Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-11-03 06:00:04 |
Oracle publishes rare out-of-band security update for WebLogic servers (lien direct) |
Oracle releases additional fix to patch a bug for the second time after the publication of proof-of-concept exploit code. |
|
|
|
|
2020-11-03 00:40:58 |
Adobe hires new CSO in Mark Adams to guide the company in its post-Flash era (lien direct) |
Adams served as CSO for Blizzard Entertainment for four years before joining Adobe today. |
|
|
|
|
2020-11-02 22:34:56 |
Google patches second Chrome zero-day in two weeks (lien direct) |
Google Chrome 86.0.4240.183 available for download. Patches 10 security bugs, including an actively-exploited zero-day. |
|
|
|
|
2020-11-02 21:48:06 |
Hacker group uses Solaris zero-day to breach corporate networks (lien direct) |
The zero-day appears to have been bought off a black-market website for $3,000. |
|
|
|
|
2020-11-02 20:01:47 |
Malicious npm package opens backdoors on programmers\' computers (lien direct) |
JavaScript library posing as a Twilio-related library opens backdoors to let attackers access infected workstations. |
|
|
|
|
2020-11-02 08:31:26 |
Marriott fined £18.4 million by UK watchdog over customer data breach (lien direct) |
The fine has been slashed from over £99 million originally proposed In light of the pandemic. |
Data Breach
|
|
|
|
2020-11-02 06:00:03 |
CERT/CC launches Twitter bot to give security bugs random names (lien direct) |
CERT/CC attempts to reduce the use of sensationalized vulnerability names that needlessly scare software users. |
Vulnerability
|
|
★★★★
|
|
2020-11-01 11:36:20 |
US Cyber Command exposes new Russian malware (lien direct) |
Together with CISA and the FBI, US Cyber Command wish Russian state hackers a "Happy Halloween!" |
Malware
|
|
|
|
2020-10-31 16:30:02 |
Chrome will soon have its own dedicated certificate root store (lien direct) |
Currently, Chrome uses the certificate root store part of each operating system. Google plans to manage its own list of "approved" certificates from now on, similar to Firefox. |
|
|
|
|
2020-10-30 18:29:00 |
Google discloses Windows zero-day exploited in the wild (lien direct) |
Windows zero-day (not yet patched) is used as part of an exploit chain that also includes a Chrome zero-day (already patched). |
|
|
|
|
2020-10-29 11:05:05 |
McAfee debuts remote browser isolation solution, XDR platform (lien direct) |
The company's new offerings are designed with real-time protection and incident management in mind. |
|
|
|
|
2020-10-26 22:27:31 |
Hacker steals $24 million from cryptocurrency service \'Harvest Finance\' (lien direct) |
Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds. |
|
|
|
|
2020-10-26 18:51:57 |
Adware found in 21 Android apps with more than 7 million downloads (lien direct) |
Six of the 21 apps are still available on the Google Play Store. |
|
|
|
|
2020-10-26 15:42:49 |
Over 100 irrigation systems left exposed online without a password (lien direct) |
More than half of the exposed systems are located inside Israel. |
|
|
|
|
2020-10-26 11:54:30 |
The rise of the social bandits: How politics, injustice shapes how we view hacktivism (lien direct) |
If they don't listen to us, do they deserve it? |
|
|
|
|
2020-10-26 09:09:22 |
KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others (lien direct) |
New KashmirBlack botnet is believed to have infected hundreds of thousands of websites since November 2019. |
|
|
|
|
2020-10-23 18:31:26 |
Apple notarizes six malicious apps posing as Flash installers (lien direct) |
Apple notarization process bypassed for the second time in six weeks. |
|
|
|
|
2020-10-23 15:04:27 |
Phishing groups are collecting user data, email and banking passwords via fake voter registration forms (lien direct) |
With the election window closing, phishing groups are striking the iron while it's hot. |
|
|
|
|
2020-10-23 11:52:36 |
Nvidia tackles code execution flaws, data leaks in GeForce Experience (lien direct) |
The worst of the bugs is an uncontrolled search path issue with severe, exploitable consequences. |
|
|
|
|
2020-10-22 21:04:00 |
FBI, CISA: Russian hackers breached US government networks, exfiltrated data (lien direct) |
Intrusions blamed on a Russian hacker group known as Energetic Bear. |
|
|
|
|
2020-10-22 19:50:42 |
NSA whistleblower Edward Snowden granted permanent residency in Russia (lien direct) |
Edward Snowden has been living in Russia since June 2013. |
|
|
|
|
2020-10-22 16:47:00 |
EU sanctions Russia over 2015 German Parliament hack (lien direct) |
Germany had been asking and pushing EU officials for an official statement and sanctions against Russia since earlier this year. |
Hack
|
|
|
|
2020-10-22 14:09:24 |
Firefox \'Site Isolation\' feature enters user testing, expected next year (lien direct) |
Users can test Firefox Site Isolation in Nightly builds. |
|
|
|
|
2020-10-22 10:39:11 |
New Windows RAT can be controlled via a Telegram channel (lien direct) |
New RAT shows a rising trend in the cybercrime underground, with more malware being released with control-by-Telegram features. |
Malware
|
|
|
|
2020-10-22 08:51:08 |
SEC issues Kik $5 million penalty over illegal cryptocurrency offering (lien direct) |
The US regulator alleged that Kik's ICO flouted investment and securities law. |
|
|
|
|
2020-10-22 00:44:00 |
US blames Iran for spoofed Proud Boys emails threatening Democrat voters (lien direct) |
