Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-10-14 12:57:47 |
New \'Alchimist\' Attack Framework Targets Windows, Linux, macOS (lien direct) |
Cisco's Talos security researchers warn of a newly identified attack framework and its associated remote access trojan (RAT) targeting Windows, Linux, and macOS systems.
|
|
|
|
|
2022-10-13 17:39:38 |
Austria\'s Kurz Sets up Cyber Firm With Ex-NSO Chief (lien direct) |
Former Austrian chancellor Sebastian Kurz said Thursday he is launching a cybersecurity company with the ex-head of Israel's NSO Group, which makes controversial Pegasus spyware.
|
|
|
|
|
2022-10-13 14:51:44 |
Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Server (lien direct) |
A Mirai botnet variant has launched a distributed denial-of-service (DDoS) attack that peaked at 2.5 terabytes per second (Tbps), according to Cloudflare, which described it as the largest attack it has seen in terms of bitrate.
|
|
|
|
|
2022-10-13 10:39:25 |
Google Brings Passkey Support to Android and Chrome (lien direct) |
Google on Wednesday announced the introduction of passkey support in Android and Chrome, to protect users from credential leaks and phishing attacks.
Meant to replace passwords, passkeys rely on biometric verification for authentication. They can be synced on multiple devices, cannot be reused and, unlike passwords, cannot be leaked.
|
|
|
|
|
2022-10-12 14:40:56 |
Immersive Labs Raises $66 Million for Cyber Workforce Resilience Platform (lien direct) |
UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.
|
|
|
|
|
2022-10-12 12:45:08 |
Chrome 106 Update Patches Several High-Severity Vulnerabilities (lien direct) |
Google announced on Tuesday that the latest Chrome update patches six high-severity vulnerabilities, including four use-after-free bugs.
All the newly resolved vulnerabilities were discovered by external researchers and the internet giant has handed out $38,000 in bug bounty rewards to the reporters.
|
|
|
|
|
2022-10-12 12:19:36 |
QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign (lien direct) |
More than 800 corporate users have been infected in a new QBot malware distribution campaign since September 28, Kaspersky warns.
|
Malware
|
|
|
|
2022-10-12 09:39:47 |
Lloyd\'s of London Cyber Incident Investigation Finds No Evidence of Compromise (lien direct) |
Insurance giant Lloyd's of London says it is working on restoring its systems after an investigation into a potential cyberattack found no evidence of compromise.
|
|
|
|
|
2022-10-11 12:04:24 |
Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns (lien direct) |
Intel has confirmed that some of its UEFI source code has been leaked, and while some security experts believe the incident could have serious implications the chipmaker says it's not concerned.
|
|
|
|
|
2022-10-11 11:04:00 |
Toyota Discloses Data Breach Impacting Source Code, Customer Email Addresses (lien direct) |
Japanese car manufacturer Toyota has disclosed a security incident that involved source code hosted on GitHub and which may have resulted in unauthorized access to roughly 300,000 customer email addresses.
|
Data Breach
|
|
|
|
2022-10-11 10:36:13 |
Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack (lien direct) |
Fortinet has confirmed that the critical vulnerability whose existence came to light last week is a zero-day flaw that has been exploited in at least one attack.
|
Vulnerability
|
|
|
|
2022-10-10 13:52:31 |
State Bar of Georgia Confirms Data Breach Following Ransomware Attack (lien direct) |
The State Bar of Georgia was hit by a ransomware attack earlier this year and the organization has now confirmed that member and employee information was compromised.
|
Ransomware
Data Breach
|
|
|
|
2022-10-10 10:18:37 |
Android Security Updates Patch Critical Vulnerabilities (lien direct) |
The October 2022 security updates for Android started rolling out last week with patches for roughly 50 vulnerabilities, including a critical-severity flaw in the Framework component.
|
|
|
|
|
2022-10-10 09:45:24 |
German Cybersecurity Chief to be Sacked Over Alleged Russia Ties: Sources (lien direct) |
Germany is planning to fire Arne Schoenbohm, the head of the BSI national cyber security agency, after reports he had contacts with Russian intelligence services, government sources told AFP on Monday.
The interior ministry said it is "taking reports seriously" and "investigating them comprehensively".
|
|
|
|
|
2022-10-07 13:19:29 |
Meta Warns of Password Stealing Phone Apps (lien direct) |
Meta warned a million Facebook users Friday that they have been "exposed" to seemingly innocuous smartphone applications designed to steal passwords to the social network.
|
|
|
|
|
2022-10-07 11:16:52 |
Industry Reactions to Conviction of Former Uber CSO Joe Sullivan: Feedback Friday (lien direct) |
Former Uber security chief Joe Sullivan has been found guilty by a jury over his role in covering up a massive data breach suffered by the ride sharing giant in 2016.
|
Data Breach
|
Uber
Uber
|
|
|
2022-10-07 10:57:25 |
Binance Bridge Hit by $560 Million Hack (lien direct) |
Hackers have exploited a cross-chain bridge to divert more than $560 million worth of cryptocurrency from Binance Bridge.
