What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-31 09:58:51 | Got MDM? You still need mobile security (lien direct) | It is common practice for businesses to implement some kind of central tool to manage smartphones and tablets. Normally, this is done through solutions referred to as mobile device management (MDM), which can ensure mobile devices are configured properly for business use. MDMs can also be used to mandate certain built-in device security settings, such […] | Tool | ||
|
2020-07-30 19:19:01 | EU sanctions for WannaCry, NotPetya, OPCW & Cloud Hopper attackers (lien direct) | Individuals and entities from North Korea, China and Russia, responsible for or involved in ‘WannaCry’, ‘NotPetya’, ‘Operation Cloud Hopper’ and the OPCW (Organisation for the Prohibition of Chemical Weapons) cyber attacks have been identified and received travel bans and an asset freeze in the first ever imposition of restrictive sanctions by the EU Council. EU persons and entities are also […] | NotPetya Wannacry | ||
|
2020-07-30 11:32:48 | OkCupid vulnerabilities allow attackers to hijack user accounts (lien direct) | With over 50 million registered users, OkCupid is one of the largest players in the online dating game, aided by the social distancing measures imposed by governments across the globe in response to the coronavirus pandemic. An expanding user base and the wealth of information contained in dating apps accounts makes them a particularly ripe […] | ★★ | ||
|
2020-07-30 11:14:50 | Cyber espionage of air-gapped environments and Covid-19 themed attacks: Q2 2020 in review (lien direct) | In a report published today, ESET researchers have outlined the threats and the trends that characterised the second quarter of 2020. Perhaps unsurprisingly, researchers found that Covid-19 themed phishing attacks are alive and well, and continued into Q2, confirming how the coronavirus pandemic has defined this year in cybercrime. ESET researchers also discovered a new […] | ★★★★★ | ||
|
2020-07-30 11:03:37 | News organisations\' CMS systems hacked to spread disinformation (lien direct) | Security firm FireEye released yesterday a report on the activity of filo-Russian disinformation focussed group Ghostwriter. According to FireEye’s report, the group seems to have upped its game since it first started operating in 2017, and has now begun hacking the content management systems of news organisations. Generally aimed at undermining NATO, the hacking campaign […] | ★★ | ||
|
2020-07-29 15:30:23 | Global Knowledge is named official training provider to grow cybersecurity skills by (ISC)2 (lien direct) | (ISC)² has announced today that it will add Global Knowledge to its portfolio of Official Training Providers for the UK, thus expanding the range of leading training organisations offering (ISC)2 certification preparation training. Global Knowledge will be providing exam preparation training for the full range of (ISC)2 certifications to its UK customer base, delivering pathways to […] | Guideline | ★★ | |
|
2020-07-29 10:45:49 | Ransomware strikes again: German business giant Dussmann Group\'s data leaked online (lien direct) | The trend of ransomware attacks turning into data breaches continues. Cybercriminals have taken the habit of exfiltrating a company’s data before encrypting their databases with ransomware, so as to double up on their profits with the sale of the stolen information. Dussman Group, one of the largest multi-service providers in Germany, is the latest enterprise […] | Ransomware | ||
|
2020-07-29 10:13:18 | Beijing has been inside the Vatican\'s computer network for the past three months (lien direct) | According to security firm Recorded Future, Chinese hackers have infiltrated the Vatican’s computer network in an apparent espionage effort. This happened ahead of sensitive negotiations with Beijing, which currently recognises five religions, including Catholicism. However, the Communist Party has recently attempted to tighten its control over religious groups, perceived as a threat to the stability […] | Threat | ||
|
2020-07-29 10:00:02 | Decrypting Diversity 2020: NCSC publishes report on diversity and inclusion in the cybersecurity industry (lien direct) | Decrypting Diversity 2020 is a joint report between the National Cyber Security Centre (NCSC) and KPMG UK, supported by Professor Nick Jennings, Vice-Provost (Research and Enterprise) of Imperial College London. It is the first in an annual series that will benchmark and track levels of diversity and inclusion in the cyber security industry. According to […] | |||
|
