Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-09-28 03:35:31 |
Australia asks FBI to help find attacker who stole data from millions of users (lien direct) |
Apparent perp claims to have deleted swiped info as carrier Optus struggles to get its story straight +Comment Australian authorities have asked the United States Federal Bureau of Investigation (FBI) to assist with investigations into the data breach at local telco Optus.… |
|
|
|
|
2022-09-27 18:15:08 |
Samsung sued for gobbling up too much personal info that miscreants then stole (lien direct) |
If you're gonna force everyone to register an account, at least protect that data, lawsuit argues A lawsuit has accused Samsung of failing to address a cyber-intrusion in early 2022, leading to the theft of US customers' personally identifiable information (PII) in a second attack months later in July.… |
Guideline
|
|
|
|
2022-09-27 18:15:08 |
Samsung facing class action over customer data leaks (lien direct) |
Not only did the company fail to protect their data, the suit alleges, it also forced users to register A class action lawsuit has accused Samsung of failing to address a data breach in early 2022, leading to the theft of US customers' personally identifiable information (PII) in a second attack earlier this month.… |
Data Breach
Guideline
|
|
|
|
2022-09-27 14:00:12 |
Microsoft boosts phishing protection in Windows 11 22H2 (lien direct) |
Security tool warns admins and users when a password is used on an untrusted site or stored locally In the latest version of Windows 11, Microsoft is introducing a feature in its Microsoft Defender SmartScreen tool designed to keep passwords safer.… |
Tool
|
|
|
|
2022-09-25 08:50:14 |
Noberus ransomware gets info-stealing upgrades, targets Veeam backup software (lien direct) |
'One of the most dangerous and active malware developers operating at the moment' Crooks spreading the Noberus ransomware are adding weapons to their malware to steal data and credentials from compromised networks.… |
Ransomware
Malware
|
|
|
|
2022-09-23 17:29:13 |
Significant customer data exposed in attack on Australian telco (lien direct) |
Subscribers have questions – like 'When were you going to tell us?' Australian telecommunications company Optus has fallen victim to a significant cyberattack and data breach.… |
|
|
|
|
2022-09-22 20:15:34 |
Check out this Android spyware, says Microsoft, the home of a gazillion Windows flaws (lien direct) |
While issuing an emergency patch for Endpoint Configuration Manager Data-stealing spyware disguised as a banking rewards app is targeting Android users, Microsoft's security team has warned.… |
|
|
|
|
2022-09-22 15:15:05 |
Cambodian authorities crack down on cyber slavery amid international pressure (lien direct) |
Lured by fake jobs, victims are isolated abroad and forced to carry out crypto, romance scams and more Authorities in Sihanoukville, Cambodia announced on Sunday that a raid last week uncovered evidence of forced labor cybercrime syndicates that participated in human trafficking and torture.… |
|
|
|
|
2022-09-22 13:45:08 |
Fake sites fool Zoom users into downloading deadly code (lien direct) |
Ah, the human touch Beware the Zoom site you don't recognize, as a criminal gang is creating multiple fake versions aimed at luring users to download malware that can steal banking data, IP addresses, and other information.… |
Malware
|
|
|
|
2022-09-21 15:56:01 |
Malwarebytes blocks Google, YouTube as malware (lien direct) |
Sounds like fair comment Google and its Youtube domains are being flagged as malicious by Malwarebytes as of Wednesday morning, blocking users from accessing a whole range of websites.… |
Malware
|
|
|
|
2022-09-21 09:26:11 |
ChromeLoader, what took you so long? Malvertising irritant now slings ransomware (lien direct) |
Doesn't make cents, makes bigger bucks instead ... probably ChromeLoader – the malware that exploded onto the scene this year by hijacking browsers to redirect users to pages of ads – is apparently evolving into a more significant threat by deploying malicious payloads that go beyond malvertising.… |
Threat
Ransomware
Malware
|
