What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-04-22 09:54:10 | IBM Data Risk Manager exploit released (lien direct) | Four serious security vulnerabilities in the IBM Data Risk Manager (IDRM) have been discovered that can lead to unauthenticated remote code execution (RCE) as root, according to analysis – and a proof-of-concept exploit is available for version 2.0.3. However, IBM has not yet patched the problem. IDRM is a software platform that aggregates threat […] | Threat Guideline | ||
|
2020-04-22 09:53:25 | Email hoax exploits government job retention scheme (lien direct) | The scam, which was discovered by the Lanop Accountancy Group, involves phishing emails to companies about the scheme that purport to be from the first permanent secretary and chief executive of HMRC, Jim Harra. Sent via the email address no-reply@ncryptedprojects.com, official HMRC branding was used by the culprits, and the message asks for the bank […] | |||
|
2020-04-22 09:52:34 | Email reporting service launched to tackle coronavirus phishing (lien direct) | The National Cyber Security Centre today launched a new scam reporting service to allow citizens to report fake, fraudulent and suspicious emails, including those that offer coronavirus-related services. The NCSC today announced a cross-governmental 'Cyber Aware' campaign which includes advice for people to protect passwords, accounts, and devices and also includes specific precautionary guidelines for […] | |||
|
2020-04-22 09:51:29 | Ransomware Attacks Fall in USA (lien direct) | Ransomware attacks on the United States have diminished significantly and are “now at a level not seen in several years,” according to cybersecurity company Emsisoft. In new research published today, Emsisoft found a marked drop in ransomware attacks on US entities coinciding with the onset of the COVID-19 health crisis. In 2019, ransomware impacted 966 […] | Ransomware | ||
|
2020-04-22 09:50:36 | SBA data breach (lien direct) | A data breach in the Small Business Association's online application portal may have compromised personal information for nearly 8,000 businesses seeking emergency loans last month, the agency said today. In a letter to affected business owners, a copy of which was obtained by POLITICO, SBA said it discovered March 25 that the application system for […] | Data Breach | ||
|
2020-04-21 10:36:14 | Phishing crackdown sees 2,000 Coronavirus scammers taken offline (lien direct) | As the number of cyber criminals targeting remote workers grows, the National Cyber Security Centre has kicked off a new effort to encouraging people to report suspicious emails in an attempt to crack down on fraudsters and phishing scams. The coronavirus pandemic has led to record numbers of organisations requiring people to work from home […] | |||
|
2020-04-21 10:35:07 | Hackers attack Nintendo accounts to buy Fortnite currency (lien direct) | Over the course of the last month, Nintendo users have been increasingly reporting that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. The account hijackings appear to have started mid-March and have reached a peak over the […] | |||
|
2020-04-21 10:33:44 | \'Ragnarok Online\' company targeted by Chinese hackers (lien direct) | One of China’s largest state-sponsored hacking groups has attempted to breach the internal network of Gravity, the South Korean gaming company behind popular Ragnarok Online MMORPG (Massive Multiplayer Online Role-Playing Game). The intrusion attempts are believed to have taken place earlier this year, although it is unclear if they were successful or not. The attempted […] | |||
|
2020-04-21 10:32:50 | Hackers Just Sold 267 Million Facebook Profiles (lien direct) | Just a few days after exposing the sale of some 500,000 Zoom accounts for sale on the dark web, the research team at Cyble are back with another worrying tale of the vast array of information traded on furtive data markets. A “threat actor,” the team reported in a blog, “has dropped an online bomb […] | |||
|
2020-04-21 10:31:11 | New Starbleed bug discovered (lien direct) | A team of academics says they’ve discovered a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. Source: ZD Net | |||
|
