Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-09-23 09:00:03 |
Ransomware gang targets Russian businesses in rare coordinated attacks (lien direct) |
Group breaks an unofficial rule in the cybercrime underground not to target the former Soviet space. |
Ransomware
|
|
|
|
2020-09-23 08:57:31 |
Shopify discloses security incident caused by two rogue employees (lien direct) |
Shopify said two rogue support staffers accessed customer transaction details for less than 200 stores. |
|
|
|
|
2020-09-22 20:24:40 |
Google deprecates Web Store Payments API, effectively nuking Chrome paid extensions (lien direct) |
Move comes after a wave of fraudulent transactions over the winter. |
|
|
|
|
2020-09-22 17:27:33 |
CISA warns of notable increase in LokiBot malware (lien direct) |
"CISA has observed a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020." |
Malware
|
|
|
|
2020-09-22 16:00:03 |
Healthcare lags behind in critical vulnerability management, banks hold their ground (lien direct) |
New research sheds light on which industries are performing well when it comes to patching high-risk bugs. |
Vulnerability
Patching
|
|
|
|
2020-09-22 15:10:37 |
Firefox 81 released with new browser theme (lien direct) |
Other Firefox 81 features include a new look for the PDF viewer, support for auto-filling card data, and support for hardware media keys. |
|
|
|
|
2020-09-22 15:00:00 |
Microsoft renames and unifies more products under Microsoft Defender brand (lien direct) |
Microsoft Threat Protection, Defender ATP, Azure Security Center, and others brought under the Microsoft Defender umbrella brand. |
Threat
|
|
|
|
2020-09-22 12:33:00 |
Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI (lien direct) |
Amendment to IT law would make it illegal to use encryption protocols that fully hide the traffic's destination. |
|
|
|
|
2020-09-21 23:46:14 |
Details of 540,000 sports referees taken in failed ransomware attack (lien direct) |
ArbiterSports said it paid the hackers to delete the stolen data - a database backup. |
Ransomware
|
|
|
|
2020-09-21 21:41:46 |
Member of \'The Dark Overlord\' hacking group sentenced to five years in prison (lien direct) |
UK national Nathan Wyatt gets five years in prison after pleading guilty today. |
Guideline
|
|
|
|
2020-09-21 18:00:03 |
Microsoft secures backend server that leaked Bing data (lien direct) |
No personal user data was leaked in the incident. |
|
|
|
|
2020-09-21 12:44:00 |
Phishing awareness training wears off after a few months (lien direct) |
Retraining employees after six months is recommended. |
|
|
|
|
2020-09-21 12:02:22 |
Code execution, defense evasion are top tactics used in critical attacks against corporate endpoints (lien direct) |
Cisco examines MITRE ATT&CK data to suggest the threat vectors enterprise security staff should focus their efforts on. |
Threat
|
|
|
|
2020-09-21 08:33:02 |
Consultants charged for bribing Amazon Marketplace employees to game the platform (lien direct) |
Prosecutors allege the group paid handsome bribes to give clients a competitive advantage. |
|
|
|
|
2020-09-20 17:02:37 |
US govt orders federal agencies to patch dangerous Zerologon bug by Monday (lien direct) |
DHS CISA tells government agencies to patch Zerologon bug by Monday, citing "unacceptable risk" posed to federal networks. |
|
|
|
|
2020-09-20 13:34:22 |
Hackers leak details of 1,000 high-ranking Belarus police officers (lien direct) |
Hackers promise to leak more if police crackdown against anti-government protesters continues. |
|
|
|
|
2020-09-18 21:17:39 |
Firefox bug lets you hijack nearby mobile browsers via WiFi (lien direct) |
Mozilla says users should update as soon as possible to Firefox v79 for Android. |
|
|
|
|
2020-09-18 17:16:00 |
Spammers use hexadecimal IP addresses to evade detection (lien direct) |
Links in spam emails looked like http://0xD83AC74E instead of "domain.com." |
Spam
|
|
|
|
2020-09-18 12:06:13 |
Iranian hacker group developed Android malware to steal 2FA SMS codes (lien direct) |
The malware could steal 2FA SMS codes for Google accounts. Also contained vague functionality to do the same for Telegram and various social networks. |
Malware
|
|
|
|
2020-09-18 10:11:49 |
CEO of cyber fraud startup NS8 arrested for defrauding investors in $123m scheme (lien direct) |
Irony aside, the former executive allegedly secured millions from investors based on fake financial statements. |
|
|
|
|
2020-09-17 23:41:21 |
US sanctions Iranian government front company hiding major hacking operations (lien direct) |
US says the Iranian government used the "Rana Intelligence Computing Company" as a front for the APT39 hacking group. |
Prediction
|
APT 39
|
|
|
2020-09-17 19:30:39 |
US charges Iranian hackers for breaching US satellite companies (lien direct) |
Three suspects were indicted, with one being a famous security researcher. |
|
|
|
|
2020-09-17 19:00:04 |
Mozilla shuts down Firefox Send and Firefox Notes services (lien direct) |
Mozilla will shut down Send for good after a ZDNet report over the summer that highlighted the service's popularity with malware operators. |
Malware
|
|
|
|
2020-09-17 16:24:00 |
First death reported following a ransomware attack on a German hospital (lien direct) |
Death occurred after a patient was diverted to a nearby hospital after the Duesseldorf University Hospital suffered a ransomware attack. |
Ransomware
|
|
|
|
2020-09-17 06:34:59 |
