Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-10-16 05:00:03 |
800,000 SonicWall VPNs vulnerable to new remote code execution bug (lien direct) |
VPN vulnerabilities - the gift that keeps on giving (to attackers). |
|
|
|
|
2020-10-15 21:10:00 |
Card details for 3 million Dickey\'s customers posted on carding forum (lien direct) |
Dickey's Barbecue Pit, the largest barbecue restaurant chain in the US, suffered a POS breach between July 2019 and August 2020. |
|
|
|
|
2020-10-15 17:01:36 |
Ubisoft, Crytek data posted on ransomware gang\'s site (lien direct) |
Details about hackers obtained the files remain unclear. Ransomware gang also threatened to leak the source code of Watch Dogs: Legion, an upcoming Ubisoft game. |
Ransomware
|
|
|
|
2020-10-15 15:53:00 |
US charges QQAAZZ group for laundering money for malware gangs (lien direct) |
Among the QQAAZZ group's clients were famous malware groups like Dridex, Trickbot, and GozNym. |
Malware
|
|
|
|
2020-10-15 15:00:03 |
Iranian state hacker group linked to ransomware deployments (lien direct) |
Amidst rising tensions between Israel and Iran, security researchers fear new escalation. |
Ransomware
|
|
|
|
2020-10-15 13:27:51 |
New Emotet attacks use fake Windows Update lures (lien direct) |
Emotet diversifies arsenal with new lures to trick users into infecting themselves. |
|
|
|
|
2020-10-15 09:08:38 |
Barnes & Noble confirms cyberattack, suspected customer data breach (lien direct) |
The bookseller's security incident also impacted Nook services. |
Data Breach
|
|
|
|
2020-10-14 23:12:48 |
Microsoft rolls out new Edge extensions API but promises to leave ad blockers alone (lien direct) |
Feared "Manifest V3" changes now available in Edge beta and stable releases. |
|
|
|
|
2020-10-14 20:35:00 |
Iranian hackers restart attacks on universities as the new school year begins (lien direct) |
This time they hosted phishing servers in Iran, immune to any takedown attempts. |
|
|
|
|
2020-10-14 15:54:00 |
Zoom to roll out end-to-end encrypted (E2EE) calls (lien direct) |
Zoome E2EE calls to be available starting next week. |
|
|
|
|
2020-10-14 14:04:00 |
German authorities raid FinFisher offices (lien direct) |
Raids took place last week at 15 locations in Germany and at a connected company in Romania. |
|
|
|
|
2020-10-14 12:45:24 |
\'Network access\' sold on hacker forums estimated at $500,000 in September 2020 (lien direct) |
The number of ads peddling access to "hacked networks" tripled in September 2020 compared to the month before. |
|
|
|
|
2020-10-13 21:51:40 |
TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent (lien direct) |
Microsoft successfully argued in court against the use of Windows SDKs inside malware code, a precedent it would be able to use again and again in future botnet crackdowns. |
Malware
|
|
|
|
2020-10-13 17:27:00 |
Microsoft October 2020 Patch Tuesday fixes 87 vulnerabilities (lien direct) |
Fixes for 21 remote code execution (RCE) vulnerabilities included for products like Excel, Outlook, the Windows Graphics component, and the Windows TCP/IP stack. |
|
|
|
|
2020-10-13 05:00:03 |
Malware gangs love open source offensive hacking tools (lien direct) |
Hacking tools released by security researchers often end up being abused by bad guys as well. |
Malware
|
|
|
|
2020-10-12 13:32:00 |
Bitcoin wallet update trick has netted criminals more than $22 million (lien direct) |
Criminal gangs are sending fake updates to owners of Electrum wallets, installing malware, and stealing user funds. |
|
|
|
|
2020-10-12 13:00:03 |
Ransomware operators now outsource network access exploits to speed up attacks (lien direct) |
The trend is on the rise as ransomware continues to be lucrative -- especially in the enterprise space. |
Ransomware
|
|
|
|
2020-10-12 11:41:00 |
Microsoft and others orchestrate takedown of TrickBot botnet (lien direct) |
FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, Symantec, and the Microsoft Defender team participated in the takedown. |
|
|
|
|
2020-10-12 07:42:00 |
Twitter slaps warning on President Trump tweet claiming coronavirus immunity (lien direct) |
Trump has claimed immunity to the virus, despite no scientific backing. |
|
|
|
|
2020-10-12 05:00:03 |
Hacker groups chain VPN and Windows bugs to attack US government networks (lien direct) |
Some attacks were successful and intruders gained "unauthorized access to elections support systems." |
|
|
|
|
2020-10-11 17:44:35 |
Five Eyes governments, India, and Japan make new call for encryption backdoors (lien direct) |
Another Five Eyes meeting, another call for encryption backdoors in modern tech. |
|
|
|
|
2020-10-10 18:56:36 |
Google Cloud kicks out Proud Boys websites (lien direct) |
Official website and online store for the Proud Boys far-right group have been kicked off Google Cloud on Thursday. |
|
|
|
|
2020-10-10 18:56:00 |
Proud Boys websites kicked off web host, Google Cloud (lien direct) |
Following years of lobbying efforts, Google intervenes with one of its customers to have Proud Boys websites moved off its platform. |
|
|
|
|
2020-10-10 08:36:03 |
Children and parent info exposed in Georgia DHS data breach (lien direct) |
The personal and health data of children and adults involved in Child Protective Services cases was exposed. |
Data Breach
|
|
|
|
2020-10-10 07:39:23 |
New self-erasing chip could be used to detect counterfeit or tampered products (lien direct) |
