Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-04-05 15:52:17 |
15 Cybersecurity Pitfalls and Fixes for SMBs (lien direct) |
In this roundtable, security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources. |
|
|
|
|
2021-04-02 19:56:57 |
FBI: APTs Actively Exploiting Fortinet VPN Security Holes (lien direct) |
Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon. |
|
|
|
|
2021-04-02 18:16:10 |
Call of Duty Cheats Expose Gamers to Malware, Takeover (lien direct) |
Activision is warning that cyberattackers are disguising malware -- a remote-access trojan (RAT) -- in cheat programs. |
Malware
|
|
|
|
2021-04-02 16:45:29 |
From PowerShell to Payload: An Analysis of Weaponized Malware (lien direct) |
John Hammond, security researcher with Huntress, takes a deep-dive into a malware's technical and coding aspects. |
Malware
|
|
|
|
2021-04-02 13:09:25 |
Robinhood Warns Customers of Tax-Season Phishing Scams (lien direct) |
Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files. |
|
|
|
|
2021-04-01 20:58:32 |
80% of Global Enterprises Report Firmware Cyberattacks (lien direct) |
A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags. |
|
|
|
|
2021-04-01 19:53:04 |
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack (lien direct) |
Some legacy models of QNAP network attached storage devices are vulnerable to remote unauthenticated attacks because of two unpatched vulnerabilities. |
|
|
|
|
2021-04-01 18:07:13 |
Ragnarok Ransomware Hits Boggi Milano Menswear (lien direct) |
The ransomware gang exfiltrated 40 gigabytes of data from the fashion house, including HR and salary details. |
Ransomware
|
|
|
|
2021-04-01 16:22:38 |
Building a Fortress: 3 Key Strategies for Optimized IT Security (lien direct) |
Chris Hass, director of information security and research at Automox, discusses how to shore up cybersecurity defenses and what to prioritize. |
|
|
|
|
2021-04-01 14:51:02 |
Google: North Korean APT Gearing Up to Target Security Researchers Again (lien direct) |
Cyberattackers have set up a website for a fake company called SecuriElite, as well as associated Twitter and LinkedIn accounts. |
|
|
|
|
2021-03-31 19:43:03 |
Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out (lien direct) |
Google's Pixel and Apple's iPhone both in privacy hot seat for siphoning mobile device data without consent. |
|
|
|
|
2021-03-31 18:26:26 |
Fraud Ring Lauders Money Via Fake Charity Donations (lien direct) |
The Cart Crasher gang is testing stolen payment cards while cleaning ill-gotten funds. |
|
|
|
|
2021-03-31 18:22:48 |
Child Tweets Gibberish from U.S. Nuke Account (lien direct) |
Telecommuting social-media manager for the U.S. Strategic Command left the laptop open and unsecured while stepping away. |
|
|
|
|
2021-03-31 12:48:58 |
APT Charming Kitten Pounces on Medical Researchers (lien direct) |
Researchers uncover a credential-stealing campaign targeting genetic, neurology and oncology professionals. |
|
APT 35
APT 35
|
|
|
2021-03-30 20:31:44 |
Ziggy Ransomware Gang Offers Refunds to Victims (lien direct) |
Ziggy joins Fonix ransomware group and shuts down, with apologies to targets. |
Ransomware
|
|
|
|
2021-03-30 20:22:42 |
Malicious Docker Cryptomining Images Rack Up 20M Downloads (lien direct) |
Publicly available cloud images are spreading Monero-mining malware to unsuspecting cloud developers. |
Malware
|
|
|
|
2021-03-30 16:54:20 |
SolarWinds Attackers Accessed DHS Emails, Report (lien direct) |
Current and former administration sources say the nation-state attackers were able to read the Homeland Security Secretary's emails, among others. |
|
|
|
|
2021-03-30 12:49:12 |
Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website (lien direct) |
A class-action suit in Florida accuses the tech giant of unlawfully intercepting communications by using session-replay software to capture the interaction of people visiting the corporate homepage Intel.com. |
|
|
|
|
2021-03-29 21:07:56 |
Pair of Apex Legends Players Banned for DDoS Server Attacks (lien direct) |
Predator-ranked players on Xbox console game version rigged matches with DDoS attacks. |
|
|
|
|
2021-03-29 18:57:53 |
Hades Ransomware Gang Exhibits Connections to Hafnium (lien direct) |
There could be more than immediately meets the eye with this targeted attack group. |
Ransomware
|
|
|
|
2021-03-29 15:42:50 |
PHP Infiltrated with Backdoor Malware (lien direct) |
The server for the web-application scripting language was compromised on Sunday. |
Malware
|
|
|
|
2021-03-26 20:08:27 |
Executive Order Would Strengthen Cybersecurity Requirements for Federal Agencies (lien direct) |
The post-SolarWinds EO could be issued as soon as next week, according to a report. |
|
|
|
|
2021-03-26 19:09:55 |
Employee Lockdown Stress May Spark Cybersecurity Risk (lien direct) |
Younger employees and caregivers report more stress than other groups-- and more shadow IT usage. |
|
|
|
|
2021-03-26 16:06:25 |
Insurance Giant CNA Hit with Novel Ransomware Attack (lien direct) |
The incident, which forced the company to disconnect its systems, caused significant business disruption. |
Ransomware
|
|
|
|
2021-03-25 21:28:26 |
Fleeceware Apps Bank $400M in Revenue (lien direct) |
The cache of apps, found in Apple and Google's official marketplaces is largely targeted towards children, including several "slime simulators." |
|
|
|
|
2021-03-25 20:04:36 |
Microsoft Offers Up To $30K For Teams Bugs (lien direct) |