2020-07-28 10:34:06 | CISA and NCSC Release Joint Alert: 62,000 QNAP NAS Devices Infected with QSnach Malware (lien direct) | CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has […] | Malware | ||
|
2020-07-28 10:28:16 | Fake SharePoint Alerts Spread Malware (lien direct) | Microsoft Office 365 users are being targeted by a malicious email campaign impersonating an automated SharePoint notification. The fake emails were crafted to mention the name of the targeted organisations and have already reached over 50,000 inboxes, according to email security company Abnormal Security. The messages invited potential victims to click on a link in […] | Malware | ||
|
2020-07-28 10:10:26 | National Cardiovascular Partners (NCP) Notifies Patients of Data Breach (lien direct) | US healthcare service National Cardiovascular Partners (NCP) has fallen victim of an email hack that exposed 78,000 cardiovascular patients’ data. The data was archived in an Excel spreadsheet, which was accessed by malicious actors back in April. The breach remained undetected until nearly a month late, when NCP responded by securing the compromised email and […] | Data Breach Hack | ||
|
2020-07-27 10:41:50 | (Déjà vu) Microsoft, Adobe, Lenovo and Nintendo\'s Source Code Exposed In Public Repository Leak (lien direct) | Source code from exposed repositories of dozens of companies across various fields of activity (tech, finance, retail, food, eCommerce, manufacturing) is publicly available as a result of misconfigurations in their infrastructure, Bleeping Computer reported. A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, […] | ★★★★★ | ||
|
2020-07-27 10:21:25 | FBI Warns of Network Protocols Abused in Large Scale DDoS Attacks (lien direct) | The Federal Bureau of Investigation added three network protocols and one web application to its list of newly discovered DDoS attack vectors. In a private industry notification, the Bureau reported that: In February 2020, UK security researchers identified a vulnerability in the built-in network discovery protocols of Jenkins servers-free, open source, automation servers used to […] | Vulnerability | ★★★★★ | |
|
2020-07-24 10:48:55 | Hearing Between US Government and Tech Giants Put On Hold (lien direct) | The hearing between the US government and four tech giants – Amazon, Apple, Facebook and Google, has been postponed to a later date that has yet to be confirmed, the BBC reports. The hearing will look into these companies’ dominance in their respective fields of e-commerce, smartphone software, social media and search. The delay will […] | ★★ | ||
|
2020-07-24 10:36:24 | More Universities Impacted by Blackbaud Data Breach (lien direct) | A ransomware attack on Blackbaud, a US cloud computing provider, back in May has led to data breaches across numerous universities and NGOs. This includes the University of York, University College London, University of London, Human Rights Watch and Young Minds. As a result of Blackbaud’s delay in responding to the incident, it is likely […] | Ransomware Data Breach | ||
|
2020-07-24 10:28:16 | Drone App Made in China Suspected of Spying (lien direct) | An Android application used to control drones possesses a self-update feature that bypasses the Google Play Store which allows it to transfer sensitive data to its manufacturer, Da Jiang Innovations, and potentially the Chinese government. This was confirmed by French researchers at Synacktiv with the GRIMM security research group. “While we can't prove intent, what […] | |||
|
2020-07-24 10:18:15 | Garmin Operations Halted Following Alleged Ransomware Attack (lien direct) | Garmin, a wearable device maker, has suffered an outage of its connected services and call centres as a result of a suspected ransomware attack. It was first revealed following a Tweet from the company’s Indian branch which announced a shutdown of some servers for planned maintenance. Soon after, the same outage message was shared across […] | Ransomware | ||
|
2020-07-23 11:22:16 | Twilio\'s SDK Compromised by Attackers (lien direct) | Twilio is a cloud communications platform as a service (CPaaS) company that enables communications for over 40,000 companies including Twitter, Netflix, Uber, Airbnb and many more. It allows developers to add various communication tools such as voice, video, and messaging as well as authentication capabilities. However, BleepingComputer has reported that hackers had infiltrated Twilio’s TaskRouter […] | Uber | ||
|
2020-07-23 11:06:15 | Private Messages from 36 Twitter Accounts Exposed to Hackers (lien direct) | Following the great Twitter hack last week, it has been revealed that hackers had viewed the private messages of 36 of the affected accounts. While it has not been announced who these accounts belong to, one is believed to be owned by an elected official in the Netherlands. According to Twitter, no other former or […] | Hack | ★★★★★ | |
