What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-05-05 09:54:44 | SSH access data breach reported by GoDaddy (lien direct) | GoDaddy on Tuesday reported [PDF] an October data breach to Californian authorities, stating that an unauthorised individual was able to access SSH accounts used in its hosting environment. “We have no evidence that any files were added or modified on your account,” the company said while omitting evidence that files could have been viewed and […] | Data Breach | ||
|
2020-05-05 09:53:37 | SSH brute-force attacks on IoT via Kaiji malware (lien direct) | Security researchers say they’ve discovered yet another strain of malware that was specifically built to infect Linux-based servers and smart Internet of Things (IoT) devices, and then abuse these systems to launch DDoS attacks. Named Kaiji, this new malware was spotted last week by a security researcher named MalwareMustDie and the team at Intezer Labs. […] | Malware | ||
|
2020-05-04 17:10:52 | All Your VMDR Questions, Answered (lien direct) | Last week, Qualys launched its latest solution, Vulnerability Management Detection and Response – VMDR, which integrates asset visibility, vulnerability management, detection and response across global hybrid-IT environments all from a single app. It was presented to the world with an informative webinar (available here). With the recognition that this launch is taking place during unprecedented […] | Vulnerability | ||
|
2020-05-04 11:48:04 | CISO Carpool NOT Karaoke with Shan Lee, CISO at Transferwise (lien direct) | The IT Security Guru and Eskenzi PR are excited to present the latest instalment of our series CISO Carpool NOT Karaoke. In this episode, we asked Shan Lee, CISO at Transferwise, our most burning questions about what it’s like to work the IT Security industry. Did you know that the first time the word Cyber […] | |||
|
2020-05-04 11:47:10 | CISO Carpool NOT Karaoke with Quentyn Taylor, CISO at Canon (lien direct) | The IT Security Guru and Eskenzi PR are proud to present the first episode of our series CISO Carpool NOT Karaoke. While driving around London, Quentyn Taylor, CISO at Canon, tells us how he manages to keep his team motivated, why he wanted to be a fresh water biologist, and why he’s glad he didn’t! […] | |||
|
2020-05-04 09:54:08 | (Déjà vu) 91 million Tokopedia accounts hacked and sold (lien direct) | A hacker is selling a database containing the information of 91 million Tokopedia accounts on a dark web market for as little as $5,000. Other threat actors have already started to crack passwords and share them online. Tokopedia is Indonesia’s largest online store, with 4,700 employees and over 90 million active users. This weekend, data […] | Threat | ||
|
2020-05-04 09:53:06 | Details of 700,000 migrants possibly exposed in Home affairs breach (lien direct) | Privacy experts have blasted the home affairs department for a data breach revealing the personal details of 774,000 migrants and people aspiring to migrate to Australia, including partial names and the outcome of applications. At a time the federal government is asking Australians to trust the security of data collected by its Covid-Safe contact tracing […] | Data Breach | ||
|
2020-05-04 09:52:21 | Credential stealing cyberattack impersonates Teams (lien direct) | Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins. A convincing cyberattack that impersonates notifications from Microsoft Teams in order to steal the Office 365 credentials of employees is making the rounds, according to researchers. Two separate attacks have targeted as many as 50,000 […] | |||
|
2020-05-04 09:51:03 | Cyber-attack ceasefire urged by EU (lien direct) | The European Union (EU) has urged cybercriminals to halt all malicious activity exploiting the global Covid-19 pandemic. The EU's High Representative, Josep Borrell, singled out attacks on “critical infrastructures that are essential to managing this crisis” as particularly egregious in a press release issued yesterday (April 30). He noted the proliferation of “malware distribution campaigns, […] | |||
|
2020-05-04 09:49:51 | Publishing platform Ghost confirms hack (lien direct) | Popular open-source blogging platform with more than 2 million installs confirms it has been hacked. Although most people tend to immediately think of WordPress when asked to name a blogging platform, it certainly isn’t the only player in town. The self-proclaimed “world’s most popular modern open-source publishing platform,” Ghost, includes big-name customers such as Mozilla, […] | Hack | ||
|
2020-05-01 10:09:55 | Shade release 750K encryption keys (lien direct) | The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub. The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on […] | Ransomware Threat | ||
|
2020-05-01 10:09:12 | New ransomware for hire: LockBit (lien direct) | Ransomware has emerged as one of the top threats facing large organizations over the past few years, with researchers reporting a more than a fourfold increase in detections last year. A recent infection by a fairly new strain called LockBit explains why: after it ransacked one company's poorly secured network in a matter of hours, […] | Ransomware | ||
|
