What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-05 04:29:29 | TikTok Quietly Updated Its Privacy Policy to Collect Users\' Biometric Data (lien direct) | Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform.
The policy change, first spotted by TechCrunch, went into effect on June 2. TikTok users who reside in the European Economic Area (EEA), the U.K., Switzerland, |
|||
|
2021-06-05 03:58:37 | ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack (lien direct) | Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month.
The ongoing activity was detected by Bad Packets on June 3 and corroborated yesterday by security researcher Kevin Beaumont. "Mass scanning activity detected from 104.40.252.159 checking for |
|||
|
2021-06-04 09:10:55 | Google to Let Android Users Opt-Out to Stop Ads From Tracking Them (lien direct) | Google is tightening the privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021.
The development, which mirrors Apple's move to enable iPhone and iPad users to opt-out of ad tracking, was first reported by the Financial Times.
Once the |
|||
|
2021-06-04 06:03:37 | 10 Critical Flaws Found in CODESYS Industrial Automation Software (lien direct) | Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs).
"To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from Positive |
|||
|
2021-06-03 23:01:25 | Google Chrome to Help Users Identify Untrusted Extensions Before Installation (lien direct) | Google on Thursday said it's rolling new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago.
To this end, the search giant said it will now offer additional protections when users attempt to install a new extension from the Chrome Web Store, notifying if it can be considered "trusted." |
|||
|
2021-06-03 10:01:42 | Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities (lien direct) | New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection.
"Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control (C2) communications and the |
Malware | ||
|
2021-06-03 07:19:08 | The Vulnerabilities of the Past Are the Vulnerabilities of the Future (lien direct) | Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical.
May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years, |
|||
|
2021-06-03 04:55:49 | Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module (lien direct) | A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications.
"Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module," researchers |
Guideline | ||
|
2021-06-03 04:35:20 | Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia (lien direct) | An ongoing cyber-espionage operation with suspected ties to China has been found targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years.
"In this campaign, the attackers utilized the set of Microsoft Office exploits and loaders with anti-analysis and anti-debugging techniques to install a previously unknown backdoor on |
|||
|
2021-06-02 05:55:31 | Researchers Uncover Hacking Operations Targeting Government Entities in South Korea (lien direct) | A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information.
Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea |
Threat | ||
|
2021-06-02 05:45:43 | Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks (lien direct) | A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks.
The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and |
|||
|
2021-06-02 04:27:29 | The Incident Response Plan - Preparing for a Rainy Day (lien direct) | The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.
Just as it wasn't raining when Noah built the ark, companies must face the fact |
Ransomware | ||
|
2021-06-02 02:55:03 | Hackers Actively Exploiting 0-Day in WordPress Plugin Installed on Over 17,000 Sites (lien direct) | Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed.
Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has |
Malware Vulnerability Threat | ||
|
2021-06-01 23:29:25 | US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks (lien direct) | Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign.
The court-authorized domain seizure 1m took place on May |
Malware | ||
|
2021-06-01 08:06:28 | Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions (lien direct) | Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses.
The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed |
Ransomware Malware | ||
|
2021-06-01 01:41:52 | Report: Danish Secret Service Helped NSA Spy On European Politicians (lien direct) | The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014.
Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based |
|||
|
2021-05-31 05:16:35 | Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors (lien direct) | Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon device that will share some of your Internet bandwidth with your neighbors-unless you choose to opt out.
Amazon intends to register its family of hardware devices that are operational in the U.S.-including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring |
|||
|
2021-05-31 05:13:16 | Can Your Business Email Be Spoofed? Check Your Domain Security Now! (lien direct) | Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't.
Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory - this means that someone is impersonating you (or confusing some of your recipients) and releasing |
|||
|
2021-05-31 00:52:33 | A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely (lien direct) | Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail."
The memory protection bypass |
Vulnerability | ||
|
2021-05-29 01:34:47 | Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents (lien direct) | Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature.