2020-04-20 12:28:37 | Surge in Remote Working: Coping with Vulnerability Management (lien direct) | In the span of a couple months, the world as we knew it was turned upside-down. As scientists across the globe conduct experiments in search of the COVID-19 vaccine, the labour market has found itself within its own experiment. That is, the experiment of remote working on a massive scale. In an effort to slow down the spread of the virus, millions of employees around the […] | Vulnerability | ||
|
2020-04-20 10:53:42 | 23 million usernames and passwords leaked from game (lien direct) | A hacker has leaked today the usernames and passwords of nearly 23 million players of Webkinz World, an online children’s game managed by Canadian toy company Ganz. The Webkinz game launched in 2005 as the online counterpart of a line of Ganz plush toys. Users could enter a code from their plush toy on the […] | |||
|
2020-04-20 10:52:34 | Cognizant Hacked with “Maze” Ransomware (lien direct) | “A security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack” Another IT services heavyweight has fallen victim to a ransomware attack, with the US's Cognizant - a $16.8 billion by 2019 revenue stalwart of the Fortune 500 - admitting over the […] | Ransomware | ||
|
2020-04-20 10:51:54 | Tech giants forced to pay for content in Australia (lien direct) | The federal government is hoping to make tech giants such as Facebook and Google pay for Australian content if it is a source of profit. The Australian Competition and Consumer Commission (ACCC) has been directed to develop a mandatory code of conduct to address bargaining power imbalances between digital platforms and media companies. The move […] | |||
|
2020-04-20 10:51:10 | Android App Store Breach Claims (lien direct) | The stolen records of 20 million users of a popular Android app store have been published online by a hacker who claims to have 19 million more. Not all app stores are the same. Android users have access to the official Google Play Store, complete with nearly three million (2,870,985) apps available for download. Then […] | |||
|
2020-04-20 10:50:19 | Warnings of cybersecurity threats and election interference in Singapore (lien direct) | With general elections expected to be held within a year, Singapore’s political parties have been issued advisories about the threat of foreign interference and cybersecurity threats. They are urged to seek out precautionary measures to safeguard their ICT infrastructure, data, as well as online accounts. The city-state’s Ministry of Home Affairs, Cyber Security Agency, and […] | Threat | ||
|
2020-04-17 11:35:36 | Hackers linked to Syrian government target civilians with spyware via mobile apps (lien direct) | Researchers have unearthed a COVID-19 related spyware campaign that is specifically targeting Syrians and “likely other Arabic speaking” individuals in the Middle East region. Threat researchers at mobile security specialists, Lookout, discovered that over the past month, hackers, who are supposedly linked with the Syrian regime of President Bashar Al-Assad, have used at last 71 […] | Threat | ||
|
2020-04-17 11:24:36 | In Defense of Zoom (lien direct) | Guram stresses that he is not 'sponsored by Zoom' 😊 First of all, nothing is bulletproof and anything can be hacked. We all make mistakes and learn from them. That's how and why we improve and update software on a regular basis. Question is: on what basis are other blog posters or researchers assuming that […] | |||
|
2020-04-17 10:49:09 | Portuguese energy giant EDP being held to ransom after malware attack (lien direct) | We can report that this week, Portuguese multinational energy giant Energias de Portugal (EDP) is the latest enterprise to be battling against cyber attackers after suffering a ransomware attack. The group behind this attack used the RagnorLocker malware variant and it has been reported that the hackers are demanding $10.9m as ransom in return for […] | Ransomware Malware | ||
|
2020-04-17 10:07:47 | KnowBe4 Launches PhishRIP to Remove Suspicious Emails From Inboxes (lien direct) | KnowBe4 has launched a new feature to its PhishER product called PhishRIPTM, which helps security professionals remove, inoculate and protect against email threats faster. Technical controls do not filter out all of the malicious emails that come into a user's inbox. Various research has shown that phishing, spam and malware attachments still make it through email filters. Mimecast notes filters are missing 12% of unwanted emails. According to research […] | Spam Malware | ||
