What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-25 14:37:04 | Prosecutors ask 3-Year Sentence in \'Fappening\' Case for ex-teacher (lien direct) | Fappening case – Federal prosecutors requested a 3-year prison sentence for a former Virginia high school teacher convicted of hacking into private digital accounts of celebrities and others. Federal prosecutors requested a 3-year prison sentence for Christopher Brannan(31), a former Virginia high school teacher, that was convicted of hacking into private digital accounts of celebrities […] | |||
|
2019-02-25 10:02:01 | Expert awarded $10,000 for a new XSS flaw in Yahoo Mail (lien direct) | A security expert discovered a critical cross-site scripting (XSS) flaw in Yahoo Mail that could have been exploited to steal the targeted user's emails and attach malicious code to their outgoing messages. Yahoo addressed a critical cross-site scripting (XSS) vulnerability in Yahoo Mail that could have been exploited by hackers to steal user's emails and […] | Vulnerability | Yahoo | |
|
2019-02-25 08:44:01 | B0r0nt0K ransomware demands $75,000 ransom to the victims (lien direct) | The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000). This B0r0nt0K ransomware infects both Linux and Windows servers. […] | Ransomware Threat | ||
|
2019-02-25 07:53:04 | ICANN warns of large-scale attacks on Internet infrastructure (lien direct) | Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN). After an emergency meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) confirmed that the global Internet infrastructure is facing large-scale attacks. ICANN warns of “an ongoing and significant risk” to key […] | |||
|
2019-02-24 14:49:05 | CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER) (lien direct) | The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, is affected by a privilege escalation issue tracked as CVE-2019-9019. Experts discovered a critical vulnerability in the British Airways Entertainment System. The flaw is a privilege escalation issue that resides in the component USB Handler, an attacker could exploit it using […] | Vulnerability | ||
|
2019-02-24 13:33:02 | Duo Labs presents CRXcavator Service that analyzes Chrome Extensions (lien direct) | Researchers at Duo Labs has launched a new service called CRXcavator that allows users to analyze Chrome extensions and deliver security reports on them. Researchers at Duo Labs, a division of Duo Security, has launched a new service called CRXcavator that allows users to analyze Chrome extensions and deliver security reports on them. The experts […] | |||
|
2019-02-24 10:44:05 | 70000 Pakistani banks\' cards with PINs go on sale on the dark web. (lien direct) | Group-IB experts discovered new databases with a total of 69,189 Pakistani banks' cards that have shown up for sale on the dark web. Group-IB, an international company that specializes in preventing cyberattacks, has discovered new databases with a total of 69,189 Pakistani banks' cards that have shown up for sale on the dark web. The […] | |||
|
2019-02-24 10:11:05 | (Déjà vu) Security Affairs newsletter Round 202 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! Facebook login phishing campaign can deceive tech-savvy users […] | |||
|
2019-02-24 09:38:00 | Fbot malware targets HiSilicon DVR/NVR Soc devices (lien direct) | Experts at 360Netlab observed the Fbot bot infecting a large number of HiSilicon DVR/NVR Soc devices. Since February 16, 2019, security experts at 360Netlab observed a large number of HiSilicon DVR/NVR Soc devices were infected with an updated version of the Fbot bot. The Fbot malware was first discovered by 360Netlab researchers, according to the […] | Malware | ||
|
2019-02-23 15:44:04 | Crooks offer millions to skilled black hats to help them in extortion campaigns (lien direct) | Cybercriminals are offering over a million dollars per year to skilled professionals like vxers and penetration testers to help them in extortion campaigns. According to a new report published by the security firm Digital Shadows cybercriminal organizations are willing to pay millions to skilled hackers and malware developers. The analysis of posts on Dark Web […] | Malware | ||
|
2019-02-23 13:34:05 | Campaigns through LinkedIn \'s DM deliver More_eggs backdoor via fake job offers (lien direct) | Experts uncovered a new malware campaign that attempts to circumvent victims by abusing LinkedIn 's direct messaging service. Researchers at Proofpoint have uncovered a new malware campaign that attempts to circumvent victims by abusing LinkedIn's direct messaging service. “In direct follow-up emails, the actor pretends to be from a staffing company with an offer of […] | Malware | ||
|
2019-02-23 11:33:03 | Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems (lien direct) | A new piece of ransomware called Cr1ptT0r infects embedded systems and network attached storage (NAS) devices exposed online. A new piece of ransomware called Cr1ptT0r was discovered by experts, it infects embedded systems and network attached storage (NAS) devices exposed online. The discovery of the Cr1ptT0r ransomware was first reported on a discussion in the […] | Ransomware | ||