"The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents |
|||
|
2021-05-28 08:31:21 | Researchers Warn of Facefish Backdoor Spreading Linux Rootkits (lien direct) | Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems.
The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the |
Malware | ||
|
2021-05-28 04:24:39 | SolarWinds Hackers Target Think Tanks With New Backdoor (lien direct) | Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S.
"This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," Tom Burt, Microsoft's |
Threat | ||
|
2021-05-28 00:29:08 | Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices (lien direct) | Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks.
FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat |
Threat | ||
|
2021-05-27 07:34:23 | Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer (lien direct) | Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages.
The campaign, which is believed to have begun as early as April 21, 2021, involves a malicious file that masquerades as a setup executable |
|||
|
2021-05-27 03:03:35 | Hackers Using Fake Foundations to Target Uyghur Minority in China (lien direct) | The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems.
"Considerable effort was put into disguising the payloads, whether by creating delivery documents that appear to be originating from the United Nations using up to date related |
|||
|
2021-05-26 23:35:44 | Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks (lien direct) | Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE).
The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks.
Some |
|||
|
2021-05-26 08:30:57 | Data Wiper Malware Disguised As Ransomware Targets Israeli Entities (lien direct) | Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions.
Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius."
"An analysis of what at first |
Ransomware Malware | ||
|
2021-05-26 01:56:31 | WhatsApp Sues Indian Government Over New Privacy Threatening Internet Law (lien direct) | WhatsApp on Wednesday fired a legal salvo against the Indian government to block new regulations that would require messaging apps to trace the "first originator" of messages shared on the platform, thus effectively breaking encryption protections.
"Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would |
|||
|
2021-05-25 23:58:03 | Google Researchers Discover A New Variant of Rowhammer Attack (lien direct) | A team of security researchers from Google has demonstrated yet another variant of the Rowhammer attack that bypasses all current defenses to tamper with data stored in memory.
Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed.
"Unlike TRRespass, which exploits the blind spots |
|||
|
2021-05-25 22:54:02 | Russian Hydra DarkNet Market Made Over $1.3 Billion in 2020 (lien direct) | Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016.
The "blistering growth" in annual transaction volumes marks a staggering 624% year-over-year jump over a three-year period from 2018 to 2020.
"Further buoying Hydra's growth is its ability-or its good |
|||
|
2021-05-25 21:57:58 | Critical RCE Vulnerability Found in VMware vCenter Server - Patch Now! (lien direct) | VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server.
Tracked as CVE-2021-21985 (CVSS score 9.8), the issue stems from a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in the vCenter Server. "A malicious actor with network |
Vulnerability | ||
|
2021-05-25 00:37:19 | New High-Severity Vulnerability Reported in Pulse Connect Secure VPN (lien direct) | Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges.
"Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user," |
Vulnerability | ||
|
2021-05-24 22:17:39 | New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices (lien direct) | Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks.
"Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during |
|||
|
2021-05-24 21:52:15 | Apple Issues Patches to Combat Ongoing 0-Day Attacks on macOS, tvOS (lien direct) | Apple on Monday rolled out security updates for iOS, macOS, tvOS, watchOS, and Safari web browser to fix multiple vulnerabilities, including an actively exploited zero-day flaw in macOS Big Sur and expand patches for two previously disclosed zero-day flaws.
Tracked as CVE-2021-30713, the zero-day concerns a permissions issue in Apple's Transparency, Consent, and Control (TCC) framework in macOS |
|||
|
2021-05-24 10:23:01 | Researchers Link CryptoCore Attacks On Cryptocurrency Exchanges to North Korea (lien direct) | State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed.
Attributing the attack with "medium-high" likelihood to the Lazarus Group (aka APT38 or Hidden Cobra), researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in |
Medical | APT 38 APT 28 | |
|
2021-05-24 05:54:49 | What To Do When Your Business Is Hacked (lien direct) | As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful.
These include phishing emails to harvest credentials and gain easy access to business-critical environments.
Hackers are also using ransomware to hold your data hostage, demanding a ransom |
Ransomware | ||
|
2021-05-24 00:39:22 | Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software (lien direct) | Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention.
