Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-05-20 12:10:44 |
Apple Exec Calls Level of Mac Malware \'Unacceptable\' (lien direct) |
Company is using threat of attacks as defense in case brought against it by Epic Games after Fortnite was booted from the App Store for trying to circumvent developer fees. |
Malware
Threat
|
|
★★★★
|
|
2021-05-19 20:24:50 |
Can Nanotech Secure IoT Devices From the Inside-Out? (lien direct) |
Work's being done with uber-lightweight nanoagents on every IoT device to stop malicious behavior, such as a scourge of botnet attacks, among other threats. |
|
Uber
|
|
|
2021-05-19 20:16:31 |
Microsoft, Google Clouds Hijacked for Gobs of Phishing (lien direct) |
Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021. |
|
|
|
|
2021-05-19 16:53:32 |
Keksec Cybergang Debuts Simps Botnet for Gaming DDoS (lien direct) |
The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities. |
Malware
|
|
|
|
2021-05-19 14:35:06 |
Windows PoC Exploit Released for Wormable RCE (lien direct) |
The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft's Patch Tuesday release last week. |
|
|
|
|
2021-05-19 13:28:38 |
Bug Exposes Eufy Camera Private Feeds to Random Users (lien direct) |
Customers panic and question parent company Anker's security and privacy practices after learning their home videos could be accessed and even controlled by strangers due to a server-upgrade glitch. |
|
|
|
|
2021-05-18 20:48:13 |
Scammers Pose as Meal-Kit Services to Steal Customer Data (lien direct) |
Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh. |
|
|
|
|
2021-05-18 18:36:38 |
Stalkerware Apps Riddled with Security Bugs (lien direct) |
Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed. |
|
|
|
|
2021-05-18 16:01:11 |
It\'s Time to Prepare for a Rise in Insider Threats (lien direct) |
Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization. |
|
|
|
|
2021-05-18 14:57:33 |
Unsuccessful Conti Ransomware Attack Still Packs Costly Punch (lien direct) |
Separate attacks last week on the country's Department of Health and Health Service Executive forced the shutdown of networks and services that still haven't been fully restored. |
Ransomware
|
|
|
|
2021-05-18 12:32:46 |
Microsoft, Adobe Exploits Top List of Crooks\' Wish List (lien direct) |
You can't possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.
|
|
|
|
|
2021-05-17 21:46:14 |
Magecart Goes Server-Side in Latest Tactics Changeup (lien direct) |
The latest Magecart iteration is finding success with a new PHP web shell skimmer. |
|
|
|
|
2021-05-17 19:40:27 |
What a Year It\'s Been: RSA 2021 Embraces \'Resilience\' (lien direct) |
Keynoters from Cisco, Netflix and RSA highlighted lessons from the last year, and cybersecurity's new mandate in the post-pandemic world: Bounce back stronger. |
|
|
|
|
2021-05-17 16:23:35 |
DarkSide Hits Toshiba; XSS Forum Bans Ransomware (lien direct) |
The criminal forum washed its hands of ransomware after DarkSide's pipeline attack & alleged shutdown: A "loss of servers" that didn't stop another attack. |
Ransomware
|
|
|
|
2021-05-17 16:19:34 |
Bizarro Banking Trojan Sports Sophisticated Backdoor (lien direct) |
The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users. |
Malware
|
|
|
|
2021-05-14 17:36:33 |
FIN7 Backdoor Masquerades as Ethical Hacking Tool (lien direct) |
The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines. |
Tool
|
|
|
|
2021-05-14 16:05:13 |
DarkSide Ransomware Suffers \'Oh, Crap!\' Server Shutdowns (lien direct) |
The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil's gonads shrank in response.
|
Ransomware
|
|
|
|
2021-05-14 14:03:01 |
\'Scheme Flooding\' Allows Websites to Track Users Across Browsers (lien direct) |
A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor. |
|
|
|
|
2021-05-14 13:26:48 |
Verizon: Pandemic Ushers in ⅓ More Cyber-Misery (lien direct) |
The DBRI – Verizon's 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers.
|
Data Breach
|
|
|
|
2021-05-14 12:30:43 |
Ransomware\'s New Swindle: Triple Extortion (lien direct) |
Ransomware attackers are now demanding cash from the customers of victims too. |
Ransomware
|
|
|
|
2021-05-14 12:00:27 |
How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly (lien direct) |
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting. |
|
|
|
|
2021-05-13 20:22:15 |
Colonial Pipeline Shells Out $5M in Extortion Payout, Report (lien direct) |
According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key. |
|
|
|
|
2021-05-13 19:52:33 |
Ransomware Going for $4K on the Cyber-Underground (lien direct) |
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. |
Ransomware
|
|
|
|
2021-05-13 15:39:01 |
Beyond MFA: Rethinking the Authentication Key (lien direct) |
Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them. |
|
|
|
|
2021-05-13 14:55:53 |
Fresh Loader Targets Aviation Victims with Spy RATs (lien direct) |
The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads. |
|
|
|
|
2021-05-13 13:39:35 |
Apple\'s \'Find My\' Network Exploited via Bluetooth (lien direct) |
The 'Send My' exploit can use Apple's locator service to collect and send information from nearby devices for later upload to iCloud servers. |
|
|
|
|
2021-05-13 13:00:19 |
Five Critical Password Security Rules Your Employees Are Ignoring (lien direct) |
According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. |
|
|
|
|
2021-05-13 11:39:56 |
Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags (lien direct) |
FBI/CISA warn about the RaaS network behind the Colonial hack, Colonial restarts operations, and researchers details groups that rent the ransomware.
