Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-11-27 10:07:06 |
Networking equipment vendor Belden discloses data breach (lien direct) |
Belden says hackers accessed a limited number of company's file servers. |
Data Breach
|
|
|
|
2020-11-26 21:22:59 |
Personal data of 16 million Brazilian COVID-19 patients exposed online (lien direct) |
Among those affected by the leak are Brazil President Jair Bolsonaro, seven ministers, and 17 provincial governors. |
|
|
|
|
2020-11-26 09:31:21 |
Sophos notifies customers of data exposure after database misconfiguration (lien direct) |
Exclusive: Company says that only a small subset of customers were impacted. |
|
|
|
|
2020-11-25 23:34:00 |
Xbox bug could have allowed hackers to link gamer tags with players\' emails (lien direct) |
The bug could have been exploited by playing around in a browser's developer console and editing a cookie field. |
|
|
|
|
2020-11-25 20:46:28 |
Security researcher accidentally discovers Windows 7 and Windows Server 2008 zero-day (lien direct) |
The vulnerability was discovered while the security researcher was working on a Windows security tool. |
Vulnerability
|
|
|
|
2020-11-25 17:08:25 |
Three members of TMT cybercrime group arrested in Nigeria (lien direct) |
The TMT group has infected more than 50,000 organizations around the world with malware. |
|
|
|
|
2020-11-25 10:55:21 |
YouTube suspends OANN for allegedly peddling fake COVID-19 cures (lien direct) |
If the outlet wants to monetize videos in the future, it must reapply to YouTube's member program. |
|
|
|
|
2020-11-25 10:07:21 |
Home Depot agrees to $17.5 million settlement over 2014 data breach (lien direct) |
The US retailer's point-of-sale systems were infected with malware. |
Data Breach
|
|
|
|
2020-11-24 20:44:00 |
2FA bypass discovered in web hosting software cPanel (lien direct) |
More than 70 million sites are managed via cPanel software, according to the company. |
|
|
|
|
2020-11-24 15:00:04 |
Stantinko\'s Linux malware now poses as an Apache web server (lien direct) |
Eight-year-old Stantinko botnet updates its Linux malware. |
Malware
|
|
|
|
2020-11-24 13:18:14 |
Spotify launches \'rolling reset\' on customer accounts, passwords linked to data leak (lien direct) |
A third-party server containing Spotify credentials was uncovered by researchers. |
|
|
|
|
2020-11-24 12:22:43 |
Baidu\'s Android apps caught collecting sensitive user details (lien direct) |
Data collection issue identified in Baidu Maps and Baidu Search Box apps, both removed from the Play Store in October 2020. |
|
|
|
|
2020-11-24 11:00:00 |
New WAPDropper malware abuses Android devices for WAP fraud (lien direct) |
New WAPDropper malware signs up Android users to premium services provided by telecoms in Thailand and Malaysia. |
Malware
|
|
|
|
2020-11-24 10:29:05 |
SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire (lien direct) |
The agency claims that business deals were made up to lure investors into funding the startup. |
|
|
|
|
2020-11-24 10:27:00 |
Hacker leaks the user data of event management app Peatix (lien direct) |
More than 4.2 million user accounts have been made available for download online earlier this month. |
|
|
|
|
2020-11-23 17:37:13 |
Tesla Model X hacked and stolen in minutes using new key fob hack (lien direct) |
Tesla is rolling out over-the-air software updates this week to prevent the attack from hijacking owner key fobs. |
Hack
|
|
|
|
2020-11-23 15:10:12 |
Malware creates scam online stores on top of hacked WordPress sites (lien direct) |
The malware gang also poisoned the victims' XML sitemaps with thousands of scammy entries, lowering the sites' SERP ranking. |
Malware
|
|
|
|
2020-11-23 13:35:05 |
GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave (lien direct) |
The domain registrar has confirmed that employees became embroiled in wider attacks. |
|
|
|
|
2020-11-23 12:28:00 |
TikTok patches reflected XSS bug, one-click account takeover exploit (lien direct) |
The vulnerabilities impacted the video platform's website. |
|
|
|
|
2020-11-21 20:25:18 |
(Déjà vu) Manchester United football club discloses security breach (lien direct) |
Football club said it's not "currently aware of any breach of personal data associated with our fans or customers." |
|
|
|
|
2020-11-21 08:00:03 |
Botnets have been silently mass-scanning the internet for unsecured ENV files (lien direct) |
Threat actors are looking for API tokens, passwords, and database logins usually stored in ENV files. |
Threat
|
|
|
|
2020-11-20 17:55:35 |
Drupal sites vulnerable to double-extension attacks (lien direct) |
The 90s called. They want their vulnerability back. |
Vulnerability
|
|
|
|
2020-11-20 14:19:03 |
Two Romanians arrested for running three malware services (lien direct) |
The two ran two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan. |
Malware
|
|
|
|
2020-11-20 05:45:03 |
The malware that usually installs ransomware and you need to remove right away (lien direct) |
If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems. |
Ransomware
Malware
|
|
|
|
2020-11-19 19:55:00 |
Facebook Messenger bug could have allowed hackers to spy on users (lien direct) |
The now-patched Messenger bug could have allowed callers to connect audio calls without the callee's knowledge or approval. |
|
|
|
|
2020-11-19 15:59:00 |
LidarPhone attack converts smart vacuums into microphones (lien direct) |
