What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-03-03 12:02:35 | Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China (lien direct) | Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency (CIA) to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies.
The targeted industry sectors include aviation organizations, scientific research institutions, petroleum, and Internet companies-which, if true, gives |
|||
|
2020-03-03 04:50:15 | Download Guide - Advanced Threat Protection Beyond the AV (lien direct) | At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment.
The common practice in recent years is to gain extra protection through implementing either EDR\EPP solutions (represented by vendors like Crowdstrike and Carbon Black) or Network Traffic Analysis/NDR |
Threat | ||
|
2020-03-02 22:50:30 | 2 Chinese Charged with Laundering $100 Million for North Korean Hackers (lien direct) | Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards.
According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated |
|||
|
2020-03-02 04:45:29 | Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices (lien direct) | Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims' knowledge.
Called "SurfingAttack," the attack leverages the unique properties of acoustic transmission in solid materials - such as tables - to "enable multiple |
|||
|
2020-02-28 10:37:33 | GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat (lien direct) | If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) 'file read and inclusion bug' |
Vulnerability | ||
|
2020-02-28 04:26:28 | Let\'s Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years (lien direct) | Let's Encrypt, a free, automated, and open certificate signing authority (CA) from the nonprofit Internet Security Research Group (ISRG), has said it's issued a billion certificates since its launch in 2015.
The CA issued its first certificate in September 2015, before eventually reaching 100 million in June 2017. Since late last year, Let's Encrypt has issued at least 1.2 million |
|||
|
2020-02-28 02:24:48 | Why Businesses Should Consider Managed Cloud-Based WAF Protection (lien direct) | The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber insurance policy.
It's very evident that cyber-attacks are not only costly in terms of time and money but also bring extensive legal liability |
|||
|
2020-02-26 10:15:25 | New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices (lien direct) | Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress-apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Dubbed 'Kr00k' and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some |
Vulnerability | ||
|
2020-02-26 06:48:54 | New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users (lien direct) | A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf.
The impersonation attack - named "IMPersonation Attacks in 4G NeTworks" (or IMP4GT) - exploits the mutual authentication |
|||
|
2020-02-26 04:34:02 | Google Advises Android Developers to Encrypt App Data On Device (lien direct) | Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking.
Moreover, considering that there are not many reference frameworks available for the same, Google also advised using an easy-to-implement security library available as part of its |
|||
|
2020-02-25 11:11:53 | Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users (lien direct) | If you use the Firefox web browser, here's an important update that you need to be aware of.
Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings.
That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of |
|||
|
2020-02-25 04:08:15 | Free Download: The Ultimate Security Pros\' Checklist (lien direct) | You are a cybersecurity professional with the responsibility to keep your organization secured, you know your job chapter and verse, from high level reporting duties to the bits and bytes of what malware targeted your endpoints a week ago.
But it's a lot to hold in one's mind, so to make your life easier, The Ultimate Security Pros' Checklist, created by Cynet, provides you with a concise and |
Malware | ||
|
2020-02-25 03:47:01 | Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks (lien direct) | Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days.
The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild. |
|||
|
2020-02-25 02:54:39 | New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers (lien direct) | OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers. |
Vulnerability | ||
|
2020-02-25 02:37:34 | Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing (lien direct) | Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which is nearly double the number detected during Q4 2018.
Hackers have evolved their methods, from regular phishing |
|||
|
2020-02-21 08:50:15 | Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS (lien direct) | Almost within a year after releasing Microsoft Defender Advanced Threat Protection (ATP) for macOS computers, Microsoft today announced a public preview of its antivirus software for various Linux distributions, including Ubuntu, RHEL, CentOS and Debian.
If this news hasn't gotten you excited yet...
Microsoft is also planning to soon release Defender ATP anti-malware apps for smartphones and |
Threat | ||
|
2020-02-21 01:05:58 | Google Bans 600 Android Apps from Play Store for Serving Disruptive Ads (lien direct) | Google has banned nearly 600 Android apps from the Play Store for bombarding users with disruptive ads and violating its advertising guidelines.
The company categorizes disruptive ads as "ads that are displayed to users in unexpected ways, including impairing or interfering with the usability of device functions," such as a full-screen ad served when attempting to make a phone call.
Although |
|||
|
2020-02-20 04:40:49 | Scam Alert: You\'ve Been Selected for \'Like of the Year 2020\' Cash Prizes (lien direct) | Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information.
According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious "Like of the |
|||
|
2020-02-20 03:08:30 | Deal: Cloud And Networking Certification Training ~ Get 97% OFF (lien direct) | Cloud computing and networking are two of the most significant areas of growth in the IT business. Companies need engineers who can maintain distributed software and keep the company connected.
If you want to work in either niche, the Essential Cloud & Networking Certification Training Bundle offers 93 hours of essential knowledge. You can pick up all 5 courses now for only $39.99 via the THN |
|||
|
2020-02-20 02:09:27 | Adobe Patches Critical Bugs Affecting Media Encoder and After Effects (lien direct) | Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities.
Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary code on targeted systems by tricking victims into opening a specially crafted file using the affected software. |
|||
|
2020-02-19 06:24:24 | Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks (lien direct) | Smart doorbells and cameras bring a great sense of security to your home, especially when you're away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine.
Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor |
|||
|
2020-02-19 03:43:46 | US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility (lien direct) | The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences.
The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed |
Ransomware Threat | ||
|
2020-02-18 07:13:08 | Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide (lien direct) | A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years.