|
2019-02-22 21:18:04 | WhatsApp fixes Face ID and Touch ID authentication bypass (lien direct) | WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems. The security feature […] | |||
|
2019-02-22 13:42:03 | Google forgot to tell customers that Nest Hub has a microphone (lien direct) | Google on Wednesday revealed that it forgot to inform users that its Nest Secure home alarm system includes a microphone. Google announced this week that it forgot to inform users that its Nest Secure home alarm system includes a microphone. “The problem: Nest users didn’t know a microphone existed on their security device to begin […] | |||
|
2019-02-22 07:13:03 | (Déjà vu) Cisco addresses flaws in HyperFlex and Prime Infrastructure (lien direct) | Cisco released security patches that address more than a dozen issues in its products, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Cisco released security patches that address more than a dozen issues in its products, including high severity vulnerabilities affecting HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Security updates fix […] | |||
|
2019-02-22 06:24:02 | Expert found a DoS flaw in Windows Servers running IIS (lien direct) | Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks carried out through malicious HTTP/2 requests. Microsoft revealed that Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks. Attackers can trigger a DoS condition by sending specially crafted HTTP/2 requests, the CPU usage will temporarily spike to 100% […] | |||
|
2019-02-21 20:39:01 | Adobe released second fix for the same Adobe Reader flaw (lien direct) | Adobe released a second patch to address the CVE 2019-7089 flaw in Adobe Reader after an expert found the way to bypass the first fix. Adobe on Thursday released a second patch to address a critical information disclosure vulnerability in Adobe reader, tracked as CVE 2019-7089, after the expert who initially discovered the flaw devised […] | Vulnerability | ||
|
2019-02-21 15:14:00 | Security experts released new GandCrab Decryptor for free (lien direct) | Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The […] | |||
|
2019-02-21 11:10:03 | Critical bug in WINRAR affects all versions released in the last 19 years (lien direct) | Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer Over 500 million users worldwide use the […] | Vulnerability | ||
|
2019-02-21 09:32:01 | CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution (lien direct) | Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution. The CVE-2019-6340 flaw is caused by the lack […] | Vulnerability | ||
|
2019-02-21 06:16:02 | The interface of WinPot ATM Malware looks like a slot machine (lien direct) | Malware researchers from Kaspersky Lab have detected a new piece of malware dubbed WinPot that was designed to target automated teller machines (ATMs). Security experts from Kaspersky Lab have discovered a new piece of malware dubbed WinPot that target ATMs, it could be used by crooks to make the ATMs automatically dispense all cash from […] | Malware | ||
|
2019-02-20 21:12:03 | Microsoft says Russian APT28 espionage group hit Democratic Institutions in Europe (lien direct) | Microsoft says Russian APT28 group carried out multiple cyberattacks on democratic institutions in Europe between September and December 2018. Microsoft revealed that hackers belonging to the cyber espionage group APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) launched several attacks on democratic institutions in Europe between September and December 2018. The tech giant revealed that 104 accounts belonging […] | APT 28 | ||
|
2019-02-20 15:16:02 | Expert released a PoC for a remote code execution flaw in mIRC App (lien direct) | Security experts discovered a vulnerability in the mIRC application that allows attackers to execute commands remotely. Security researchers Benjamin Chetioui and Baptiste Devigne from ProofOfCalc discovered a vulnerability in the mIRC application that could be exploited by attackers to execute commands remotely. mIRC is a popular Internet Relay Chat application that allows users to chat […] | Vulnerability | ||
|
2019-02-20 12:20:01 | North Korea\'s Lazarus APT targets Russian Entities (lien direct) | Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were […] | APT 38 | ||
|
2019-02-20 09:08:03 | Security breach at North Country PoS firm hits hundreds of US restaurants and Hotels (lien direct) | North Country Business Products POS (point-of-sale) and security solutions provider announced a data breach that affected hundreds of U.S. restaurants and hotels. North Country Business Products point-of-sale and security solutions provider announced a data breach, the company is currently used by 6500 customers around the Midwest. “North Country Business Products, Inc. (“North Country”), today announced that a recent data […] | Data Breach | ||
