Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-08-04 17:34:44 |
Energy group ERG reports minor disruptions after ransomware attack (lien direct) |
Italian energy company ERG reports "only a few minor disruptions" affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems. [...] |
Ransomware
|
|
|
|
2021-08-04 15:20:14 |
Cisco fixes critical, high severity pre-auth flaws in VPN routers (lien direct) |
Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices. [...] |
|
|
|
|
2021-08-04 12:45:00 |
Windows admins now can block external devices via layered Group Policy (lien direct) |
Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organization's network." [...] |
|
|
|
|
2021-08-04 12:19:27 |
LockBit ransomware recruiting insiders to breach corporate networks (lien direct) |
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. [...] |
Ransomware
|
|
|
|
2021-08-04 10:16:17 |
INFRA:HALT security bugs impact critical industrial control devices (lien direct) |
High-severity and critical vulnerabilities collectively referred to as INFRA:HALT are affecting all versions of NicheStack below 4.3, a proprietary TCP/IP stack used by at least 200 industrial automation vendors, many in the leading segment of the market. [...] |
Guideline
|
|
|
|
2021-08-04 09:00:00 |
New Cobalt Strike bugs allow takedown of attackers\' servers (lien direct) |
Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments. [...] |
|
|
|
|
2021-08-04 01:02:03 |
NSA and CISA share Kubernetes security recommendations (lien direct) |
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. [...] |
|
Uber
|
|
|
2021-08-03 20:06:49 |
Microsoft halts Windows 365 trials after running out of servers (lien direct) |
Microsoft has suspended free trials of their newly launched Windows 365 Cloud PC service after running out of available servers. [...] |
|
|
|
|
2021-08-03 14:13:49 |
(Déjà vu) Ransomware attack hits Italy\'s Lazio region, affects COVID-19 site (lien direct) |
The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal. [...] |
|
|
|
|
2021-08-03 14:13:49 |
RansomEXX ransomware hits Italy\'s Lazio region, affects COVID-19 site (lien direct) |
The Lazio region in Italy has suffered a RansomEXX ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal. [...] |
Ransomware
|
|
|
|
2021-08-03 11:55:02 |
Windows 11\'s October 2021 release date hinted in support docs (lien direct) |
A planned October 2021 release date for Windows 11 has been accidentally leaked in support documents from both Microsoft and Intel. [...] |
|
|
★★★
|
|
2021-08-02 18:00:46 |
Google Chrome to no longer show secure website indicators (lien direct) |
Google Chrome will no longer show whether a site you are visiting is secure and only show when you visit an insecure website. [...] |
|
|
|
|
2021-08-02 16:39:52 |
Windows 10 to automatically block potentially unwanted apps (lien direct) |
Microsoft Defender and Microsoft Edge on Windows 10 will automatically block potentially unwanted applications (PUAs) by default starting this month. [...] |
|
|
|
|
2021-08-02 14:10:23 |
Microsoft\'s Windows 365 Cloud PC service is live - Costs from $24 to $162 (lien direct) |
Microsoft's Windows 365 Cloud PC service is now generally available, allowing businesses to deploy Windows 10 desktops in the cloud for prices ranging between $24 and $162 per device. [...] |
|
|
|
|
2021-08-02 12:10:17 |
Windows PetitPotam attacks can be blocked using new method (lien direct) |
Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. [...] |
|
|
|
|
2021-08-02 10:13:41 |
Empty npm package \'-\' has over 700,000 downloads - here\'s why (lien direct) |
A mysterious, one-letter npm package named "-" sitting on the registry since 2020 has received over 700,000 downloads. What's more? The package contains no functional code, so what makes it score so many downloads? [...] |
|
|
|
|
2021-08-02 06:41:57 |
PwnedPiper critical bug set impacts major hospitals in North America (lien direct) |
Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. [...] |
|
|
|
|
2021-08-01 17:17:42 |
Windows 11 future updates: Here\'s everything you need to know (lien direct) |
With Windows 11, Microsoft is retaining Windows 10's servicing model known as 'Windows as a Service (WaaS)'. As part of WaaS, Microsoft plans to deliver an always up-to-date experience with the latest features and security updates. [...] |
|
|
|
|
2021-08-01 11:56:28 |
Windows 11 stock photo leaks upcoming Microsoft Paint redesign (lien direct) |
An official stock photo of Windows 11 has accidentally revealed the upcoming redesign of the Microsoft Paint application. [...] |
|
|
|
|
2021-08-01 11:12:24 |
Registry Explorer is the registry editor every Windows user needs (lien direct) |
Last week, a new open-source Registry Editor was released that puts Windows Regedit software to shame by supporting a host of advanced features, making editing the Registry easier than ever. [...] |
|
|
|
|
2021-08-01 10:00:00 |
Bot protection now generally available in Azure Web Application Firewall (lien direct) |
Microsoft has announced that the Web Application Firewall (WAF) bot protection feature has reached general availability on Azure on Application Gateway starting this week. [...] |
|
|
|
|
2021-07-31 15:13:53 |
DarkSide ransomware gang returns as new BlackMatter operation (lien direct) |
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. [...] |
Ransomware
|
|
|
|
2021-07-31 14:23:07 |
(Déjà vu) Remote print server gives anyone Windows admin privileges on a PC (lien direct) |
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver. [...] |
|
|
|
|
2021-07-31 14:23:07 |
Public print server gives anyone Windows admin privileges (lien direct) |
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a computer by installing a print driver. [...] |
|
|
|
|
2021-07-31 11:12:41 |
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil (lien direct) |
A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations. [...] |
Ransomware
|
|
|
|
2021-07-31 10:00:00 |
FBI warns investors of fraudsters posing as brokers and advisers (lien direct) |