|
|
|
2022-09-20 00:09:39 |
NASA to live-stream SLS rocket fuel leak repair test (lien direct) |
For those on tenterhooks over this Moon mission NASA will televise a test on Wednesday to confirm whether a repair made to its Space Launch System (SLS) rocket has fixed the hydrogen leak that forced officials to scrub a previous launch attempt.… |
|
|
|
|
2022-09-19 17:12:15 |
Grand Theft Auto 6 maker confirms source code, vids stolen in cyber-heist (lien direct) |
So is that three or four stars? Take-Two Interactive confirmed on Monday that its Rockstar Games subsidiary has been compromised and confidential data for Grand Theft Auto 6 has been stolen.… |
|
|
|
|
2022-09-19 13:37:53 |
GPT-3 \'prompt injection\' attack causes bad bot manners (lien direct) |
Also, EA goes kernel-deep to stop cheaters, PuTTY gets hijacked by North Korea, and more. In Brief OpenAI's popular natural language model GPT-3 has a problem: It can be tricked into behaving badly by doing little more than telling it to ignore its previous orders.… |
|
|
|
|
2022-09-17 07:32:11 |
Can reflections in eyeglasses actually leak info from Zoom calls? Here\'s a study into it (lien direct) |
About time someone shined some light onto this Boffins at the University of Michigan in the US and Zhejiang University in China want to highlight how bespectacled video conferencing participants are inadvertently revealing sensitive on-screen information via reflections in their eyeglasses.… |
|
|
|
|
2022-09-16 21:45:39 |
School chat app Seesaw abused to send \'inappropriate image\' to parents, teachers (lien direct) |
This is why we don't reuse passwords, kids Parents and teachers received a link to an "inappropriate image" this week via Seesaw after miscreants hijacked accounts in a credential stuffing attack against the popular school messaging app.… |
|
|
|
|
2022-09-16 06:04:05 |
Eastern European org hit by second record-smashing DDoS attack (lien direct) |
Cough, cough, U, cough, kraine Akamai says it has absorbed the largest-ever publicly known distributed denial of service (DDoS) attack – an assault against an unfortunate Eastern European organization that went beyond 700 million packets per second.… |
|
|
|
|
2022-09-16 05:33:56 |
EU puts smart device manufacturers on the hook for cyber security (lien direct) |
Requires five years of patching, 24 hour incident reporting, and proper security … for starters The European Commission has revealed a Cyber Resilience Act that will require manufacturers of connected devices to secure them properly before shipping, disclose and fix flaws promptly, and guarantee fixes will flow for five years.… |
|
|
|
|
2022-09-16 03:13:43 |
Uber reels from \'security incident\' in which cloud systems seemingly hijacked (lien direct) |
AWS and G Suite admin accounts likely popped, HackerOne bug bounty page hit, and more Uber is tonight reeling from what looks like a substantial cybersecurity breach.… |
|
Uber
|
|
|
2022-09-15 02:12:07 |
WordPress-powered sites backdoored after FishPig suffers supply chain attack (lien direct) |
And two other security snafus in this web publishing world It's only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites.… |
|
|
|
|
2022-09-14 13:30:10 |
Google fined $4b after Euro court snips 5% off earlier price (lien direct) |
Search giant's appeal lands flat as fine imposed for anticompetitive practice in Android search The European General Court has imposed a €4.125 billion (about $4.13 billion) fine on Google, largely upholding an earlier ruling on the ad-tech giant's anticompetitive practices in mobile search.… |
|
|
|
|
2022-09-14 00:57:37 |
Ransomware gang threatens 1m-plus medical record leak (lien direct) |
Criminals continue to target some of the most vulnerable Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.… |
Ransomware
|
|
|
|
2022-09-13 07:30:11 |
Cisco: Yes, Yanluowang leaked our data. No, it\'s not serious (lien direct) |
Everything's fine! The Yanluowang ransomware group behind the May attack on Cisco Systems has publicly leaked the stolen files on the dark web over the weekend, but the networking giant says there's nothing to worry about.… |
Ransomware
