Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-12-10 09:52:12 |
njRAT Trojan operators are now using Pastebin as alternative to central command server (lien direct) |
Avoiding C2 infrastructure could help hackers avoid detection. |
|
|
|
|
2020-12-10 08:01:44 |
Remote code execution vulnerability uncovered in Starbucks mobile platform (lien direct) |
The researcher's report revealed multiple endpoints vulnerable to the same flaw. |
Vulnerability
|
|
|
|
2020-12-10 03:29:02 |
Hackers are selling more than 85,000 SQL databases on a dark web portal (lien direct) |
The hackers are breaking into SQL databases, stealing their content, holding it for ransom for 9 days, and then selling them to the highest bidder if the DB owner doesn't want to ransom their content back. |
|
|
|
|
2020-12-09 23:29:59 |
Adobe to block Flash content from running on January 12, 2021 (lien direct) |
Adobe releases final Flash update with stronger language asking users to uninstall the app before its EOL. |
|
|
|
|
2020-12-09 20:59:57 |
Google open-sources Atheris, a tool for finding security bugs in Python code (lien direct) |
Atheris helps developers find bugs in Python-based codebases using a technique called fuzzing. |
Tool
|
|
|
|
2020-12-09 17:27:00 |
EU agency in charge of COVID-19 vaccine approval says it was hacked (lien direct) |
The European Medicines Agency (EMA) says it's investigating a recent cyber-attack. |
|
|
|
|
2020-12-09 13:12:01 |
Hackers hide web skimmer inside a website\'s CSS files (lien direct) |
Previously, security researchers found web skimmers (Magecart scripts) inside favicons, site logos, live chat windows, and, most recently, in social media sharing buttons. |
|
|
|
|
2020-12-09 10:40:00 |
Oblivious DoH: Cloudflare supports new privacy, security-focused DNS standard (lien direct) |
Test clients for the new standard have been released to the open source community. |
|
|
|
|
2020-12-09 07:49:49 |
Adobe security update squashes critical vulnerabilities in Lightroom, Prelude (lien direct) |
Adobe's last major patch round of 2020 has dealt with arbitrary code and JavaScript execution bugs. |
|
|
|
|
2020-12-09 02:40:05 |
Four sentenced to prison for planting malware on 20 million Gionee smartphones (lien direct) |
Chinese quartet conspired to plant a malicious SDK inside an app that came preinstalled on Gionee devices. |
Malware
|
|
|
|
2020-12-08 21:54:00 |
FireEye, one of the world\'s largest security firms, discloses security breach (lien direct) |
FireEye suspects it was the victim of a nation-state hacking group. |
|
|
|
|
2020-12-08 17:30:00 |
GitHub rolls out dependency review, vulnerability alerts for pull requests (lien direct) |
The aim is to prevent vulnerable code from being added to dependencies by accident. |
Vulnerability
|
|
|
|
2020-12-08 17:00:03 |
Accounts with default creds found in 100+ GE medical device models (lien direct) |
GE Healthcare is embarking on a massive effort to help healthcare providers reconfigure vulnerable devices. |
|
|
|
|
2020-12-08 14:42:06 |
Norway says Russian hacking group APT28 is behind August 2020 Parliament hack (lien direct) |
Russian hackers breached the Norway's Parliament email accounts in August this year. |
Hack
|
APT 28
|
|
|
2020-12-08 12:47:46 |
Amnesia:33 vulnerabilities impact millions of smart and industrial devices (lien direct) |
Security researchers have identified 33 security flaws in four open-source TCP/IP stacks used across a wide range of smart products. |
|
|
|
|
2020-12-08 10:27:05 |
Police officer abused vehicle database to track down women drivers (lien direct) |
A court dismissed the idea that he did so to contact women for an Instagram comic project, or that this is in any way justifiable. |
|
|
|
|
2020-12-07 21:42:31 |
BTC-e founder sentenced to five years in prison for laundering ransomware funds (lien direct) |
French prosecutors weren't able to prove that Vinnik was also involved in the distribution of the Locky ransomware. |
Ransomware
|
|
|
|
2020-12-07 18:21:56 |
Hacker opens 2,732 PickPoint package lockers across Moscow (lien direct) |
PickPoint says this is the world's first targeted cyberattack against a post-gateway network. |
|
|
|
|
2020-12-07 15:17:02 |
NortonLifeLock buys Avira in $360 million cash deal (lien direct) |
Avira acquisitions brings 30M+ active devices to the Norton family, 1.5M paying customers. |
|
|
|
|
2020-12-07 12:45:13 |
Credit card stealer discovered in social media buttons (lien direct) |
Web skimmer (Magecart) gangs find a new ways to attack e-commerce stores and online shoppers. |
|
|
|
|
2020-12-07 11:00:38 |
Italian police arrest suspects in Leonardo military, defense data theft (lien direct) |
A former employee and collaborator are accused of siphoning off sensitive information for almost two years. |
|
|
|
|
2020-12-07 08:07:00 |
NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability (lien direct) |
Russian hackers are using a VMWare bug to plant web shells inside hacked networks and pivot to Microsoft ADFS servers from where they steal sensitive data. |
Vulnerability
|
|
|
|
2020-12-07 00:58:04 |
Hackers leak data from Embraer, world\'s third-largest airplane maker (lien direct) |
The Brazilian company was the victim of a ransomware attack last month, in November. |
Ransomware
|
|
|
|
2020-12-06 15:46:33 |
Kazakhstan government is intercepting HTTPS traffic in its capital (lien direct) |
This marks the third time since 2015 that the Kazakh government is mandating the installation of a root certificate on its citizens' devices. |
|
|
|
|
2020-12-05 07:15:02 |
