What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-09-13 12:39:03 | 8,000 UNICEF Accounts Leaked Personal Data via Email Blunder. (lien direct) | The organization accidentally sent the names, email addresses, gender and professional information of users of its portal Agora in an email sent in August. The charity organization UNICEF inadvertently leaked the personal details of thousands of people who use its online learning portal Agora by way of an errant email sent to 20,000 inboxes. The email was accidentally sent […] | |||
|
2019-09-13 12:38:05 | Brazilian phishing scheme using Facebook and YouTube. (lien direct) | A cybercriminal gang has put together a phishing campaign that utilizes several trusted sources, along with insider help from a top tier security company service to convince its victims to open and download a malicious attachment. Cofense Intelligence found the malicious actors, who are only targeting Brazilians, are extensively using trusted names, legitimate Windows services and the Cloudflare […] | |||
|
2019-09-13 12:37:05 | Account Details at Risk from Instagram Bug. (lien direct) | The vulnerability, now patched, is the latest in a series of bad news for Facebook. A now-patched Instagram vulnerability could have exposed users’ account data and phone numbers to cyberattackers, parent company Facebook confirmed in a new report from Forbes. The bug was discovered by an Israeli hacker who goes by the handle @ZHacker13. It […] | Vulnerability | ||
|
2019-09-12 13:03:04 | Cyber-Security exporters needed in Scotland. (lien direct) | There’s concern a growing number of vacancies for cyber security jobs in Scotland could see a rise in hackers gaining our personal data. According to industry experts there's a skill shortage and in 2017 it was estimated there were likely to be between 360 and 480 unfilled positions. These figures are expected to rise by […] | |||
|
2019-09-12 13:02:05 | IT Teams will need to work even harder with proposed browser security guidelines. (lien direct) | CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren’t equipped to cope. For years, Secure Sockets Layer (SSL) certificates - a digital tool used to allow secure web connections between a web server and web browser - has been a baseline for a business’s digital trust. The […] | Tool | ||
|
2019-09-12 13:02:01 | (Déjà vu) Confidential Military, Financial Files stolen from Ryuk Related Malware. (lien direct) | A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. While Ryuk Ransomware encrypts a victim’s files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, […] | Ransomware Malware | ||
|
2019-09-12 12:55:04 | (Déjà vu) Over 198 Million Car-Buyer Records Exposed. (lien direct) | An Elastica DB belonging to Dealer Leads exposed a raft of information collected by “research” websites aimed at prospective car buyers. Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. […] | Guideline | ||
|
2019-09-12 12:54:05 | Philadelphia based Entercom hacked for $500,000 ransom. (lien direct) | Radio giant Entercom, the Philadelphia-based owner of more than 235 stations nationwide, was reportedly hit with a ransomware attack last weekend affecting its internal systems including email, production and billing. The ransomware attack appears to have compromised a machine on Entercom’s programming side, forcing some stations to complete music logs by hand and run without […] | Ransomware | ||
|
2019-09-11 11:29:00 | Gmail and Google Calendar fake event notifications could have scammed people. (lien direct) | Google has confirmed that a vulnerability could have left 1.5 billion Google Calendar and Gmail users exposed to a dangerous form of phishing attack. As Forbes reports, the problem was a result of the close linking between the two services, which allows calendar invitations to be sent by email – even by people you don’t know, and […] | Vulnerability | ||
|
2019-09-11 11:28:00 | New iOS 13 Privacy Feature Limits Users Location Tracking. (lien direct) | Apple will introduce other features that allow more secure use of iPhones in workplace settings as well. Apple’s soon-to-be-released iOS 13 includes multiple features designed to give iPhone users substantially better control over their privacy and security settings for both personal and business use. Apple today announced it will release iOS 13 on September 19, […] | ★★ | ||
|