|
2020-04-17 10:04:29 | Zyng Data-Breach Claims (lien direct) | Game-maker Zynga Inc.’s data security measures allegedly were weak and enabled a breach affecting more than 170 million users of its Words With Friends online game, according to a complaint filed in California federal court. The suit filed Wednesday in the Northern District of California claims Zynga failed to “reasonably protect” the data and didn't […] | |||
|
2020-04-17 10:02:38 | Millions of Ad Dollars stolen in \'ICEBUCKET\' Attack (lien direct) | A massive television ad fraud campaign that abuses the programmatic advertising ecosystem for connected TV (CTV) has successfully impersonated more than 2 million people in over 30 countries so far during its run, defrauding more than 300 different brands out of their ad dollars. The recently uncovered CTV operation - named ICEBUCKET by the […] | |||
|
2020-04-17 09:58:54 | MBRLocker ransomware campaign trolls SentinelOne (lien direct) | SentinelOne has spoken out after an “attention-seeking prankster” trolled one of the firm’s security researchers with the release of a new ransomware strain. On Wednesday, the cybersecurity firm said that new MBRLocker malware variants have been released in a consistent wave over April, and while many of them appear to be little more than “pranks” […] | Ransomware Malware | ||
|
2020-04-17 09:57:22 | Report alleges Zoom Zero-Days for sale (lien direct) | Hackers claim they have discovered two zero-day vulnerabilities for the Zoom video conferencing platform that would allow threat actors to spy on people's private video conferences and further exploit a target's system. Flaws target Zoom clients for the Windows and the MacOS operating system, according to a published report by Vice Motherboard. According to the […] | Threat | ||
|
2020-04-17 09:55:50 | Visser targeted by DoppelPaymer ransomware (lien direct) | Confidential documents belonging to some of the largest aerospace companies in the world were stolen and updated on the internet by the hackers after Visser denied to pay the ransom. The company manufactures precision parts for major industry players and these include CNC Machining, Injection Molds & Tooling, Metal Additive Manufacturing & 3D Plastic Printing. […] | Ransomware | ||
|
2020-04-16 09:36:03 | Nemty shuts down public RaaS (lien direct) | The operators of the Nemty ransomware have announced this week they were shutting down their public Ransomware-as-a-Service operation and opting to go private in order to focus and put more resources on targeted attacks. For those unfamiliar with this malware operation, Nemty is a classic RaaS (Ransomware-as-a-Service). It launched in the summer of 2019 and […] | Ransomware Malware | ||
|
2020-04-16 09:35:13 | EDP hit by ransomware (lien direct) | The Portugese multinational energy giant Energias de Portugal (EDP) is the latest company to fall victim to the RagnarLocker ransomware and the attackers are now asking for a $10.9m ransom to unlock its files. According to BleepingComputer and MalwareHunterTeam, the attackers claim to have stolen over 10TB of sensitive company files which they are threatening […] | Ransomware | ||
|
2020-04-16 09:34:30 | Security breach disclosed by Wappalyzer (lien direct) | Tech company Wappalyzer has disclosed a security incident this week after a hacker began emailing its customers and offering to sell Wappalyzer’s database for $2,000. “If you receive this e-mail it’s because we get the full database of Wappalyzer, and your e-mail is on the database,” the hacker, going by the name of CyberMath, wrote […] | |||
|
2020-04-16 09:33:30 | Slack users warned about possible phishing attacks (lien direct) | Slack users have been warned to take extra care when using the online collaboration service after researchers uncovered worrying security risks. According to an AT&T AlienLabs report, incoming ‘webhooks’, which are used to connect from third-party apps to post messages on Slack, can be hijacked to carry out phishing attacks. A compromised webhook not only […] | |||
|
2020-04-16 09:32:28 | 600% increase in COVID-19 related phishing attacks (lien direct) | In its Q1 2020 Top-Clicked Phishing Report, security firm KnowBe4 revealed that phishing email attacks related to COVID-19 increased by 600% in the first quarter of the year. According to the firm, 45 percent of all phishing attacks asked Internet users to either check or type in their passwords on malicious domains that spoofed legitimate […] | |||
