Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 15:53:23 |
Google to auto-enroll 150 million user accounts into 2FA (lien direct) |
Google announced today that they plan on auto-enrolling 150 million accounts into two-factor authentication by the end of 2021. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 11:24:03 |
The Telegraph exposes 10 TB database with subscriber info (lien direct) |
'The Telegraph', one of UK's largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its databases. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 10:50:24 |
Epic Games now requires Epic Online Services - How to Install (lien direct) |
Epic Games now requires users to install Epic Online Services to properly use the Launcher. Here's how to fix the blank screen that is preventing users from installing this new service. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 09:56:56 |
(Déjà vu) Apache fixes actively exploited zero-day vulnerability, patch now (lien direct) |
The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 09:56:56 |
Apache fixes zero-day vulnerability exploited in the wild, patch now (lien direct) |
The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 09:00:00 |
Ransomware gang encrypts VMware ESXi servers with Python script (lien direct) |
Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 08:38:57 |
Android October patch fixes three critical bugs, 41 flaws in total (lien direct) |
Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 07:16:46 |
New UEFI bootkit used to backdoor Windows devices since 2012 (lien direct) |
A newly discovered and previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit has been used by attackers to backdoor Windows systems by hijacking the Windows Boot Manager since at least 2012. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 05:26:07 |
Facebook: Outage caused by faulty routing configuration changes (lien direct) |
Facebook says that yesterday's worldwide outage was caused by faulty configuration changes made to its backbone routers that brought all its services to a halt. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-05 04:56:21 |
Microsoft confirms Windows 11 issues with VirtualBox, Intel Killer (lien direct) |
Right after officially releasing Windows 11, Microsoft has added three know issues to the Windows 11 12H2 release health dashboard. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 19:05:12 |
(Déjà vu) How to download the latest Windows 11 ISO from Microsoft (lien direct) |
Microsoft has released Windows 11 ISO images this week, and as it's always smart to have a copy of the operating system media to resolve critical problems, we will explain how you can download the Windows 11 ISO directly from Microsoft. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 18:44:19 |
Facebook, Instagram, and WhatsApp back online after BGP fix (lien direct) |
Facebook, Instagram, and WhatsApp are starting to come back online after a BGP routing issue caused an over five-hour worldwide outage. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 17:42:04 |
Largest mobile SMS routing firm discloses five-year-long breach (lien direct) |
Syniverse, a service provider for most telecommunications companies, disclosed that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 16:00:00 |
Windows 11 is released: What you need to know and new features (lien direct) |
Microsoft has released Windows 11 worldwide, and it is now rolling it out via Windows Update on devices with compatible hardware and the latest updates. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 13:00:11 |
RaidForums forced to use mirror after Brazilian govt contacts registrar (lien direct) |
The RaidForums hacking forum has gone through a turbulent week, with its website now forced through a mirror domain after a government filed a legal request with their registrar. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 12:13:49 |
Facebook, WhatsApp, and Instagram down due to DNS outage (lien direct) |
Users around the world are reporting that they are unable to access Facebook, Instagram, and WhatsApp instead seeing errors that the sites can't be reached. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 10:00:00 |
Misconfigured Apache Airflow servers leak thousands of credentials (lien direct) |
While investigating a misconfiguration flaw in Apache Airflow, researchers discovered many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies. Apache Airflow is a popular open-source workflow management platform for organizing and managing tasks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 09:47:19 |
UK plans to invest £5 billion in retaliatory cyber-attacks (lien direct) |
The United Kingdom has revealed plans to invest £5 billion in bolstering national cybersecurity that includes creating a "Cyber Force" unit to perform retaliatory attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 09:21:40 |
New Atom Silo ransomware targets vulnerable Confluence servers (lien direct) |
Atom Silo, a newly spotted ransomware group, is targeting a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-04 08:39:27 |
Ransomware operators behind hundreds of attacks arrested in Ukraine (lien direct) |
Europol has announced the arrest of two men in Ukraine, said to be members of a prolific ransomware operation that extorted victims with ransom demands ranging between €5 to €70 million. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-03 10:00:00 |
Transnational fraud ring stole millions from Army members, veterans (lien direct) |
Fredrick Brown, a former U.S. Army contrractor, was sentenced today to 151 months in prison after admitting to his role in a conspiracy that targeted thousands of U.S. servicemembers and veterans and caused millions of dollars in losses. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-02 16:57:20 |
Sandhills online machinery markets shut down by ransomware attack (lien direct) |
Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-02 10:01:00 |
Ruby updates code of conduct to promote inclusion (lien direct) |
Maintainers behind the Ruby programming language have revised the project's Code of Conduct on GitHub to remove tolerating opposing viewpoints as a prerequisite. The decision comes after a community member posted a joke that many deemed sexist. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 16:33:22 |
The Week in Ransomware - October 1st 2021 - "This was preventable" (lien direct) |
This week comes with reports of a hospital ransomware attack that led to the death of a baby and new efforts by governments worldwide to combat ransomware. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 16:01:34 |
US unites 30 countries to disrupt global ransomware attacks (lien direct) |