LidarPhone attack works by converting a smart vacuum's LiDAR navigational component into a laser microphone. |
|
|
|
|
2020-11-19 09:27:48 |
New Grelos skimmer variant reveals overlap in Magecart group activities, malware infrastructure (lien direct) |
The discovery of a new skimmer variant reveals the difficulties associated with tracking separate Magecart campaigns. |
Malware
|
|
|
|
2020-11-19 09:00:03 |
Fearing drama, Mozilla opens public consultation before worldwide Firefox DoH rollout (lien direct) |
Mozilla wants to enable DNS-over-HTTPS (DoH) in Firefox for all users worldwide, but wants to hear from ISPs, governments, and companies beforehand. |
|
|
|
|
2020-11-18 19:08:52 |
Starting next year, Chrome extensions will show what data they collect from users (lien direct) |
Google will add a "Privacy practices" section on each Chrome extension's Web Store page listing what data they collect from users and what the developer plans to do with it. |
|
|
|
|
2020-11-18 17:00:04 |
Cisco Webex bugs allow attackers to join meetings as ghost users (lien direct) |
Attackers can join Webex meetings as ghost users, and even remain inside rooms after getting kicked. |
|
|
|
|
2020-11-18 16:17:33 |
Liquid crypto-exchange says hacker accessed internal network, stole user data (lien direct) |
Liquid admins said the intrusion was detected before any funds were stolen. |
|
|
|
|
2020-11-18 12:00:03 |
The worst passwords of 2020 show we are just as lazy about security as ever (lien direct) |
Can't we do any better than “123456”? |
|
|
|
|
2020-11-18 11:51:08 |
Amazon Web Services\' new Network Firewall solution rolls out (lien direct) |
The firewall solution is aimed at securing virtual networks and AWS workloads. |
|
|
|
|
2020-11-18 11:08:39 |
Hacking group exploits ZeroLogon in automotive, industrial attack wave (lien direct) |
A massive campaign is underway around the globe, with automotive, pharmaceutical and engineering entities top targets. |
|
|
|
|
2020-11-18 09:33:22 |
Capcom confirms Ragnar Locker ransomware attack, data exposure (lien direct) |
Customer, employee, and shareholder information is potentially embroiled in the leak. |
Ransomware
|
|
|
|
2020-11-18 05:00:04 |
Chaes malware strikes customers of Latin America\'s largest e-commerce platform (lien direct) |
The new malware strain is being deployed in attacks against MercadoLivre users. |
Malware
|
|
|
|
2020-11-18 00:32:00 |
Trump fires CISA Director Chris Krebs (lien direct) |
Trump fires the CISA Director over a recent statement calling the recent presidential election the most secure in US history. |
|
|
|
|
2020-11-18 00:32:00 |
Trump fires CISA boss Chris Krebs (lien direct) |
Rumors that President Trump was planning to fire CISA's top official started circulating last week after the White House discovered that CISA officials have been debunking "election fraud" rumors often started by the President. |
|
|
|
|
2020-11-17 22:46:00 |
Ransomware attack forces web hosting provider Managed.com to take servers offline (lien direct) |
Ransomware attack on Managed.com appears to have taken place on Monday, November 16. |
Ransomware
|
|
|
|
2020-11-17 17:00:00 |
Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation (lien direct) |
Support for FTP links will be disabled for 50% of Chrome 87 users, with a complete removal scheduled for Chrome 88. |
|
|
|
|
2020-11-17 14:00:00 |
Researchers warn of internet security risks connected to Tesla Backup Gateway (lien direct) |
Hundreds of Tesla gateway systems have been found, exposed and open, online. |
|
|
|
|
2020-11-17 12:42:09 |
Firefox 83 released with \'HTTPS-Only Mode\' that only loads HTTPS sites (lien direct) |
Mozilla expects that HTTPS-Only Mode will soon become the default browsing state for most web browsers. |
|
|
|
|
2020-11-17 11:11:00 |
Cryptocurrency platform dangles \'bug bounty\' carrot to hacker who stole $2 million (lien direct) |
Akropolis has not yet gone to law enforcement, giving the hacker time to consider the proposal. |
|
|
|
|
2020-11-17 09:00:04 |
More than 200 systems infected by new Chinese APT \'FunnyDream\' (lien direct) |
New Chinese APT discovered targeting Southeast Asian governments. |
|
|
|
|
2020-11-17 06:00:03 |
More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug (lien direct) |
Millions of computers and servers across the globe remain unpatched for some of today's most dangerous bugs. |
|
|
|
|
2020-11-16 19:21:00 |
New Zoom feature can alert room owners of possible Zoombombing disruptions (lien direct) |
The new "At-Risk Meeting Notifier" Zoom feature scans the internet and alerts conference organizers when a link to their Zoom meeting has been posted online. |
|
|
|
|
2020-11-16 13:20:24 |
The ransomware landscape is more crowded than you think (lien direct) |
More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. |
Ransomware
|
|
|
|
2020-11-16 10:30:03 |
Lazarus malware strikes South Korean supply chains (lien direct) |
The malware is passing security checks through the abuse of stolen software certificates. |
Malware
|
APT 38
|
|
|
2020-11-13 15:33:53 |
Hacker steals $2 million from cryptocurrency service Akropolis (lien direct) |
Cryptocurrency borrowing and lending service Akropolis said it suffered a "flash loan" attack. |
|
|
|
|
2020-11-13 14:00:00 |
Microsoft says three APTs have targeted seven COVID-19 vaccine makers (lien direct) |
The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium. |
Medical
|
APT 38
APT 28
APT 43
|
|