog Secu China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040, in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. The vulnerability was exploited by […] ]]> 2022-06-17T23:00:30+00:00 https://securityaffairs.co/wordpress/132377/apt/chinese-driftingcloud-apt-exploited-sophos-firewall-zero-day-before-it-was-fixed.html www.secnews.physaphae.fr/article.php?IdArticle=5230322 False Vulnerability,Threat None None Security Affairs - Blog Secu Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The latest samples of this spyware were detected by the researchers in April 2022, four […] ]]> 2022-06-17T20:00:33+00:00 https://securityaffairs.co/wordpress/132363/malware/hermit-spyware-italian-surveillance-firm.html www.secnews.physaphae.fr/article.php?IdArticle=5226610 False Malware,Threat,Cloud APT 37 None Security Affairs - Blog Secu The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. “For example, […] ]]> 2022-06-16T21:53:40+00:00 https://securityaffairs.co/wordpress/132343/hacking/blackcat-ransomware-targets-unpatched-microsoft-exchange.html www.secnews.physaphae.fr/article.php?IdArticle=5199926 False Ransomware,Threat None None Security Affairs - Blog Secu Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn't use a […] ]]> 2022-06-13T13:18:30+00:00 https://securityaffairs.co/wordpress/132207/malware/helloxd-ransomware-installs-microbackdoor.html www.secnews.physaphae.fr/article.php?IdArticle=5132474 False Ransomware,Threat None None Security Affairs - Blog Secu Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence […] ]]> 2022-06-10T20:51:38+00:00 https://securityaffairs.co/wordpress/132140/cyber-crime/cryptomining-campaign-atlassian-confluence-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5081221 False Vulnerability,Threat None None Security Affairs - Blog Secu Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with […] ]]> 2022-06-09T19:10:49+00:00 https://securityaffairs.co/wordpress/132113/malware/symbiote-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5061406 True Threat None None Security Affairs - Blog Secu China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. The nation-state actors exploit publicly known vulnerabilities to compromise the target […] ]]> 2022-06-08T09:53:30+00:00 https://securityaffairs.co/wordpress/132042/apt/us-warns-china-linked-threat-actors.html www.secnews.physaphae.fr/article.php?IdArticle=5037916 False Threat None None Security Affairs - Blog Secu Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. The researchers also noticed that the group shares numerous overlaps with the cybercrime gang Evil Corp. The UNC2165 group has been active since at […] ]]> 2022-06-07T14:19:53+00:00 https://securityaffairs.co/wordpress/132031/cyber-crime/evil-corp-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5022096 False Ransomware,Threat None 2.0000000000000000 Security Affairs - Blog Secu The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] ]]> 2022-06-07T08:55:47+00:00 https://securityaffairs.co/wordpress/132018/hacking/black-basta-ransomware-qbot.html www.secnews.physaphae.fr/article.php?IdArticle=5020098 False Ransomware,Malware,Threat None None Security Affairs - Blog Secu Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns. Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. The IT giant has seized the domains used by the threat actors employed in its attacks aimed […] ]]> 2022-06-06T20:15:11+00:00 https://securityaffairs.co/wordpress/132002/apt/microsoft-seized-bohrium-apt-domains.html www.secnews.physaphae.fr/article.php?IdArticle=5015551 False Threat None None Security Affairs - Blog Secu Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold NFTs, making away with 142 ETH, equivalent to over $250,000. The hacker conducted […] ]]> 2022-06-05T13:58:11+00:00 https://securityaffairs.co/wordpress/131950/hacking/bored-ape-yacht-club-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=4993598 False Threat None None Security Affairs - Blog Secu The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec's Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft […] ]]> 2022-06-03T14:45:49+00:00 https://securityaffairs.co/wordpress/131913/malware/clipminer-botnet-1-7-million.html www.secnews.physaphae.fr/article.php?IdArticle=4952423 False Threat None None