U.S. President Joe Biden said today announced today that the U.S. has brought together 30 countries to jointly crackdown on ransomware gangs behind a barrage of attacks impacting organizations worldwide. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 14:27:56 |
FCC orders phone carriers to enforce unlawful robocall blocking (lien direct) |
The Federal Communications Commission (FCC) announced earlier this week that phone companies are now required to filter calls from providers who haven't complied with a deadline to block illegal robocalls expired on September 28th. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 13:27:57 |
Crypto platform mistakenly gives $90M to users, asks for refund (lien direct) |
In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Shortly after the mistake, the platform's founder began asking users to return the money-or else they would be reported to IRS, and possibly doxxed, threatened the founder. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 12:38:15 |
MoneyLion locks customer accounts after credential stuffing attacks (lien direct) |
The banking and investing platform MoneyLion had to lock customer accounts that were breached in credential stuffing attacks over the summer, in June and July. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 11:49:22 |
Neiman Marcus sends notices of breach to 4.3 million customers (lien direct) |
Neiman Marcus, the Texas-based luxury department stores chain, is sending notices of a data breach to roughly 4.3 million customers. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 11:33:34 |
The FCC proposes rules to fight SIM swap and port-out fraud (lien direct) |
The Federal Communications Commission in the U.S. this week announced that it started to work on rules that would pull the brake on SIM swapping attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 10:32:26 |
Hackers rob thousands of Coinbase customers using MFA flaw (lien direct) |
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. [...] |
Vulnerability
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 09:19:20 |
Flubot Android malware now spreads via fake security updates (lien direct) |
The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-10-01 08:18:18 |
Hydra malware targets customers of Germany\'s second largest bank (lien direct) |
The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany's second-largest financial institution. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 18:04:53 |
(Déjà vu) Windows 10 KB5005611 update fixes Microsoft Outlook issues (lien direct) |
Microsoft has released the optional KB5005611 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes bugs in Microsoft Outlook and makes it easier to mitigate the PrintNightmare vulnerability. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 16:56:52 |
QNAP fixes bug that let attackers run malicious commands remotely (lien direct) |
Taiwan-based network-attached storage (NAS) maker QNAP has released security patches for multiple vulnerabilities that could allow attackers to inject and execute malicious code and commands remotely on vulnerable NAS devices. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 16:25:11 |
Google pushes emergency Chrome update to fix two zero-days (lien direct) |
Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 15:32:05 |
Fake Amnesty International Pegasus scanner used to infect Windows (lien direct) |
Threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent. [...] |
Tool
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 13:34:27 |
GhostEmperor hackers use new Windows 10 rootkit in attacks (lien direct) |
Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 12:38:43 |
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data (lien direct) |
JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom. [...] |
Ransomware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 09:14:12 |
WireX DDoS botnet admin charged for attacking hotel chain (lien direct) |
The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service (DDoS) attack. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 09:00:00 |
RansomExx ransomware Linux encryptor may damage victims\' files (lien direct) |
Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files. [...] |
Ransomware
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-30 07:48:29 |
US Congress asks FBI to explain delay in helping Kaseya atack victims (lien direct) |
The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind FBI's decision to delay providing the victims of the Kaseya REvil ransomware with an universal decryption key for three weeks. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-29 20:37:09 |
Apple Pay with VISA lets hackers force payments on locked iPhones (lien direct) |
Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet set as a transit card. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-29 16:11:22 |
Facebook open-sources tool to find Android app security flaws (lien direct) |
Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications. [...] |
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-29 15:18:01 |
Russia arrests cybersecurity firm CEO after raiding offices (lien direct) |
Russian law enforcement on Tuesday has arrested Ilya Sachkov, the co-founder and CEO of cybersecurity company Group-IB, on suspicion of high treason resulting from sharing data with foreign intelligence.. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-29 14:17:43 |
CISA releases tool to help orgs fend off insider threat risks (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks. [...] |
Tool
Vulnerability
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-29 13:47:24 |
Trucking giant Forward Air reports ransomware data breach (lien direct) |
Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. [...] |
Ransomware
Data Breach
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-29 12:09:42 |
New Tomiris backdoor likely developed by SolarWinds hackers (lien direct) |
Kaspersky security researchers have discovered a new backdoor likely developed by the Nobelium hacking group behind last year's SolarWinds supply chain attack. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-29 10:45:18 |
New Android malware steals millions after infecting 10M phones (lien direct) |
A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-28 18:42:21 |
Windows 11\'s Store is now open to third-party app stores (lien direct) |
With Windows 11, Microsoft has opened up its store to developers using different types of frameworks, packaging technologies, and commerce platforms. Ahead of Windows 11's October 5 rollout, Microsoft has confirmed that its new app store will also support third-party app stores like Amazon AppStore and Epic Store. [...] |
|
|
|