Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-03-04 21:42:51 |
Cyberattackers Target Top Russian Cybercrime Forums (lien direct) |
Elite Russian forums for cybercriminals have been hacked in a string of breaches, leaving hackers edgy and worried about law enforcement. |
|
|
|
|
2021-03-04 17:21:34 |
National Surveillance Camera Rollout Roils Privacy Activists (lien direct) |
TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns. |
|
|
|
|
2021-03-04 17:08:36 |
CISA Orders Federal Agencies to Patch Exchange Servers (lien direct) |
Espionage attacks exploiting the just-patched remote code-execution security bugs in Microsoft Exchange servers are quickly spreading. |
|
|
|
|
2021-03-04 16:01:15 |
COVID-19 Vaccine Spear-Phishing Attacks Jump 26 Percent (lien direct) |
Cybercriminals are using the COVID-19 vaccine to steal Microsoft credentials, infect systems with malware and bilk victims out of hundreds of dollars. |
Malware
|
|
|
|
2021-03-03 21:49:00 |
Unpatched Bug in WiFi Mouse App Opens PCs to Attack (lien direct) |
Wireless mouse-utility lacks proper authentication and opens Windows systems to attack. |
|
|
|
|
2021-03-03 21:17:14 |
Google Patches Actively-Exploited Flaw in Chrome Browser (lien direct) |
A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users. |
|
|
|
|
2021-03-03 21:15:16 |
Malaysia Air Downplays Frequent-Flyer Program Data Breach (lien direct) |
A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. |
Data Breach
|
|
|
|
2021-03-03 19:29:14 |
Home-Office Photos: A Ripe Cyberattack Vector (lien direct) |
Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk. |
Threat
|
|
|
|
2021-03-03 19:18:21 |
RTM Cybergang Adds New Quoter Ransomware to Crime Spree (lien direct) |
The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics. |
Ransomware
Threat
|
|
|
|
2021-03-03 19:12:17 |
Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow (lien direct) |
Attackers have weaponized code dependency confusion to target internal apps at tech giants. |
|
|
|
|
2021-03-03 15:30:52 |
Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets (lien direct) |
Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks by a Chinese APT - while more incidents spread like wildfire. |
|
|
|
|
2021-03-02 21:27:40 |
Post-Cyberattack, Universal Health Services Faces $67M in Losses (lien direct) |
The Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October. |
|
|
|
|
2021-03-02 17:54:53 |
Jailbreak Tool Works on iPhones Up to iOS 14.3 (lien direct) |
The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices. |
Hack
Tool
|
|
|
|
2021-03-02 17:06:51 |
Compromised Website Images Camouflage ObliqueRAT Malware (lien direct) |
Emails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites. |
Malware
|
|
|
|
2021-03-02 16:54:03 |
Ryuk Ransomware: Now with Worming Self-Propagation (lien direct) |
The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning. |
|
|
|
|
2021-03-01 22:54:02 |
Mobile Adware Booms, Online Banks Become Prime Target for Attacks (lien direct) |
A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks. |
Threat
|
|
|
|
2021-03-01 21:23:42 |
Malware Loader Abuses Google SEO to Expand Payload Delivery (lien direct) |
Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction. |
Malware
|
|
|
|
2021-03-01 20:41:51 |
Passwords, Private Posts Exposed in Hack of Gab Social Network (lien direct) |
The Distributed Denial of Secrets group claim they have received more than 70 gigabytes of data exfiltrated from social media platform Gab. |
Hack
|
|
|
|
2021-03-01 15:59:43 |
Firewall Vendor Patches Critical Auth Bypass Flaw (lien direct) |
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users. |
|
|
|
|
2021-02-26 21:53:26 |
Amazon Dismisses Claims Alexa \'Skills\' Can Bypass Security Vetting Process (lien direct) |
Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks. |
Guideline
|
|
|
|
2021-02-26 21:26:21 |
Stalkerware Volumes Remain Concerningly High, Despite Bans (lien direct) |
COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware. |
|
|
|
|
2021-02-26 19:56:39 |
Lazarus Targets Defense Companies with ThreatNeedle Malware (lien direct) |
A spear-phishing campaigned linked to a North Korean APT uses “NukeSped” malware in cyberespionage attacks against defense companies. |
Malware
|
APT 38
|
|
|
2021-02-26 18:00:30 |
Yeezy Fans Face Sneaker-Bot Armies for Boost \'Sun\' Release (lien direct) |
Sneaker bots ready to scoop up the new Yeezy Boost 700 “Sun” shoes to resell at a huge markup. |
|
|
|
|
2021-02-26 16:22:56 |
Malware Gangs Partner Up in Double-Punch Security Threat (lien direct) |
From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses. |
Malware
Threat
|
|
|
|
2021-02-26 13:36:48 |
Podcast: Ransomware Attacks Exploded in Q4 2020 (lien direct) |
Researchers said they saw a seven-times increase in ransomware activity in the fourth quarter of 2020, across various families – from Ryuk to Egregor. |
Ransomware
|
|
|
|
2021-02-26 13:25:22 |
Protecting Sensitive Cardholder Data in Today\'s Hyper-Connected World (lien direct) |
Retailers that lacked significant digital presence pre-COVID are now reaching new audiences through e-commerce sites that are accessible anytime, from anywhere, on any device.