2020-05-01 10:08:28 | 150+ company executives hit by spear-phishing (lien direct) | A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today. The group, codenamed PerSwaysion, appears to have targeted the financial sector primarily, which accounted for more than half of its victims; although, victims have been recorded at companies active across other […] | |||
|
2020-05-01 10:07:04 | Increase in phishing using reCAPTCHA (lien direct) | Cyber scammers are starting to use legitimate reCAPTCHA walls to disguise malicious content from email security systems, Barracuda Networks has observed. The reCAPTCHA walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user. eCAPTCHA walls are typically used to verify human users before […] | |||
|
2020-04-30 10:03:57 | SD-WAN Routers threatened by Cisco flaw (lien direct) | Cisco's IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw. Cisco has patched a high-severity vulnerability in its router software, which if exploited could enable a local, authenticated attacker to execute arbitrary commands with root privileges. The flaw exists in Cisco IOS XE. This Linux-based version of Cisco's Internetworking Operating System […] | Vulnerability | ||
|
2020-04-30 10:03:18 | GCHQ gains special access to NHS data to enhance security (lien direct) | Health secretary Matt Hancock has used emergency powers under the NHS Act of 2006 to give GCHQ special dispensation to access data on the NHS's cyber security and other IT systems in order to better protect the health service from cyber attack during the Covid-19 coronavirus pandemic. Documents released by the government, which can be […] | |||
|
2020-04-30 10:02:39 | Remote desktop accounts hit by millions of automated attacks (lien direct) | Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks. A rash of brute-forcing attempts aimed at users of Microsoft's proprietary Remote Desktop Protocol (RDP) has come to light, striking millions per week. The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented […] | |||
|
2020-04-30 10:01:37 | EventBot malware steals banking passwords and codes (lien direct) | Security researchers are sounding the alarm over a newly discovered Android malware that targets banking apps and cryptocurrency wallets. The malware, which researchers at security firm Cybereason recently discovered and called EventBot, masquerades as a legitimate Android app - like Adobe Flash or Microsoft Word for Android - which abuses Android's in-built accessibility features to […] | Malware | ||
|
2020-04-29 13:27:18 | Book Review: Working From Home A guide to Navigating the New Normal (lien direct) | Dr. Edward Amoroso of TAG Cyber and Rich Powell, famed Mad Magazine illustrator, have teamed up to deliver a light-hearted look at our current working from home culture through the eyes of a caricatured cybersecurity specialist: Charlie Ciso. The book's protagonist is based on the CISO (Chief Information Security Officer) job role who, “is the […] | |||
|
2020-04-29 09:50:44 | Fake FBI porn warning is new ransomware strain (lien direct) | A variant of the Black Rose Lucy malware-as-a-service dropper, which originated in Russia a little over two years ago, downloads ransomware that passes itself off as an official message from the US's Federal Bureau of Investigation (FBI) in order to dupe victims into paying a ransom that they believe to be a fine. The new […] | Ransomware | ||
|
2020-04-29 09:49:57 | Malicious advertising takes advantage of Coronavirus pandemic (lien direct) | Malvertisers have stepped up their efforts to exploit potential victims during the ongoing Covid-19 pandemic. Cyber-attacks spread through tainted or malicious ads grew as lockdowns came into force around the world last month and hit a peak of more than double the baseline average on 28 March, according to research from AdSecure. The specialist adtech […] | |||
|
2020-04-29 09:49:08 | Android Spyware Spread by Google Play (lien direct) | The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia - and could be the work of the OceanLotus APT. A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat (APT) actor, researchers said this week. Dubbed PhantomLance by Kaspersky, the campaign […] | Threat | APT 32 | |
|
2020-04-29 09:48:23 | Zero-click bugs impact Apple operating systems, according to Google (lien direct) | Multimedia processing components are one of today’s most dangerous attack surfaces in any operating system. When it comes to managing multimedia files, all operating systems work the same. Any new multimedia file — image, audio, video — that reaches a device is automatically transferred to a local OS library that parses the file to know […] | |||
|
2020-04-29 09:46:59 | Cyber-attack suffered by Zaha Hadid Architects (lien direct) | Zaha Hadid Architects has warned architecture practices to be vigilant after hackers held its server to ransom while the company works remotely during the coronavirus pandemic. The practice, founded by the late Zaha Hadid, alerted the police after data was stolen last week, reported the Architects’ Journal. The hacker used ransomware to encrypt all the […] | Ransomware | ||
|
2020-04-28 10:15:01 | \'Adult Dating\' Spear-Phishing Attacks at U.S. Universities (lien direct) | More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses. Several U.S. universities have been targeted in a widespread spear-phishing attack that uses adult dating as a lure. In reality, the emails spread the Hupigon […] | |||
