Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-02-10 12:36:31 |
Investor data breach \'fatigue\' reduces Wall Street punishment for cybersecurity failures (lien direct) |
As data breaches are now common, acceptance now lessens the impact on share prices. |
Data Breach
|
|
|
|
2021-02-10 10:25:23 |
Adobe patches wave of critical bugs in Magento, Acrobat, Reader (lien direct) |
Some of the vulnerabilities were reported through a hacking contest. |
|
|
|
|
2021-02-10 05:40:02 |
Microsoft warns enterprises of new \'dependency confusion\' attack technique (lien direct) |
New "dependency confusion" technique, also known as a "substitution attack," allows threat actors to sneak malicious code inside private code repositories by registering internal library names on public package indexes. |
Threat
|
|
|
|
2021-02-09 18:43:00 |
Microsoft February 2021 Patch Tuesday fixes 56 bugs, including Windows zero-day (lien direct) |
Microsoft also warns about three nasty vulnerabilities in the Windows TCP/IP stack. |
|
|
|
|
2021-02-09 16:37:51 |
Web hosting provider shuts down after cyber-attack (lien direct) |
Two other UK web hosting providers also suffered similar hacks over the weekend, although it's unconfirmed if the attacks are related. |
|
|
|
|
2021-02-09 13:19:22 |
Appgate to go public through Newtown Lane merger (lien direct) |
The cybersecurity firm intends to join the Nasdaq or NYSE through the agreement. |
|
|
|
|
2021-02-09 09:40:00 |
CD Projekt Red game studio discloses ransomware attack, extortion attempt (lien direct) |
The company behind games like Cyberpunk 2077 and The Witcher becomes the latest gaming studio to fall victim to a ransomware attack. |
Ransomware
|
|
|
|
2021-02-09 06:40:03 |
Author of uPanel phishing kit arrested in Ukraine (lien direct) |
More than 50% of all phishing attacks that targeted Australia in 2019 were carried out using uPanel, officials said. |
|
|
|
|
2021-02-09 05:30:03 |
PyPI, GitLab dealing with spam attacks (lien direct) |
Both sites have been flooded over the weekend with garbage content. |
Spam
|
|
|
|
2021-02-08 21:41:00 |
Hacker modified drinking water chemical levels in a US city (lien direct) |
The intrusion was detected right away and the hacker's modifications have been reversed right away. |
|
|
|
|
2021-02-08 18:41:33 |
Microsoft to add \'nation-state activity alerts\' to Defender for Office 365 (lien direct) |
Microsoft has been alerting users of nation-state attacks since 2016. Alerts will now be added to the Defender for Office 365 dashboard so companies can take quicker action. |
|
|
|
|
2021-02-08 15:16:42 |
iPhone 12 magnet array can disrupt implantable medical devices (lien direct) |
Doctors issue warning about new magnet-based MagSafe technology included with newer-gen iPhones. |
|
|
|
|
2021-02-08 11:45:32 |
With one update, this malicious Android app hijacked millions of devices (lien direct) |
All it takes is one tweak to change a legitimate app into a frustrating parasite on your handset. |
|
|
|
|
2021-02-08 11:01:52 |
Domestic Kitten hacking group strikes local citizens considered a threat to Iranian regime (lien direct) |
FurBall spyware pretends to be everything from a security app to screen wallpapers. |
Threat
|
|
|
|
2021-02-07 17:58:59 |
Hacktivists deface multiple Sri Lankan domains, including Google.lk (lien direct) |
Authorities said they detected the attack a few hours after it started and blocked it on Saturday. |
|
|
|
|
2021-02-05 20:31:39 |
Webdev tutorials site SitePoint discloses data breach (lien direct) |
SitePoint admits data breach after one million user creds were sold on a hacking forum last December. |
Data Breach
|
|
|
|
2021-02-05 15:38:00 |
Google Chrome sync feature can be abused for C&C and data exfiltration (lien direct) |
A security researcher has found a malicious Chrome extension in the wild abusing the Chrome Sync process. |
|
|
|
|
2021-02-05 10:47:38 |
Woman pleads guilty for using gov\'t PC to steal photos of \'snitches\' in Iowa (lien direct) |
The photos were shared in a group dedicated to outing “law enforcement cooperators.” |
|
|
|
|
2021-02-05 09:33:40 |
Founder of cryptocurrency hedge funds charged over $90 million theft (lien direct) |
Clients were allegedly lied to when they queried where their funds were being invested. |
|
|
|
|
2021-02-05 06:00:03 |
Plex Media servers are being abused for DDoS attacks (lien direct) |
Cyber-security firm Netscout warns of new DDoS attack vector. |
|
|
|
|
2021-02-04 22:15:29 |
Google patches an actively exploited Chrome zero-day (lien direct) |
Google Chrome 88.0.4324.150 released with a fix. Users advised to update. |
|
|
|
|
2021-02-04 18:00:03 |
Google paid $6.7 million to bug bounty hunters in 2020 (lien direct) |
Sum is up from the $6.5 million the company paid security researchers a year before, in 2019. |
|
|
|
|
2021-02-04 14:00:06 |
Blockchain transactions confirm murky and interconnected ransomware scene (lien direct) |
Criminal gangs often use multiple ransomware strains and jump ship from one RaaS (Ransomware-as-a-Service) to another, seeking better deals. |
Ransomware
|
|
|
|
2021-02-04 13:36:07 |
Discord servers targeted in cryptocurrency exchange scam wave (lien direct) |
Free Bitcoin? Don't believe it. |
|
|
|
|
2021-02-04 13:19:00 |
Security firm Stormshield discloses data breach, theft of source code (lien direct) |
Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. |
|
|
|
|
2021-02-04 13:00:04 |