|
|
|
|
|
2021-05-12 20:43:52 |
Researchers Flag e-Voting Security Flaws (lien direct) |
Paper ballots and source-code transparency are recommended to improve election security. |
|
|
|
|
2021-05-12 19:51:46 |
Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales (lien direct) |
A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required. |
|
|
|
|
2021-05-12 16:50:43 |
Gig Workers Paid $500 for Payroll Passwords (lien direct) |
Argyle is paying workers to help hack payroll providers, researchers suspect. |
Hack
|
|
|
|
2021-05-12 15:48:05 |
\'FragAttacks\': Wi-Fi Bugs Affect Millions of Devices (lien direct) |
Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they're in range.
|
|
|
|
|
2021-05-12 12:41:38 |
TeaBot Trojan Targets Banks via Hijacked Android Handsets (lien direct) |
Malware first observed in Italy can steal victims' credentials and SMS messages as well as livestream device screens on demand. |
Malware
|
|
|
|
2021-05-11 20:05:44 |
Wormable Windows Bug Opens Door to DoS, RCE (lien direct) |
Microsoft's May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities. |
|
|
|
|
2021-05-11 19:46:27 |
GitHub Prepares to Move Beyond Passwords (lien direct) |
GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords. |
|
|
|
|
2021-05-11 18:38:36 |
Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader (lien direct) |
A patch for Adobe Acrobat, the world's leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution. |
Vulnerability
Guideline
|
|
|
|
2021-05-11 18:01:11 |
Fake Chrome App Anchors Rapidly Worming \'Smish\' Cyberattack (lien direct) |
An ingenious attack on Android devices self-propagates, with the potential for a range of damage. |
|
|
|
|
2021-05-11 16:08:19 |
Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud (lien direct) |
Aamir Lakhani, researcher at FortiGuard Labs, discusses leading-edge threats related to edge access/browsers/IoT, and the COVID-19 vaccine, as a way of getting into larger organizations. |
Guideline
|
|
|
|
2021-05-11 15:34:38 |
200K Veterans\' Medical Records Likely Stolen by Ransomware Gang (lien direct) |
Analyst finds ransomware evidence, despite a contractor's denial of compromise. |
Ransomware
|
|
|
|
2021-05-11 14:45:48 |
DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack (lien direct) |
Statement by the ransomware gang suggests that the incident that crippled a major U.S. oil pipeline may not have exactly gone to plan for overseas threat actors. |
Ransomware
Threat
|
|
|
|
2021-05-10 17:42:22 |
Colonial Pipeline\'s Ransomware Attack Sparks Emergency Declaration (lien direct) |
Security researchers mull possible perpetrators of the attack, and warned that the incident could be a harbinger of things to come. |
Ransomware
|
|
|
|
2021-05-10 17:37:44 |
Lemon Duck Cryptojacking Botnet Changes Up Tactics (lien direct) |
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets. |
Threat
|
|
|
|
2021-05-08 19:28:28 |
Major U.S. Pipeline Crippled in Ransomware Attack (lien direct) |
Colonial Pipeline Company says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations. |
Ransomware
|
|
|
|
2021-05-07 20:28:41 |
iPhone Hack Allegedly Used to Spy on China\'s Uyghurs (lien direct) |
U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem. |
Hack
|
|
|
|
2021-05-07 13:56:53 |
80% of Net Neutrality Comments to FCC Were Fudged (lien direct) |
NY's AG: Millions of fake comments – in favor and against – came from a secret broadband-funded campaign or from a 19-year-old's fake identities. |
|
|
|
|
2021-05-06 19:55:31 |
Qualcomm Chip Bug Opens Android Fans to Eavesdropping (lien direct) |
A malicious app can exploit the issue, which could affect up to 30 percent of Android phones. |
|
|
|
|
2021-05-06 17:54:33 |
Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks (lien direct) |
The networking giant has rolled out patches for remote code-execution and command-injection security holes that could give attackers keys to the kingdom. |
|
|
|
|
2021-05-06 17:26:53 |
Ryuk Ransomware Attack Sprung by Frugal Student (lien direct) |
The student opted for “free” software packed with a keylogger that grabbed credentials later used by "Totoro" to get into a biomolecular institute. |
Ransomware
|
|
|
|
2021-05-06 15:48:13 |
Massive DDoS Attack Disrupts Belgium Parliament (lien direct) |
A large-scale incident earlier this week against Belnet and other ISPs has sent a wave of internet disruption across numerous Belgian government, scientific and educational institutions. |
|
|
|
|
2021-05-05 21:03:27 |
New Crypto-Stealer \'Panda\' Spread via Discord (lien direct) |
PandaStealer is delivered in rigged Excel files masquerading as business quotes, bent on stealing victims' cryptocurrency and other info. |
|
|
|