US claims Iran is behind a wave of emails purporting to be from right-wing Proud Boys group that threatened registered Democrat voters with repercussions if they didn't vote for Trump. |
|
|
|
|
2020-10-21 16:31:25 |
WordPress deploys forced security update for dangerous bug in popular plugin (lien direct) |
More than one million WordPress sites were running a vulnerable version of the Loginizer plugin. |
|
|
|
|
2020-10-21 09:25:27 |
Adobe releases another out-of-band patch, squashing critical bugs across creative software (lien direct) |
10 products are impacted, including Photoshop, Illustrator, Dreamweaver, and InDesign. |
|
|
|
|
2020-10-21 05:00:05 |
MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states (lien direct) |
Threat actors range from DDoS botnets to Chinese state-sponsored hacking groups. |
Threat
|
|
|
|
2020-10-20 20:28:00 |
Google releases Chrome security update to patch actively exploited zero-day (lien direct) |
Google Chrome 86.0.4240.111 released with a fix. |
|
|
|
|
2020-10-20 19:38:16 |
Microsoft says it took down 94% of TrickBot\'s command and control servers (lien direct) |
TrickBot survived an initial takedown attempt, but Microsoft and its partners are countering TrickBot operators after every move, taking down any new infrastructure the group is attempting to bring up online. |
|
|
|
|
2020-10-20 15:00:00 |
NSA publishes list of Top 25 vulnerabilities currently targeted by Chinese hackers (lien direct) |
NSA urges US public and private sector to apply patches or mitigations to prevent attacks. |
|
|
|
|
2020-10-20 13:45:18 |
Google removes two Chrome ad blockers caught collecting user data (lien direct) |
Nano Adblocker and Nano Defender have been removed from the official Chrome Web Store. |
|
|
|
|
2020-10-20 13:00:05 |
Seven mobile browsers vulnerable to address bar spoofing attacks (lien direct) |
Vulnerabilities allow attackers to trick users into accessing malicious sites while showing the incorrect URL in the address bar. |
|
|
|
|
2020-10-20 09:30:00 |
Ransomware gang donates part of ransom demands to charity organizations (lien direct) |
The Darkside ransomware gang has donated $10K it received as part of ransom demands to Children International and The Water Project. |
Ransomware
|
|
|
|
2020-10-19 23:27:52 |
UK says Russia was preparing cyber-attacks against the Tokyo Olympics (lien direct) |
Targets included the Games' organizers, logistics services, and sponsors, UK officials said. |
|
|
|
|
2020-10-19 17:03:00 |
US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks (lien direct) |
The US Department of Justice has unsealed today charges against six GRU officers believed to be members of Sandworm, one of today's most advanced state-sponsored hacking groups. |
|
NotPetya
|
|
|
2020-10-19 11:50:20 |
Toshiba targets $20bn quantum key, data encryption business with Verizon, BT partnerships (lien direct) |
Toshiba estimates the market will be worth $20 billion worldwide by 2035. |
|
|
|
|
2020-10-19 11:37:58 |
New Gitjacker tool lets you find .git folders exposed online (lien direct) |
Tool can also download your Git repositories, allowing attackers to retrieve sensitive configuration files and source code. |
Tool
|
|
|
|
2020-10-19 10:00:04 |
This new malware uses remote overlay attacks to hijack your bank account (lien direct) |
Vizom disguises itself as popular videoconferencing software many of us are relying on during the pandemic. |
Malware
|
|
|
|
2020-10-19 09:47:14 |
Albion Online game maker discloses data breach (lien direct) |
Game maker says intruder gained access to its forum database by exploiting a vulnerability. |
Data Breach
|
|
|
|
2020-10-19 07:31:46 |
Discord desktop app vulnerability chain triggered remote code execution attacks (lien direct) |
The critical security issue was reported via the chat app's bug bounty program. |
Vulnerability
|
|
|
|
2020-10-19 05:00:04 |
Microsoft adds option to disable JScript in Internet Explorer (lien direct) |
The option is available after applying the October 2020 Patch Tuesday security updates. |
|
|
|
|
2020-10-17 12:00:05 |
Political campaign emails contain dark patterns to manipulate donors, voters (lien direct) |
Princeton researchers analyzed 100,000 different campaign emails from more than 3,000 political candidates. |
|
|
|
|
2020-10-17 07:00:03 |
Three npm packages found opening shells on Linux, Windows systems (lien direct) |
NPM staff: Any computer that has this package installed or running should be considered fully compromised. |
|
|
|
|
2020-10-16 20:44:18 |
(Déjà vu) Microsoft releases emergency security updates for Windows and Visual Studio (lien direct) |
Two remote code execution (RCE) bugs patched in the Windows Codecs library and Visual Studio Code. |
|
|
|
|
2020-10-16 18:16:24 |
Google says it mitigated a 2.54 Tbps DDoS attack in 2017, largest known to date (lien direct) |
Google discloses previously unknown DDoS attack. |
|
|
|
|
2020-10-16 12:38:00 |
Azure Defender for IoT enters public preview (lien direct) |
Azure Defender for IoT can help companies keep track of IoT/OT networks without having to install anything on their smart devices and industrial equipment. |
|
|
|
|
2020-10-16 10:40:53 |
Billionaire CEO of software company indicted for alleged $2 billion tax evasion schemes (lien direct) |
Robert Brockman is being accused of running tax evasion schemes spanning across decades. |
|
|
|
|
2020-10-16 09:10:20 |
Adobe patches Magento bugs that lead to code execution, customer list tampering (lien direct) |
The out-of-band security update tackles eight critical and important vulnerabilities. |
|
|
|