|
|
|
|
|
2021-02-25 20:06:04 |
Cyberattacks Launch Against Vietnamese Human-Rights Activists (lien direct) |
Vietnam joins the ranks of governments using spyware to crack down on human-rights defenders. |
|
|
|
|
2021-02-25 17:34:30 |
Health Website Leaks 8 Million COVID-19 Test Results (lien direct) |
A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results. |
|
|
|
|
2021-02-25 17:04:38 |
Malicious Mozilla Firefox Extension Allows Gmail Takeover (lien direct) |
The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data. |
|
|
|
|
2021-02-25 14:45:48 |
Cisco Warns of Critical Auth-Bypass Security Flaw (lien direct) |
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches. |
|
|
|
|
2021-02-24 21:52:29 |
Tax Season Ushers in Quickbooks Data-Theft Spike (lien direct) |
Quickbooks malware targets tax data for attackers to sell and use in phishing scams. |
Malware
|
|
|
|
2021-02-24 20:50:29 |
Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking (lien direct) |
Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking. |
|
|
|
|
2021-02-24 17:14:55 |
VMWare Patches Critical RCE Flaw in vCenter Server (lien direct) |
The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system. |
Threat
|
|
|
|
2021-02-24 15:31:59 |
Nvidia\'s Anti-Cryptomining GPU Chip May Not Discourage Attacks (lien direct) |
The hotly anticipated GeForce RTX 3060, a ray-tracing-friendly, advanced gaming graphics chip, will also throttle Ethereum mining. |
|
|
|
|
2021-02-24 15:00:37 |
Microsoft Lures Populate Half of Credential-Swiping Phishing Emails (lien direct) |
As more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials. |
|
|
|
|
2021-02-23 19:59:59 |
Daycare Webcam Service Exposes 12,000 User Accounts (lien direct) |
NurseryCam suspends service across 40 daycare centers until a security fix is in place. |
|
|
|
|
2021-02-23 19:36:32 |
IBM Squashes Critical Remote Code-Execution Flaw (lien direct) |
A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code. |
|
|
|
|
2021-02-23 16:51:24 |
Finnish IT Giant Hit with Ransomware Cyberattack (lien direct) |
A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a […] |
Ransomware
|
|
|
|
2021-02-23 14:00:38 |
10K Microsoft Email Users Hit in FedEx Phishing Attack (lien direct) |
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials. |
|
FedEx
FedEx
|
|
|
2021-02-22 22:02:10 |
TDoS Attacks Take Aim at Emergency First-Responder Services (lien direct) |
The FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services. |
|
|
|
|
2021-02-22 21:07:03 |
Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report (lien direct) |
APT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers. |
Threat
|
APT 31
|
|
|
2021-02-22 19:40:50 |
Assume ClubHouse Conversations Are Being Recorded, Researchers Warn (lien direct) |
At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. The company confirmed to Bloomberg that over the weekend a user was able to breach “multiple” ClubHouse room audio feeds […] |
|
|
|
|
2021-02-22 17:51:20 |
Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11 (lien direct) |
The threat actors stole data and used Clop's leaks site to demand money in an extortion scheme, though no ransomware was deployed. |
Ransomware
Threat
|
|
|
|
2021-02-19 21:06:32 |
Malformed URL Prefix Phishing Attacks Spike 6,000% (lien direct) |
Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said. |
|
|
|
|
2021-02-19 19:33:14 |
Mysterious Silver Sparrow Malware Found Nesting on 30K Macs (lien direct) |
A second malware that targets Macs with Apple's in-house M1 chip is infecting machines worldwide -- but it's unclear why. |
Malware
|
|
|
|
2021-02-19 19:32:59 |
(Déjà vu) Credential-Stuffing Attack Targets Regional Internet Registry (lien direct) |
RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service. |
|
|
|
|
2021-02-19 14:11:33 |
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code (lien direct) |
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation. |
|
Solardwinds
Solardwinds
|
|
|
2021-02-18 21:30:16 |
Cybercriminal Enterprise \'Ringleaders\' Stole $55M Via COVID-19 Fraud, Romance Scams (lien direct) |
The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013. |
|
|
|
|
2021-02-18 21:04:03 |
Apple Outlines 2021 Security, Privacy Roadmap (lien direct) |
Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap. |
|
|
|
|
2021-02-18 20:05:12 |
Kia Motors Hit With $20M Ransomware Attack – Report (lien direct) |
So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer claimed it has locked down the company’s files in a cyberattack that includes a $20 million ransom demand. That $20 million will gain Kia a decryptor and a guarantee to not to publish sensitive data bits on the gang’s […] |
Ransomware
|
|
|