Dubbed "Fox Kitten," the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors |
|||
|
2020-02-18 03:42:33 | Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations (lien direct) | Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive.
Cynet changes the rules of the game with a free threat assessment offering (click here to learn more) based on more than 72 hours of data collection, enabling |
Threat | ||
|
2020-02-17 13:15:53 | Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers (lien direct) | A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.
The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development |
Vulnerability | ||
|
2020-02-17 09:18:09 | OpenSSH now supports FIDO U2F security keys for 2-factor authentication (lien direct) | Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol.
OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements. |
|||
|
2020-02-17 07:10:51 | A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices (lien direct) | A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide-and worryingly, a few of which haven't yet been patched.
All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple |
|||
|
2020-02-14 03:02:44 | U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies (lien direct) | The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year.
Accusing Huawei and its affiliates of "using fraud and deception to misappropriate sophisticated technology from US |
|||
|
2020-02-14 00:36:04 | 500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users (lien direct) | Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.
These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been |
|||
|
2020-02-12 05:35:39 | Download: Definitive \'IR Management and Reporting\' Presentation Template (lien direct) | The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree-making the ability to efficiently manage an incident response process a mandatory skill for any CISO.
Moreover, apart from the management of the actual response process, the CISO must also be able to efficiently communicate |
|||
|
2020-02-12 04:47:20 | Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims (lien direct) | Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks.
According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to |
Ransomware Spam Malware | ||
|
2020-02-11 12:04:43 | Update Microsoft Windows Systems to Patch 99 New Security Flaws (lien direct) | A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities.
According to the advisories, 12 of the total issues patched by the tech giant this month are critical in severity, and the remaining 87 have been listed as important.
Five of the |
|||
|
2020-02-11 09:43:34 | Adobe Releases Patches for Dozens of Critical Flaws in 5 Software (lien direct) | Here comes the second 'Patch Tuesday' of this year.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity.
The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could |
Vulnerability | ★★★★ | |
|
2020-02-11 04:54:08 | App Used by Israel\'s Ruling Party Leaked Personal Data of All 6.5 Million Voters (lien direct) | An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election.
In Israel, all political parties receive personal details of voters before the election, which |
|||
|
2020-02-10 07:57:01 | U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach (lien direct) | The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans.
In a joint press conference held today with the Attorney General William Barr and FBI Deputy Director David Bowdich, the DoJ officials labeled the state-sponsored |
Data Breach | Equifax | |
|
2020-02-06 00:05:27 | The Rise of the Open Bug Bounty Project (lien direct) | Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you.
The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the |
|||
|
2020-02-05 12:46:06 | 5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras (lien direct) | Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a |
Vulnerability | ||
|
2020-02-05 07:42:19 | Exfiltrating Data from Air-Gapped Computers Using Screen Brightness (lien direct) | It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed.
In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can't connect wirelessly |
|||
|
2020-02-05 04:55:06 | Prepare for Cisco, CompTIA, and More IT Certifications with this Bundle (lien direct) | Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates.
If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle will help you ace nine of the most important exams. You can pick up the training now for only $39 via THN Deals.
Over the next few years, the areas |
|||
|
2020-02-05 03:16:43 | Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers (lien direct) | There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices.
Whether it's about exploiting operating system and software vulnerabilities or manipulating network traffic, every attack relies on the reachability between an attacker and the targeted devices.
In recent years, |
|||
|
2020-02-04 12:22:53 | This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs (lien direct) | A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways.
When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a |
|||
|
2020-02-04 07:59:32 | Google Accidentally Shared Private Videos of Some Users With Others (lien direct) | Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users.
The latest privacy mishap is the result of a "technical issue" in Google's Takeout, a service that backs up all your Google account data into a single file and then lets |
|||
|
2020-02-04 02:43:30 | Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users (lien direct) | Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts.
According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved |
Vulnerability | ||
|
2020-02-03 10:10:48 | Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root (lien direct) | Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.
Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on |
Vulnerability | ★★★★ | |
|
2020-01-30 07:38:39 | Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale (lien direct) | Remember the recent payment card breach at Wawa convenience stores?
If you're among those millions of customers who shopped at any of 850 Wawa stores last year but haven't yet hotlisted your cards, it's high time to take immediate action.
That's because hackers have finally put up payment card details of more than 30 million Wawa breach victims on sale at Joker's Stash, one of the largest |
|||
|
2020-01-30 04:01:07 | Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers (lien direct) | Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.
Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any |
|||
|
2020-01-30 01:07:11 | Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers (lien direct) | Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.
OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many |
Vulnerability | ||
|
2020-01-29 10:37:56 | How to Clear Data Facebook Collects About You from Other Sites and Apps (lien direct) | Facebook is one of the world's biggest advertising platforms, and that's because it knows a lot about you, me, and everyone.
Facebook uses many tools to track people across the Internet, whether they have an account with the social networking site or not, and most of them rely on the online activity data other apps and websites share with Facebook.
Everything we do online generates an |
|||
|
2020-01-29 04:50:45 | Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs (lien direct) | As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice-significantly increasing the Managed Security Service Provider (MSSP) market opportunities.
Until recently, IT integrators, VARs, and MSPs haven't participated in the growing and profitable MSSP market as it entailed massive investments in |
|||
|
2020-01-28 04:01:11 | Zoom Bug Could Have Let Uninvited People Join Private Meetings (lien direct) | If you use Zoom to host your remote online meetings, you need to read this piece carefully.
The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio, video, and documents shared throughout the session.
Besides hosting password-protected virtual |
To see everything:
Our RSS (filtrered)
