What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-30 09:14:12 | WireX DDoS botnet admin charged for attacking hotel chain (lien direct) | The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service (DDoS) attack. [...] | |||
|
2021-09-30 09:00:00 | RansomExx ransomware Linux encryptor may damage victims\' files (lien direct) | Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files. [...] | Ransomware Guideline | ||
|
2021-09-30 07:48:29 | US Congress asks FBI to explain delay in helping Kaseya atack victims (lien direct) | The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind FBI's decision to delay providing the victims of the Kaseya REvil ransomware with an universal decryption key for three weeks. [...] | Ransomware | ||
|
2021-09-29 20:37:09 | Apple Pay with VISA lets hackers force payments on locked iPhones (lien direct) | Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet set as a transit card. [...] | |||
|
2021-09-29 16:11:22 | Facebook open-sources tool to find Android app security flaws (lien direct) | Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications. [...] | Tool | ||
|
2021-09-29 15:18:01 | Russia arrests cybersecurity firm CEO after raiding offices (lien direct) | Russian law enforcement on Tuesday has arrested Ilya Sachkov, the co-founder and CEO of cybersecurity company Group-IB, on suspicion of high treason resulting from sharing data with foreign intelligence.. [...] | |||
|
2021-09-29 14:17:43 | CISA releases tool to help orgs fend off insider threat risks (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks. [...] | Tool Vulnerability Threat | ||
|
2021-09-29 13:47:24 | Trucking giant Forward Air reports ransomware data breach (lien direct) | Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. [...] | Ransomware Data Breach Threat | ||
|
2021-09-29 12:09:42 | New Tomiris backdoor likely developed by SolarWinds hackers (lien direct) | Kaspersky security researchers have discovered a new backdoor likely developed by the Nobelium hacking group behind last year's SolarWinds supply chain attack. [...] | |||
|
2021-09-29 10:45:18 | New Android malware steals millions after infecting 10M phones (lien direct) | A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. [...] | Malware | ||
|
2021-09-28 18:42:21 | Windows 11\'s Store is now open to third-party app stores (lien direct) | With Windows 11, Microsoft has opened up its store to developers using different types of frameworks, packaging technologies, and commerce platforms. Ahead of Windows 11's October 5 rollout, Microsoft has confirmed that its new app store will also support third-party app stores like Amazon AppStore and Epic Store. [...] | |||
|
2021-09-28 17:45:26 | (Déjà vu) NSA, CISA share VPN security tips to defend against hackers (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions. [...] | |||
|
2021-09-28 17:45:26 | NSA, CISA share VPN security tips to defend against hackers (edited) (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions. [...] | |||
|
2021-09-28 13:46:26 | FinFisher malware hijacks Windows Boot Manager with UEFI bootkit (lien direct) | Commercially developed FinFisher malware now can infect Windows devices using a UEFI bootkit that it injects in the Windows Boot Manager. [...] | Malware | ||
|
2021-09-28 12:18:49 | Twitter web client outage forces users to log out, blocks logins (lien direct) | Twitter is experiencing a worldwide outage affecting their web platform that prompts users to logout and prevents them from accessing tweets. [...] | |||
|
2021-09-28 11:19:59 | Microsoft 365 MFA outage locks users out of their accounts (lien direct) | Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) issue preventing some customers from logging into their Microsoft 365 accounts. [...] | |||
|
2021-09-28 10:58:03 | New Windows 11 install script bypasses TPM, system requirements (lien direct) | A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. Even better, the script also works on virtual machines, allowing you to upgrade to the latest Windows Insider build. [...] | |||
|
2021-09-28 09:25:08 | Ukraine takes down call centers behind cryptocurrency investor scams (lien direct) | The Security Service of Ukraine (SBU) has taken down a network of six call centers in Lviv, used by a ring of scammers to defraud cryptocurrency and stock market investors worldwide. [...] | |||
|
2021-09-28 07:30:00 | New Microsoft Exchange service mitigates high-risk bugs automatically (lien direct) | Microsoft has added a new Exchange Server feature that automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws to secure on-premises servers against incoming attacks and give admins more time to apply security updates. [...] | |||
|
2021-09-28 07:03:15 | Working exploit released for VMware vCenter CVE-2021-22005 bug (lien direct) | A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it. [...] | Vulnerability Threat | ★★★ | |
|
2021-09-27 21:07:31 | Bandwidth.com is latest victim of DDoS attacks against VoIP providers (lien direct) | Bandwidth.com has become the latest victim of distributed denial of service attacks targeting VoIP providers this month, leading to nationwide voice outages over the past few days. [...] | Guideline | ||
|
2021-09-27 16:03:47 | (Déjà vu) Microsoft: Nobelium uses custom malware to backdoor Windows domains (lien direct) | Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers. [...] | Malware | ||
|
2021-09-27 16:03:47 | Microsoft: Nobelium hackers backdoor AD FS servers for data theft (lien direct) | Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and harvest and exfiltrate sensitive info from Active Directory Federation Services (AD FS) servers. [...] | Malware | ||
|
2021-09-27 15:14:26 | Ethereum dev admits to helping North Korea evade crypto sanctions (lien direct) | Cryptocurrency expert Virgil Griffith pled guilty today to assisting the Democratic People's Republic of Korea in evading U.S. sanctions by conspiring to violate the International Emergency Economic Powers Act (IEEPA) and Executive Order 13466. [...] | |||
