What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-14 07:59:19 | COVID-19 could spur authentication without passwords (lien direct) | Passwords have always been a weak link in security, but people are so used to them that getting them to change to a more secure form of authentication has been a difficult task. Could COVID-19 be the catalyst that ends up ushering in passwordless access? The push is slowly happening. Gartner predicts that 60% of […] | |||
|
2020-07-13 15:54:43 | Announcement: Tony Morbin joins IT Security Guru as Editor in Chief (lien direct) | Today Tony Morbin joined IT Security Guru as editor in chief, signalling a drive to further develop this vital news and information source for the cyber security industry. Last week Tony left SC Media UK, the world's longest established cyber security title, where he oversaw the transition from print to digital, as well as more […] | |||
|
2020-07-13 08:35:59 | (Déjà vu) Hacker “revenge hacks” security firm (lien direct) | A hacker claims to have breached the backend servers belonging to a US cybersecurity firm and stolen information from the company’s “data leak detection” service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that have leaked from other companies in previous security breaches. The databases […] | |||
|
2020-07-13 08:32:20 | A look at Evilnum, the APT Group Behind the Malware (lien direct) | The group behind Evilnum malware, that targets financial institutions, appears to be testing new techniques. ESET researchers published an analysis of advanced persistent threat (APT) group Evilnum, known for developing malware of the same name. A detailed look at its activity reveals an evolved toolset and infrastructure that combine custom malware with tools bought from […] | Malware Threat | ||
|
2020-07-13 08:27:51 | (Déjà vu) Malware evading analysis by adding Any.Run sandbox detection (lien direct) | Any.Run is a malware analysis sandbox service that lets researchers and users safely analyse malware without risk to their computers. And now malware developers are checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analysed by researchers. Source: Bleeping Computer | Malware | ||
|
2020-07-10 08:59:13 | Zero-Day Vulnerability Discovered in Zoom (lien direct) | Security researchers recently found a flaw in the videoconferencing software, Zoom, which would have allowed hackers to remotely take control of computers running on old Microsoft Windows operating systems. Specifically, the vulnerability applies to Zoom running on Windows 7 or older operating systems. While Microsoft has attempted to phase out technical support for Windows 7 […] | Vulnerability | ||
|
2020-07-10 08:38:03 | Google to Ban Ads on Stalkerware (lien direct) | This week, Google announced that it would now ban any ads that promote any form of surveillance technology, including stalkerware. As part of an update on Google Ad policies, this change will take effect on the 11th of August 2020. Advertisers will no longer be able to promote the following: Technology that allows intimate partner […] | |||
|
2020-07-10 08:26:47 | Conti Ransomware Possesses Similar Characteristics as Ryuk (lien direct) | First spotted towards the end of December 2019, the Conti ransomware has since increased its number of attacks. It appears that this new ransomware shares certain code as Ryuk. The latter has also begun to disappear, whilst Conti’s distribution is growing. Indeed, it is becoming a considerable threat as it works faster and performs more […] | Ransomware Threat | ||
|
2020-07-10 08:18:52 | Joker Malware Back in Google Play Store (lien direct) | Google has recently removed yet another 11 compromised Android applications from its app store, Google Play, as a new variant of the Joker malware has returned to the store. This has become a recurring theme since 2019 and has continued to have success in manoeuvring past Google Play’s protections as slight changes are made to […] | Malware | ||
|
2020-07-09 15:39:30 | BLOCKAPT\'s Success With The London Office For Rapid Cybersecurity Advancement (lien direct) | BlockAPT announces a major accomplishment in being successful with the London Office for Rapid Cybersecurity Advancement (LORCA) accelerator programme, which is backed by the Department for Digital, Culture, Media & Sport. LORCA helps scale early-stage cyber companies in the UK and internationally. Reinforcing BlockAPT's mission to proactively safeguard organisation's digital assets against persistent cyber threats […] | |||