|
2020-04-28 10:14:14 | Hackers exploit WordPress vulnerability (lien direct) | Hackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. The campaign has been going since the start of the month, and it’s still underway. The vulnerability is a cross-site scripting (XSS) bug in OneTone, a popular […] | Vulnerability | ||
|
2020-04-28 10:12:57 | ExecuPharm internal data published after ransomware hack (lien direct) | U.S. pharmaceutical giant ExecuPharm has become the latest victim of data-stealing ransomware. ExecuPharm said in a letter to the Vermont attorney general's office that it was hit by a ransomware attack on March 13, and warned that Social Security numbers, financial information, driver licenses, passport numbers and other sensitive data may have been accessed. But […] | Ransomware Hack | ||
|
2020-04-28 10:04:19 | Water companies instructed to change passwords by Israeli government (lien direct) | The Israeli government says that hackers have targeted its water supply and treatment facilities last week. In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can’t be changed, the agency […] | |||
|
2020-04-28 10:02:43 | Students and staff not informed about Warwick University hack (lien direct) | Hackers accessed the University of Warwick’s administrative network last year in an attack which has been kept secret from the affected individuals and organisations, Sky News has learnt. The security incident occurred when a staff member installed remote-viewing software enabling hackers to steal sensitive personal information on students, staff and even volunteers taking part in […] | Hack | ||
|
2020-04-27 16:35:37 | Alert Logic Offers 90-day Free Vulnerability Detection with Extended Protection (lien direct) | Since the Coronavirus pandemic has taken hold, Alert Logic has experienced a 92 percent increase in deployed endpoints. As a result, the industry's first SaaS-enabled managed detection and response (MDR) provider is offering a 90-day free vulnerability detection with extended protection to help mitigate cyber-attacks aimed at the increased number of remote workers. Alert Logic's recent offer includes machine learning-enabled protection, […] | Vulnerability | ||
|
2020-04-27 10:21:20 | WHO confirm staff credentials leak (lien direct) | The World Health Organization (WHO) said the recent leak of 450 active WHO email addresses and passwords along with credentials of thousands working on the response to the coronavirus pandemic didn't put the organization's systems at risk. Explaining that its systems were largely spared because “the data was not recent,” WHO said in a release […] | |||
|
2020-04-27 10:20:07 | Mozilla raises payouts for security flaws (lien direct) | Mozilla is raising payouts for the highest impact security flaws found in Firefox and related projects as part of a bug bounty revamp guided by its “more hardened security stance”. In an effort to make the policy “more friendly”, the open source browser developer has also clarified payout criteria, and abandoned a “first reporter wins” […] | |||
|
2020-04-27 10:19:16 | 160,000 accounts hacked, confirm Nintendo (lien direct) | After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked. Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system. Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter […] | |||
|
2020-04-27 10:18:29 | New Text-Bomb infiltrates iPhones through Messages (lien direct) | Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them. Apple devices are vulnerable to a “text bomb” attack where simply looking at messages or posts containing characters in the Sindhi language can crash devices. Sindhi is an official language used in […] | |||
|
2020-04-27 10:17:29 | Sophos firewall zero-day abused by hackers (lien direct) | Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers. Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The […] | Vulnerability | ||
|
2020-04-24 13:56:10 | Guest Article: How to Combat Loneliness and Stress During Self-Isolation and Stay Sane (lien direct) | By Angel Duan, Marketing and Communications specialist at OneLogin The security industry, like every other vertical on earth, is adjusting to the new normal ushered in my the global Covid-19 pandemic, and the waves of home working that it has ushered in. In many ways, the culture of remote working which the security industry has fostered […] | |||
|
2020-04-24 09:25:29 | China officials targeted by Vietnamese hackers during outbreak (lien direct) | Vietnamese hackers began targeting Chinese government officials at the heart of the coronavirus outbreak in the early days of 2020, when the threat of pandemic had barely registered elsewhere in the world, according to findings by cybersecurity firm FireEye Inc. The attacks were going on as early as January 6 and continued through April, said […] | Threat | ||
|
2020-04-24 09:24:27 | $5K Bug Bounties given to WHO (lien direct) | Hackers taking part in HackerOne’s first ever virtual live hacking event donated $5K in bug bounties to the World Health Organization’s COVID-19 Solidarity Fund. The generous gesture was part of HackerOne’s Hack for Good initiative, which invites hackers to hand over what they earn from companies by discovering bugs in their products and systems to […] | Hack | ||