Cisco\'s AppDynamics debuts app performance, vulnerability management software (lien direct) |
Cisco says that clients will no longer have to “sacrifice security for velocity.” |
Vulnerability
|
|
|
|
2021-02-04 11:19:28 |
LockBit ransomware operator: \'For a cybercriminal, the best country is Russia\' (lien direct) |
A lone ransomware operator explains why they went down a criminal path. |
Ransomware
|
|
|
|
2021-02-04 09:27:29 |
Digital Defense acquired to bolster HelpSystems\' security assessment portfolio (lien direct) |
HelpSystems says the purchase will help clients improve infrastructure security. |
|
|
|
|
2021-02-04 06:00:03 |
Android devices ensnared in DDoS botnet (lien direct) |
New Matryosh botnet is targeting Android systems that have left their ADB debug interface exposed on the internet. |
|
|
|
|
2021-02-03 22:23:40 |
Google: Proper patching would have prevented 25% of all zero-days found in 2020 (lien direct) |
A quarter of all the zero-days exploited in the wild in 2020 were variations of previously patched vulnerabilities. |
Patching
|
|
|
|
2021-02-03 16:00:04 |
Cisco Meraki and Openpath launch new enterprise access, video security solution (lien direct) |
The offering combines smart camera technology with modern secure access enhancements. |
|
|
|
|
2021-02-03 14:46:00 |
Microsoft Defender ATP is detecting yesterday\'s Chrome update as a backdoor (lien direct) |
Microsoft commercial antivirus product is labeling Chrome's latest update as being infected with the Funvalget backdoor. |
|
|
|
|
2021-02-03 06:00:03 |
Mozilla expected to launch its VPN service in Germany and France in Q1 2021 (lien direct) |
Mozilla VPN is currently available in the US, the UK, Canada, New Zealand, Singapore, and Malaysia only. |
|
|
|
|
2021-02-03 01:15:19 |
Recent root-giving Sudo bug also impacts macOS (lien direct) |
A bug in the Sudo app can let attackers with access to a local system to elevate their access to a root-level account. |
|
|
|
|
2021-02-02 16:30:03 |
Google funds project to secure Apache web server project with new Rust component (lien direct) |
Funded by Google and led by the Internet Security Research Group, Apache's web server is set to receive a new Rust-based mod_ssl module. |
|
|
★★★★
|
|
2021-02-02 14:00:00 |
Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection (lien direct) |
The malware now attempts to disable Microsoft antivirus protection. |
Malware
|
|
|
|
2021-02-02 10:30:03 |
This Linux malware is hijacking supercomputers across the globe (lien direct) |
Kobalos' codebase is tiny, but its impact is not. |
Malware
|
|
|
|
2021-02-02 05:45:03 |
Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks (lien direct) |
Two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, reported as abused in the wild. |
|
|
|
|
2021-02-01 17:38:18 |
New Trickbot module uses Masscan for local network reconnaissance (lien direct) |
The new Trickbot module is used to scan local networks for other nearby systems with open ports that could be hacked for quick lateral movement inside a company. |
|
|
|
|
2021-02-01 10:30:03 |
Hacker group inserted malware in NoxPlayer Android emulator (lien direct) |
Attackers targeted only a handful of victims. Only five detected until now, in countries such as Taiwan, Hong Kong, and Sri Lanka. |
Malware
|
|
|
|
2021-02-01 09:51:20 |
Libgcrypt developers release urgent update to tackle severe vulnerability (lien direct) |
A severe heap buffer issue was found by Google Project Zero's Tavis Ormandy. |
Vulnerability
|
|
★★★★★
|
|
2021-02-01 08:46:55 |
UK Research and Innovation suffers ransomware attack (lien direct) |
The agency has suspended some services while an investigation takes place. |
Ransomware
|
|
|
|
2021-02-01 08:10:22 |
SonicWall zero-day exploited in the wild (lien direct) |
Security firm NCC Group said it detected "indiscriminate" exploitation of a mysterious SonicWall zero-day. |
|
|
|
|
2021-01-30 01:11:52 |
FonixCrypter ransomware gang releases master decryption key (lien direct) |
FonixCrypter gang claimed it shut down and deleted their ransomware's source code. |
Ransomware
|
|
|
|
2021-01-29 20:16:00 |
Google deploys Chrome mitigations against new NAT Slipstreaming attack (lien direct) |
After the discovery of NAT Slipstreaming 2.0 attack this week, Google says it will block Chrome traffic on ports 69, 137, 161, 1719, 1720, 1723, 6566, and 10080. |
|
|
|
|
2021-01-29 08:44:57 |
Electronic health records provider Athena to pay $18m settlement in kickback lawsuit (lien direct) |
Athena was accused of paying under the table to push athenaClinicals software. |
|
|
|
|
2021-01-29 06:00:04 |
Google bans another misbehaving CA from Chrome (lien direct) |
Digital certificates issued by Spanish certificate authority Camerfirma will stop working in Chrome 90, in April. |
|
|
|
|
2021-01-28 22:13:19 |
Google researcher discovers new iOS security system (lien direct) |
iOS 14 shipped with BlastDoor, a new sandbox system for processing iMessages data. |
|
|
|
|
2021-01-28 16:39:00 |
Hezbollah\'s cyber unit hacked into telecoms and ISPs (lien direct) |
Security firm Clearsky said they identified at least 250 servers hacked by Lebanese Cedar, a hacking group linked to the Hezbollah militant group. |
|
|
|
|
2021-01-28 13:10:20 |
Pirated themes and plugins are the most widespread threat to WordPress sites (lien direct) |
Wordfence says it found malware originating from a pirated WordPress theme or plugin on 206,000 sites, accounting for over 17% of all infected sites. |
Malware
Threat
|
|
|