|
2020-07-09 11:07:58 | Major spike in cyber threats during Covid-19 pandemic – insights from the Telco Security Alliance (lien direct) | The COVID-19 Threat Intelligence Insight report was provided by AT&T Cybersecurity and the Telco Security Alliance (TSA), which observed cyberthreat activity between January and June 2020. The TSA consists of a group including Singtel (Trustwave), and Telefónica (ElevenPaths), and aims to offer enterprises comprehensive cybersecurity insights to help them address the threat of cyberattacks and […] | Threat | ||
|
2020-07-09 10:24:05 | New Google Initiative to Protect Open-Source Announced (lien direct) | A new initiative has been introduced by Google aimed at protecting the integrity of open source projects. This follows as a result of a number of cases where open source trademarks have been impacted by public cloud providers offering managed services. One such example is Amazon Web Services which copied the open source software from […] | |||
|
2020-07-09 10:11:49 | USB Poses Significant Risk to OT Security (lien direct) | According to a Honeywell report, the use of USBs are the second most widespread industrial vector vulnerability within operational technology. Whilst the number of threats disrupting OT was at 26% in 2018, this percentage has significantly risen to 59% today. “This isn't a case of accidental exposure to viruses through USB,” said Eric Knapp, director […] | Vulnerability | ||
|
2020-07-09 09:49:54 | Ecommerce Sites Used by Russian Fraudsters to Verify Stolen Credit Cards (lien direct) | Ecommerce sites are being used by a Russian fraud group to check that the credit cards they have stolen continue to be valid. Discovered by the anti-fraud company, Sift, the criminal gang, also known as Bargain Bear, employs a new approach that does not raise suspicion with the card owner. To do this, they create […] | |||
|
2020-07-09 07:46:10 | Fifteen Billion Usernames and Passwords For Sale on Dark Web (lien direct) | According to a report by Digital Shadows Photon Research Team, there is at present 15 billion usernames and passwords for sale on the dark web. This is as a result of 100,000 different data breaches that have taken place over the course of the last two years; that is, a 300% increase in stolen credentials. […] | |||
|
2020-07-08 12:04:09 | Gambling App, Clubillion, Suffers Data Breach (lien direct) | Following a breach in the technical database, the casino gambling app, Clubillion, was found recording the daily activities of millions of players across the globe. Alongside this, the vpnMentor research team, also revealed that private user information has been exposed. This puts millions of users at risk of further cyberattacks, not least phishing. Source: European […] | Data Breach | ||
|
2020-07-08 11:18:32 | 6000 F5 Devices At Risk of CyberAttack Once Again (lien direct) | It has been revealed by security firm, CRITICALSTART, that mitigation of the severely critical security flaw in F5 Networks’ BIG-IP tool can be bypassed. This leaves another 6,000 F5 devices exposed to an attack once again. Source: Computer Business Review | Tool | ||
|
2020-07-08 11:08:13 | Malware Sent Through Fake TikTok Links (lien direct) | It has recently been discovered that fake TikTok links are being used by cybercriminals to spread malware that captures user data. As part of 59 other Chinese apps banned in India due to privacy concerns, hackers are now leveraging this to target gullible individuals hoping to download the app. The Maharashtra Cyber Police has warned citizens […] | Malware | ||
|
2020-07-08 11:01:21 | Cosmic Lynx, First Known Russian BEC Group, Discovered (lien direct) | Since last July, senior-level executives across 46 different countries were targeted by the business email compromise group, Cosmic Lynx. This is the first known Russian BEC group outside of Nigerian scanners looking to exploit this email-based attack vector. Researchers have found that Cosmic Lynx specifically targets companies that don’t use DMARC and utilises a “mergers […] | |||
|
2020-07-07 13:51:30 | Chinese-state-sponsored hackers spying on ethnic minorities worldwide (lien direct) | Chinese-state sponsored hackers have been using Android spyware tools to target ethnic minority groups particularly Uighurs, Tibetans, and Muslims, across 15 countries which include Malaysia, Turkey, Indonesia and Kazakhstan. First discovered by mobile cybersecurity providers Lookout, the primary aim of these apps is to track, gather and exfiltrate personal user data to attacker-operated command-and-control servers, with […] | |||