|
2020-07-23 10:59:33 | New Cryptojacking Botnet Discovered (lien direct) | Researchers at Cisco Talos have identified a new botnet dubbed Prometei which has been active since March of this year. They have described the attacks to be a complex campaign utilising multi-modular malware. It has been spreading across compromised networks through SMB exploits, including the EternalBlue exploit for Windows Server Message Block communication protocol. The […] | ★★★★★ | ||
|
2020-07-23 10:46:49 | Premier League Clubs Targeted by Cyber Hackers, Almost Lost £1M (lien direct) | During a transfer deal, a Premier League club almost lost £1m and this was only halted because of an intervention by the unnamed club’s bank, reports the BBC. A report from the NCSC revealed that the attempted theft came about as a result of an email address hack; specifically, a hack of the Premier League […] | Hack | ||
|
2020-07-22 12:13:16 | Entersekt urges financial institutions not to underestimate the time it will take to meet PSD2 deadline (lien direct) | Entersekt, a global specialist in digital security solutions, is urging banks and other financial institutions not to underestimate the time it will take to meet strong customer authentication (SCA) compliance mandates set by the second Payment Services Directive (PSD2) in Europe. The company has made its SCA checklist and whitepaper “Turning a compliance challenge into […] | |||
|
2020-07-22 11:21:00 | Multiple Vulnerabilities Found in CMS Made Simple and Lime Survey (lien direct) | Edgescan‘s Senior Security Consultant Guram Javakhishvili has identified numerous vulnerabilities across several popular applications. Some of which have not yet been announced to the public until vendors have implemented the appropriate patches. For the moment, however, five vulnerabilities have been found in the content management system, CMS Made Simple, and has been disclosed. Three of which […] | |||
|
2020-07-22 11:12:03 | Unsecured Databases Wiped by \'Meow\' Attack (lien direct) | An automated ‘meow’ attack is circulating the public web targeting dozens of unsecured databases without any explanation or a ransom note. According to BleepingComputer, a simple search on Shodan shows many databases affected by this attack. Many researchers are now scrambling to identify any exposed databases and report them responsibly before they are wiped, or […] | ★★★★★ | ||
|
2020-07-22 10:34:51 | London is the Third Most Surveilled City in the World, Research Finds (lien direct) | Collating data from government reports, police websites, and news articles across 150 countries, cybersecurity analysts at Comparitech have identified London to be the third most surveilled city in the world. London was only one of two cities, the other being Hyderabad in India, outside of China that ranked in the top 20 most surveilled cities. […] | ★★★★★ | ||
|
2020-07-22 10:17:01 | University of York Suffers Data Breach (lien direct) | According to YorkMix, the personal details of staff and students from the University of York have been stolen by hackers. The US tech company, Blackbaud, which provided the university with a customer management system had suffered a ransomware attack in May of this year. However, they only informed the university on the 16th of June. […] | Ransomware Data Breach | ||
|
2020-07-22 09:11:30 | Edgescan finds Critical WordPress Plugin Vulnerabilities – Here\'s All You Need To Know (lien direct) | Edgescan’s Senior Security Consultant Guram Javakhishvili has discovered several vulnerabilities across a number of popular applications. Some of these are not yet publicly available. As soon as the vendor implements the fixes, those issues will also be added to this list and article will be updated accordingly. CMS Made Simple 2.2.13 CMS Made Simple is […] | ★★★ | ||
|
2020-07-21 13:54:27 | Emotet Strikes Back (lien direct) | The past few days has seen the resurgence of Emotet, a dangerous email threat vector that aims to steal sensitive and financial information. ZIX, the cybersecurity company that specialises in email security has uncovered a worrying trend that could lead to users falling victim to cybercriminals seeking to exploit the uncertainty of these precarious times […] | Threat Guideline | ||
|
2020-07-21 12:00:51 | Cybercriminals Leveraging Public Cloud Services for Phishing (lien direct) | According to a report by Check Point, attackers are increasingly leveraging public cloud services to share malicious documents or phishing pages which collect login details. This includes the use of Google Drive but also Microsoft Azure, Microsoft Dynamics and IBM Cloud, finds Bleeping Computer. | ★★ | ||