The FBI Criminal Investigative Division and Securities and Exchange Commission warn investors of fraudsters impersonating registered investment professionals such as investment advisers and registered brokers. [...] |
|
|
|
|
2021-07-30 20:12:54 |
DOJ: SolarWinds hackers breached emails from 27 US Attorneys\' offices (lien direct) |
The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree. [...] |
|
|
|
|
2021-07-30 19:43:44 |
The Week in Ransomware - July 30th 2021 - €1 billion saved (lien direct) |
Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands. [...] |
Threat
Ransomware
|
|
|
|
2021-07-30 17:44:48 |
Node.js fixes severe HTTP bug that could let attackers crash apps (lien direct) |
Node.js has released updates for a high severity vulnerability that could be exploited by attackers to crash the process and cause unexpected behaviors. The use-after-free vulnerability, tracked as CVE-2021-22930 is to do with how HTTP2 streams are handled in the language. [...] |
Vulnerability
|
|
|
|
2021-07-30 16:08:57 |
CISA launches vulnerability disclosure platform for federal agencies (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) today launched a new vulnerability disclosure policy (VDP) platform for US federal civilian agencies. [...] |
Vulnerability
|
|
|
|
2021-07-30 15:08:24 |
Windows 10 now lets you install WSL with a single command (lien direct) |
Microsoft says the Windows Subsystem for Linux (WSL) can now be installed on Windows 10, version 2004 or later using a single terminal command. [...] |
|
|
|
|
2021-07-30 12:34:47 |
Amazon gets $888 million GDPR fine for behavioral advertising (lien direct) |
Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising. [...] |
|
|
|
|
2021-07-30 12:26:24 |
Linux eBPF bug gets root privileges on Ubuntu - Exploit released (lien direct) |
A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines. [...] |
Vulnerability
|
|
|
|
2021-07-30 08:59:50 |
Google to block logins on old Android devices starting September (lien direct) |
Google is emailing Android users to let them know that, starting late September, they will no longer be able to log in to their Google accounts on devices running Android 2.3.7 (Gingerbread) and lower. [...] |
|
|
|
|
2021-07-30 08:18:46 |
PyPI packages caught stealing credit card numbers, Discord tokens (lien direct) |
The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting arbitrary code execution capabilities to attackers. These malicious packages were downloaded over 30,000 times according to the researchers who caught them. [...] |
|
|
|
|
2021-07-30 08:00:00 |
Microsoft shares mitigation for recent Windows Server printing issues (lien direct) |
Microsoft has released temporary mitigation info for a known issue that might cause print and scan failures on multiple Windows Server versions after installing July 2021 security updates on domain controllers. [...] |
|
|
|
|
2021-07-29 17:30:20 |
(Déjà vu) Windows 10 gaming issues fixed in KB5004296 - How to download (lien direct) |
Microsoft has released the optional KB5004296 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes Windows 10 gaming issues that have been plaguing users since March. [...] |
|
|
|
|
2021-07-29 17:30:20 |
(Déjà vu) Windows 10 KB5004296 Cumulative Update released with gaming fixes (lien direct) |
Microsoft has released the optional KB5004296 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update contains fixes for gaming issues experienced by Windows 10 users since March. [...] |
|
|
|
|
2021-07-29 17:13:47 |
Estonia arrests hacker who stole 286K ID scans from govt database (lien direct) |
A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS). [...] |
Vulnerability
|
|
|
|
2021-07-29 13:59:57 |
Windows 11 closer to release, latest build enters Beta Channel (lien direct) |
Microsoft today announced that Windows 11 is getting more stable and closer to release, with the latest Insider build being promoted to the Beta Channel. [...] |
|
|
|
|
2021-07-29 13:26:38 |
NSA shares guidance on how to secure your wireless devices (lien direct) |
The US National Security Agency (NSA) today published guidance on how to properly secure wireless devices against potential attacks targeting them when traveling or working remotely. [...] |
|
|
|
|
2021-07-29 12:46:55 |
New destructive Meteor wiper malware used in Iranian railway attack (lien direct) |
A new file wiping malware called Meteor was discovered used in the recent attacks against Iran's railway system. [...] |
Malware
|
|
|
|
2021-07-29 11:56:22 |
Chipotle\'s marketing account hacked to send phishing emails (lien direct) |
Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails luring recipients to malicious links. [...] |
|
|
|
|
2021-07-29 02:20:00 |
(Déjà vu) DoppelPaymer ransomware gang rebrands as the Grief group (lien direct) |
After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief). [...] |
Ransomware
|
|
|
|
2021-07-29 02:20:00 |
Grief ransomware operation is DoppelPaymer rebranded (lien direct) |
After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief). [...] |
Ransomware
|
|
|
|
2021-07-28 15:15:30 |
New US security memorandum bolsters critical infrastructure cybersecurity (lien direct) |
US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators. [...] |
|
|
|
|
2021-07-28 12:23:24 |
Biden: Severe cyberattacks could escalate to \'real shooting war\' (lien direct) |
President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a "real shooting war" with another major world power. [...] |
Guideline
|
|
|
|
2021-07-28 11:15:13 |
Google Play Protect fails Android security tests once more (lien direct) |
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against. [...] |
Malware
|
|
|
|
2021-07-28 11:03:21 |
Google: Android apps must provide privacy information by April 2022 (lien direct) |
Google has announced today more details regarding their upcoming Google Play 'Safety section' feature that provides users information about the data collected and used by an Android app. [...] |
|
|
|
|
2021-07-28 09:30:06 |
Critical Microsoft Hyper-V bug could haunt orgs for a long time (lien direct) |
Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment. [...] |
Vulnerability
|
|
|