What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-23 18:18:12 | Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT (lien direct) | Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures . | |||
|
2022-05-23 14:28:54 | Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection (lien direct) | IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware. | |||
|
2022-05-19 14:00:00 | 6 Scary Tactics Used in Mobile App Attacks (lien direct) | Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene. | Malware Threat | ||
|
2022-05-19 13:01:24 | Phishing Attacks for Initial Access Surged 54% in Q1 (lien direct) | For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows. | Ransomware | ||
|
2022-05-18 17:46:25 | CISA: Unpatched F5 BIG-IP Devices Under Active Attack (lien direct) | Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns. | |||
|
2022-05-18 16:31:53 | Microsoft Flags Attack Targeting SQL Servers With Novel Approach (lien direct) | Attackers appear to have found a way around PowerShell monitoring by using a default utility instead. | |||
|
2022-05-17 21:02:52 | Critical VMware Bug Exploits Continue, as Botnet Operators Jump In (lien direct) | A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell. | |||
|
2022-05-17 20:32:48 | FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors (lien direct) | Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages. | |||
|
2022-05-17 18:49:45 | Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in (lien direct) | A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report. | |||
|
2022-05-16 20:37:27 | iPhones Open to Attack Even When Off, Researchers Say (lien direct) | Wireless chips that run when the iPhone iOS is shut down can be exploited. | |||
|
2022-05-16 16:30:10 | Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut (lien direct) | Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear. | Vulnerability | ||
|
2022-05-14 14:37:44 | How to Turn a Coke Can Into an Eavesdropping Device (lien direct) | Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby. | |||
|
2022-05-13 14:59:09 | Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning (lien direct) | A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars. | ★★★★ | ||
|
2022-05-11 16:54:19 | Quantum Ransomware Strikes Quickly, How to Prepare and Recover (lien direct) | NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies. | Ransomware | ★★★★★ | |
|
2022-05-11 13:00:00 | Vanity URLs Could Be Spoofed for Social Engineering Attacks (lien direct) | Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns. | ★★ | ||
|
2022-05-11 11:51:00 | Google Will Use Mobile Devices to Thwart Phishing Attacks (lien direct) | In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys. | ★★★★★ | ||
|
2022-05-10 16:21:52 | Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler (lien direct) | Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022. | ★★★ | ||
|
2022-05-10 15:37:57 | 5-Buck DCRat Malware Foretells a Worrying Cyber Future (lien direct) | The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price. | Malware | ★★ | |
|
2022-05-10 15:36:55 | Onapsis Announces New Offering to Jumpstart Security for SAP Customers (lien direct) | Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications . | Vulnerability | ||
|
2022-05-09 22:19:47 | Joker, Other Fleeceware Surges Back Into Google Play (lien direct) | The infamous Joker threat is back in Google Play, along with other Trojanized mobile apps that secretly sign Android users up for paid subscription services. | Threat | ||
|
2022-05-09 21:09:18 | Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks (lien direct) | Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group. | Ransomware | ||
|
2022-05-09 19:04:16 | NFTs Emerge as the Next Enterprise Attack Vector (lien direct) | Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say. | |||
|
2022-05-09 17:27:48 | Deloitte Launches Expanded Cloud Security Management Platform (lien direct) | The CSM by Deloitte platform includes cloud security policy orchestration, cyber predictive analytics, attack surface management, and cyber cloud managed services. | Deloitte Deloitte | ||
|
2022-05-06 19:42:30 | Ikea Canada Breach Exposes 95K Customer Records (lien direct) | An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was. | |||
|
2022-05-06 19:27:03 | What We\'ve Learned in the 12 Months Since the Colonial Pipeline Attack (lien direct) | The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times? | |||
|
2022-05-06 19:25:51 | Scammer Infects His Own Machine With Spyware, Reveals True Identity (lien direct) | An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla. | Malware | ||
|
2022-05-05 21:21:52 | Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials (lien direct) | The same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the compromise of customer credentials, the company now says. | Threat | ||
|
2022-05-05 18:03:11 | FBI: Bank Losses From BEC Attacks Top $43B (lien direct) | Law enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce. | |||
|
2022-05-05 16:21:15 | Multichannel Phishing Concerns Cybersecurity Leaders in 2022 (lien direct) | With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model. | |||
|
2022-05-05 15:04:29 | 1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin (lien direct) | Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia. | APT-C-17 | ||
|
2022-05-05 14:16:43 | Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks (lien direct) | Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware. | |||
|
2022-05-05 14:00:00 | Why Security Matters Even More in Online Gaming (lien direct) | As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year. | |||
|
2022-05-04 20:07:56 | China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack (lien direct) | Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies. | |||
|
2022-05-04 17:08:35 | VHD Ransomware Variant Linked to North Korean Cyber Army (lien direct) | Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors. | Ransomware | ||
|
2022-05-04 17:00:00 | Security Stuff Happens: What Will the Public Hear When You Say You\'ve Been Breached? (lien direct) | A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.) | |||
|
2022-05-03 22:42:59 | What Should I Know About Defending IoT Attack Surfaces? (lien direct) | The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point. | |||
|
2021-01-05 16:30:00 | SolarWinds Hit With Class-Action Lawsuit Following Orion Breach (lien direct) | SolarWinds shareholders accuse the company of lying about its security practices ahead of the disclosure of a massive security incident. | |||
|
2021-01-04 14:10:00 | T-Mobile Hacked -- Again (lien direct) | The wireless carrier has suffered a data breach for the fourth time since 2018. | Data Breach | ||
|
2020-12-29 14:00:00 | Reducing the Risk of Third-Party SaaS Apps to Your Organization (lien direct) | Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks. | |||
|
2020-12-29 07:50:00 | Mac Attackers Remain Focused Mainly on Adware, Fooling Users (lien direct) | Despite reports that Macs have encountered more threats than Windows systems, the platform still sees far fewer exploits and malware - including ransomware. | Malware | ||
|
2020-12-22 18:35:00 | SolarWinds Campaign Focuses Attention on \'Golden SAML\' Attack Vector (lien direct) | Adversaries that successfully execute attack can achieve persistent anytime, anywhere access to a victim network, security researchers say. | |||
|
2020-12-18 15:50:00 | Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates (lien direct) | Attack on thousands of other companies as "moment of reckoning" for governments and industry, company president says. | |||
|
2020-12-18 10:40:00 | 5 Key Takeaways from the SolarWinds Breach (lien direct) | New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever. | |||
|
2020-12-17 18:00:00 | \'SocGholish\' Attack Framework Powers Surge in Drive-By Attacks (lien direct) | Menlo Labs research team says framework's social engineering toolkit helps criminals impersonate software updates. | |||
|
2020-12-17 14:00:00 | CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach (lien direct) | Agency says it has "evidence of additional initial access vectors" besides SolarWinds' Orion software. | |||
|
2020-12-16 17:55:00 | FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond (lien direct) | White House National Security Council establishes unified group to coordinate response across federal agencies to the threat. | Malware | ||
|
2020-12-16 17:40:00 | Attackers Leverage IMAP to Infiltrate Email Accounts (lien direct) | Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP. | Tool | ||
|
2020-12-15 18:50:00 | Concerns Run High as More Details of SolarWinds Hack Emerge (lien direct) | Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say. | Hack | ||
|
2020-12-15 10:00:00 | The Private Sector Needs a Cybersecurity Transformation (lien direct) | Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away. | |||
|
2020-12-14 16:26:00 | 18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack (lien direct) | Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology. |
To see everything:
Our RSS (filtrered)