|
|
|
|
2022-09-13 05:30:08 |
Chinese-linked cyber crims nab $529 million from Indian nationals (lien direct) |
Authorities also bust a shell company scam operation with links to the Middle Kingdom Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh.… |
|
|
|
|
2022-09-12 23:07:44 |
Apple patches iPhone and macOS flaws under active attack (lien direct) |
High-value targets tend to get hit Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited.… |
|
|
|
|
2022-09-10 11:00:07 |
Shape-shifting cryptominer savaging Linux endpoints and IoT (lien direct) |
Also, Authorities seize WT1SHOP selling 5.8m sets of PII, The North Face users face tough secuirty hike In brief AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones.… |
Malware
|
|
|
|
2022-09-08 12:00:09 |
Lazarus Group unleashed a MagicRAT to spy on energy providers (lien direct) |
Cisco finds custom malware in North Korea's latest cyberespionage effort The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos.… |
Malware
Medical
|
APT 38
|
|
|
2022-09-07 12:34:49 |
Cybercriminals target games popular with kids to distribute malware (lien direct) |
Kaspersky research finds Minecraft and Roblox have the most malicious files associated with them With 3 billion players globally, the $200 billion gaming market is an increasingly ripe target for cybercriminals – with the perennially popular Minecraft one of the most targeted lures.… |
Malware
|
|
|
|
2022-09-07 05:15:14 |
As Cybersecurity Week begins, Beijing claims US attacked Uni doing military research (lien direct) |
National Security Agency apparently has tools that crack Solaris boxes China has accused the United States of a savage cyber attack on a university famed for conducting aerospace research and linked to China's military.… |
|
|
|
|
2022-09-06 17:45:09 |
(Déjà vu) Ransomware gang hits second-largest US school district (lien direct) |
FBI and CISA on-site to assist with incident response over Labor Day weekend Cybercriminals hit the Los Angeles Unified School District (LAUSD) over the holiday weekend with a ransomware attack that temporarily shut down email, computer systems, and applications.… |
Ransomware
|
|
|
|
2022-09-06 16:15:14 |
Newly discovered cyberspy crew targets Asian governments and corporations (lien direct) |
Worok uses mix of publicly available tools, custom malware to steal info, gang active since 2020 A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access.… |
Malware
|
|
|
|
2022-09-06 13:30:10 |
Unhappy about excluding nation-state attacks from cyberinsurance? Get ready to pay (lien direct) |
Lloyd's defends stance as critics say policy tweaks make it less worthwhile to spend on premiums Critics unhappy about insurers excluding certain nation-state attacks from cyber policies should consider the alternative: higher prices, according to Lloyd's of London.… |
|
|
|
|
2022-09-05 06:57:12 |
Microsoft mistakenly rated Chromium, Electron, as malware (lien direct) |
Windows Defender update fixed the mess after a weekend of false positive weirdness Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them.… |
Malware
|
|
|
|
2022-09-02 01:11:24 |
Ex-NSA trio who spied on Americans for UAE now banned from arms exports (lien direct) |
From hero to zero-day ... to plain zero Three former US government cyber-spies who, among other things, illicitly compromised and snooped on Americans' devices for the United Arab Emirates government have been banned from participating in international arms exports under a deal reached with Uncle Sam.… |
|
|
|
|
2022-09-01 07:04:15 |
Oh no, that James Webb Space Telescope snap might actually contain malware (lien direct) |
Is nothing sacred? Scumbags are using a photo from the James Webb Space Telescope to smuggle Windows malware onto victims' computers – albeit in a roundabout way.… |
Malware
|
|
|
|
2022-08-31 05:02:05 |
China-linked APT40 gang targets wind farms, Australian government (lien direct) |
ScanBox installed after victims lured to fake Murdoch news sites with phishing emails Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site.… |
|
APT 40
|
|
|
2022-08-30 22:58:05 |
