What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-02-21 08:50:15 | Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS (lien direct) | Almost within a year after releasing Microsoft Defender Advanced Threat Protection (ATP) for macOS computers, Microsoft today announced a public preview of its antivirus software for various Linux distributions, including Ubuntu, RHEL, CentOS and Debian.
If this news hasn't gotten you excited yet...
Microsoft is also planning to soon release Defender ATP anti-malware apps for smartphones and |
Threat | ||
|
2020-02-21 01:05:58 | Google Bans 600 Android Apps from Play Store for Serving Disruptive Ads (lien direct) | Google has banned nearly 600 Android apps from the Play Store for bombarding users with disruptive ads and violating its advertising guidelines.
The company categorizes disruptive ads as "ads that are displayed to users in unexpected ways, including impairing or interfering with the usability of device functions," such as a full-screen ad served when attempting to make a phone call.
Although |
|||
|
2020-02-20 04:40:49 | Scam Alert: You\'ve Been Selected for \'Like of the Year 2020\' Cash Prizes (lien direct) | Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information.
According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious "Like of the |
|||
|
2020-02-20 03:08:30 | Deal: Cloud And Networking Certification Training ~ Get 97% OFF (lien direct) | Cloud computing and networking are two of the most significant areas of growth in the IT business. Companies need engineers who can maintain distributed software and keep the company connected.
If you want to work in either niche, the Essential Cloud & Networking Certification Training Bundle offers 93 hours of essential knowledge. You can pick up all 5 courses now for only $39.99 via the THN |
|||
|
2020-02-20 02:09:27 | Adobe Patches Critical Bugs Affecting Media Encoder and After Effects (lien direct) | Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities.
Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary code on targeted systems by tricking victims into opening a specially crafted file using the affected software. |
|||
|
2020-02-19 06:24:24 | Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks (lien direct) | Smart doorbells and cameras bring a great sense of security to your home, especially when you're away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine.
Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor |
|||
|
2020-02-19 03:43:46 | US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility (lien direct) | The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences.
The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed |
Ransomware Threat | ||
|
2020-02-18 07:13:08 | Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide (lien direct) | A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years.
Dubbed "Fox Kitten," the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors |
|||
|
2020-02-18 03:42:33 | Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations (lien direct) | Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive.
Cynet changes the rules of the game with a free threat assessment offering (click here to learn more) based on more than 72 hours of data collection, enabling |
Threat | ||
|
2020-02-17 13:15:53 | Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers (lien direct) | A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.
The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development |
Vulnerability | ||
|
2020-02-17 09:18:09 | OpenSSH now supports FIDO U2F security keys for 2-factor authentication (lien direct) | Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol.
OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements. |
|||
|
2020-02-17 07:10:51 | A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices (lien direct) | A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide-and worryingly, a few of which haven't yet been patched.
All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple |
|||
|
2020-02-14 03:02:44 | U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies (lien direct) | The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year.
Accusing Huawei and its affiliates of "using fraud and deception to misappropriate sophisticated technology from US |
|||
|
2020-02-14 00:36:04 | 500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users (lien direct) | Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.
These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been |
|||
|
2020-02-12 05:35:39 | Download: Definitive \'IR Management and Reporting\' Presentation Template (lien direct) | The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree-making the ability to efficiently manage an incident response process a mandatory skill for any CISO.
Moreover, apart from the management of the actual response process, the CISO must also be able to efficiently communicate |
|||
|
2020-02-12 04:47:20 | Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims (lien direct) | Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks.
According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to |
Ransomware Spam Malware | ||
|
2020-02-11 12:04:43 | Update Microsoft Windows Systems to Patch 99 New Security Flaws (lien direct) | A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities.
According to the advisories, 12 of the total issues patched by the tech giant this month are critical in severity, and the remaining 87 have been listed as important.
Five of the |
|||
|
2020-02-11 09:43:34 | Adobe Releases Patches for Dozens of Critical Flaws in 5 Software (lien direct) | Here comes the second 'Patch Tuesday' of this year.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity.
The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could |
Vulnerability | ★★★★ | |
|
2020-02-11 04:54:08 | App Used by Israel\'s Ruling Party Leaked Personal Data of All 6.5 Million Voters (lien direct) | An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election.
In Israel, all political parties receive personal details of voters before the election, which |
|||
|
2020-02-10 07:57:01 | U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach (lien direct) | The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans.
In a joint press conference held today with the Attorney General William Barr and FBI Deputy Director David Bowdich, the DoJ officials labeled the state-sponsored |
Data Breach | Equifax | |
|
2020-02-06 00:05:27 | The Rise of the Open Bug Bounty Project (lien direct) | Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you.
The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the |
|||
|
2020-02-05 12:46:06 | 5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras (lien direct) | Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a |
Vulnerability | ||
|
2020-02-05 07:42:19 | Exfiltrating Data from Air-Gapped Computers Using Screen Brightness (lien direct) | It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed.
In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can't connect wirelessly |
|||
|
2020-02-05 04:55:06 | Prepare for Cisco, CompTIA, and More IT Certifications with this Bundle (lien direct) | Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates.
If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle will help you ace nine of the most important exams. You can pick up the training now for only $39 via THN Deals.
Over the next few years, the areas |
|||
|
2020-02-05 03:16:43 | Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers (lien direct) | There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices.
Whether it's about exploiting operating system and software vulnerabilities or manipulating network traffic, every attack relies on the reachability between an attacker and the targeted devices.
