Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-01-17 19:29:16 |
Visa\'s plan against Magecart attacks: Devalue and disrupt (lien direct) |
Visa is actively going after Magecart groups, but also deploying new technologies to safeguard payment card data. |
|
|
|
|
2020-01-17 14:09:00 |
JhoneRAT exploits cloud services to attack Middle Eastern countries (lien direct) |
Google Drive, Twitter, ImgBB and Google Forms are being abused in the name of data theft. |
|
|
|
|
2020-01-17 13:10:22 |
WordPress plugin vulnerability can be exploited for total website takeover (lien direct) |
The “easily exploitable” bug in WP Database Reset has serious consequences for webmasters. |
Vulnerability
|
APT 19
|
|
|
2020-01-17 12:29:00 |
A hacker is patching Citrix servers to maintain exclusive access (lien direct) |
FireEye believes this is a bad guy hoarding Citrix servers, rather than a good-guy vigilante looking out for organizations. |
Patching
|
|
|
|
2020-01-17 11:56:10 |
EU considers banning facial recognition technology in public spaces (lien direct) |
A potential ban could last for five years to allow lawmakers to catch up. |
|
|
|
|
2020-01-17 09:13:00 |
FBI seizes WeLeakInfo, a website that sold access breached data (lien direct) |
WeLeakInfo website sold access to more than 12 billion user records that leaked from breaches at other online services. |
|
|
|
|
2020-01-16 21:22:01 |
FBI: Nation-state actors have breached two US municipalities (lien direct) |
The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaw |
Vulnerability
|
|
|
|
2020-01-16 08:32:00 |
Proof-of-concept exploits published for the Microsoft-NSA crypto bug (lien direct) |
Two proof-of-concept exploits published for the CurveBall (CVE-2020-0601) vulnerability. |
|
|
|
|
2020-01-16 00:01:00 |
Chinese man arrested after making $1.6 million from selling VPN services (lien direct) |
Chinese authorities continue their crackdown against unauthorized VPN services with what appears to be their biggest catch so far. |
|
|
|
|
2020-01-15 17:04:10 |
More than 600 million users installed Android \'fleeceware\' apps from the Play Store (lien direct) |
A new set of 25 Android apps caught illegally charging users at the end of a trial period. |
|
|
|
|
2020-01-15 14:26:33 |
Facebook to notify users of third-party app logins (lien direct) |
Facebook rolls out improved security notifications for logins with Facebook accounts on third-party apps and websites. |
|
|
|
|
2020-01-15 11:29:22 |
P&N Bank discloses data breach, customer account information, balances exposed (lien direct) |
The Australian bank says a cyberattack took place during a server upgrade. |
|
|
|
|
2020-01-15 10:48:25 |
You can now use an iPhone as a security key for Google accounts (lien direct) |
All iPhones running iOS 10 or later can now be used as hardware security keys for Google accounts. |
|
|
|
|
2020-01-15 10:37:00 |
Critical bugs in WordPress plugins InfiniteWP, WP Time Capsule expose 320,000 websites to attack (lien direct) |
If you use these plugins you should update immediately as firewall protection will not work. |
|
|
|
|
2020-01-15 09:11:00 |
Adobe\'s first 2020 security patch update fixes code execution vulnerabilities (lien direct) |
This month's security round is small but resolves some important bugs. |
|
|
|
|
2020-01-14 20:48:33 |
Microsoft January 2020 Patch Tuesday fixes 49 security bugs (lien direct) |
Today's patches also fix a major vulnerability in Windows' cryptographic library. |
Vulnerability
|
|
|
|
2020-01-14 18:31:00 |
Microsoft fixes Windows crypto bug reported by the NSA (lien direct) |
Fixes were released today part of the Microsoft's January 2020 Patch Tuesday. |
|
|
|
|
2020-01-14 16:33:00 |
Google to phase out user-agent strings in Chrome (lien direct) |
Chrome will move to a new technology called Client Hints, part of the newer Privacy Sandbox project. |
|
|
|
|
2020-01-14 12:11:54 |
Russia responsible for hacking gas firm tied to Trump impeachment: report (lien direct) |
The cyberattack bears similar hallmarks to the 2016 DNC hack. |
|
|
|
|
2020-01-14 11:51:31 |
49 million user records from US data broker LimeLeads put up for sale online (lien direct) |
Data from an exposed LimeLeads Elasticsearch server ends up on a hacking forum. |
Guideline
|
|
★★★
|
|
2020-01-14 10:32:00 |
This Trojan hijacks your smartphone to send offensive text messages (lien direct) |
The feature is certainly one way to advertise a malware infection. |
Malware
|
|
★★★
|
|
2020-01-13 21:33:43 |
Microsoft spots malicious npm package stealing data from UNIX systems (lien direct) |
Malicious JavaScript package was only active on the npm repository for two weeks. |
|
|
★★★★★
|
|
2020-01-13 17:01:05 |
Report: Chinese hacking group APT40 hides behind network of front companies (lien direct) |
A group of anonymous security analysts have tracked down 13 front companies operating in the island of Hainan through which they say the Chinese state has been recruiting hackers. |
|
APT 40
|
★★★★
|
|
2020-01-13 12:08:00 |
Texas school district falls for email scam, hands over $2.3 million (lien direct) |
There are “strong” leads but no real indication of who is responsible. |
Guideline
|
|
★★★
|
|
2020-01-13 10:37:27 |
\'Rosegold\' National Lottery hacker steals £5, lands prison sentence (lien direct) |
The Sentry MBA brute-force account cracking tool was used to compromise user accounts. |