"In a telco setting, where a telco is monitoring thousands of sites, if a customer site is fully compromised, an attacker can use the vulnerabilities to compromise the telco, and then |
|||
|
2021-05-22 01:35:58 | FBI Analyst Charged With Stealing Counterterrorism and Cyber Threats Info (lien direct) | The U.S. Department of Justice (DoJ) indicted an employee of the Federal Bureau of Investigation (FBI) for illegally removing numerous national security documents and willfully retaining them at her personal residence during a 13-year period from June 2004 to December 2017.
The federal indictment charged Kendra Kingsbury, 48, with two counts of having unauthorized possession of documents |
|||
|
2021-05-22 00:00:22 | FBI Warns Conti Ransomware Hit 16 U.S. Health and Emergency Services (lien direct) | The adversary behind Conti ransomware targeted no fewer than 16 healthcare and first responder networks in the U.S. within the past year, totally victimizing over 400 organizations worldwide, 290 of which are situated in the country.
That's according to a new flash alert issued by the U.S. Federal Bureau of Investigation (FBI) on Thursday.
"The FBI identified at least 16 Conti ransomware attacks |
Ransomware | ||
|
2021-05-21 22:01:08 | Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers (lien direct) | India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year.
The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact |
Data Breach Hack | ||
|
2021-05-21 08:16:05 | Insurance Firm CNA Financial Reportedly Paid Hackers $40 Million in Ransom (lien direct) | U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date.
The development was first reported by Bloomberg, citing "people with knowledge of the attack." The adversary that staged the intrusion is said to have allegedly demanded $60 million a week after |
Ransomware | ||
|
2021-05-21 01:46:35 | Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware (lien direct) | Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.
"This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team said in a |
Ransomware Malware | ||
|
2021-05-20 03:50:40 | 23 Android Apps Expose Over 100,000,000 Users\' Personal Data (lien direct) | Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors.
"By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users' private data was exposed," Check Point researchers said in an analysis published today and shared with |
|||
|
2021-05-20 03:21:06 | Is Single Sign-On Enough to Secure Your SaaS Applications? (lien direct) | If there's one thing all great SaaS platforms share in common, it's their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on (SSO) providers.
With SSO at the helm, users don't have to remember separate passwords for each app or hide the digital copies of the credentials in plain sight.
SSO also frees up the IT's bandwidth |
|||
|
2021-05-20 02:34:53 | Watering Hole Attack Was Used to Target Florida Water Utilities (lien direct) | An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack.
"This malicious code seemingly targeted water utilities, particularly in Florida, and more importantly, was visited by a browser from the city of |
|||
|
2021-05-19 22:35:42 | Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild (lien direct) | Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days.
"There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," the search giant said in an |
|||
|
2021-05-19 07:20:40 | DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months (lien direct) | DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups.
"In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. " |
Ransomware | ||
|
2021-05-19 05:51:06 | Mozilla Begins Rolling Out \'Site Isolation\' Security Feature to Firefox Browser (lien direct) | Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites.
Called "Site Isolation," the implementation loads each website separately in its own operating system process and, as a result, prevents untrusted code from a rogue website from accessing |
|||
|
2021-05-19 03:24:38 | A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser (lien direct) | Google on Tuesday announced a new feature to its password manager that could be used to change a stolen password automatically with a single tap.
Automated password changes build on the tool's ability to check the safety of saved passwords. Thus when Chrome finds a password that may have been compromised as part of a data breach, it will prompt users with an alert containing a "Change Password" |
|||
|
2021-05-18 07:07:41 | How Apple Gave Chinese Government Access to iCloud Data and Censored Apps (lien direct) | In July 2018, when Guizhou-Cloud Big Data (GCBD) agreed to a deal with state-owned telco China Telecom to move users' iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance.
Now, according to a deep-dive report from The New York Times, Apple's privacy and security concessions have "made |
To see everything:
Our RSS (filtrered)
