Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-14 14:14:32 |
Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical! (lien direct) |
Today is Microsoft's July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why! With the July 2020 Patch Tuesday security updates release, Microsoft has released one advisory for a tampering vulnerability in IIS and fixes for 123 vulnerabilities in Microsoft products. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-14 14:10:42 |
Microsoft patches critical wormable SigRed bug in Windows DNS Server (lien direct) |
A critical vulnerability that's been sitting in Microsoft's Windows DNS Server for almost two decades could be exploited to gain Domain Administrator privileges and compromise the entire corporate infrastructure behind it. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-14 13:36:45 |
Windows 10 Cumulative Updates KB4565503 & KB4565483 Released (lien direct) |
The July 2020 Patch Tuesday updates for Windows 10 version 2004 and later are now rolling out and you can download and install the latest security fixes by checking for updates in the Settings. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-14 13:07:27 |
(Déjà vu) Wattpad data breach exposes account info for millions of users (lien direct) |
An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-14 13:07:27 |
Hacker releases database of 270 million alleged Wattpad records (lien direct) |
An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-14 11:48:22 |
Adobe fixes critical bugs in Creative Cloud, Media Encoder (lien direct) |
Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-14 09:00:00 |
New GoldenHelper malware found in official Chinese tax software (lien direct) |
A new backdoor dubbed GoldenHelper was discovered by Trustwave embedded within Golden Tax Invoicing Software, part of the Chinese government' Golden Tax Project and required for issuing invoices and paying value-add tax (VAT) taxes. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-14 06:32:01 |
Android chat app uses public code to spy, exposes user data (lien direct) |
A chat application for Android claiming to be a secure messaging platform comes with spying functionality and stores user data in an unsecure location that is publicly available. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-13 22:21:10 |
(Déjà vu) Critical SAP Recon flaw exposes thousands of customers to attacks (lien direct) |
SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-13 22:21:10 |
Critical SAP Recon flaw exposes thousands of systems to attacks (lien direct) |
SAP patched a critical vulnerability affecting over 40,000 systems and found in the SAP NetWeaver Java versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-13 21:57:16 |
New AgeLocker Ransomware uses Googler\'s utility to encrypt files (lien direct) |
A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files. [...] |
Ransomware
Tool
|
|
★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-13 18:29:41 |
LiveAuctioneers reports data breach after user records sold online (lien direct) |
LiveAuctioneers has disclosed a data breach after a well-known data breach broker began selling 3.4 million stolen user records on a hacker forum. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-13 15:10:34 |
Microsoft extends security for Azure Storage file shares, data lakes (lien direct) |
Microsoft today announced that advanced threat protection for Azure Storage now also allows customers to protect data stored in Azure Files file shares and Azure Data Lake Storage Gen2 API data stores. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-13 13:38:44 |
Microsoft Office 365 will add support for disposable emails (lien direct) |
Microsoft will provide Office 365 customers with support for using disposable emails to make it simpler to manage their inboxes and to keep track of email campaigns. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-13 11:01:27 |
Windows 10\'s Feedback Hub: A forum for political trolls, spammers (lien direct) |
When Microsoft made the Feedback Hub universal app available to Windows 10 Insiders in March 2016 and generally available two months later, the plan was for the app to be the perfect tool for users to report issues and share suggestions on how to improve Windows experience for all customers. [...] |
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-12 13:39:09 |
(Déjà vu) Malware adds online sandbox detection to evade analysis (lien direct) |
Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-12 13:39:09 |
Malware adds Any.Run sandbox detection to evade analysis (lien direct) |
Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. [...] |
Malware
|
|
★★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-11 14:12:32 |
TrickBot malware mistakenly warns victims that they are infected (lien direct) |
The notorious TrickBot malware mistakenly left a test module that is warning victims that they are infected and should contact their administrator. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-11 11:26:47 |
How to enable Windows 10\'s hidden features using Mach2 (lien direct) |
Windows 10 builds contain many hidden features that are used by Microsoft to debug code or test applications that have not been officially released yet. A new tool has been released that enables you to find and enable these hidden features in Windows 10. [...] |
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 19:59:12 |
The Week in Ransomware - July 10th 2020 - A quiet week (lien direct) |
It has been a pretty quiet week with few alleged attacks against corporate victims and mostly new variants of existing ransomware released. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 16:18:54 |
Apple: Closing MacBooks with camera covers leads to display damage (lien direct) |
Apple warns customers to avoid closing their MacBook, MacBook Air, or MacBook Pro devices if they use a camera cover thicker than 0.1mm to avoid display damage. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 15:10:35 |
(Déjà vu) Microsoft will not support PHP 8.0 for Windows in \'any capacity\' (lien direct) |
Microsoft has announced that it will not offer support in 'any capacity' for PHP for Windows 8.0 when it is released. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 15:10:35 |
Microsoft to not support PHP 8.0 for Windows in \'any capacity\' (lien direct) |
Microsoft has announced that it will not offer support in 'any capacity' for PHP for Windows 8.0 when it is released. [...] |
|
|
★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 14:06:37 |
(Déjà vu) Uber Eats outage in multiple countries, \'Internal Server Error" reports (lien direct) |
The Uber Eats food delivery service is having an outage in multiple countries that is preventing orders from being placed in the app. [...] |
|
Uber
|
★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 14:06:37 |
Uber Eats outage reported in multiple countries (lien direct) |