|
2020-04-15 16:09:42 | AT&T Researchers Discover Slack Webhooks Vulnerability (lien direct) | Researchers at AT&T Alien Labs, the threat intelligence arm of AT&T Cybersecurity, have discovered a vulnerability in popular work collaboration platform Slack. Slack is a popular cloud-based messaging platform that is commonly used in workplace communication, with Slack Incoming Webhooks allowing users to post messages from applications to Slack. By specifying a unique URL, the […] | Vulnerability Threat | ||
|
2020-04-15 14:42:15 | Qualys VMDR® – Vulnerability Management Detection and Response (lien direct) | LONDON, UK. April 15, 2020 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced the immediate availability of its game-changing solution, VMDR® – Vulnerability Management, Detection and Response. “The Toyota Financial Services team is an early adopter of VMDR,” said Georges Bellefontaine, manager of vulnerability management at Toyota Financial […] | Vulnerability Guideline | ||
|
2020-04-15 10:02:43 | Clearview AI facial recognition software used by AFP (lien direct) | The Australian Federal Police (AFP) has admitted to using a facial recognition tool, despite not having an appropriate legislative framework in place, to help counter child exploitation. In response to questions taken on notice by deputy commissioner Karl Kent, the AFP said while it did not adopt the facial recognition platform Clearview AI as an […] | |||
|
2020-04-15 10:01:43 | April Patch Tuesday: Microsoft Battles 4 vulnerabilities (lien direct) | Microsoft has released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era truly got underway. It's a doozie, with the tech giant disclosing 113 vulnerabilities. Out of these, 19 are rated as critical, and 94 are rated as important. Crucially, four of the vulnerabilities are being exploited […] | |||
|
2020-04-15 09:59:59 | 1.1 Million Customer Records exposed in SCUF data breach (lien direct) | SCUF data breach has taken place, exposing 1.1 million customer records including some credit card data. The breach was discovered by Comparitech, a pro-consumer website that is comprised of more than 30 researchers covering a variety of topics. One of these topics, naturally, is data breaches and this most recent one involving SCUF looks […] | Data Breach | ★★★★★ | |
|
2020-04-15 09:59:19 | \'Important\' Flaws fixed by Adobe (lien direct) | Adobe released security patches for vulnerabilities in its ColdFusion, After Effects and Digital Editions applications. If exploited, the flaws could enable attackers to view sensitive data, gain escalated privileges, and launch denial-of-service attacks. Each of the bugs were rated important-severity, based on CVSS rankings, marking an extremely low-volume month for Adobe bug fixes. Overall […] | |||
|
2020-04-15 09:58:26 | Data breach at San Francisco Airport (lien direct) | San Francisco International Airport (SFO) has warned that a breach against two of its websites may have allowed attackers to harvest visiting users' Windows login credentials. Malicious code was planted last month on two sites – SFOConnect.com and SFOConstruction.com – as the result of a cyber-attack by unidentified (or at least unnamed) assailants, the airport […] | Data Breach | ||
|
2020-04-15 09:55:17 | SDBbot deployed by TA505 Crime Gang (lien direct) | The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan (RAT) laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job that has been observed in TA505 attacks since at least September 2019; it offers remote-access capabilities and […] | |||
|
2020-04-14 14:40:08 | Podcast: Securing ERP systems and beyond with Onapsis (lien direct) | The post Podcast: Securing ERP systems and beyond with Onapsis | |||
|
2020-04-14 10:07:24 | Secret Industrial Documents released by Ransomware Gang (lien direct) | DoppelPaymer ransomware developers release files stolen from contractors to SpaceX, Tesla, Boeing, Lockheed-Martin and US Navy. Security researchers have warned of a new ransomware campaign that targets companies handling sensitive data – and then publishes their internal files online if they do not pay. DoppelPaymer emerged in mid-2019, but in recent weeks has published data […] | Ransomware | ||
|