Ransomware hits helicopter maker Kopter (lien direct) |
Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web. |
Ransomware
|
|
|
|
2020-12-05 01:37:29 |
Ransomware gangs are now cold-calling victims if they restore from backups without paying (lien direct) |
Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk. |
Ransomware
|
|
|
|
2020-12-04 20:33:58 |
Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day (lien direct) |
Johnson & Johnson is one of six COVID-19 research companies that have been recently targeted by North Korean state-sponsored hackers. |
|
|
|
|
2020-12-04 07:39:03 |
Ransomware attack cripples Vancouver public transportation agency (lien direct) |
TransLink customers left unable to use the agency's public ticketing kiosks and cards for two days. |
Ransomware
|
|
|
|
2020-12-04 00:31:47 |
Edward Snowden asks Trump to pardon Wikileaks founder Julian Assange (lien direct) |
Snowden claims the pardon would save Assange's life. |
|
|
|
|
2020-12-03 18:25:00 |
Dell announces new protections for its PC and server supply chain (lien direct) |
Dell to start using tamper-evident seals during physical transport and provide a software reset feature to wipe hard-drives before customer deployment. |
|
|
|
|
2020-12-03 14:17:08 |
Data of 243 million Brazilians exposed online via website source code (lien direct) |
The password to access a highly sensitive Ministry of Health database was stored inside a government site's source code. |
|
|
|
|
2020-12-03 11:00:05 |
Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain (lien direct) |
Targets include EU directorates, companies making vaccine shipping containers, a website development firm linked to vaccine supply chains. |
|
|
|
|
2020-12-03 11:00:04 |
8% of all Google Play apps vulnerable to old security bug (lien direct) |
Devs have not updated a crucial library inside their apps, leaving users exposed to dangerous attacks. Some of the vulnerable apps include Microsoft's Edge browser, Grindr, OKCupid, and Cisco Teams. |
|
|
|
|
2020-12-03 11:00:03 |
New TrickBot version can tamper with UEFI/BIOS firmware (lien direct) |
New TrickBot feature scares security researchers. |
|
|
|
|
2020-12-03 11:00:00 |
This phishing group is targeting COVID-19 vaccine supply chains (lien direct) |
Clues indicate state-sponsored hackers may be to blame. |
|
|
|
|
2020-12-03 10:49:47 |
Compounder Finance DeFi project allegedly pulls the rug from under investors, $11 million stolen (lien direct) |
One investor is offering a $100,000 bounty leading to the unmasking of the thief, or thieves, involved. |
Guideline
|
|
|
|
2020-12-02 14:00:02 |
Open source software security vulnerabilities exist for over four years before detection (lien direct) |
GitHub research suggests there is a need to reduce the time between bug detection and fixes. |
|
|
|
|
2020-12-02 11:52:18 |
Absa bank embroiled in data leak, rogue employee accused of theft (lien direct) |
Personal information belonging to banking customers was compromised. |
|
|
|
|
2020-12-02 09:30:05 |
Ivanti announces double acquisition of MobileIron, Pulse Secure in zero-trust security push (lien direct) |
Ivanti says the deals strengthen the company in the mobile zero-trust security space. |
|
|
|
|
2020-12-01 19:00:00 |
Malicious npm packages caught installing remote access trojans (lien direct) |
JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware. |
|
|
|
|
2020-12-01 17:55:51 |
FBI warns of email forwarding rules being abused in recent hacks (lien direct) |
FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators." |
|
|
|
|
2020-12-01 15:53:43 |
Microsoft removes 18 malicious Edge extensions for injecting ads into web pages (lien direct) |
Some extensions mimicked official apps while others copied popular Chrome extensions. |
|
|
|
|
2020-12-01 09:54:40 |
\'Hacker_R_US\' gets eight years in prison for bomb threats and DDoS extortion (lien direct) |
'Hacker_R_US' was one of the two members of the Apophis Squad hacker group. |
|
|
|
|
2020-12-01 09:00:03 |
2020\'s worst cryptocurrency breaches, thefts, and exit scams (lien direct) |
Cryptocurrency exchanges have felt the impact of everything from vulnerability exploit to social engineering scams over this year. |
Vulnerability
|
|
|
|
2020-12-01 06:00:03 |
The biggest hacks, data breaches of 2020 (lien direct) |
A pandemic is no reason for hackers to hold off cyberattacks against everything from government bodies to healthcare providers. |
|
|
|
|
2020-12-01 02:34:00 |
Microsoft links Vietnamese state hackers to crypto-mining malware campaign (lien direct) |
Vietnamese state hackers imitate Chinese groups and start making money on the side while spying for their government. |
Malware
|
|
|
|
2020-11-30 21:20:13 |
Docker malware is now common, so devs need to take Docker security seriously (lien direct) |
Three years after the first malware attacks targeting Docker, developers are still misconfiguring and exposing their Docker servers online. |
Malware
|
|
|
|
2020-11-30 13:36:00 |
Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up (lien direct) |
If Cloudflare, AWS, or GoDaddy go down, around 40% of the Alexa Top 100,000 websites will also go down with DNS resolution problems. |
|
|
|
|
2020-11-30 10:00:03 |
This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins (lien direct) |
The research highlights the potential dangers of new 'biohacking' techniques. |
|
|
|
|
2020-11-27 14:09:25 |
A hacker is selling access to the email accounts of hundreds of C-level executives (lien direct) |
Access is sold for $100 to $1500 per account, depending on the company size and exec role. |
|
|
|