Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-07-08 17:16:14 |
Google open-sources Tsunami vulnerability scanner (lien direct) |
Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible. |
Vulnerability
|
|
|
|
2020-07-08 12:09:07 |
Civil rights auditors slam Facebook stance on Trump, voter suppression (lien direct) |
Facebook has admitted there is still a “long way to go” to quell recent criticism of civil rights issue handling. |
|
|
|
|
2020-07-08 10:02:18 |
Fxmsp hacker indicted by feds for selling backdoor access to hundreds of companies (lien direct) |
Backdoors into government networks and corporations were allegedly sold to other criminal enterprises. |
|
|
|
|
2020-07-07 22:22:34 |
Mozilla suspends Firefox Send service while it addresses malware abuse (lien direct) |
Mozilla has temporarily suspended the Firefox Send file-sharing service while it adds a Report Abuse mechanism. |
Malware
|
|
|
|
2020-07-07 19:39:00 |
Free decryptor available for ThiefQuest ransomware victims (lien direct) |
ThiefQuest (EvilQuest) ransomware victims can now recover their encrypted files for free, without needing to pay the ransom demand. |
Ransomware
|
|
|
|
2020-07-07 17:38:00 |
German authorities seize \'BlueLeaks\' server that hosted data on US cops (lien direct) |
BlueLeaks portal is now down. The website hosted 296 GB of files stolen from more than 200 US police departments and fusion training centers. |
|
|
|
|
2020-07-07 16:00:00 |
Microsoft seizes six domains used in COVID-19 phishing operations (lien direct) |
Hackers used malicious Office 365 apps to gain access to customer accounts, which they later used to orchestrate BEC attacks. |
|
|
|
|
2020-07-07 14:00:00 |
\'Keeper\' hacking group behind hacks at 570 online stores (lien direct) |
Hackers also accidentally leaked more than 184,000 stolen cards through an improperly secured backend server. |
|
|
|
|
2020-07-07 13:13:37 |
Researchers learn how to pinpoint malicious drone operators (lien direct) |
With high accuracy, it is now possible to trace drone operators that could be ill-wishers near protected airspace. |
|
|
|
|
2020-07-07 11:39:43 |
Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed (lien direct) |
The energy firm denies the loss of customer data. Attackers claim to have stolen 10TB in business records. |
Ransomware
|
|
|
|
2020-07-07 10:28:32 |
Cerberus banking Trojan infiltrates Google Play (lien direct) |
The malware was found buried within a seemingly-innocent currency converter. |
Malware
|
|
|
|
2020-07-06 17:15:00 |
US Secret Service reports an increase in hacked managed service providers (MSPs) (lien direct) |
US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams. |
Ransomware
|
|
|
|
2020-07-06 11:51:56 |
VaultAge Solutions CEO goes into hiding to avoid cryptocurrency investors allegedly scammed out of $13 million (lien direct) |
Roughly 2,000 investors have been left out of pocket by the alleged misappropriation of funds. |
|
|
|
|
2020-07-06 10:53:40 |
Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn (lien direct) |
Hacker sentenced to five years probation, with home confinement condition. |
|
Yahoo
|
|
|
2020-07-06 06:00:05 |
North Korean hackers linked to web skimming (Magecart) attacks, report says (lien direct) |
After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores. |
|
|
|
|
2020-07-04 20:20:00 |
Hackers are trying to steal admin passwords from F5 BIG-IP devices (lien direct) |
Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed. |
Threat
|
|
|
|
2020-07-04 15:44:59 |
Infosec community disagrees with changing \'black hat\' term due to racial stereotyping (lien direct) |
A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term. |
|
|
|
|
2020-07-03 19:44:00 |
F5 patches vulnerability that received a CVSS 10 severity score (lien direct) |
Remote code execution in F5 BIG-IP devices exposes governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible intrusions. |
Vulnerability
|
|
|
|
2020-07-03 15:25:00 |
New Apple macOS Big Sur feature to hamper adware operations (lien direct) |
Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs. |
Malware
|
|
|
|
2020-07-03 10:03:47 |
LinkedIn says iOS clipboard snooping after every key press is a bug, will fix (lien direct) |
The new clipboard access detection and warning feature in iOS 14 exposes another app. |
|
|
|
|
2020-07-02 23:05:08 |
Roblox accounts hacked with pro-Trump messages (lien direct) |
Hackers are taking Roblox credentials leaked on Pastebin, accessing accounts, and leaving the same "Ask your parents to vote for Trump this year" message on thousands of Roblox profiles. |
|
|
|
|
2020-07-02 18:21:00 |
Sixteen Facebook apps caught secretly sharing data with third-parties (lien direct) |
Academic study used unique "honeytoken" emails to install Facebook apps and see which inboxes received emails from unrecognized senders. |
|
|
|
|
2020-07-02 14:00:05 |
V Shred data leak exposes PII, sensitive photos of fitness customers and trainers (lien direct) |
V Shred defended the public status of its open bucket and only partially solved the problem. |
|
|
|
|
2020-07-02 12:02:24 |
This is how EKANS ransomware is targeting industrial control systems (lien direct) |
New samples of the ransomware reveal the techniques used to attack critical ICS systems. |
Ransomware
|
|
|
|
2020-07-02 02:26:31 |
Facebook says 5,000 app developers got user data after cutoff date (lien direct) |
A Facebook privacy mechanism blocks apps from receiving user data if users didn't use an app for 90 days. Facebook said 5,000 apps continued to receive user data regardless. |