2020-04-14 10:06:40 | 14% of Commonwealth incidents reported to ACSC are potential data breaches (lien direct) | The first installation of a new report into Canberra’s cyber readiness has been tabled, with The Commonwealth Cyber Security Posture in 2019 prepared by the Australian Signals Directorate (ASD). During the last year, the Australian Cyber Security Centre (ACSC) responded to 427 cyber incidents against Commonwealth entities, 65% of which were self-reported, and the rest […] | |||
|
2020-04-14 10:05:36 | 405 Bugs Tackled in Oracle Quarterly Patch Update (lien direct) | Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory. Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines. Impacted with […] | |||
|
2020-04-14 10:03:43 | New phishing campaign targets WebEx users (lien direct) | A new phishing campaign designed to harvest Cisco WebEx credentials through a security warning for the application has been discovered by the Cofense Phishing Defense Center (PDC). Surprisingly, Cisco’s own Secure Email Gateway failed to catch this new campaign which was launched at a time when millions of people are working from home using a […] | |||
|
2020-04-14 10:02:57 | 4 million Quidd users\' details shared on hacking forum (lien direct) | Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums. The data, of which ZDNet has obtained samples from three different sources, contains Quidd usernames, email […] | Data Breach | ||
|
2020-04-14 10:02:13 | White House and US Vice President impersonated by Phishing scammers (lien direct) | Researchers have discovered a new phishing campaign, which endeavours to trick unwitting Americans into downloading malware-laden coronavirus materials, using the White House as a hook. Identified by cybersecurity researchers from Inky, the scam operates just as you might expect. An individual receives an email from the supposed White House, claiming to share “Coronavirus Guidelines for […] | |||
|
2020-04-09 09:59:45 | Procurement solution used by government bodies found to contain zero-day bug (lien direct) | A zero-day cross-site scripting vulnerability has been discovered in BuySpeed, an automated procure-to-pay tool from Periscope Holdings, a provider of procurement software solutions for public-sector entities and their suppliers. The flaw, found in BuySpeed version 14.5, “could allow a local, authenticated attacker to store arbitrary JavaScript within the application,” warns a vulnerability advisory from the […] | Tool Vulnerability | ||
|
2020-04-09 09:58:23 | Maropost database left 95 million customer records unsecure (lien direct) | A database owned by the email delivery and marketing firm Maropost was reportedly found open and unsecured exposing about 95 million customer records. Researchers at CyberNews initially found the database in early February noting it contained 19.2 million unique email addresses and marketing logs containing the relevant metadata for these emails, such as the exact […] | |||
|
2020-04-09 09:57:17 | RigUp Exposes More than 70,000 Files (lien direct) | Led by Noam Rotem and Ran Locar, vpnMentor's research team recently discovered a breached database belonging to American software company RigUp, containing more than 70,000 private files belonging to its US energy sector clients. RigUp, founded in 2014, is a labor marketplace and services provider built for the US energy sector, with clients across the country. […] | |||
|
2020-04-09 09:56:13 | 3D printed \'fake fingerprints\' bypass scanners (lien direct) | New research has found that it's possible to use 3D printing technology to create “fake fingerprints” that can bypass most fingerprint scanners used by popular devices. But, creating the attack remains costly and time-consuming. Researchers with Cisco Talos created different threat models that use 3D printing technology, and then tested them on mobile devices (including […] | Threat | ||
|
2020-04-09 09:55:24 | Meeting IDs removed from app title bar to improve Zoom privacy (lien direct) | Video conferencing service Zoom has released an update for its Linux, Mac, and Windows apps that removes the meeting ID from the app’s title bar. The update comes after the company’s users have often leaked their meeting IDs, and even meeting passwords, when sharing screenshots of their meetings on social media. Famous incidents include when […] |
To see everything:
Our RSS (filtrered)
