What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-27 15:49:24 | ChromeLoader Malware Hijacks Browsers With ISO Files (lien direct) | The malware's abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections. | Malware | ||
|
2022-05-27 11:23:16 | Taking the Danger Out of IT/OT Convergence (lien direct) | The Colonial Pipeline attack highlighted the dangers of convergence, but unified security provides a safer way to proceed. | |||
|
2022-05-26 21:17:00 | Big Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem (lien direct) | Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse. | |||
|
2022-05-26 20:20:50 | Third-Party Scripts on Websites Present a \'Broad & Open\' Attack Vector (lien direct) | Nearly half of the world's largest websites use externally generated JavaScript that makes them ripe targets for cyberattackers interested in stealing data, skimming credit cards, and executing other malicious actions. | |||
|
2022-05-25 22:11:47 | Most Common Threats in DBIR (lien direct) | Supply chain and ransomware attacks increased dramatically this year, which explains why so many data breaches in this year's DBIR were grouped as system intrusion. | Ransomware Threat | ||
|
2022-05-25 20:09:48 | Interpol\'s Massive \'Operation Delilah\' Nabs BEC Bigwig (lien direct) | A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength. | Guideline | ||
|
2022-05-25 19:47:23 | JFrog Launches Project Pyrsia to Help Prevent Software Supply Chain Attacks (lien direct) | Open source software community initiative utilizes blockchain technology. | |||
|
2022-05-25 19:25:51 | Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report (lien direct) | According to the findings, vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021. | Threat | ||
|
2022-05-25 19:07:08 | Brexit Leak Site Linked to Russian Hackers (lien direct) | Purporting to publish leaked emails of pro-Brexit leadership in the UK, a new site's operations have been traced to Russian cyber-threat actors, Google says. | Guideline | ||
|
2022-05-25 13:41:06 | DDoS Extortion Attack Flagged as Possible REvil Resurgence (lien direct) | A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang. | |||
|
2022-05-24 23:21:49 | DBIR Makes a Case for Passwordless (lien direct) | Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks. | Data Breach | ||
|
2022-05-24 21:13:51 | New Attack Shows Weaponized PDF Files Remain a Threat (lien direct) | Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows. | Threat | ||
|
2022-05-24 14:00:00 | Crypto Hacks Aren\'t a Niche Concern; They Impact Wider Society (lien direct) | Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace. | Hack | ||
|
2022-05-23 21:22:56 | Multiple Governments Buying Android Zero-Days for Spying: Google (lien direct) | An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance. | |||
|
2022-05-23 18:18:12 | Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT (lien direct) | Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures . | |||
|
2022-05-23 14:28:54 | Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection (lien direct) | IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware. | |||
|
2022-05-19 14:00:00 | 6 Scary Tactics Used in Mobile App Attacks (lien direct) | Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene. | Malware Threat | ||
|
2022-05-19 13:01:24 | Phishing Attacks for Initial Access Surged 54% in Q1 (lien direct) | For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows. | Ransomware | ||
|
2022-05-18 17:46:25 | CISA: Unpatched F5 BIG-IP Devices Under Active Attack (lien direct) | Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns. | |||
|
2022-05-18 16:31:53 | Microsoft Flags Attack Targeting SQL Servers With Novel Approach (lien direct) | Attackers appear to have found a way around PowerShell monitoring by using a default utility instead. | |||
|
2022-05-17 21:02:52 | Critical VMware Bug Exploits Continue, as Botnet Operators Jump In (lien direct) | A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell. | |||
|
2022-05-17 20:32:48 | FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors (lien direct) | Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages. | |||
|
2022-05-17 18:49:45 | Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in (lien direct) | A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report. | |||
|
2022-05-16 20:37:27 | iPhones Open to Attack Even When Off, Researchers Say (lien direct) | Wireless chips that run when the iPhone iOS is shut down can be exploited. | |||
|
2022-05-16 16:30:10 | Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut (lien direct) | Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear. | Vulnerability | ||
|
2022-05-14 14:37:44 | How to Turn a Coke Can Into an Eavesdropping Device (lien direct) | Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby. | |||
|
2022-05-13 14:59:09 | Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning (lien direct) | A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars. | ★★★★ | ||
|
2022-05-11 16:54:19 | Quantum Ransomware Strikes Quickly, How to Prepare and Recover (lien direct) | NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies. | Ransomware | ★★★★★ | |
|
2022-05-11 13:00:00 | Vanity URLs Could Be Spoofed for Social Engineering Attacks (lien direct) | Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns. | ★★ | ||
|
2022-05-11 11:51:00 | Google Will Use Mobile Devices to Thwart Phishing Attacks (lien direct) | In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys. | ★★★★★ | ||
|
2022-05-10 16:21:52 | Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler (lien direct) | Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022. | ★★★ | ||
|
2022-05-10 15:37:57 | 5-Buck DCRat Malware Foretells a Worrying Cyber Future (lien direct) | The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price. | Malware | ★★ | |
|
2022-05-10 15:36:55 | Onapsis Announces New Offering to Jumpstart Security for SAP Customers (lien direct) | Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications . | Vulnerability | ||
|
2022-05-09 22:19:47 | Joker, Other Fleeceware Surges Back Into Google Play (lien direct) | The infamous Joker threat is back in Google Play, along with other Trojanized mobile apps that secretly sign Android users up for paid subscription services. | Threat | ||
|
2022-05-09 21:09:18 | Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks (lien direct) | Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group. | Ransomware | ||
|
2022-05-09 19:04:16 | NFTs Emerge as the Next Enterprise Attack Vector (lien direct) | Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say. | |||
|
2022-05-09 17:27:48 | Deloitte Launches Expanded Cloud Security Management Platform (lien direct) | The CSM by Deloitte platform includes cloud security policy orchestration, cyber predictive analytics, attack surface management, and cyber cloud managed services. | Deloitte Deloitte | ||
|
2022-05-06 19:42:30 | Ikea Canada Breach Exposes 95K Customer Records (lien direct) | An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was. | |||
|
2022-05-06 19:27:03 | What We\'ve Learned in the 12 Months Since the Colonial Pipeline Attack (lien direct) | The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times? | |||
|
2022-05-06 19:25:51 | Scammer Infects His Own Machine With Spyware, Reveals True Identity (lien direct) | An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla. | Malware | ||
|
2022-05-05 21:21:52 | Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials (lien direct) | The same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the compromise of customer credentials, the company now says. | Threat | ||
|
2022-05-05 18:03:11 | FBI: Bank Losses From BEC Attacks Top $43B (lien direct) | Law enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce. | |||
|
2022-05-05 16:21:15 | Multichannel Phishing Concerns Cybersecurity Leaders in 2022 (lien direct) | With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model. | |||
|
2022-05-05 15:04:29 | 1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin (lien direct) | Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia. | APT-C-17 | ||
|
2022-05-05 14:16:43 | Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks (lien direct) | Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware. | |||
|
2022-05-05 14:00:00 | Why Security Matters Even More in Online Gaming (lien direct) | As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year. | |||
|
2022-05-04 20:07:56 | China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack (lien direct) | Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies. | |||
|
2022-05-04 17:08:35 | VHD Ransomware Variant Linked to North Korean Cyber Army (lien direct) | Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors. | Ransomware | ||
|
2022-05-04 17:00:00 | Security Stuff Happens: What Will the Public Hear When You Say You\'ve Been Breached? (lien direct) | A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.) | |||
|
2022-05-03 22:42:59 | What Should I Know About Defending IoT Attack Surfaces? (lien direct) | The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point. |
To see everything:
Our RSS (filtrered)
