Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 16:00:00 |
Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel (lien direct) |
It is the first campaign in which the hacker group exploits SysAid apps as a vector for initial access |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 15:00:00 |
TeamTNT Targeted Cloud Instances and Containerized Environments For Two Years (lien direct) |
The hacking group most likely originates from Germany |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 14:00:00 |
0ktapus Phishing Campaign Targets Okta Identity Credentials (lien direct) |
Despite using low-skill methods, the campaign compromised a large number of well-known companies |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 09:40:00 |
Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement (lien direct) |
California's data protection law bares its teeth |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 09:00:00 |
Block Faces Class Action Suit After 2021 Breach (lien direct) |
Plaintiffs argue firm's security posture was ineffective |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 08:30:00 |
LastPass Hackers Stole Source Code (lien direct) |
Password management firm reveals incident in early August |
|
LastPass
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 15:30:00 |
Microsoft Attributes New Post-Compromise Capability to Nobelium (lien direct) |
MagicWeb improves on FoggyWeb by facilitating covert access directly via a malicious DLL |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 14:45:00 |
Talos Renews Cybersecurity Support For Ukraine on Independence Day (lien direct) |
Cisco and Talos both have resources available to organizations in Ukraine in need of assistance |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 13:00:00 |
CISA Releases Guidelines to Aid Companies Transition to Post-quantum Cryptography (lien direct) |
The guide provides overview of potential impacts of quantum computing on National Critical Functions |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 09:45:00 |
US Firm Pays $16m to Settle Healthcare Fraud Claims (lien direct) |
Essilor International resolves False Claims Act allegations |
|
|
★★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 09:20:00 |
Workplace Stress Worse than Cyber-Attack Fears for Security Pros (lien direct) |
CIISec study finds few have adopted industry best practices |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 09:00:00 |
Scammers Create \'AI Hologram\' of C-Suite Crypto Exec (lien direct) |
Online fraudsters appear to be upping their game |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 17:30:00 |
Plex Suffers Data Breach, Warns Users to Reset Passwords (lien direct) |
The company said it discovered suspicious activity on one of its databases on Tuesday |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 16:45:00 |
War in Ukraine Has Pushed Two-Thirds of Businesses to Change Cyber Strategy (lien direct) |
The use of machine identity tools is growing in state-sponsored cyber-attacks |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 16:00:00 |
VMware Fixes Privilege Escalation Vulnerabilities in VMware Tools (lien direct) |
The flaw reportedly impacted the software on both Windows and Linux systems |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 14:30:00 |
IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals (lien direct) |
The research also found that vendor self-disclosures increased by 69% |
Vulnerability
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 13:50:00 |
Facebook Bug Causes Users\' Feeds to Be Spammed (lien direct) |
Users' feeds were spammed with posts from strangers on the pages of celebrities |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 10:00:00 |
Ransomware Surges to 1.2 Million Attacks Per Month (lien direct) |
French hospital is the latest to be hit |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 09:00:00 |
US Healthcare Sector Breaches 342m+ Records Since 2009 (lien direct) |
Biggest year so far was 2020 |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 07:00:00 |
NCSC Shares Guidance to Help Secure Large Construction Projects (lien direct) |
The guide includes input from firms with experience in joint ventures, including major infrastructure contracts such as HS2 and Crossrail |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 17:30:00 |
Ex-Security Chief Accuses Twitter of Cybersecurity Negligence (lien direct) |
Peiter Zatko admitted that he “reasonably feared Twitter could suffer an Equifax-level hack” |
|
Equifax
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 16:30:00 |
CISA Adds Palo Alto Networks\' PAN-OS Vulnerability to Catalog (lien direct) |
The flaw would allow a network-based unauthenticated threat actor to perform DoS attacks |
Vulnerability
Threat
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 15:45:00 |
Air-Gap Attack Exploits Gyroscope Ultrasonic Covert Channel to Leak Data (lien direct) |
Gairoscope is a covert ultrasonic channel that does not require a microphone on the receiving side |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 14:15:00 |
Counterfeit Android Devices Revealed to Contain Backdoor Designed to Hack WhatsApp (lien direct) |
At least four different smartphones affected: 'P48pro', 'radmi note 8', 'Note30u' and 'Mate40' |
Hack
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 09:50:00 |
Media Firms Twice as Vulnerable as Cross-Sector Average (lien direct) |