2019-09-11 11:26:03 | (Déjà vu) Website more vulnerable to attack with third-party features. (lien direct) | A new report points out the dangers to customer data of website reliance on multiple third parties. In an effort to make websites attractive and easy to use for their customers, companies have also made them attractive targets for criminals. That’s one of the broad conclusions in a new report that points out where the […] | |||
|
2019-09-11 11:25:05 | Montegomery County School District Ransomware Attack. (lien direct) | A Montgomery County school district has become the latest apparent victim of a ransomware cyberattack that struck just after the start of the new school year. On Monday, Souderton Area School District Superintendent Dr. Frank Gallagher said that the district's computer network was hit by the malware attack on Sunday, Sept. 1. Students had returned […] | Ransomware Malware | ||
|
2019-09-11 11:24:05 | Scammers use Deepfakes when sending Phishing emails. (lien direct) | Ransomware? Easy cash for attackers. Phishing? Nothing but cash. Spam? All kinds of ways to monetize people clicking links. Data breaches? That stuff gets used for fraud and the rest gets sold off (to be used for more fraud). Nation state attacks? Sure there’s ideology, but when you consider that US sanctions no doubt played […] | |||
|
2019-09-10 14:58:00 | (Déjà vu) Captcha Used to Bypass Automated Detection on Microsoft Phishing Pages. (lien direct) | A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs). Businesses use SEGs to protect against a wide variety of email-based attacks. They scan all messages, in or out, for malicious content and protect at least against malware and […] | Malware | ||
|
2019-09-10 14:57:02 | Bluekeep bug exploit published by Metasplot Project. (lien direct) | Coders late last week publicly released a working exploit for the dangerous Bluekeep bug that was found and patched earlier this year in Microsoft's Remote Desktop Protocol implementation. Designated as CVE-2019-0708, BlueKeep is a remote Windows kernel use-after-free vulnerability that could be used to create wormable attacks similar to the WannaCry ransomware incident of May 2017. Published on GitHub by […] | Vulnerability | Wannacry | |
|
2019-09-10 14:56:01 | 1M IoT Radios open to Hijack by Telnet Backdoor. (lien direct) | Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices. Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets' embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, […] | Vulnerability | ||
|
2019-09-10 14:55:02 | DDoS attack knocks Wikipedia offline. (lien direct) | Wikipedia was hit late last week with a sustained DDoS attack knocking it offline in many parts of the world. Wikipedia's parent organization Wikimedia posted a statement on Sept. 7 saying it was under attack and working to return to normal operations, but posted on Twitter on Sept. 6 that it was suffering intermittent outages. The affected […] | |||
|
2019-09-10 14:54:03 | (Déjà vu) Windows users targeted with Ransomware and Trojans. (lien direct) | Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers. All four of these campaigns were discovered by exploit kit expert nao_sec and are being distributed through malvertising that redirect visitors to the exploit kits landing pages. These landing pages are typically hosted […] | Ransomware | ||
|
2019-09-09 09:26:05 | GitHub and Bitbucket customer logins exposed in CirclCL data breach. (lien direct) | The software integration firm CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts. The company said in a statement it was informed of the breach on 31 August, but affected customers who accessed the CircleCI platform starting June 30, 2019. The information compromised included […] | |||
|
2019-09-09 09:25:03 | Module Exposed by Public BlueKeep. (lien direct) | A public exploit module for the BlueKeep Windows vulnerability has been added today to the open-source Metasploit penetration testing framework, developed by Rapid7 in collaboration with the open-source community. BlueKeep is a wormable remote code execution (RCE) security flaw discovered in the Windows Remote Desktop Protocol (RDP) service which enables unauthenticated attackers to run arbitrary code remotely, to launch denial of […] | Vulnerability | ||
|
2019-09-09 09:22:04 | (Déjà vu) Nemty Ransomware Spread From Fake PaylPal Site. (lien direct) | A web page pretending to offer an official application from PayPal is currently spreading a new variant of Nemty ransomware to unsuspecting users. It appears that the operators of this file-encrypting malware are trying various distribution channels as it was recently observed as a payload from the RIG exploit kit (EK). Source: Bleeping Computer | Ransomware Malware | ||