|
2020-04-24 09:21:42 | Remote Workers Targeted by Skype Phishing (lien direct) | Attackers are sending convincing emails that ultimately steal victims' Skype credentials. Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that […] | |||
|
2020-04-24 09:20:51 | Robert Dyas data breach slammed by customers (lien direct) | UK hardware store Robert Dyas has revealed that card-skimming malware on the chain’s e-commerce website has led to the theft of customer financial data. For 23 days, starting on March 7 and ending March 30, a card skimmer was operational on the Robert Dyas’ website, according to an email sent to customers and obtained by […] | Data Breach Malware | ||
|
2020-04-24 09:19:34 | iOS zero-day claim disputed by Apple (lien direct) | In a statement today, Apple said it “thoroughly investigated” a recent report about hackers exploiting three iOS vulnerabilities but “found no evidence they were used against customers.” Apple’s statement comes after on Wednesday, cyber-security firm ZecOps published a report detailing three iOS vulnerabilities that impacted the Apple Mail client. Source: ZD Net | |||
|
2020-04-23 15:37:27 | Entersekt study of UK bank account holders finds lack of trust in digital communications (lien direct) | A survey conducted by fintech security provider Entersekt through YouGov has found that over a third of British consumers (34 percent) distrust digital communications from banks to such an extent that they ignore actions the messages suggest they take. The survey focused on consumers' attitudes to “paperless banking” – the means by which banks and […] | |||
|
2020-04-23 14:59:52 | New Mobile Device Protection Announced by Cybereason (lien direct) | Today, Cybereason announced that it will extend its award-winning endpoint protection to include mobile devices with its new platforms Cybereason Mobile and Cybereason Mobile MDR. Cybereason Mobile aims to prevent, detect and respond to security issues, shielding customers from emerging mobile threats. With Cybereason's second new offering, Cybereason Mobile MDR provides a managed service which […] | |||
|
2020-04-23 14:05:38 | What\'s in a Name? (lien direct) | Ever since the second half of the 20th century when the first hackers were tinkering with computers in garages, there has been heated debates about what name should be attributed to the trade of computing security. In order to put an end to an argument that has plagued security professionals for well over half a […] | |||
|
2020-04-23 13:02:00 | Two-thirds of remote workers given no cybersecurity training from employers in the past year (lien direct) | Cybersecurity continues to be a challenge for businesses of all sizes, especially as workers are shifting to a remote workforce globally. According to recent research by Promon, the Oslo-based mobile security company which last year revealed flaws in the Home Office's Brexit app, two-thirds of remote workers in the UK have not been given any cybersecurity […] | |||
|
2020-04-23 10:34:05 | $8.9 Million Data Breach Settlement for Banner Health (lien direct) | Banner Health Inc.’s $8.9 million deal to end claims tied to a 2016 data breach gained final approval from a federal judge in Arizona. The settlement, approved by Judge Susan Bolton of the U.S. District Court for the District of Arizona April 21, will pay up to $500 to each class member and up to […] | Data Breach | ||
|
2020-04-23 10:32:22 | WHO security team doubled to tackle phishing attacks (lien direct) | Cyber security professionals working for the World Health Organisation (WHO) have “never been busier”, according to its CIO, as top officials are being targeted by constant phishing campaigns. The organisation has had to increase its security resources while it deals with the outbreak of COVID-19, the WHO’s chief information officer (CIO), Bernardo Mariano, told Bloomberg. […] | |||
|
2020-04-23 10:31:17 | 5,000 suspicious emails received by phishing hotline in one day (lien direct) | More than 80 coronavirus-related phishing and scam websites have been taken down just one day after the UK’s National Cyber Security Centre asked for the public to report suspicious emails. On Tuesday, the NCSC, in collaboration with the government and the City of London Police launched the ‘Suspicious Email Reporting Service’ urging people to alert […] | |||
|
2020-04-23 10:29:24 | 42 million records exposed in Kinomap breach (lien direct) | Millions of records belonging to users of a fitness technology app were exposed online for almost a month due to a misconfigured database, including a swathe of personal details. Approximately 40GB worth of information belonging to users of Kinomap, a service that creates immersive workout videos for people on rowing and cycling machines as […] | |||
|
2020-04-23 10:18:56 | Netflix and Disney+ targeted by Coronavirus Phishing (lien direct) | Hackers are turning their attention to streaming services in an ongoing bid to capitalize on the current COVID-19 pandemic and increase their own profits, according to Mimecast. The email security vendor revealed that it had detected the registration of over 700 suspicious domains designed to impersonate the Netflix brand in under a week. The recently […] |
To see everything:
Our RSS (filtrered)