Nearly a third have internet-facing bugs, says BlueVoyant |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 09:20:00 |
Configuration Errors to Blame for 80% of Ransomware (lien direct) |
Microsoft urges better attack surface management |
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 09:00:00 |
FBI: Beware Residential IPs Hiding Credential Stuffing (lien direct) |
Feds warn of various tactics hackers use to hijack accounts |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-22 16:30:00 |
CEO of Blacklisted Israeli Spyware Maker NSO Steps Down (lien direct) |
The resignation of CEO Shalev Hulio will see COO Yaron Shohat take the helm |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-22 15:15:00 |
Escanor RAT Malware Deployed Via Microsoft Office and PDF Documents (lien direct) |
The malware was first released for sale on January 26, 2022 as an HVNC implant, but later evolved |
Malware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-22 14:00:00 |
Threat Actor Deploys Raven Storm Tool to Perform DDoS Attacks (lien direct) |
The malware is reportedly capable of server takedown, Wi-Fi attacks and application layer attacks |
Malware
Tool
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-22 09:50:00 |
DDoS Protection Weaponized to Deliver RATs (lien direct) |
New campaign disguised as fake Cloudflare pop-up |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-22 09:20:00 |
Hackers Target ATM Maker for Bitcoins (lien direct) |
General Bytes confirms serious attack last week |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-22 09:00:00 |
Car Dealership Hit by Major Ransomware Attack (lien direct) |
Holdcroft Motor Group says most systems back online now |
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-19 16:30:00 |
China-backed APT41 Group Hacked at Least 13 Victims in 2021 (lien direct) |
The majority of the attacks spotted relied primarily on SQL injections on targeted domains |
|
APT 41
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-19 15:15:00 |
Microsoft: Cryptojackers Continue to Evolve to Be Stealthier and Spread Faster (lien direct) |
Cryptojackers take advantage of legitimate system binaries on more than 200,000 devices daily |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-19 14:00:00 |
Apple Warns of Critical Security Risk in Safari For iPhones, iPads and Macs (lien direct) |
The vulnerability gave hackers the ability to infiltrate WebKit, the engine that powers Safari |
Vulnerability
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-19 11:15:00 |
Businesses Found to Neglect Cybersecurity Until it is Too Late (lien direct) |
The UK government report found that many leaders only review cybersecurity practices following an incident |
Guideline
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-19 10:15:00 |
Estonia Repels Biggest Cyber-Attack Since 2007 (lien direct) |
Tiny Baltic nation riles Russia by removing monuments |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-19 09:45:00 |
UK Carrier Claims to Block One Million Vishing Calls Per Day (lien direct) |
EE says AI tech is stopping international scams |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-19 09:15:00 |
Cyber Tops Staff Retention as Biggest Business Risk (lien direct) |
PwC report finds execs are paying more attention to risk management |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-18 16:00:00 |
Hackers Deploy Bumblebee Loader to Breach Target Networks (lien direct) |
Most Bumblebee infections started by end-users executing LNK files |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-18 15:00:00 |
ATMZOW JS Sniffer Campaign Linked to Hancitor Malware (lien direct) |
ATMZOW infected at least 483 websites across four continents since the beginning of 2019 |
Malware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-18 14:00:00 |
Quarter of All Gambling Sites Hit by DDoS Attacks in June (lien direct) |
The attacks reportedly increased in conjunction with the start of the Wimbledon tennis tournament |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-18 10:30:00 |
Threat Group Ramps-Up Attacks on Travel Sector in 2022 (lien direct) |
Corporate and customer data at risk, warns Proofpoint |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-18 10:00:00 |
Researchers Find 35 Adware Apps on Google Play (lien direct) |
Apps have millions of downloads, says Bitdefender |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-18 09:30:00 |
Suspected Russian Money Launderer Extradited to US (lien direct) |
Man allegedly handled over $400,000 in Ryuk proceeds |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-17 16:30:00 |
CISA Warns of Hackers Exploiting Multiple Vulnerabilities in the Zimbra Collaboration Suite (lien direct) |
The advisory was compiled by CISA with the Multi-State Information Sharing & Analysis Center |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-17 15:00:00 |
(Déjà vu) RubyGems Mandates MFA for Top-100 Package Maintainers (lien direct) |
The package manager started enforcing MFA on owners of gems with over 180 million total downloads |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-17 14:00:00 |
Organizations Struggle to Fend Off Cloud and Web Attacks (lien direct) |
The study queries more than 950 IT and security professionals across the Americas, EMEA and APAC |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-17 11:45:00 |
Identity Scams Soar to Make 2021 a Record Year (lien direct) |
Non-profit says Google Voice scams were the most reported threat |
|
|
|