Special chips holding messages can be placed inside products. When the chip is exposed to natural light, the message disappears. |
|
|
|
|
2020-10-09 23:56:45 |
Document-signing service Docsketch discloses security breach (lien direct) |
Docsketch says an unauthorized third-party accessed a three-week old copy of its database. |
|
|
|
|
2020-10-09 16:39:06 |
German tech giant Software AG down after ransomware attack (lien direct) |
The Clop ransomware gang is demanding more than $20 million from the German software firm. |
Ransomware
|
|
|
|
2020-10-09 14:20:02 |
Chrome changes how its cache system works to improve privacy (lien direct) |
Chrome 86, launched this week, introduces new privacy-focused "cache partitioning" mechanism. |
|
|
|
|
2020-10-09 10:57:38 |
US unveils enforcement framework to combat terrorist, criminal cryptocurrency activities (lien direct) |
Blockchain technologies are described as “breathtaking,” but still, the US wants to tighten its grip on emerging criminal use cases. |
|
|
|
|
2020-10-09 10:00:03 |
Facebook launches bug bounty \'loyalty program\' (lien direct) |
Facebook to rank bug hunters based on past activity and provide bonuses and special perks. |
|
|
|
|
2020-10-09 06:49:00 |
Microsoft warns of Android ransomware that activates when you press the Home button (lien direct) |
New MalLocker.B ransomware is currently spreading via online forums and third-party websites |
Ransomware
|
|
|
|
2020-10-08 11:42:59 |
Waterbear malware used in attack wave against government agencies (lien direct) |
The loader has been launched against a number of Taiwanese government entities. |
Malware
|
|
|
|
2020-10-08 11:00:03 |
240+ Android apps caught showing out-of-context ads (lien direct) |
The malicious applications were showing ads but making them appear as coming from other, legitimate apps. |
|
|
|
|
2020-10-08 10:42:33 |
Tesla accuses employee of Californian factory sabotage (lien direct) |
This is not the first time the company has been targeted by individuals seeking to disrupt operations. |
|
|
|
|
2020-10-08 09:42:57 |
US seizes Iranian government domains masked as legitimate news outlets (lien direct) |
The web of domains was utilized to spread propaganda and disinformation. |
|
|
|
|
2020-10-07 10:55:25 |
UK Department For Education fails to meet UK, GDPR data protection standards - with flying colors (lien direct) |
A compulsory audit has revealed severe security failings and data management problems. |
|
|
|
|
2020-10-07 09:19:56 |
Hackers exploit Windows Error Reporting service in new fileless attack (lien direct) |
The Kraken attack technique abuses WER to avoid detection. |
|
|
|
|
2020-10-07 07:51:28 |
GitLab patches Elasticsearch private group data leak bug (lien direct) |
Public group projects made private were still searchable via an API. |
|
|
|
|
2020-10-07 06:55:03 |
ZeroFOX acquires Cyveillance threat intelligence business from LookingGlass (lien direct) |
The deal focuses on improving threat intelligence features on the ZeroFOX platform. |
Threat
|
|
|
|
2020-10-06 19:33:53 |
New HEH botnet can wipe routers and IoT devices (lien direct) |
The disk-wiping feature is present in the code but has not been used yet. |
|
|
|
|
2020-10-06 16:00:07 |
Chrome 86 released with password-related security improvements (lien direct) |
The new Native File System API now also lets websites to interact with any file or folder stored on the user's local disk. |
|
|
|
|
2020-10-06 12:00:03 |
FireEye\'s Mandiant debuts new SaaS threat intelligence suite (lien direct) |
The threat intelligence solution is the first of many planned to augment global security teams. |
Threat
|
|
|
|
2020-10-06 10:29:08 |
Boom! Mobile falls prey to Magecart card-skimming attack (lien direct) |
Researchers say the website is still compromised, placing consumers at risk. |
|
|
|
|
2020-10-06 10:03:00 |
UN maritime agency says it was hacked (lien direct) |
Attack took place last week and "overcame robust security measures" the agency had in place to protect IT systems. |
|
|
|
|
2020-10-06 04:40:03 |
Five bar and cafe owners arrested in France for running no-log WiFi networks (lien direct) |
A 2006 French law says any person who provides internet access must keep access logs for at least one year. |
|
|
|
|
2020-10-05 23:50:39 |
Microsoft says Iranian hackers are exploiting the Zerologon vulnerability (lien direct) |
Microsoft links back the attacks to an Iranian hacker group known as Mercury, or MuddyWater. |
Vulnerability
|
|
|
|
2020-10-05 22:57:40 |
Hackers claim they can now jailbreak Apple\'s T2 security chip (lien direct) |
Jailbreak involves combining last year's checkm8 exploit with the Blackbird vulnerability disclosed this August. |
Vulnerability
|
|
★★★★
|
|
2020-10-05 14:00:44 |
Chinese hacker group spotted using a UEFI bootkit in the wild (lien direct) |
Targets included diplomatic entities and NGOs in Africa, Asia, and Europe. |
|
|
|
|
2020-10-05 11:18:58 |
Four npm packages found uploading user details on a GitHub page (lien direct) |
Collected information included IP address, country, city, computer username, home directory path, and CPU model. |
|
|
|
|
2020-10-05 07:38:05 |
Microsoft releases tool to update Defender inside Windows install images (lien direct) |
The new tool supports installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. |
Tool
|
|
|