|
2020-07-07 11:21:14 | TikTok to No Longer Operate in Hong Kong (lien direct) | Following the imposition of new national security laws by Beijing, TikTok has announced its withdrawal to operate in Hong Kong. Owned by China-based ByteDance, TikTok has been persistent in denying any affiliation with Chinese authorities or in sharing user data. This withdrawal from Hong Kong app stores is expected to take several days. Source: The […] | |||
|
2020-07-07 11:12:58 | Data Breach Fines Predicted to Increase in the Next Few Years (lien direct) | According to a study by DSA Connect, out of a thousand workers interviewed, 37% believe there will be an increase in fines for data breaches between 2020 and 2025, whilst 6% affirm the rise will be dramatic. The principal reason behind this anticipated rise is due to employees gaining greater access to data. In the […] | Data Breach | ||
|
2020-07-07 11:05:03 | Subsidiary of DXC Technology Suffers Ransomware Attack (lien direct) | Xchanging, a managed service provider for those in the insurance industry, has recently informed its investors of a ransomware attack on some of its systems. The incident was initially reported on the 5th of July but representatives of the company claimed that the ransomware did not spread outside of the Xchanging network. Moreover, investigations appear […] | Ransomware | ||
|
2020-07-07 10:57:38 | Study Finds Home Routers Riddled with Vulnerabilities (lien direct) | According to research conducted by Frauhofer Institute, out of 127 home routers from seven different manufacturers throughout Europe, 46 were not updated in 12 months. Others had not been updated for more than five years, leaving many routers vulnerable to attack. Despite the fact that vendors have the capability to distribute security patches more often, […] | |||
|
2020-07-06 13:09:38 | Four reasons edge computing is critical for IoT (lien direct) | The adoption of IoT is increasing rapidly. By 2021, it is expected that 35 billion IoT devices will be installed worldwide. While there is an opportunity for businesses to utilise all the benefits of IoT however, many traditional data centres don't have the bandwidth to handle the large volumes of data collected by IoT devices. […] | |||
|
2020-07-06 12:56:58 | Israel Supposedly Executed Cyberattacks Resulting in the Explosion of Iranian Nuclear Sites (lien direct) | Israel has been accused of executing cyberattacks in retaliation for an Iranian attempt to hack the Israelian water infrastructure. These attacks have supposedly been the cause of two explosions at Iranian nuclear sites, one working on uranium enrichment and the other on missile production. According to an unnamed senior source, Iran’s nuclear enrichment programme has […] | Hack | ||
|
2020-07-06 12:45:33 | OnePlus Fixes Vulnerability That Could Have Exposed Customer Personal Data (lien direct) | OnePlus, a Chinese phone manufacturer, recently spotted a vulnerability in its system which deals with out-of-warranty repairs for devices in the US. Through a link used to make a payment for repairs, customers could access the personal information of other customers. This includes names, addresses, phone numbers, email addresses as well as further information on […] | Vulnerability | ||
|
2020-07-06 11:48:06 | Vulnerability Allows Cybercriminals to Evade Malware Detection (lien direct) | As a result of a Path Traversal bug in the .NET Core library of Microsoft, attackers could now implement malicious code on to a system without being detected by antivirus and end-point detection software. Paul Laîné of Context Information Security was the first to find this vulnerability and claims that this is made possible because […] | Malware Vulnerability | ||
|
2020-07-06 10:32:55 | North Korea Supposedly Behind Web Skimming Attacks (lien direct) | According to a report released by SanSec, a state-sponsored hacking group from North Korea may be behind the cyberattacks of online stores ongoing since May 2019. This includes, the breach of the accessories store chain, Claire’s. The hacking group have been hacking into online stores to insert malicious code which then steals payment card details […] | |||
|
2020-07-03 13:50:11 | CASE STUDY – Securing a remote workforce: customer spotlight on LegalEdge (lien direct) | LegalEdge had a remote workforce back when it was still a choice. For ten years, LegalEdge has made in-house legal services accessible to small businesses and start-ups using a uniquely flexible model and a completely remote team of lawyers. Helen Goldberg, COO Legal Edge We sat down with Helen to learn more about her security needs and […] | |||