|
2019-09-09 09:20:05 | (Déjà vu) Monster File Leak as Job-Seeker data is Exposed. (lien direct) | The job website says it cannot notify users since the exposure occurred on a third-party organization’s servers. An unprotected Web server has been offering information on Monster.com users for some time - and neither Monster nor the third party it says purchased the data has notified the victims. According to reports, private information on job seekers […] | |||
|
2019-09-09 09:19:05 | \'Joke\' Spyware attacking Android smartphones. (lien direct) | Android smartphone users have been hit by a new malware – Joker. Aleksejs Kuprins, a security researcher at cybersecurity threat intelligence specialists CSIS Security Group, said ‘Joker’ spyware — which derives its name from one of the command-and-control servers found by CSIS researchers — has been detected in 24 apps that have collectively been installed […] | Malware Threat | ||
|
2019-09-06 15:18:03 | Modernising Identity For On-Prem Apps. (lien direct) | By Michael Gleason, director of product marketing at OneLogin Fun fact: in 2006, Forrester Research estimated that 90 percent of CRM sales were on-premises instances. That means ninety percent of CRM users had to deal with more than just a messy customer database – they had to deal with the hosting, the humans and the […] | |||
|
2019-09-06 11:32:02 | Attackers reach new Heights in Ransomware Demands. (lien direct) | New Bedford, Massachusetts’ refusal to pay a $5.3 million ransom highlights how victim towns and cities may be hitting the limit to what they’re willing to spend to speed recovery. Cyber extortionists’ ransom demands have surged in recent years, as ransomware cotinues to cripple the operations of manufacturers, hospitals, and - most recently - local […] | Ransomware | ||
|
2019-09-06 11:31:03 | Passwords are not 14M percent harder to crack because of a New Technique. (lien direct) | Tide’s method for protecting passwords splinters them up into tiny pieces and stores them on distributed nodes. One method that cryptographers often use to protect a secret is to split it up into multiple smaller pieces and allocate the individual portions for safekeeping to various different parties. It’s only when a certain minimum number of […] | |||
|
2019-09-06 11:30:04 | (Déjà vu) School District closed due to a Ransomware Attack. (lien direct) | The summer school holiday has not ended for students in Flagstaff, Arizona, as a ransomware attack hitting the School District computers forces the decision to cancel classes for today. The schedule for tomorrow is uncertain. All schools are impacted by the incident and there are no after-school activities. The district learned of a “cybersecurity issue” […] | Ransomware | ||
|
2019-09-06 11:29:05 | (Déjà vu) Students warned by FBI to think before they post online threats. (lien direct) | The U.S. Federal Bureau of Investigation (FBI) asked students not to make hoax threats via social media, emails, or text messages, in a warning published as part of its ‘Think Before You Post’ campaign. “The FBI takes these threats very seriously whether they come in the form of text messages, social media posts, or emails,” […] | |||
|
2019-09-06 11:28:05 | 419 Million phone number of Facebook Users have been exposed. (lien direct) | Server lacked password protection and included multiple databases with records from the U.S., U.K. and Vietnam. Phone numbers linked to the Facebook accounts of hundreds of millions of users has been found online on an insecure server in the latest privacy gaffe for the social media giant. The server, which lacked password protection, contained more […] | |||
|
2019-09-05 13:22:05 | (Déjà vu) Breach costs increasing due to rising Fines. (lien direct) | The cost of breaches will rise by two-thirds over the next five years, exceeding an estimated $5 trillion in 2024, primarily driven by higher fines as more jurisdictions punish companies for lax security. Equifax, $700 million. British Airways, $221 million. Marriott, $120 million. Companies are seeing much heftier fines in 2019, and the near future […] | Equifax | ||
|
2019-09-05 13:21:05 | (Déjà vu) Flaw in Android Phones allowing attackers to Divert Emails. (lien direct) | Researchers find that a spoofing a service message from the phone carrier is simple and effective on some brands of Android smartphones. Using text messages with embedded links, security researchers from Check Point Software Technologies recently discovered that spoofing messages from a phone carrier could be used to configure certain features, including e-mail and the […] | |||