|
2020-07-21 11:52:36 | Data of over 20 Million Users Leaked through VPN Services (lien direct) | WeLiveSecurity yesterday reported that seven Virtual Private Network (VPN) providers had exposed the personal data of over 20 million users. This is in spite of the fact that they had claimed not to keep any logs of their users online activity. The data leaked included email and home addresses, clear text passwords, IP addresses as […] | ★★★★ | ||
|
2020-07-21 11:40:02 | $7.5 Million Demanded From Telecom Company Following Ransomware Attack (lien direct) | The largest telecommunications company in Argentina fell victim to a ransomware attack on the 18th of July. The attack was largely contained by the company’s IT workers and services such as landlines, mobile phones or the internet do not look to have been affected. However, hackers are now demanding the company pay $7.5 million, or […] | Ransomware | ||
|
2020-07-21 10:33:12 | Report Suggests UK is Russia\'s \'top target\' (lien direct) | According to a report released by the Intelligence and Security Committee, the UK is one of the ‘top targets’ in the West for Russia. The committee has criticised the government for delaying its release and urges for ‘immediate action’ to assist intelligence services in tackling this ‘capable adversary’. Among other topics covered, the ISC’s report […] | ★★★★★ | ||
|
2020-07-20 13:12:25 | Overcoming the Challenges of AppSec Programs in a Remote Working Environment (lien direct) | Patrick Carey, Director of Product Marketing at Synopsys In the 2020 Verizon Data Breach Investigations Report (DBIR), it was found that 43% of data breaches are linked to application vulnerabilities; a number that has more than doubled in comparison to the year prior. Considering recent events, including the COVID-19 outbreak and the Black Lives Matter […] | Data Breach | ||
|
2020-07-20 10:58:25 | Israeli Water Systems Hit with Two More Cyberattacks (lien direct) | Officials from the Israeli Water Authority have announced that their water management facilities have been hit with two more cyber-attacks. These attacks occurred in June but fortunately, did not cause any damage to the affected organisations. One hit an agricultural water pump in upper Galilee and the second hit water pumps in Mateh Yehuda. Source: […] | ★★★★★ | ||
|
2020-07-20 10:52:56 | New Malware Targets 337 Android Apps to Steal Payment Card Details (lien direct) | A new malware called BlackRock has been recently identified by the cybersecurity firm ThreatFabric. This malware has affected over 337 Android app and utilises an overlay with keylogger functionality on top of the legitimate app. It then encourages users to enter in their payment card details in order to ‘access’ the app. Moreover, with the […] | Malware | ★★★★ | |
|
2020-07-20 10:43:46 | England\'s Test and Trace Programme Under Scrutiny (lien direct) | The Open Rights Group (ORG) have accused England’s test and trace programme of breaking a key data protection law since it launched on the 28th of May. The system asks individuals to share sensitive data including name, date of birth, postcode, who they live with, where they have recently visited as well as the name […] | ★★ | ||
|
2020-07-20 10:32:37 | Online Student Personal Data Exposed (lien direct) | According to WizCase, a VPN comparison site, four misconfigured and unencrypted AWS S3 buckets, as well as an unsecured Elasticsearch server, led to the exposure of almost a million online student records. This includes the personal information of children, their parents and teachers. Full names, home addresses, emails, phone numbers, date of birth etc. were […] | ★★ | ||
|
2020-07-17 09:56:51 | Police \'Team Cyber UK\' implementing regional CRC network (lien direct) | IT Security Guru interviewed Nick Bell, detective superintendent and national policing director for Cyber Resilience Centres with the NPCC National Cybercrime Programme. Q1: This is the first role of its kind within policing – why was it important to establish the role? Ans: “Policing needs to reach out across partnerships and the Cyber Resilience Centre […] | ★★★ | ||
|
2020-07-17 07:58:49 | Telecom Company, Orange, Victim of Ransomware Attack (lien direct) | Data from twenty enterprise customers of the French telecommunications company, Orange, have been exposed following a ransomware attack on the 15th of July. The operators behind this Nefilim ransomware supposedly breached the company through their “Orange Business Solutions” division. This division offers business remote support, virtual workstations, system security as well as cloud backups. Source: […] | Ransomware | ||