Find a security hole in Google\'s open source and you could bag a $31,337 reward (lien direct) |
Will it be enough to prevent the next software supply-chain attack? Google has created a bug bounty program that will reward those who find and report vulnerabilities in its open-source projects, thereby hopefully strengthening software supply-chain security.… |
|
|
★★★★★
|
|
2022-08-30 10:27:12 |
That \'clean\' Google Translate app is actually Windows crypto-mining malware (lien direct) |
Ah, nothing like a classic Trojan horse Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.… |
Malware
|
|
|
|
2022-08-30 00:43:14 |
Google Play to ban Android VPN apps from interfering with ads (lien direct) |
Developers say this is not the privacy protection it's made out to be Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications.… |
|
|
|
|
2022-08-26 19:21:03 |
PyPI warns of first-ever phishing campaign against its users (lien direct) |
On the bright side, top devs are getting hardware security keys The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service.… |
|
|
|
|
2022-08-26 16:33:28 |
Now Oktapus gets access to some DoorDash customer info via phishing attack (lien direct) |
Double check who exactly you're sending your username and password to, eh? DoorDash has confirmed that "a small percentage" of its customers and delivery drivers' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were exposed as part of a broad phishing campaign dubbed Oktapus.… |
|
|
|
|
2022-08-25 18:01:53 |
Crooks target top execs on Office 365 with MFA-bypass scheme (lien direct) |
The 'widespread' campaign hunts for multimillion-dollar transactions A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication.… |
|
|
|
|
2022-08-25 09:24:07 |
Shout-out to whoever went to Black Hat with North Korean malware on their PC (lien direct) |
I am the one who NOCs The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.… |
Malware
|
|
|
|
2022-08-24 06:28:07 |
Lloyd\'s to exclude certain nation-state attacks from cyber insurance policies (lien direct) |
Kim Jong-un has entered the chat Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time.… |
|
|
|
|
2022-08-22 22:00:12 |
Novant Health admits leak of 1.3m patients\' info to Facebook (lien direct) |
But don't worry, Zuck would never misuse this type of sensitive data Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta.… |
|
|
★★★★
|
|
2022-08-22 21:00:08 |
Hiding a phishing attack behind the AWS cloud (lien direct) |
Scammers are using cloud services to create and host web pages that can be used to lure victims into handing over their credentials Criminals are slipping phishing emails past automated security scanners inside Amazon Web Services (AWS) to establish a launching pad for attacks.… |
|
|
|
|
2022-08-22 16:08:11 |
LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data (lien direct) |
Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. The high-profile gang is now apparently under a distributed denial-of-service (DDoS) because of it.… |
Ransomware
|
|
|
|
2022-08-22 06:20:10 |
Zoom patches make-me-root security flaw, patches patch (lien direct) |
Plus: See if in-app browsers are monitoring you, a novel industrial network attack technique, and more In brief Zoom fixed a pair of privilege escalation vulnerabilities, which were detailed at the Black Hat conference this month, but that patch was bypassed, necessitating yet another fix.… |
|
|
|
|
2022-08-22 05:01:10 |
NSO Group CEO steps down, 100 employees let go too (lien direct) |
Controversial Pegasus spyware maker to focus on NATO sales while battling various court cases Pegasus spyware-maker NSO Group announced on Sunday it will reorganize, replacing its CEO and letting go of around 100 workers.… |
|
|
|
|
2022-08-22 00:59:10 |
Huawei dangles developer incentives to sell Harmony OS around the world (lien direct) |
Plus: Indonesia's four-hour takedown demand; Peak Facebook in Korea?; Alibaba frees font; and more. Asia In Brief Huawei last week unveiled initiatives to encourage developers to work on its Harmony OS – the platform it created after US sanctions denied the Chinese giant access to Google's Android operating system.… |
|
|
|