|
2019-09-05 13:20:05 | (Déjà vu) Android Zero-Day bug didn\'t make the cut on the Google \'Fix\' List. (lien direct) | Google yesterday rolled out security patches for the Android mobile operating system but did not include the fix for at least one bug that enables increasing permissions to kernel level. Security flaws that enable privilege escalation can be exploited from a position with limited access to one with elevated access to critical files on the system. […] | |||
|
2019-09-05 13:19:05 | Phishing attacks causing vulnerability to millions of Android phones. (lien direct) | More than half of the Android mobile phones in use are susceptible to an advanced text-based phishing attack that only requires a cybercriminal make a $10 investment. Check Point researchers found malicious actors using a remote agent to trick phone owners into accepting new phone settings that hand over various levels of control to the attacker. The […] | Vulnerability | ||
|
2019-09-05 13:18:01 | Former User data exposed from Webcomix XKCD. (lien direct) | In an incident practically ripped from the plot of one of its own stories, the webcomic XKCD reported that user data from its online forum section was found in an exposed database. XKCD, which labels itself a “webcomic of romance, sarcasm, math, and language,” posted in a brief note that portions of its PHPBB user table […] | |||
|
2019-09-04 10:08:05 | Malware campaign to track Muslims, Android and windows devices have been reported in China. (lien direct) | A recently exposed malware campaign that used watering-hole attacks to target iPhone users for more than two years was reportedly part of an effort to track Uyghur Muslims based in China's Xinjiang state. The campaign was actually broader than originally thought, and attempted to infect Android and Microsoft Windows devices as well, reports are also stating. Citing […] | Malware | ||
|
2019-09-04 10:07:05 | Brazilian Android Devices targeted by BRATA Malware. (lien direct) | First there was Brangelina, TomKat and Bennifer and now Kaspersky has presented the world with BRATA, or Brazilian RAT Android. BRATA is not a power celebrity couple, but is a relatively new Android remote access tool family that, at least so far, has exclusively targeted Brazilians using Android 5.0 or higher, according to Kaspersky's GReAT team. […] | Tool | ||
|
2019-09-04 10:06:04 | Customer personal information exposed on flight booking side, Option Way. (lien direct) | A data breach at flight booking site Option Way exposed personal details on passengers and their flight and travel plans. Researchers at vpnMentor led by Noam Rotem and Ran Locar were “able to access over 100 GB of data, a massive amount of customers' unencrypted Personally Identifiable Information (PII),” including names, birth dates, gender email addresses, […] | Data Breach | ||
|
2019-09-04 10:05:04 | (Déjà vu) 562,000 users emails and passwords have been exposed due to the XKCD Forum breach. (lien direct) | The forums of the XKCD webcomic created by Randall Munroe in 2005 are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1. The compromised user information including usernames, emails, and IP addresses, as well as hashed and salted passwords stored in MD5 phpBB3 format, was added to Have […] | Data Breach | ||
|
2019-09-04 10:04:04 | (Déjà vu) SharePoint Sites Hacked to Bypass Secure Email Gateways. (lien direct) | Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages. The attackers take advantage of the fact that the domains used by Microsoft’s SharePoint web-based collaborative platform are almost always overlooked by secure email gateways which allows their phishing […] | |||
|
2019-09-03 13:51:04 | A Quarter Of Workers Spend A Minimum Of 3 Months A Year Secretly Surfing The Web At Work. (lien direct) | A survey carried out this month by Gurucul, a security and fraud analytics technology provider, among 476 IT workers found that a quarter of people spend more than 2 hours a day surfing the web at work, equating to 10 hours a week and a mind-blowing 40 hours a month. In total, that means a […] | |||
|
2019-08-27 13:54:05 | Dissecting BioStar2\'s Vulnerabilities: Biometric Databases As The New Target. (lien direct) | By Danielle VanZandt, Industry Analyst, Security, Frost & Sullivan The significant breach and vulnerabilities recently discovered by vpnMentor researchers within Suprema's BioStar 2 database are enough to scare any potential end user away from biometric security measures. With potentially over 1 million fingerprint biometrics and user passwords exposed in the breach, BioStar 2 has become […] | |||