|
2020-07-03 09:49:20 | Will iPhone replace your passport and driver\'s license soon? (lien direct) | Apple has actively been working on making iPhone the sole thing people have to carry while out and about. The company has successfully eliminated the need to carry items such as diary, laptop, car insurance card, credit card, home keys, etc. They also recently announced plans to help humanity get rid of the need for […] | |||
|
2020-07-03 09:47:45 | Vulnerability in popular bitcoin wallets can be exploited for fraud (lien direct) | A new vulnerability in some popular bitcoin wallets can be exploited by scammers to commit fraud and even make the wallets themselves unusable. Discovered by wallet startup ZenGo, the vulnerability, dubbed “BigSpender,” was found in bitcoin wallets from Ledger Live, Edge and Breadwallet – but potentially affects others as well. The vulnerability allows a scammer […] | Vulnerability | ||
|
2020-07-03 09:44:56 | Researchers Uncover Zero-Day Vulnerability on Cisco Routers (lien direct) | CyCognito Inc today announced its research team has uncovered a significant Cross-Site Scripting (XSS) vulnerability on the web admin interface of Cisco small business router models RV042 and RV042G. Cisco routers are popular around the world, and the company has approximately 50% market share in the router and switch market globally. This vulnerability gives attackers […] | Vulnerability | ||
|
2020-07-02 13:12:14 | One Identity PAM Portfolio Given Overall Leader Status by KuppingerCole for Second Year Running (lien direct) | One Identity, provider of identity-centered security, today announced the company's 2nd second consecutive year being named an Overall Leader for its Privileged Access Management solutions in KuppingerCole's 2020 Leadership Compass for Privileged Access Management (PAM) report. 1 This recognition follows One Identity's recent placement as an Overall Leader in KuppingerCole's Leadership Compass for Identity Governance […] | Guideline | ||
|
2020-07-02 10:12:55 | Zoom makes more security updates (lien direct) | Zoom has been on an epic security journey since the coronavirus pandemic began. As the video conferencing app's users surged to hundreds of millions within weeks, security issues and vulnerabilities left trust in Zoom at an all-time low. But Zoom quickly responded to criticism of its security with a 90 day plan outlined on April […] | |||
|
2020-07-02 10:08:05 | Hacker claims TikTok rival Chingari\'s developer website has malware (lien direct) | TikTok's rising alternative, Chingari, has been doing the rounds on social media crossing several million downloads in the last few days. However, a new report indicates that the website of the company behind the app has malicious content pinned to its webpages. Robert Baptiste, a security researcher going by the twitter name Elliot Anderson said that […] | Malware | ||
|
2020-07-02 09:42:43 | (Déjà vu) US news sites attacked with WastedLocker ransomware (lien direct) | Dozens of US newspaper websites owned by the same company were hacked by the Evil Corp gang to infect the employees of over 30 major US private firms. The cybercriminal outfit lured users with fake software update alerts displayed by the malicious SocGholish JavaScript-based framework. After downloads were made, the employees’ computers were the used […] | Ransomware | ||
|
2020-07-01 15:18:13 | Guest Blog: Ripple20 Zeek Package Open Sourced (lien direct) | Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of devices and you are in the right ballpark. The set of vulnerabilities is collectively known as “Ripple20” , and yes […] | |||
|
2020-07-01 11:54:47 | Calling all Cybersecurity Heroes for Unsung Heroes Awards! (lien direct) | Eskenzi PR has today announced that the fifth annual Security Serious Unsung Heroes Awards are open for nominations. The 2020 awards are a chance to celebrate the people, not products, on the front lines of battling cyber threats – whether that be in the classroom, in law enforcement or within corporate organisations. A new category has been added this year for those helping to keep UK […] | |||
|