Operating on the Binance Coins (BNB) Smart Chain, Binance Bridge is a blockchain bridge designed to help with the transfer of information and assets between blockchains.
|
Hack
|
|
|
|
2022-10-06 17:06:34 |
Australian Police Make First Arrest in Optus Hack Probe (lien direct) |
A police investigation of a cyberattack on an Australian telecommunications company in which the personal data of more than one third of Australia's population was stolen has resulted in its first arrest, investigators said Thursday.
|
Hack
|
|
★★★
|
|
2022-10-06 11:37:12 |
Personal Information of 123K Individuals Exposed in City of Tucson Data Breach (lien direct) |
The City of Tucson, Arizona, is notifying roughly 123,000 individuals that their personal information was compromised in a recent data breach.
The incident was identified at the end of May 2022, but the city concluded its investigation only last month.
|
Data Breach
|
|
|
|
2022-10-06 10:19:41 |
FBI, CISA Say Malicious Cyber Activity Unlikely to Disrupt Election (lien direct) |
|
|
|
|
|
2022-10-05 21:49:24 |
Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up (lien direct) |
A San Francisco jury on Wednesday found former Uber security chief Joe Sullivan guilty of covering up a 2016 data breach and concealing information on a felony from law enforcement.
|
Data Breach
|
Uber
Uber
|
|
|
2022-10-05 15:12:41 |
KKR Boosts NetSPI Stake with $410 Million Investment (lien direct) |
Private equity giant KKR is expanding its big bet on penetration testing and attack surface management firm NetSPI with a new $410 million investment round.
|
|
|
|
|
2022-10-05 12:41:46 |
Iranian Hackers Target Enterprise Android Users With New RatMilad Spyware (lien direct) |
Zimperium is warning of an Iranian hacking group using a new piece of Android spyware in a broad campaign that has also targeted enterprise users.
|
|
|
|
|
2022-10-05 10:30:15 |
US Government Details Tools Used by APTs in Defense Organization Attack (lien direct) |
The NSA, FBI and CISA have issued an alert describing the tools and techniques used by advanced persistent threat (APT) actors in an attack aimed at an unnamed defense industrial base organization in the United States.
|
Threat
|
|
|
|
2022-10-05 10:27:39 |
(Déjà vu) Seattle Woman Gets Probation for Massive Capital One Hack (lien direct) |
A former Seattle tech worker convicted of several charges related to a massive hack of Capital One bank and other companies in 2019 was sentenced Tuesday to time served and five years of probation.
|
Hack
|
|
|
|
2022-10-04 15:14:58 |
Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack (lien direct) |
Code security company SonarSource today published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting the PHP community.
|
Vulnerability
|
|
|
|
2022-10-04 13:40:02 |
Webinar Today: The Ultimate Insider\'s Guide to DDoS Mitigation Strategies (lien direct) |
|
|
|
|
|
2022-10-04 01:10:35 |
Report: Mexico Continued to Use Spyware Against Activists (lien direct) |
The Mexican government or army has allegedly continued to use spyware designed to hack into the cellphones of activists, despite a pledge by President Andrés Manuel López Obrador to end such practices.
|
Hack
|
|
|
|
2022-10-03 15:03:16 |
Supply Chain Attack Targets Customer Engagement Firm Comm100 (lien direct) |
CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.
|
|
|
|
|
2022-10-03 13:14:32 |
Optus Says ID Numbers of 2.1 Million Compromised in Data Breach (lien direct) |
Australian telecommunications company Optus says that 2.1 million of its customers had numbers associated with their identification documents compromised in a recent data breach.
|
Data Breach
|
|
|
|
2022-10-01 11:35:22 |
Shangri-La hotels Customer Database Hacked (lien direct) |
The Shangri-La hotel group has said a database containing the personal information of customers at eight of its Asian properties between May and July has been hacked.
The breach covered hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokyo but the company said it had not yet been able to determine what data had been stolen.
|
|
|
|
|
2022-10-01 01:05:39 |
Hack Puts Latin American Security Agencies on Edge (lien direct) |
A massive trove of emails from Mexico's Defense Department is among electronic communications taken by a group of hackers from military and police agencies across several Latin American countries, Mexico's president confirmed Friday.
|
|
|
|
|
2022-09-30 12:54:38 |
DoD Announces Final Results of \'Hack US\' Bug Bounty Program (lien direct) |
The US Department of Defense (DoD) and HackerOne this week announced the results of the Hack US one-week bug bounty challenge that ran from July 4 to July 11, 2022.
|
|
|
|
|
2022-09-29 21:47:02 |
NSA Cyber Specialist, Army Doctor Charged in US Spying Cases (lien direct) |
A cyber specialist who worked at the US National Security Agency and an army doctor and his wife were charged Thursday in separate cases with seeking to sell US secrets to foreign governments.
|
|
|
|
|
2022-09-29 17:05:59 |
North Korean Gov Hackers Caught Rigging Legit Software (lien direct) |
Threat hunters at Microsoft have intercepted a notorious North Korean government hacking group lacing legitimate open source software with custom malware capable of data theft, espionage, financial gain and network destruction.
|
Malware
|
|
|
|
2022-09-29 12:37:23 |
Auth0 Finds No Breach Following Source Code Compromise (lien direct) |
Okta-owned Auth0 this week announced that it has not identified an intrusion into its environment after a third-party said they were in the possession of older source code repositories.
|
|
|
|
|
2022-09-28 15:29:22 |
Fast Company Hack Impacts Website, Apple News Account (lien direct) |
American business magazine Fast Company has confirmed that its Apple News account was hijacked after hackers compromised its content management system (CMS).