In recent years, |
|||
|
2020-02-04 12:22:53 | This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs (lien direct) | A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways.
When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a |
|||
|
2020-02-04 07:59:32 | Google Accidentally Shared Private Videos of Some Users With Others (lien direct) | Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users.
The latest privacy mishap is the result of a "technical issue" in Google's Takeout, a service that backs up all your Google account data into a single file and then lets |
|||
|
2020-02-04 02:43:30 | Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users (lien direct) | Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts.
According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved |
Vulnerability | ||
|
2020-02-03 10:10:48 | Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root (lien direct) | Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.
Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on |
Vulnerability | ★★★★ | |
|
2020-01-30 07:38:39 | Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale (lien direct) | Remember the recent payment card breach at Wawa convenience stores?
If you're among those millions of customers who shopped at any of 850 Wawa stores last year but haven't yet hotlisted your cards, it's high time to take immediate action.
That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest |
|||
|
2020-01-30 04:01:07 | Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers (lien direct) | Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.
Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any |
|||
|
2020-01-30 01:07:11 | Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers (lien direct) | Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.
OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many |
Vulnerability | ||
|
2020-01-29 10:37:56 | How to Clear Data Facebook Collects About You from Other Sites and Apps (lien direct) | Facebook is one of the world's biggest advertising platforms, and that's because it knows a lot about you, me, and everyone.
Facebook uses many tools to track people across the Internet, whether they have an account with the social networking site or not, and most of them rely on the online activity data other apps and websites share with Facebook.
Everything we do online generates an |
|||
|
2020-01-29 04:50:45 | Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs (lien direct) | As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice-significantly increasing the Managed Security Service Provider (MSSP) market opportunities.
Until recently, IT integrators, VARs, and MSPs haven't participated in the growing and profitable MSSP market as it entailed massive investments in |
|||
|
2020-01-28 04:01:11 | Zoom Bug Could Have Let Uninvited People Join Private Meetings (lien direct) | If you use Zoom to host your remote online meetings, you need to read this piece carefully.
The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio, video, and documents shared throughout the session.
Besides hosting password-protected virtual |
|||
|
2020-01-25 11:00:48 | Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks (lien direct) | The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.
Dubbed 'Operation Night Fury,' the investigation was led by Interpol's ASEAN Cyber Capability Desk, a joint initiative by |
|||
|
2020-01-24 01:51:26 | Russian Pleads Guilty to Running \'CardPlanet\' to Sell Stolen Credit Cards (lien direct) | Image credit: Times of Israel.
Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud.
The first website Burkov operated was an online marketplace for buying and selling stolen credit card and debit card numbers-called Cardplanet-which |
Guideline | ||
|
2020-01-22 07:55:04 | 250 Million Microsoft Customer Support Records Exposed Online (lien direct) | If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised.
Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support |
|||
|
2020-01-22 05:55:57 | Saudi Prince Allegedly Hacked World\'s Richest Man Jeff Bezos Using WhatsApp (lien direct) | The smartphone of Amazon founder Jeff Bezos, the world's richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today.
Citing unnamed sources familiar with digital forensic analysis of the breach, the newspaper claimed that a massive amount of data was exfiltrated |
|||
|
2020-01-22 04:36:55 | Download: The State of Security Breach Protection 2020 Survey Results (lien direct) | What are the key considerations security decision-makers should take into account when designing their 2020 breach protection?
To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey (Download the full survey here) to understand the common practices, prioritization, and preferences of the organization today in protecting themselves from |
|||
|
2020-01-21 04:08:58 | BitDam Study Exposes High Miss Rates of Leading Email Security Systems (lien direct) | Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines.
Actually, you don't have to. This actually happened.
Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt to defraud several people. How did this happen? Is it similar to how the DNC server was hacked? |
|||
|
2020-01-20 06:24:27 | Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack (lien direct) | Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix.
I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit |
Vulnerability | ||
|
2020-01-20 04:22:32 | Evaluating Your Security Controls? Be Sure to Ask the Right Questions (lien direct) | Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options.
But what do you specifically want to know? And how are the findings relevant to the threat landscape you face at this moment?
"Decide what you want to know and then choose the best tool for the job." |
Tool Threat | ||
|
2020-01-18 07:56:53 | Microsoft Warns of Unpatched IE Browser Zero-Day That\'s Under Active Attacks (lien direct) | Internet Explorer is dead, but not the mess it left behind.
Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild - and there is no patch yet available for it.
The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote |
Vulnerability | ||
|
2020-01-16 11:23:34 | Use iPhone as Physical Security Key to Protect Your Google Accounts (lien direct) | Great news for iOS users!
You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication.
Android users have had this feature on their smartphones since last year, but now Apple product owners can also use this advanced, phishing-resistant form of |
|||
|
2020-01-16 10:07:24 | Broadening the Scope: A Comprehensive View of Pen Testing (lien direct) | Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation.
However, the results are also capable of doing even more. They identify and quantify security risk, and can be used as a keystone in |
Tool | ||
|
2020-01-15 01:20:44 | Download Ultimate \'Security for Management\' Presentation Template (lien direct) | There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization.
Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO.
This person is the |
|||
|
2020-01-14 11:51:32 | Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA (lien direct) | After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products.
What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 |
|||
|
2020-01-14 06:52:42 | Adobe Releases First 2020 Patch Tuesday Software Updates (lien direct) | Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator.
It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users.
Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or |
|||
|
2020-01-11 02:22:37 | PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability (lien direct) | It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.
Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC |
Vulnerability |
To see everything:
Our RSS (filtrered)