|
2019-08-23 15:22:05 | ThreatConnect Users Can Access Near Real-Time Finished Intelligence And Technical Data From Flashpoint. (lien direct) | ThreatConnect, Inc.®, provider of the industry's only intelligence-driven security operations platform, is proud to announce its updated integration with Flashpoint, the leader in Business Risk Intelligence (BRI). With this latest integration, joint customers can now leverage the Flashpoint API to import Finished Intelligence reports, Risk Intelligence Observables (RIOs), and Technical Indicators into ThreatConnect. The ThreatConnect […] | Guideline | ||
|
2019-08-22 10:57:05 | Sounding The Alarm: Can Your Home Security System Be Hacked? (lien direct) | By Martin Hodgson, Head of UK and Ireland at Paessler A network is only as secure as the devices connected to it. With each connected device comes increased vulnerability. The modern household is no exception, with the recent explosion of IoT devices in the home creating a potential goldmine for hackers. Scarier still, many of […] | ★★ | ||
|
2019-08-22 10:57:01 | Alexa: How Secure Is My Smart Home? (lien direct) | By David Emm, Principal Security Researcher, Kaspersky Baby monitors, CCTV tools and smart home devices like Amazon Alexa and Google Home are all handy additions to today's modern home. A quarter of Britons now own one or more smart home devices, and by 2023 every home in the UK is expected to contain at least […] | ★★★★★ | ||
|
2019-08-22 10:56:04 | UK FinTech CashFlows Continues Growth With Akamai In Face Of Increasing Cyberthreats. (lien direct) | Akamai (NASDAQ: AKAM), the intelligent edge platform for delivering and securing web experiences, today announced it is protecting CashFlows, an innovative FinTech offering comprehensive merchant services, alternative payments, and BIN Sponsorship solutions (card issuing and ATMs), from the growing threat of Distributed Denial of Service (DDoS) attacks against its cloud-based services. Founded in 2010, CashFlows […] | Threat | ||
|
2019-08-21 14:38:04 | Over Two Thirds Of British Companies Feel Cybersecurity Concerns Prevent Them From Adopting New Technology. (lien direct) | Over two thirds (67%) of companies feel that cybersecurity concerns prevent them from adopting new technology to grow their business faster, according to a new report from EY that is based on a survey of 175 C-suite executives at UK-based organisations. Cloud computing and the internet of things (IoT) were the two technologies that were […] | |||
|
2019-08-21 14:37:03 | SOAR vs. Security Operations: What\'s Really Going On? (lien direct) | Written by John Czupak, CEO, ThreatQuotient There's something big brewing in the world of security operations, but what exactly is it? We are regularly inundated with various descriptions of useful tools and capabilities (think Security Orchestration, Automation and Response (SOAR), Threat Intelligence Platforms (TIPs), Security Incident Response (SIR), Hunting and more). Unfortunately, many of us […] | Threat | ||
|
2019-08-21 13:54:05 | How To Effectively Manage Cyber Threats On Critical Infrastructure. (lien direct) | Written by Anthony Perridge, VP International, ThreatQuotient Criminals are tirelessly attacking critical infrastructure (CRITIS) around the world and compromising the Industrial Control System (ICS) and the Supervisory Control and Data Acquisition (SCADA) systems that control these infrastructures. In 2010, the Stuxnet worm infiltrated numerous control systems and damaged nuclear power plants. Five years later, the […] | |||
|
2019-08-20 17:10:05 | Machine Learning And The Future Of Security. (lien direct) | By Morgan Jay, Area Vice President at Imperva. We often question what drives the success behind enormous companies like Google and Amazon. A large part of the answer is machine learning. These companies have quickly adopted machine learning, finding smarter ways to apply it and changing the dynamic of how they work. With the extra […] | |||
|
2019-08-20 16:37:04 | Five Steps To Defending Against And Recovering From A Cyber Attack. (lien direct) | Given how commonplace cyber attacks have become on a global basis, the topic of cyber security is moving increasingly up the board agenda, and rightly so. 72% of large businesses in the UK said they had identified at least one cybersecurity breach in 12 months and 40% experienced a breach or attack at least once […] |
To see everything:
Our RSS (filtrered)