The monthly magazine focuses on business, technology, and design. In addition to its online version, the magazine publishes six print issues each year.
|
Hack
|
|
★★★★★
|
|
2022-09-28 15:07:41 |
Report Shows How Long It Takes Ethical Hackers to Execute Attacks (lien direct) |
A survey of more than 300 ethical hackers conducted by cybersecurity companies Bishop Fox and SANS Institute found that many could execute an end-to-end attack in less than a day.
|
|
|
|
|
2022-09-28 11:03:48 |
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows (lien direct) |
|
|
|
|
|
2022-09-27 18:44:39 |
Researchers Crowdsourcing Effort to Identify Mysterious Metador APT (lien direct) |
Cybersecurity sleuths at SentinelLabs are calling on the wider threat hunting community to help decipher a new mysterious malware campaign hitting telcos, ISPs and universities in the Middle East and Africa.
|
Malware
Threat
|
|
|
|
2022-09-27 13:24:21 |
New Infostealer Malware \'Erbium\' Offered as MaaS for Thousands of Dollars (lien direct) |
Security researchers are warning of a new information stealer named Erbium being distributed under the Malware-as-a-Service (MaaS) model.
The threat made its initial appearance in late July, when a Russian speaking threat actor started advertising it on a dark web forum.
|
Malware
Threat
|
|
|
|
2022-09-27 12:24:20 |
Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack (lien direct) |
Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company's systems.
|
Ransomware
Data Breach
Hack
|
|
|
|
2022-09-27 10:19:06 |
Australian Police Probe Purported Hacker\'s Ransom Demand (lien direct) |
Australian police were investigating a purported hacker's release of the stolen personal data of 10,000 Optus customers and demand for a $1 million ransom in cryptocurrency, the telecommunications company's chief executive said Tuesday.
|
|
|
|
|
2022-09-26 15:23:00 |
Hackers Leak French Hospital Patient Data in Ransom Fight (lien direct) |
Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed.
The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital near Paris a month ago, but the institution refused to pay.
|
|
|
|
|
2022-09-26 13:46:57 |
Australia Mulls Tougher Cybersecurity Laws After Data Breach (lien direct) |
The Australian government said on Monday it is considering tougher cybersecurity rules for telecommunications companies and blamed Optus, the nation's second-largest wireless carrier, for an unprecedented breach of personal data from 9.8 million customers.
|
Data Breach
|
|
|
|
2022-09-26 13:44:27 |
Breached American Airlines Email Accounts Abused for Phishing (lien direct) |
American Airlines discovered it was breached after receiving reports of employee email accounts being used in phishing attacks.
Last week, the airline started informing some of its customers that their personal data was likely compromised in a data breach identified in early July.
|
Data Breach
|
|
|
|
2022-09-26 11:33:08 |
Ukraine Cracks Down on Group Selling Hacked Accounts to Pro-Russia Propagandists (lien direct) |
Ukrainian authorities take down cybercrime group that hacked 30 million accounts
Ukrainian authorities say they have taken down a pro-Russia hacking group that compromised user accounts and then sold them for profit on dark web portals.
|
|
|
|
|
2022-09-26 10:50:50 |
Hacktivist Attacks Show Ease of Hacking Industrial Control Systems (lien direct) |
Hacktivists might not know a lot about industrial control systems (ICS), but they're well aware of the potential implications of these devices getting compromised. That is why some groups have been targeting these systems - which are often unprotected and easy to hack - to draw attention to their cause.
|
Hack
|
|
|
|
2022-09-23 13:45:42 |
"Left and Right of Boom" - Having a Winning Strategy (lien direct) |
As security practitioners are painfully aware, it is not a matter of if but when their organization will come under cyberattack. Given this year's geopolitical events, the likelihood of falling victim to an attack has exponentially increased. And while the cybersecurity landscape will continue to evolve; many organizations seem to be holding on to the belief that deploying more preventive security tools will result in greater protection against these threats.
|
|
|
|
|
2022-09-22 14:53:33 |
Twitter Logs Out Some Users Due to Security Issue Related to Password Resets (lien direct) |
Twitter said on Wednesday that some users have been logged out of their active sessions in response to a bug that posed a security risk.
The issue was related to password resets - when users reset their password, their active sessions on Android and iOS devices were not closed. Impacted users have been directly notified.
|
|
|
|