Tool
|
|
★★★★★
|
|
2020-01-11 08:57:00 |
Academic research finds five US telcos vulnerable to SIM swapping attacks (lien direct) |
Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks. |
|
|
|
|
2020-01-11 07:00:51 |
Proof-of-concept code published for Citrix bug as attacks intensify (lien direct) |
Two Citrix bug (CVE-2019-19781) exploits have been published on GitHub yesterday, making future attacks trivial for most hackers. |
|
|
|
|
2020-01-10 18:21:35 |
Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability (lien direct) |
Cable modems using Broadcom chips are vulnerable to a new vulnerability named Cable Haunt, researchers say. |
Vulnerability
|
|
|
|
2020-01-10 13:32:19 |
TrickBot hackers create new stealthy backdoor for high-value targets (lien direct) |
PowerTrick is reserved for the most lucrative targets on the gang's hit list. |
|
|
|
|
2020-01-10 11:57:25 |
Man jailed for using data breach info leaks to claim over $12 million in IRS tax refunds (lien direct) |
Information leaked due to data breaches was used to file fraudulent tax returns. |
Data Breach
|
|
|
|
2020-01-10 11:00:20 |
Cybersecurity acquisitions run rampant this week: Who has bought what? (lien direct) |
As a new year unfolds, so do portfolio changes and acquisition deals in the cybersecurity sector. |
|
|
|
|
2020-01-10 10:10:00 |
Google details its three-year fight against the Bread (Joker) malware operation (lien direct) |
Google says it removed more than 1,700 Android apps infected with Bread (Joker) malware since 2017. |
Malware
|
|
|
|
2020-01-09 19:56:38 |
50+ orgs ask Google to take a stance against Android bloatware (lien direct) |
Privacy organizations ask Google to introduce new OEM rules for Android bloatware. |
|
|
|
|
2020-01-09 16:31:00 |
Unremovable malware found preinstalled on low-end smartphone sold in the US (lien direct) |
Malwarebytes said it found malware pre-installed on Unimax U673c handsets, sold by Assurance Wireless (Virgin Mobile) in the US. |
Malware
|
|
|
|
2020-01-09 14:52:01 |
Hackers probe Citrix servers for weakness to remote code execution vulnerability (lien direct) |
At least 80,000 organizations could be at risk. |
Vulnerability
|
|
|
|
2020-01-09 12:04:33 |
Travelex customers left in cashless limbo, ICO not formally alerted to data theft claims (lien direct) |
The ransomware attack has infuriated stranded customers and the ICO has still not seen an official data breach report. |
Ransomware
Data Breach
|
|
|
|
2020-01-09 08:11:00 |
City of Las Vegas said it successfully avoided devastating cyber-attack (lien direct) |
Security breach took place on January 7, but the city said it detected the intrusion in time to prevent any damage. |
|
|
|
|
2020-01-09 04:28:10 |
New Iranian data wiper malware hits Bapco, Bahrain\'s national oil company (lien direct) |
Saudi Arabia's cyber-security agency spots new Dustman data-wiping malware. |
Malware
|
|
|
|
2020-01-08 22:43:06 |
Operation Goldfish Alpha reduces cryptojacking across Southeast Asia by 78% (lien direct) |
Interpol and CERT teams from 10 Southeast Asian countries crack down on hacked MikroTik routers. |
|
|
|
|
2020-01-08 21:20:17 |
Mozilla patches Firefox zero-day reported by Qihoo 360 (lien direct) |
Chinese security firm claims there's also an accompanying Internet Explorer zero-day. |
|
|
|
|
2020-01-08 12:36:32 |
Telegram opens lid on TON project amid SEC spat: \'Grams won\'t help you get rich\' (lien direct) |
No cryptocurrency wallet will be integrated with Telegram Messenger either -- at least, not yet. |
|
|
|
|
2020-01-08 11:29:25 |
ATM skimmer sentenced for fleecing $400,000 out of US banks (lien direct) |
ATM users had their cards read and bank accounts pillaged. |
|
|
|
|
2020-01-08 10:42:27 |
Naive IoT botnet wastes its time mining cryptocurrency (lien direct) |
Operators of LiquorBot botnet waste their time trying to mine Monero on hacked SOHO routers. |
|
|
|
|
2020-01-08 01:52:03 |
Signal app will support \'view-once\' images and videos (lien direct) |
Support for ephemeral multimedia messages to arrive in Signal within weeks. |
|
|
|
|
2020-01-07 22:49:00 |
Google Chrome to hide notification spam starting February 2020 (lien direct) |
Chrome 80, scheduled for release in February 2020, will block notification popups by default. |
Spam
|
|
|
|
2020-01-07 15:02:49 |
Travelex faces ransom demands following NYE malware attack (lien direct) |
The currency exchange has been issued a deadline to pay up by those responsible. |
Malware
|
|
|
|
2020-01-07 14:36:28 |
UK man sentenced to prison for hacking and spying on victims through their webcams (lien direct) |
UK police say suspect recorded victims during intimate moments using malware named Imminent Monitor RAT. |
Malware
|
|
|
|
2020-01-07 14:29:49 |
YouTube rolls out changes for COPPA compliance, expects \'significant impact\' for creators (lien direct) |
Content creators may be in for a bumpy ride. |
|
|
|
|
2020-01-07 13:00:23 |
Insight Partners acquires enterprise security firm Armis in $1.1 billion deal (lien direct) |
Insight Partners says the deal addresses a global enterprise endpoint security need. |
|
|
|
|
2020-01-07 07:47:00 |
Half of the websites using WebAssembly use it for malicious purposes (lien direct) |
WebAssembly not that popular: Only 1,639 sites of the Top 1 Million use WebAssembly. |
|
|
|