Human biohacking: an exciting prospect, but only for the rich? (lien direct) |
“You want a monkey tail? Good for you.” |
|
|
|
|
2020-09-17 00:45:00 |
Google \'formally\' bans stalkerware apps from the Play Store (lien direct) |
Ban is meaningless as Google leaves a giant loophole in the rules, allowing stalkerware devs to rebrand their apps as child trackers. |
|
|
|
|
2020-09-16 22:52:00 |
US charges two Iranian hackers for years-long cyber-espionage, cybercrime spree (lien direct) |
US government says the two hacked targets at the behest of the Iranian regime and for their personal financial gain. |
|
|
|
|
2020-09-16 19:51:00 |
US charges two Russians for stealing $16.8m via cryptocurrency phishing sites (lien direct) |
The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini. |
|
|
|
|
2020-09-16 17:00:03 |
Chrome now lets high-risk APP users scan suspicious files on demand (lien direct) |
Users part of Google's Advanced Protection Program can now send suspicious downloads to Google and have them scanned on demand. |
|
|
|
|
2020-09-16 15:03:00 |
US charges five hackers part of Chinese state-sponsored group APT41 (lien direct) |
US says APT41 orchestrated intrusions at more than 100 companies across the world, ranging from software vendors, video gaming companies, telcos, and more. |
Guideline
|
APT 41
|
|
|
2020-09-16 14:39:16 |
Cerberus banking Trojan source code released for free to cyberattackers (lien direct) |
An auction designed to net the developer of the Android malware $100,000 failed. |
Malware
|
|
|
|
2020-09-16 12:00:05 |
Half of US citizens would share medical data beyond COVID-19 despite surveillance state worries (lien direct) |
US residents are willing to serve the greater good but have reservations concerning government use of their data. |
|
|
|
|
2020-09-16 07:29:34 |
Adobe out-of-band patch released to tackle Media Encoder vulnerabilities (lien direct) |
The bugs could be exploited to leak information. |
|
|
|
|
2020-09-16 05:00:03 |
New MrbMiner malware has infected thousands of MSSQL databases (lien direct) |
A hacker group is brute-forcing MSSQL servers with weak passwords and installing crypto-mining malware. |
Malware
|
|
|
|
2020-09-15 21:27:43 |
Billions of devices vulnerable to new \'BLESA\' Bluetooth security flaw (lien direct) |
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation. |
|
|
|
|
2020-09-15 18:56:14 |
US charges two hackers for defacing US websites following Soleimani killing (lien direct) |
US authorities have tracked down the two hackers behind a January 2020 mass-defacement campaign. |
|
|
|
|
2020-09-15 15:33:25 |
MITRE releases emulation plan for FIN6 hacking group, more to follow (lien direct) |
New MITRE project to provide free emulation plans that mimic major threat actors in order to train and help defenders. |
Threat
|
|
|
|
2020-09-15 10:56:03 |
US reaches $1.5 billion settlement with Daimler over emissions scandal (lien direct) |
Daimler must also recall and repair Mercedes-Benz diesel cars that cheat the system. |
|
|
|
|
2020-09-14 23:38:20 |
Department of Veteran Affairs discloses breach impacting 46,000 veterans (lien direct) |
Hackers accessed a VA online app and diverted payments meant for healthcare providers. |
|
|
|
|
2020-09-14 22:13:00 |
Magento online stores hacked in largest campaign to date (lien direct) |
Almost 2,000 Magento stores have been compromised over the weekend in the largest hacking campaign since 2015. |
|
|
|
|
2020-09-14 18:48:00 |
FBI says credential stuffing attacks are behind some recent bank hacks (lien direct) |
The FBI is raising a sign of alarm about the rising number of credential stuffing attacks targeting financial institutions. |
|
|
|
|
2020-09-14 14:45:23 |
CISA: Chinese state hackers are exploiting F5, Citrix, Pulse Secure, and Exchange bugs (lien direct) |
CISA says attacks have started a year ago and some have been successful. |
|
|
|
|
2020-09-14 12:00:03 |
Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency (lien direct) |
Cyber-attacks on cloud systems spiked 250% from 2019 to 2020. |
|
|
|
|
2020-09-14 10:15:33 |
US citizen charged with running diamond Ponzi scheme, cryptocurrency scam (lien direct) |
The operator claimed to have $25 million in diamond 'stock'. |
|
|
|
|
2020-09-14 10:00:00 |
Zerologon attack lets hackers take over enterprise networks (lien direct) |
If you're managing enterprise Windows Servers, don't skip on the August 2020 Patch Tuesday. |
|
|
|
|
2020-09-14 09:01:39 |
DeFi SushiSwap creator returns $14m in ETH to project after causing coin crash (lien direct) |
Chef Nomi says they are sorry for wreaking havoc by cashing out $14 million without warning. |
|
|
|
|
2020-09-14 08:04:50 |
New BlindSide attack uses speculative execution to bypass ASLR (lien direct) |
New BlindSide technique abuses the CPU's internal performance-boosting feature to bypass OS security protection. |
|
|
|
|
2020-09-13 13:00:03 |
Leaky server exposes users of dating site network (lien direct) |
Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month. |
|
|
|
|
2020-09-12 10:25:00 |
Researcher kept a major Bitcoin bug secret for two years to prevent attacks (lien direct) |
The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains. |
|
|
|
|
2020-09-11 12:48:00 |
Porn site users targeted with malicious ads redirecting to exploit kits, malware (lien direct) |
Adult ad networks abused in last hurrah attacks before Flash and IE near EOL. |
Malware
|
|
|