|
2019-02-20 07:31:05 | Experts found a Remote Code Execution flaw in WordPress 5.0.0 (lien direct) | Security experts disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. Security experts at RIPS Technologies GmbH disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. The experts discovered that the flaw could be exploited […] | Vulnerability | ||
|
2019-02-20 06:22:02 | Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. (lien direct) | Security expert discovered an exposed MongoDB that reveals facial recognition abuse for tracking the Uyghur Muslim minority in China.Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. We have debated for a long time the surveillance campaigns conducted by the Chinese government, now the news of the day is the […] | |||
|
2019-02-19 18:55:02 | The Muncy malware is on the rise (lien direct) | Over the last few days, a phishing campaign from DHL and entitled “DHL Shipment Notification” has been targeted users worldwide distribution the Muncy malware. Muncy is the name dubbed by SI-LAB that analyzed this threat. Now, the malware is targeting user's worldwide and has been spread via phishing campaigns. Malicious actors are using SMTP servers leveraging bad […] | Malware | ||
|
2019-02-19 18:35:00 | These Are the Countries With the Best and Worst Cybersecurity (lien direct) | Cybersecurity is a growing concern among governments, businesses and individuals around the world. Cyberattacks can have severe impacts on everyone. A recent report from researchers at the University of Oxford identified 57 different impacts that cyber incidents can have. They ranged from regulatory fines to depression to damaged relationships with customers. According to a report […] | |||
|
2019-02-19 14:45:04 | The Long Run of Shade Ransomware (lien direct) | Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. It spreads Shade/Treshold variants, one of the most dangerous threats in the cyber crime scenario, known since its massive infection into […] | Ransomware | ||
|
2019-02-19 11:34:05 | Offensive Security announced the release of Kali Linux 2019.1 (lien direct) | It’s official, Offensive Security announced the release of Kali Linux 2019.1, the latest version of the popular penetration testing and forensics Linux distro. On Monday, Offensive Security announced the availability of Kali Linux 2019.1, the latest version of the popular penetration testing and forensics Linux distribution. “Welcome to our first release of 2019, Kali Linux […] | |||
|
2019-02-19 10:36:05 | Group-IB: More than 70% of Russian banks are not ready for cyberattacks (lien direct) | According to a new research conducted by Group-IB experts, 74 percent of Russian banks were not ready for cyberattacks Group-IB, an international company that specializes in preventing cyberattacks, has conducted high-tech cybercrimes research based on an analysis of responses to information security incidents carried out by Group-IB Incident Response team in 2018. According to the new research, […] | |||
|
2019-02-19 07:22:04 | Gnosticplayers round 3 – 92 Million fresh accounts from 8 unreported security breaches available for sale (lien direct) | Gnosticplayers hacker is offering in a third round a new set of databases containing millions of hacked accounts from unreported data breaches. Last week, the hacker who goes by online with the moniker Gnosticplayers disclosed the existence of some massive unreported data breaches in two rounds. The experts offered for sale the huge trove of data for […] | |||
|
2019-02-19 06:28:02 | Expert found privilege escalation issue in LG Device Manager (lien direct) | Security expert discovered a privilege escalation flaw that could be exploited by attackers to elevate permissions to SYSTEM in the LG Device Manager application for LG laptops. A security expert who goes online with the moniker Jackson T. has discovered the flaw, tracked as CVE-2019-8372, while analyzing the tool's low-level hardware access (LHA) kernel-mode driver, […] | |||
|
2019-02-18 20:35:01 | PoC Exploit Code for recent container escape flaw in runc published online (lien direct) | The Proof-of-concept (PoC) exploit code for a recently discovered vulnerability in runc tracked as CVE-2019-5736 is now publicly available. Last week, Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc, the default container runtime for Docker, containerd, Podman, and CRI-O. The vulnerability was discovered by the security researchers Adam Iwaniuk and Borys […] | Vulnerability | ||
|
2019-02-18 15:08:00 | ATT&CKized Splunk – Threat Hunting with MITRE\'s ATT&CK using Splunk (lien direct) | Most of us know MITRE and the ATT&CK™ framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack. Moreover, not only they […] | Threat | ||
|