A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes. |
|
|
|
|
2021-03-25 18:31:27 |
Facebook Disrupts Spy Effort Aimed at Uyghurs (lien direct) |
The social-media giant took down legions of fake profiles aimed at spreading espionage malware. |
|
|
|
|
2021-03-25 17:11:28 |
Manufacturing\'s Cloud Migration Opens Door to Major Cyber-Risk (lien direct) |
New research shows that while all sectors are at risk, 70 percent of manufacturing apps have vulnerabilities. |
|
|
|
|
2021-03-24 20:53:54 |
ProtonVPN CEO Blasts Apple for \'Aiding Tyrants\' in Myanmar (lien direct) |
CEO says Apple rejected a security update needed to protect human-rights abuse evidence. |
|
|
|
|
2021-03-24 20:36:46 |
Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws (lien direct) |
Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes - but attackers are targeting those who haven't yet applied security updates. |
|
|
|
|
2021-03-24 18:39:29 |
Ransomware Attack Foils IoT Giant Sierra Wireless (lien direct) |
The ransomware attack has impacted the IoT manufacturer's production lines across multiple sites, and other internal operations. |
Ransomware
|
|
|
|
2021-03-24 18:39:26 |
Microsoft Exchange Servers See ProxyLogon Patching Frenzy (lien direct) |
Vast swathes of companies were likely compromised before patches were applied, so the danger remains. |
Patching
|
|
|
|
2021-03-24 14:56:09 |
Purple Fox Malware Targets Windows Machines With New Worm Capabilities (lien direct) |
A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing. |
Malware
|
|
★★★★
|
|
2021-03-23 20:27:24 |
Security Analysis Clears TikTok of Censorship, Privacy Accusations (lien direct) |
TikTok's source code is in line with industry standards, security researchers say. |
|
|
|
|
2021-03-23 20:05:30 |
Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail (lien direct) |
A former IT contractor is facing jailtime after a retaliatory hack into a company's network and wiping the majority of its employees' Microsoft Office 365 accounts. |
Hack
|
|
|
|
2021-03-23 19:50:40 |
MangaDex Site Offline Following Hacking Incident (lien direct) |
A cyberattacker taunted the site about open security vulnerabilities on the site, prompting a code review. |
|
|
|
|
2021-03-23 19:46:43 |
Hobby Lobby Exposes Customer Data in Cloud Misconfiguration (lien direct) |
The arts-and-crafts retailer left 138GB of sensitive information open to the public internet. |
|
|
|
|
2021-03-23 16:39:43 |
Podcast: Microsoft Exchange Server Attack Onslaught Continues (lien direct) |
Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week. |
Threat
|
|
|
|
2021-03-23 14:16:14 |
Energy Giant Shell Is Latest Victim of Accellion Attacks (lien direct) |
Attackers accessed personal and business data from the company's legacy file-transfer service in a recent data-security incident but core IT systems remained untouched. |
|
|
|
|
2021-03-22 20:39:08 |
CISA Warns of Security Flaws in GE Power Management Devices (lien direct) |
The flaws could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition. |
|
|
|
|
2021-03-22 19:01:10 |
Critical Security Bugs Fixed in Virtual Learning Software (lien direct) |
Remote ed software bugs give attackers wide access student computers, data. |
|
|
|
|
2021-03-22 15:49:59 |
Adobe Fixes Critical ColdFusion Flaw in Emergency Update (lien direct) |
Attackers can leverage the critical Adobe ColdFusion flaw to launch arbitrary code execution attacks. |
|
|
|
|
2021-03-19 20:52:15 |
Critical F5 BIG-IP Flaw Now Under Active Attack (lien direct) |
Researchers are reporting mass scanning for – and in-the-wild exploitation of – a critical-severity flaw in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure. |
|
|
|
|
2021-03-19 18:18:52 |
Office 365 Phishing Attack Targets Financial Execs (lien direct) |
Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials. |
|
|
|
|
2021-03-19 15:21:45 |
Bogus Android Clubhouse App Drops Credential-Swiping Malware (lien direct) |
The malicious app spreads the BlackRock malware, which steals credentials from 458 services - including Twitter, WhatsApp, Facebook and Amazon. |
Malware
|
|
|
|
2021-03-19 14:52:21 |
CopperStealer Malware Targets Facebook and Instagram Business Accounts (lien direct) |
A previously undocumented password and cookie stealer has been compromising accounts of big guns like Facebook, Apple, Amazon and Google since 2019 and then using them for cybercriminal activity. |
Malware
|
|
|
|
2021-03-18 20:15:37 |
Fiserv Forgets to Buy Domain It Used as System Default (lien direct) |
Fintech security provider Fiserv acknowledges it used unregistered domain as default email. |
|
|
|
|
2021-03-18 19:42:21 |
Trojanized Xcode Project Slips MacOS Malware to Apple Developers (lien direct) |
In a new campaign, threat actors are bundling macOS malware in trojanized Apple Xcode developer projects. |
Malware
Threat
|
|
|
|
2021-03-18 15:52:29 |
Zoom Screen-Sharing Glitch \'Briefly\' Leaks Sensitive Data (lien direct) |
A glitch in Zoom's screen-sharing feature shows parts of presenters' screens that they did not intend to share - potentially leaking emails or passwords. |
|
|
|
|
2021-03-18 14:53:23 |
Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter (lien direct) |
The newly discovered steganography method could be exploited by threat actors to obscure nefarious activity inside photos hosted on the social-media platform. |
Threat
|
|
|