|
2020-07-17 07:54:04 | COVID-19 Researchers Targeted by Russian State-Sponsored Hackers (lien direct) | According to an advisory issued by the National Cyber Security Centre (NCSC) and counterparts in Canada and America, Russian state-sponsored hackers, APT29 or Cozy Bear, have been attacking organisations working towards a coronavirus vaccine. The campaign has been targeting government agencies, diplomatic bodies, healthcare organisations, thinktanks and the energy sector looking to steal intellectual property. […] | APT 29 | ||
|
2020-07-17 07:47:56 | Phishing Attacks Masked as Amazon Delivery Notices (lien direct) | Armorblox researchers have recently noted a number of campaigns utilising Amazon as a means of lifting credentials and personal information. This is in light of a growing dependence on the e-commerce giant during COVID-19. With many expecting to receive deliveries, one campaign takes advantage through counterfeit notices of a failed delivery attempt. Another campaign utilises […] | |||
|
2020-07-17 07:39:34 | Hacker Forum Welcomes Less Experienced Hackers (lien direct) | Private hacker forums have typically been exclusive to only elite, and highly-skilled cybercriminals. In order to gain access to such forums. Members have to undergo a “rigorous application and interview process,” said researchers. However, a report recently published by Digital Shadows has found that the forum, CryptBB has become increasingly inclusive. Less-experienced hackers are now […] | |||
|
2020-07-16 08:04:19 | High-profile Twitter accounts hacked in Bitcoin scam (lien direct) | Billionaires Jeff Bezos, Bill Gates and Elon Musk amongst other prominent US figures have been targeted by hackers on Twitter in an apparent Bitcoin scam. The official accounts of Joe Biden, Barack Obama and Kanye West were also reportedly hacked to request donations in the cryptocurrency. “Everyone is asking me to give back,” a tweet […] | |||
|
2020-07-15 15:19:52 | Huawei banning – NCSC\'s advice was more nuanced (lien direct) | It will become illegal for UK telecos to buy new Huawei equipment from the end of this year once a new bill takes effect. Culture secretary Oliver Dowden told the house of commons yesterday that the legislation would also require the complete removal of all Huawei kit from 5G networks by 2027. The decision followed advice from the NCSC […] | ★★★ | ||
|
2020-07-15 08:04:25 | New Mirai variant includes exploits for 9 vulnerable products (lien direct) | The impacted products include routers, IP cameras, DVRs, and smart TVs. Nearly four years after Mirai first demonstrated how ordinary Internet-connected devices could be turned into remotely controlled attack systems, variants of the malware continue to surface with troubling regularity. This week, researchers from Trend Micro discovered a brand-new Mirai variant designed to exploit a […] | Malware | ★★ | |
|
2020-07-15 07:51:55 | South Korean regulator fines TikTok for mishandling child data (lien direct) | Video sharing platform TikTok has been fined by a South Korea regulator over mishandling child data. The country’s telecommunications watchdog, The Korea Communications Commission (KCC), said it has fined the company 186 million won — around $155,000 — for failing to protect users’ private data. The fine is equivalent to 3% of the company’s […] | ★★★★ | ||
|
2020-07-14 16:13:58 | CyberSmart raises £5.5million to fund growth following increased demand for cybersecurity (lien direct) | CyberSmart has raised £5.5 million in a heavily oversubscribed Series A funding round led by VC firm IQ Capital and respected cyber security and tech entrepreneur investors. The funding will be used to fund the growth of the company, which enables small to medium-sized businesses (SMBs) to combat the constant threat of cyber-attacks and increasing […] | Threat | ||
|
2020-07-14 08:04:50 | Security firm G4S fined by Serious Fraud Office (lien direct) | Security firm G4S has been fined £44m by the Serious Fraud Office (SFO) as part of an agreement that will see it avoid prosecution for overcharging the Ministry of Justice for the electronic tagging of offenders, some of whom had died. The SFO said G4S had accepted responsibility for three counts of fraud that were […] | |||
|
2020-07-14 08:01:38 | (Déjà vu) Highly-Critical SAP bug that could let attackers take over corporate servers patched (lien direct) | SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, […] | Vulnerability |
To see everything:
Our RSS (filtrered)