|
|
|
|
2020-07-02 01:25:33 |
Connection discovered between Chinese hacker group APT15 and defense contractor (lien direct) |
Lookout said it linked APT15 malware to Xi'an Tianhe Defense Technology, a Chinese defense contractor. |
Malware
|
APT 15
|
|
|
2020-07-01 21:14:04 |
Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities (lien direct) |
The hacker has attempted to ransom nearly 47% of all MongoDB databases left exposed online. |
|
|
|
|
2020-07-01 15:09:11 |
One out of every 142 passwords is \'123456\' (lien direct) |
The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind. |
Studies
|
|
|
|
2020-07-01 12:38:03 |
AT&T dragged to court, again, over SIM hijacking and cryptocurrency theft (lien direct) |
A customer allegedly lost $1.9 million due to AT&T's handling of a number transfer request. |
|
|
|
|
2020-07-01 10:59:33 |
UK court shuts down scam cryptocurrency platform GPay Ltd, £1.5 million in client funds lost (lien direct) |
GPay used fake celebrity endorsements and ads to lure traders to invest. |
|
|
|
|
2020-07-01 01:44:00 |
Microsoft releases emergency security update to fix two bugs in Windows codecs (lien direct) |
Security updates have been silently deployed to customers on Tuesday through the Windows Store app. |
|
|
|
|
2020-07-01 00:31:24 |
Apple tells app devs to use IPv6 as it\'s 1.4 times faster than IPv4 (lien direct) |
Company also urges app devs to start using newer web tech like HTTP/2 and TLS 1.3, citing similar performance and speed improvements. |
|
|
|
|
2020-06-30 16:02:23 |
New EvilQuest ransomware discovered targeting macOS users (lien direct) |
EvilQuest ransomware encrypts macOS systems but also installs a keylogger and a reverse shell for full control over infected hosts. |
Ransomware
|
|
|
|
2020-06-30 12:35:52 |
Promethium APT attacks surge, new Trojanized installers uncovered (lien direct) |
The hacking group behind StrongPity is ignoring constant exposure by researchers in its quest for global intelligence and surveillance. |
|
|
|
|
2020-06-30 10:02:51 |
University of California SF pays ransomware hackers $1.14 million to salvage research (lien direct) |
The malware infected crucial research stored in the UCSF medical school's network. |
Ransomware
Malware
|
|
|
|
2020-06-30 10:00:04 |
The more cybersecurity tools an enterprise deploys, the less effective their defense is (lien direct) |
New research highlights how throwing money indiscriminately at security doesn't guarantee results. |
|
|
|
|
2020-06-30 09:49:55 |
Google removes 25 Android apps caught stealing Facebook credentials (lien direct) |
The malicious apps were downloaded more than 2.34 million times. |
|
|
|
|
2020-06-30 01:04:42 |
(Déjà vu) US Cyber Command says foreign hackers will most likely exploit new PAN-OS security bug (lien direct) |
Palo Alto Networks disclosed today a major bug that lets hackers bypass authentication on its firewall and corporate VPN products. |
|
|
|
|
2020-06-30 01:04:00 |
US Cyber Command says foreign hackers will attempt to exploit new PAN-OS security bug (lien direct) |
Palo Alto Networks disclosed today a major bug that lets hackers bypass authentication on its firewall and corporate VPN products. |
|
|
|
|
2020-06-29 19:57:15 |
A hacker gang is wiping Lenovo NAS devices and asking for ransoms (lien direct) |
Ransom notes signed by 'Cl0ud SecuritY' hacker group are being found on old LenovoEMC NAS devices. |
|
|
|
|
2020-06-29 16:00:33 |
India bans 59 Chinese apps, including TikTok, UC Browser, Weibo, and WeChat (lien direct) |
Indian government ban comes after the Indian military has clashed with Chinese forces on the country's northern border. |
|
|
|
|
2020-06-29 14:00:04 |
HackerOne\'s 2020 Top 10 public bug bounty programs (lien direct) |
The HackerOne bug bounty platform reveals its most successful bug bounty programs. |
|
|
|
|
2020-06-29 11:09:12 |
Michigan tackles compulsory microchip implants for employees with new bill (lien direct) |
RFID implants for workers are not an issue now, but the state wants to get ahead on what could become a huge privacy problem in the future. |
|
|
|
|
2020-06-29 10:09:19 |
SEC warns off investment in iBSmartify Nigeria cryptocurrencies (lien direct) |
iBledger and InksNation are unregistered, and therefore a financial risk outside of the local commission's regulatory protections. |
|
|
|
|
2020-06-29 09:23:25 |
Russian leader of Infraud stolen ID, credit card ring pleads guilty (lien direct) |
The Infraud Organization was once known as a major player in the carding world. |
|
|
|
|
2020-06-28 22:56:54 |
Apple strong-arms entire CA industry into one-year certificate lifespans (lien direct) |
Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities. |
|
|
|
|
2020-06-28 16:55:28 |
Apple declined to implement 16 Web APIs in Safari due to privacy concerns (lien direct) |
Apple said these 16 new Web APIs add new user fingerprinting opportunities for online advertisers. |
|
|
|
|
2020-06-27 12:58:16 |
Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL (lien direct) |
Almost 110,000 online stores are still running the soon-to-be-outdated Magento 1.x CMS. |
|
|
|
|
2020-06-26 16:04:24 |
Docker servers infected with DDoS malware in extremely rare attacks (lien direct) |
Most Docker servers are usually infected with cryptocurrency-mining malware. |
Malware
|
|
|
|
2020-06-26 10:52:48 |
Credit card skimmers are now being buried in image file metadata on e-commerce websites (lien direct) |
Magecart attackers are suspected of using an interesting technique to steal your financial data. |
|
|
|