Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 08:55:30 |
Unpatched QNAP devices are being hacked to mine cryptocurrency (lien direct) |
Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-07 16:28:08 |
Microsoft\'s MSERT tool now finds web shells from Exchange Server attacks (lien direct) |
Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. [...] |
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-07 13:43:45 |
(Déjà vu) How to use Google\'s \'Chrome Labs\' to test new browser features (lien direct) |
Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-07 13:43:45 |
Google\'s Chrome Labs makes it easier to test new browser features (lien direct) |
Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-07 10:00:00 |
Microsoft Office 365 gets protection against malicious XLM macros (lien direct) |
Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 15:39:09 |
How to customize your Windows 10 desktop with these free tools (lien direct) |
With Windows, you've got an almost limitless number of free, open-source and paid apps to customize the appearance of desktop. In this article, we're going to share a list of open-source and free tools to change the desktop wallpaper animation when you move your cursor, add support for widgets, and more. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 14:04:41 |
This new Microsoft tool checks Exchange Servers for ProxyLogon hacks (lien direct) |
Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. [...] |
Tool
|
|
★★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 12:47:07 |
Ransomware gang plans to call victim\'s business partners about attacks (lien direct) |
The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 11:25:28 |
Windows 10 21H1 inches closer to release - Here\'s the latest news (lien direct) |
Microsoft is gearing up to release Windows 10 version 21H1, aka the Spring Update, as they broadly release the feature update to all Windows Insiders in the Beta channel. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 10:02:00 |
Microsoft is giving Windows admins full control over driver updates (lien direct) |
Microsoft has announced a new deployment service for drivers and firmware that will make it easier for IT admins to select the right drivers for devices on their enterprise network. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 09:05:00 |
Samsung fixes critical Android bugs in March 2021 updates (lien direct) |
This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 18:53:22 |
The Week in Ransomware - March 5th 2021 - Targeting service providers (lien direct) |
This week we have seen ransomware attacks targeting online service providers and MSPs to not only encrypt the victim but also cause significant outages for their customers. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 17:16:11 |
US indicts John McAfee for cryptocurrency fraud, money laundering (lien direct) |
US federal prosecutors have charged John McAfee, founder of cybersecurity firm McAfee, and his executive advisor Jimmy Gale Watson Jr for cryptocurrency fraud and money laundering. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 16:49:54 |
New ransomware only decrypts victims who join their Discord server (lien direct) |
A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 14:13:45 |
SITA data breach affects millions of travelers from major airlines (lien direct) |
Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 12:38:10 |
Chrome extension turns on YouTube captions when eating noisy chips (lien direct) |
A new AI-powered Google Chrome extension will automatically turn on YouTube extensions if it detects you are eating noisy chips. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 10:12:40 |
Microsoft: Exchange updates can install without fixing vulnerabilities (lien direct) |
Due to the critical nature of recently issued Microsoft Exchange security updates, admins need to know that the updates may have installation issues on servers where User Account Control (UAC) is enabled. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 08:28:59 |
Ongoing phishing attacks target US brokers with fake FINRA audits (lien direct) |
The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 20:14:58 |
Supermicro, Pulse Secure release fixes for \'TrickBoot\' attacks (lien direct) |
Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware's UEFI firmware-infecting module, known as TrickBoot. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 15:58:41 |
(Déjà vu) CompuCom MSP hit by DarkSide ransomware cyberattack (lien direct) |
US managed service provider CompuCom has suffered a DarkSide ransomware attack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware. [...] |
Ransomware
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 14:05:09 |
(Déjà vu) Microsoft reveals 3 new malware strains used by SolarWinds hackers (lien direct) |
Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 14:05:09 |
Microsoft reveals new malware used by the SolarWinds hackers (lien direct) |
Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:34:15 |
(Déjà vu) Notorious Maza cybercrime forum attacked by other hackers (lien direct) |
The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:34:15 |
Maza forum hacked in recent attacks targeting cybercrime forums (lien direct) |
The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:18:23 |
(Déjà vu) Microsoft Edge is now 41% faster with new Startup Boost feature (lien direct) |
