What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-17 13:13:08 | Cisco says it won\'t fix zero-day RCE in end-of-life VPN routers (lien direct) | Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. [...] | Vulnerability | ||
|
2022-06-17 12:22:37 | (Déjà vu) New Windows 11 privacy feature lists apps that used your microphone, camera (lien direct) | Microsoft has recently added a new privacy feature that allows Windows 11 users to get a list of all the apps that have recently accessed their sensitive info and devices, including their camera, microphone, and contacts. [...] | |||
|
2022-06-17 12:22:37 | Windows 11 now lists apps that accessed your microphone, camera (lien direct) | Microsoft has recently added a new privacy feature that allows Windows 11 users to get a list of all the apps that have recently accessed their sensitive info and devices, including their camera, microphone, and contacts. [...] | |||
|
2022-06-17 10:17:19 | Russian RSocks botnet disrupted after hacking millions of devices (lien direct) | The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers. [...] | Malware | ||
|
2022-06-17 05:52:36 | QNAP \'thoroughly investigating\' new DeadBolt ransomware attacks (lien direct) | Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. [...] | Ransomware | ||
|
2022-06-17 05:10:28 | Microsoft: June Windows updates may break Wi-Fi hotspots (lien direct) | Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. [...] | |||
|
2022-06-16 18:23:46 | Sophos Firewall zero-day bug exploited weeks before fix (lien direct) | Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...] | Vulnerability | ||
|
2022-06-16 17:51:33 | iCloud hacker gets 9 years in prison for stealing nude photos (lien direct) | A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021. [...] | Guideline | ||
|
2022-06-16 15:43:57 | New MaliBot Android banking malware spreads as a crypto miner (lien direct) | Threat analysts have discovered a new Android malware strain named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain. [...] | Malware Threat | ||
|
2022-06-16 14:58:32 | 730K WordPress sites force-updated to patch critical plugin bug (lien direct) | WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. [...] | Vulnerability | ||
|
2022-06-16 13:38:22 | Anker Eufy smart home hubs exposed to RCE attacks by critical flaw (lien direct) | Anker's central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw. [...] | |||
|
2022-06-16 11:14:24 | New cloud-based Microsoft Defender for home now generally available (lien direct) | Microsoft has announced today the general availability of Microsoft Defender for individuals, the company's new security solution for personal phones and computers. [...] | |||
|
2022-06-16 10:19:12 | MetaMask, Phantom warn of flaw that could steal your crypto wallets (lien direct) | MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it. [...] | Vulnerability | ★★★ | |
|
2022-06-16 10:02:01 | Revisit Your Password Policies to Retain PCI Compliance (lien direct) | Organizations that are subject to the PCI regulations must carefully consider how best to address these new requirements. Some of the requirements are relatively easy to address. Even so, some of the new requirements go beyond what Windows native security mechanisms are capable of. Here is what you need to know. [...] | |||
|
2022-06-16 06:07:20 | Microsoft Office 365 feature can help cloud ransomware attacks (lien direct) | Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage. [...] | Ransomware Threat | ||
|
2022-06-15 15:05:10 | Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike (lien direct) | The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. [...] | Threat | ||
|
2022-06-15 14:24:33 | Cisco Secure Email bug can let attackers bypass authentication (lien direct) | Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. [...] | Vulnerability | ||
|
2022-06-15 14:01:42 | Zimbra bug allows stealing email logins with no user interaction (lien direct) | Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction. [...] | Vulnerability | ||
|
2022-06-15 12:28:27 | Extortion gang ransoms Shoprite, largest supermarket chain in Africa (lien direct) | Shoprite Holdings, Africa's largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. [...] | Ransomware | ||
|
2022-06-15 11:56:04 | Microsoft: Windows update to permanently disable Internet Explorer (lien direct) | Microsoft confirmed today that a future Windows update will permanently disable the Internet Explorer web browser on users' systems. [...] | |||
|
2022-06-15 10:46:21 | Citrix warns critical bug can let attackers reset admin passwords (lien direct) | Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords. [...] | Vulnerability | ||
|
2022-06-15 10:26:26 | Interpol seizes $50 million, arrests 2000 social engineers (lien direct) | An international law enforcement operation, codenamed 'First Light 2022,' has seized 50 million dollars and arrested thousands of people involved in social engineering scams worldwide. [...] | |||
|
2022-06-15 10:01:02 | InQuest Labs: Man + Machine vs Business Email Compromise (BEC) (lien direct) | Attackers only have to be right once while defenders need to be right 100% of the time. To help combat this asymmetric disadvantage, InQuest provides an open research portal that combines crowdsourced efforts with machine learning to combat the likes of Bumblebee and other BEC related threats. [...] | |||
|
2022-06-15 09:00:00 | New peer-to-peer botnet infects Linux servers with cryptominers (lien direct) | A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. [...] | |||
|