2019-02-18 11:53:00 | New Trickbot module implements Remote App Credential-Grabbing features (lien direct) | The Trickbot banking trojan continues to evolve, Trend Micro detected a new variant that includes a new module used for Remote App Credential-Grabbing. The infamous Trickbot banking trojan is back, experts at Trend Micro detected a new strain of the malware using an updated info-stealing module. The new strain of the Trickbot banking trojan that […] | Malware | ||
|
2019-02-18 08:51:02 | Free Tool: Honey Feed (lien direct) | Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. Hi folks, today I'd like to point you out another tool of mine which extracts suspicious IPs from undesired connections. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over […] | Tool | ||
|
2019-02-18 07:26:05 | (Déjà vu) Toyota PASTA Car-Hacking Tool will be soon on GitHub (lien direct) | Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month. Takuya Yoshida from Toyota's InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, […] | Tool | ||
|
2019-02-17 15:27:00 | (Déjà vu) Windows App runs on Mac to download MacOS malware (lien direct) | Experts at Trend Micro have detected a new strain of MacOS malware that hides inside a Windows executable to avoid detection. Security experts at Trend Micro have spotted a new strain of MacOS malware disguises itself as a Windows executable file to evade detection. The malware is carried via .EXE file that will not execute […] | Malware | ||
|
2019-02-17 13:38:02 | Facebook login phishing campaign can deceive tech-savvy users (lien direct) | Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block. Crooks are distributing links to blogs and services that display users “login using […] | |||
|
2019-02-17 10:16:03 | (Déjà vu) Security Affairs newsletter Round 201 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! Adiantum will bring encryption on Android devices without […] | |||
|
2019-02-17 09:35:03 | Facebook paid $25,000 for CSRF exploit that leads to Account Takeover (lien direct) | Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicki on a link. The white hat hacker who goes online with the moniker “Samm0uda” discovered a critical CSRF vulnerability in Facebook and the social network giant paid a […] | Vulnerability | ||
|
2019-02-16 15:52:02 | Russia is going to disconnect from the internet as part of a planned test (lien direct) | Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. Russian citizens […] | |||
|
2019-02-16 13:51:00 | A new batch of 127 million records appears in the dark web (lien direct) | A new batch of 127 million records appears in the dark web, this time the huge trove of data appears to be originated from eight companies. A hacker that goes online with the moniker ‘gnosticplayers‘ is offering for sale the data on the Dream Market marketplace asking $14,500 worth of Bitcoin. Early this week, the […] | |||
|
2019-02-16 09:39:05 | Astaroth Trojan relies on legitimate os and antivirus processes to steal data (lien direct) | A new Astaroth Trojan campaign was spotted by the Cybereason’s Nocturnus team, hackers are targeting Brazil and European countries. Researchers at Cybereason’s Nocturnus team have uncovered a new Astaroth Trojan campaign that is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and drop malicious modules. “The campaign exploits legitimate operating system processes […] | |||
|
2019-02-15 15:05:01 | Cryptojacking Coinhive Miners for the first time found on the Microsoft Store (lien direct) | Symantec discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. The removed apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ […] | |||
|
2019-02-15 13:09:04 | Group-IB helped to arrest phone scammers profiting off the backs of the Russian elderly (lien direct) | Moscow police department operatives, with the participation of Group-IB experts, took down a group of phone scammers who for several years have been extorting money from the elderly. Phone scammers typically managed to steal between 450 and 4500 USD per victim, promising substantial compensation for their purchases of medicines, medical devices or dietary supplements. According […] | |||
|
2019-02-15 11:15:04 | Coffee Meets Bagel dating app confirms data breach (lien direct) | The week closes with the news of another embarrassing data breach, the Coffee Meets Bagel confirmed a hack on Valentine’s Day. The dating app Coffee Meets Bagel confirmed that hackers breached its systems on Valentine’s Day and may have obtained access to users’ account data. The company notified the incident to account holders, the intrusion […] | Data Breach Hack | ||
|
2019-02-15 06:44:00 | Germany makes its cyber capabilities available for NATO alliance (lien direct) | Germany announced it is going to make its cyber capabilities available for the NATO alliance to help fight hacking and electronic warfare. Germany is going to share its cyber warfare capabilities with the NATO alliance to protect members of the alliance against hacking and electronic warfare. During the 2016 Warsaw Summit, NATO officially recognised cyberspace […] |
To see everything:
Our RSS (filtrered)