Microsoft Edge was redesigned with Chromium in January 2020 and it's getting better every month with new updates. Earlier this year, Microsoft announced that it's enabling support for sleeping tabs and now Microsoft is rolling out two new features - vertical tabs and startup boost. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:18:23 |
Microsoft Edge gets tab enhancements and improved performance (lien direct) |
Microsoft Edge was redesigned with Chromium in January 2020 and it's getting better every month with new updates. Earlier this year, Microsoft announced that it's enabling support for sleeping tabs and now Microsoft is rolling out two new features - vertical tabs and startup boost. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:04:03 |
FireEye finds new malware likely linked to SolarWinds hackers (lien direct) |
FireEye discovered a new "sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 12:09:34 |
VMware releases fix for severe View Planner RCE vulnerability (lien direct) |
VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 11:37:15 |
(Déjà vu) Hijacking traffic to Microsoft\'s windows.com with bitflipping (lien direct) |
A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to the nature of bit flipping. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 11:37:15 |
Researcher bitsquats Microsoft\'s windows.com to steal traffic (lien direct) |
A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to the nature of bit flipping. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 11:00:33 |
Hacked SendGrid accounts used in phishing attacks to steal logins (lien direct) |
A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 09:44:39 |
Windows DNS SIGRed bug gets first public RCE PoC exploit (lien direct) |
A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 08:04:48 |
DHS orders agencies to urgently patch or disconnect Exchange servers (lien direct) |
The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 07:34:20 |
Ransomware is a multi-billion industry and it keeps growing (lien direct) |
An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 18:15:09 |
CompuCom MSP confirms ongoing outage following malware incident (lien direct) |
The US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware, BleepingComputer has learned. [...] |
Malware
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 17:15:16 |
Microsoft: Windows 10 \'Known Issue Rollback\' auto-fixes update bugs (lien direct) |
Microsoft has shared details on Known Issue Rollback (KIR), a Windows 10 capability used to revert buggy non-security fixes delivered through Windows Update. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 15:01:00 |
Hackers share methods to bypass 3D Secure for payment cards (lien direct) |
Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure (3DS) protocol used for authorizing online card transactions. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 14:53:59 |
BEC scammers are targeting investors for massive payouts (lien direct) |
Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 14:37:40 |
GRUB2 boot loader reveals multiple high severity vulnerabilities (lien direct) |
GRUB, a popular Linux boot loader project has fixed multiple high severity vulnerabilities. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 12:47:24 |
US government warns of Social Security scams using fake federal IDs (lien direct) |
Government imposter scams now come with a new twist that has the potential to make them even more effective, as the Inspector General for the Social Security Administration (SSA) warns. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 11:39:56 |
(Déjà vu) Cybersecurity firm Qualys is the latest victim of Accellion hacks (lien direct) |
Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] |
Data Breach
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 11:39:56 |
Cybersecurity firm Qualys likely latest victim of Accellion hacks (lien direct) |
Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] |
Data Breach
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 10:30:40 |
State hackers rush to exploit unpatched Microsoft Exchange servers (lien direct) |
Multiple state-sponsored hacking groups are actively exploiting critical Exchange bugs Microsoft patched Tuesday via emergency out-of-band security updates. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 08:50:45 |
Microsoft starts force installing Windows 10 20H2 on more devices (lien direct) |
Microsoft is ramping up the forced rollout of Windows 10, version 2004 to more devices approaching end of service (EOS), as part of a new rollout phase. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 03:29:00 |
Cash App phishing kit deployed in the wild, courtesy of 16Shop (lien direct) |
The developer of the 16Shop phishing kit has added a new component that targets users of the popular Cash App mobile payment service. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-02 17:18:51 |
Microsoft fixes actively exploited Exchange zero-day bugs, patch now (lien direct) |
Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-02 16:47:08 |
Google fixes second actively exploited Chrome zero-day bug this year (lien direct) |
Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-02 16:14:26 |
Payroll giant PrismHR outage likely caused by ransomware attack (lien direct) |
Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. [...] |
Ransomware
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-02 13:13:36 |
Malaysia Airlines discloses a nine-year-long data breach (lien direct) |
Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-02 12:42:32 |
SolarWinds reports $3.5 million in expenses from supply-chain attack (lien direct) |
SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation. [...] |
|
|
|