2022-06-15 08:34:14 | Microsoft: June Windows Server updates may cause backup issues (lien direct) | Microsoft says that some applications might fail to backup data using Volume Shadow Copy Service (VSS) after applying the June 2022 Patch Tuesday Windows updates. [...] | |||
|
2022-06-15 03:21:23 | Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs (lien direct) | For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub. [...] | |||
|
2022-06-14 19:03:26 | Ransomware gang creates site for employees to search for their stolen data (lien direct) | The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack [...] | Ransomware | ||
|
2022-06-14 15:55:20 | (Déjà vu) New Hertzbleed side-channel attack affects Intel, AMD CPUs (lien direct) | A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS). [...] | |||
|
2022-06-14 15:55:20 | New Hertzbleed side-channel attack affects Intel, AMD systems (lien direct) | A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS). [...] | |||
|
2022-06-14 15:36:10 | Android malware on the Google Play Store gets 2 million downloads (lien direct) | Cybersecurity researchers have discovered adware and information-stealing malware on the Google Play Store last month, with at least five still available and having amassed over two million downloads. [...] | Malware | ||
|
2022-06-14 14:18:12 | Windows 11 KB5014697 update adds Spotlight for Desktop, fixes 33 bugs (lien direct) | Microsoft has released the Windows 11 KB5014697 cumulative update with security updates, improvements, and the new Spotlight for Desktop feature that automatically changes your desktop background. [...] | |||
|
2022-06-14 14:02:28 | Windows 10 KB5014699 and KB5014692 updates released (lien direct) | Microsoft has released Windows 10 KB5014699 and KB5014692 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve bugs [...] | |||
|
2022-06-14 14:00:06 | Microsoft patches actively exploited Follina Windows zero-day (lien direct) | Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. [...] | Vulnerability | ||
|
2022-06-14 13:45:44 | Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws (lien direct) | Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. [...] | Vulnerability | ||
|
2022-06-14 11:40:29 | Owner of \'DownThem\' DDoS service gets 2 years in prison (lien direct) | Matthew Gatrel, 33, a citizen of Illinois, has been sentenced to two years in prison for operating platforms offering DDoS (distributed denial of service) services to subscribers. [...] | |||
|
2022-06-14 11:04:18 | Firefox now blocks cross-site tracking by default for all users (lien direct) | Mozilla says that starting today, all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. [...] | |||
|
2022-06-14 10:31:34 | Cloudflare mitigates record-breaking HTTPS DDoS attack (lien direct) | Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. [...] | |||
|
2022-06-13 18:54:20 | Kaiser Permanente data breach exposes health data of 69K people (lien direct) | Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. [...] | Data Breach Guideline | ||
|
2022-06-13 17:56:20 | Gallium hackers backdoor finance, govt orgs using new PingPull malware (lien direct) | The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa. [...] | Malware | ||
|
2022-06-13 17:12:27 | Internet Explorer (almost) breathes its final byte on Wednesday (lien direct) | Microsoft will finally end support for Internet Explorer on multiple Windows versions on Wednesday, June 15, almost 27 years after its launch on August 24, 1995. [...] | |||
|
2022-06-13 15:32:59 | Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto (lien direct) | Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services. [...] | |||
|
2022-06-13 14:15:20 | Metasploit 6.2.0 improves credential theft, SMB support features, more (lien direct) | Metasploit 6.2.0 has been released with 138 new modules, 148 new improvements/features, and 156 bug fixes since version 6.1.0 was released in August 2021. [...] | |||
|
2022-06-13 13:14:14 | Microsoft: Exchange servers hacked to deploy BlackCat ransomware (lien direct) | Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. [...] | Ransomware | ||
|
2022-06-13 11:13:00 | New Syslogk Linux rootkit uses magic packets to trigger backdoor (lien direct) | A new rootkit malware named 'Syslogk' has been spotted in the wild, and it features advanced process and file hiding techniques that make detection highly unlikely. [...] | Malware | ||
|
2022-06-13 10:28:07 | Russian hackers start targeting Ukraine with Follina exploits (lien direct) | Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...] | Tool Vulnerability | ||
|
2022-06-12 15:03:44 | PyPI package \'keep\' mistakenly included a password stealer (lien direct) | PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to contain a password-stealer and a backdoor due to the presence of malicious 'request' dependency within some versions. [...] | |||
|
2022-06-12 13:25:22 | New Vytal Chrome extension hides location info that your VPN can\'t (lien direct) | A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. [...] | |||
|
2022-06-12 10:11:04 | Hello XD ransomware now drops a backdoor while encrypting (lien direct) | Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. [...] | Ransomware | ||
|
2022-06-11 11:46:31 | WiFi probing exposes smartphone users to tracking, info leaks (lien direct) | Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby's WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it. [...] | |||
|
2022-06-11 10:31:49 | Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (lien direct) | Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. [...] | Ransomware Vulnerability |
To see everything:
Our RSS (filtrered)