|
2021-09-27 12:56:16 | QNAP fixes critical bugs in QVR video surveillance solution (lien direct) | Network-attached storage (NAS) maker QNAP has patched its QVR video management system against two critical-severity issues that could be exploited to run arbitrary commands. [...] | |||
|
2021-09-27 11:22:58 | New malware steals Steam, Epic Games Store, and EA Origin accounts (lien direct) | A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin. [...] | Malware Threat | ||
|
2021-09-27 07:21:29 | Malicious \'Safepal Wallet\' Firefox add-on stole cryptocurrency (lien direct) | A malicious Firefox add-on named "Safepal Wallet" lived on the Mozilla add-ons site for seven months and scammed users by emptying out their wallets. Safepal is a cryptocurrency wallet application capable of securely storing a variety of crypto assets, including Bitcoin, Ethereum, and Litecoin. [...] | |||
|
2021-09-26 17:28:58 | (Déjà vu) Hands on with Windows 11\'s new Settings and File Explorer (lien direct) | In addition to the new Start Menu and taskbar design overhauls, Windows 11 also comes with a new File Explorer and Settings app. [...] | |||
|
2021-09-26 10:00:00 | Microsoft will disable Basic Auth in Exchange Online in October 2022 (lien direct) | Microsoft announced that Basic Authentication will be turned off for all protocols in all tenants starting October 1st, 2022, to protect millions of Exchange Online users. [...] | |||
|
2021-09-25 12:27:30 | Windows 10 emergency update resolves KB5005565 app freezes, crashes (lien direct) | Microsoft has released an emergency fix for freezing and crashing app issues caused by September's KB5005565 and KB5005101 cumulative updates. [...] | |||
|
2021-09-25 11:16:08 | Microsoft WPBT flaw lets hackers install rootkits on Windows devices (lien direct) | Security researchers have found a flaw in the Microsoft Windows Platform Binary Table (WPBT) that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012. [...] | |||
|
2021-09-25 10:00:00 | Bitcoin.org hackers steal $17,000 in \'double your cash\' scam (lien direct) | This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000. [...] | Hack Threat | ||
|
2021-09-24 19:27:03 | The Week in Ransomware - September 24th 2021 - Targeting crypto (lien direct) | This week's biggest news is the USA sanctioning a crypto exchange used by ransomware gangs to convert cryptocurrency into fiat currency. By targeting rogue exchanges, the US government is hoping to disrupt ransomware's payment system. [...] | Ransomware | ||
|
2021-09-24 17:10:17 | United Health Centers ransomware attack claimed by Vice Society (lien direct) | California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. [...] | Ransomware | ||
|
2021-09-24 14:57:40 | Google apologizes for scaring Cloud users with \'past due\' emails (lien direct) | Google has apologized for a wave of emails warning Google Cloud Platform, Firebase, or API customers that their accounts may be suspended for a past due balance. [...] | |||
|
2021-09-24 14:04:04 | Hackers exploiting critical VMware vCenter CVE-2021-22005 bug (lien direct) | Exploit code that could be used for remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 has been released today and attackers are already using it. [...] | |||
|
2021-09-24 14:04:04 | Exploits imminent for critical VMware vCenter CVE-2021-22005 bug (lien direct) | Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online. [...] | |||
|
2021-09-24 13:33:19 | Emergency Google Chrome update fixes zero-day exploited in the wild (lien direct) | Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild. [...] | |||
|
2021-09-24 13:03:52 | Microsoft rushes to register Autodiscover domains leaking credentials (lien direct) | Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol. [...] | |||
|
2021-09-24 12:11:30 | EU officially blames Russia for \'Ghostwriter\' hacking activities (lien direct) | The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. [...] | |||
|
2021-09-24 07:13:20 | (Déjà vu) Researcher drops three iOS zero-days that Apple refused to fix (lien direct) | Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. [...] | Patching | ||
|
2021-09-24 07:13:20 | Exploit code released for three iOS 0-days that Apple failed to patch (lien direct) | Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. [...] | Patching | ||
|
2021-09-24 03:23:23 | Cisco fixes highly critical vulnerabilities in IOS XE Software (lien direct) | Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration. [...] | |||
|
2021-09-24 02:19:57 | SonicWall fixes critical bug allowing SMA 100 device takeover (lien direct) | SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. [...] | |||
|
2021-09-23 18:08:25 | Google: Manifest V2 Chrome extensions to stop working in 2023 (lien direct) | Google has shared the phase-out timeline for Manifest V2 Chrome extensions and its plans to bring Manifest V3 to full feature parity. [...] | |||
|
2021-09-23 17:34:05 | (Déjà vu) Microsoft gets Windows 11 ready for release with new build (lien direct) | Microsoft has moved Windows 11 to the Windows Insider 'Release' channel in anticipation of its upcoming launch on October 5th. [...] | |||
|
2021-09-23 17:34:05 | Windows 11 is now available in the Insider \'Release\' channel (lien direct) | Microsoft has moved Windows 11 to the Windows Insider 'Release' channel in anticipation of its upcoming launch on October 5th. [...] | |||
|
2021-09-23 15:50:32 | Hacking group used ProxyLogon exploits to breach hotels worldwide (lien direct) | A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. [...] | |||
|
2021-09-23 14:23:32 | (Déjà vu) Apple patches new zero-day bug used to hack iPhones and Macs (lien direct) | Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...] | Hack | ||
|
2021-09-23 14:23:32 | Apple fixes another zero-day used to deploy NSO iPhone spyware (lien direct) | Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...] | Hack |
To see everything:
Our RSS (filtrered)