The Uber Eats food delivery service is having an outage in multiple countries that is preventing orders from being placed in the app. [...] |
|
Uber
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 13:02:53 |
eToro accounts peddled by the thousands on cybercrime forums (lien direct) |
A threat actor is peddling 62,000 active eToro accounts on a known cybercrime forum. They are also likely collaborating with REvil ransomware on the corporate intrusion front. [...] |
Ransomware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 11:51:40 |
US Secret Service creates new Cyber Fraud Task Force (lien direct) |
The U.S. Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after the merger of its Financial Crimes Task Forces (FCTFs) and Electronic Crimes Task Forces (ECTFs) into a single unified network. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 11:37:56 |
Mozilla reduces TLS certificate lifespan to 1 year in September (lien direct) |
Mozilla has officially announced that starting September 1st, 2020, they will no longer consider any newly issued certificates with a lifespan greater than 398 days, or a little over one year, as valid. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-10 09:34:19 |
Over 1,300 phishing kits for sale on hacker forum (lien direct) |
A member of a hacker forum is looking to make over $30,000 from selling a huge collection of more than 1,300 phishing kits. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 19:56:29 |
How to import and backup saved passwords in Google Chrome (lien direct) |
Google Chrome Password Manager lets you save usernames and passwords and automatically use them to log in to websites you visit. If you ever decide to switch from or to Google Chrome and want to take your saved passwords with you, this guide will help you. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 14:56:28 |
(Déjà vu) Conti ransomware shows signs of being Ryuk\'s successor (lien direct) |
The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti's distribution is increasing. [...] |
Ransomware
Malware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 14:56:28 |
Conti ransomware shows signs of being a Ryuk successor (lien direct) |
The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti's distribution is increasing. [...] |
Ransomware
Malware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 13:25:35 |
Google will ban ads for stalkerware starting August 11 (lien direct) |
Google will update its Google Ads Enabling Dishonest Behavior policy to globally ban advertising for spyware and surveillance technology known as stalkerware starting with August 11, 2020. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 10:34:14 |
Microsoft testing new Windows 10 KDP anti-malware protection (lien direct) |
Microsoft is testing a new Windows 10 security feature dubbed Kernel Data Protection (KDP) and designed to block malicious actors from altering Windows drivers and systems' protected kernel memory as part of their attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 09:10:00 |
Persuasive Office 365 phishing uses fake Zoom suspension alerts (lien direct) |
Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 08:43:59 |
Evilnum hackers use the same malware supplier as FIN6, Cobalt (lien direct) |
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for big fintech threat actors. [...] |
Malware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 06:03:39 |
Joker Android malware keeps evading Google Play Store defenses (lien direct) |
The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google's official Android app store. [...] |
Malware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-09 03:30:00 |
Over 15 billion credentials in circulation on hacker forums (lien direct) |
At least 15 billion credentials are currently circulating on various hacker forums, giving cybercriminals fodder for account takeover attacks and identity renting services. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-08 17:18:03 |
Palo Alto Networks fixes another severe flaw in PAN-OS devices (lien direct) |
Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-08 14:32:34 |
Microsoft warns of Office 365 phishing via malicious OAuth apps (lien direct) |
Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-08 12:34:10 |
First look: Microsoft\'s Project Freta detects Linux malware for free (lien direct) |
Microsoft Research has announced a cloud-based malware detection service called Project Freta to detect rootkits, cryptominers, and previously undetected malware strains lurking in your Linux cloud VM images. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-08 11:35:46 |
NVIDIA fixes code execution bug in GeForce Experience software (lien direct) |
NVIDIA has addressed a vulnerability in the Windows NVIDIA GeForce Experience (GFE) software that could allow local attackers to execute arbitrary code, trigger a denial of service (DoS) state, or access privileged information on unpatched systems. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-08 10:25:00 |
(Déjà vu) Microsoft fixes Word, Skype hangs in July Office 2020 updates (lien direct) |
Microsoft released the July 2020 non-security Microsoft Office updates with improvements and fixes for issues impacting Windows Installer (MSI) editions of Office 2016 and Office 2013 products. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-08 09:55:29 |
Risky blogspot.in domain for sale after Google fails to renew it (lien direct) |
Google's registration of the Blogspot domain expired recently, and the domain was immediately purchased by a domain service provider: [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-07 21:44:46 |
DOJ indict Fxmsp hacker for selling access to hacked orgs, AV firms (lien direct) |
The US Department of Justice has indicted a hacker known as 'Fxmsp' for hacking into and selling access to over three hundred organizations worldwide. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-07 18:45:10 |
ThiefQuest info-stealing Mac wiper gets free decryptor (lien direct) |
Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-07 15:56:37 |
Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found (lien direct) |
F5 BIG-IP customers who only applied recommended mitigations and haven't yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-07 14:47:45 |
How to uninstall Microsoft Edge forced-installed via Windows Update (lien direct) |
If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it, though, as a technique has been discovered to uninstall the program via the command prompt. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-07 13:18:32 |
Microsoft takes down domains used in COVID-19-related cybercrime (lien direct) |
Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-07-07 12:19:45 |
Windows 10: The beginning of the end for Control Panel (lien direct) |
Microsoft has started testing the removal of the venerable System control panel on Windows 10 and instead redirecting users to the modern About page. [...] |
|
|
|