2020-07-01 10:00:57 | (Déjà vu) EvilQuest malware uses ransomware as decoy to steal data from Macs (lien direct) | A new info-stealer and data wiper malware called EvilQuest uses ransomware as a cover to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers. EvilQuest was first spotted by K7 Lab malware researcher Dinesh Devadoss and analysed by Malwarebytes’ Director of Mac & Mobile Thomas […] | Ransomware Malware | ||
|
2020-07-01 09:51:07 | (Déjà vu) Xerox Corporation victim of Maze ransomware (lien direct) | Xerox Corporation is the latest victim of the Maze ransomware operators. Hackers have encrypted its files and threatened to release them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but the Maze ransomware operators published some screenshots that show […] | Ransomware | ||
|
2020-07-01 09:44:21 | Fakespy Masquerades as Postal Service Apps Around the World (lien direct) | The Cybereason Nocturnus team is investigating a new campaign involving FakeSpy, an Android mobile malware that emerged around October 2017. FakeSpy is an information stealer used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more. FakeSpy first targeted South Korean and […] | Malware | ||
|
2020-06-30 10:24:38 | Pro-democracy groups in Hong Kong disband after security law passed (lien direct) | One of Hong Kong's most prominent pro-democracy activists, has disbanded his party after China's top legislative body passed a national security law for the territory. Tam Yiu-chung, a member of China's rubber-stamp legislature, said full details of the law would only be released once the meeting closed on Tuesday. But in a sign that the […] | |||
|
2020-06-30 10:20:13 | StrongPity APT Group Targeting victims in Syria and Turkey using watering hole tactics (lien direct) | Bitdefender researchers identified the APT group StrongPity targeting victims in Syria and Turkey. They used watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover […] | |||
|
2020-06-30 10:15:16 | India Bans 59 Chinese Mobile Apps Over \'Security\' (lien direct) | On Monday, India banned 59 Chinese mobile apps, including TikTok and WeChat, over national security and privacy concerns – two weeks after a deadly Himalayan border clash between the nuclear-armed neighbours. Relations between the world’s two most populous nations have been strained following the deaths of 20 Indian troops in hand-to-hand fighting with their Chinese […] | |||
|
2020-06-30 10:11:52 | Warnings over PAN-OS security bug (lien direct) | In a warning given by the US Cyber Command, it said that foreign state-sponsored hacking groups were likely to exploit a major security bug disclosed in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks. “Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use,” […] | |||
|
2020-06-29 13:31:00 | Securing the mobile channel amidst FBI cautions (lien direct) | Entersekt, a global specialist in digital security solutions, today released its updated guidance for financial institutions, Securing the Mobile Banking Channel, a white paper. This follows the FBI warning that an increase in attacks on banking applications by cybercriminals and fraudsters is likely, as consumers stuck at home during the COVID-19 pandemic rely more heavily […] | |||
|
2020-06-29 13:24:03 | Untrained and Malicious Users Biggest Cause for Concern Among UK IT Professionals (lien direct) | Following on the success of last year's global report, KnowBe4 has today released the findings of 'The 2020 What Keeps You Up at Night Report”. This year, KnowBe4 delves into the issues that specifically trouble UK-based organisations and IT experts, including attack types, security initiatives as well as organisational constraints. An in-depth analysis examined just […] | |||
|
2020-06-29 11:28:01 | Computer Misuse Act Requires Updating (lien direct) | Reaching its 30th anniversary of reaching royal assent, a group of cybersecurity organisations have issued an open letter to Prime Minister Boris Johnson, asking for an update to the Computer Misuse Act (CMA) to make it fit for the digital age. “In 1990, when the CMA became law, only 0.5% of the UK population used […] | |||
|
2020-06-29 11:12:44 | Study Tool OneClass Accidentally Exposes Millions of Records (lien direct) | Researchers at vpnMentor say that an improperly-secured online database belonging to OneClass has left the private information of more than a million students exposed. The tool lets students share class notes and study guides. vpnMentor researchers discovered the database while performing a series of routine Internet scans and estimates that the exposed OneClass database included nearly […] | Tool |
To see everything:
Our RSS (filtrered)
