Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-12-04 10:08:16 |
Microsoft reverses Windows 11\'s annoying default browser setting changes (lien direct) |
Microsoft has reversed a Windows 11 design change that made it highly annoying to change the default browser used by the operating system. [...] |
|
|
|
|
2021-12-03 18:34:06 |
The Week in Ransomware - December 3rd 2021 - Seizing Bitcoin (lien direct) |
For this week's 'Week in Ransomware' article we have included the latest ransomware news over the past two weeks. [...] |
Ransomware
|
|
|
|
2021-12-03 12:55:33 |
US State Dept employees\' phones hacked using NSO spyware (lien direct) |
Apple has warned at least nine US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group. [...] |
|
|
|
|
2021-12-03 12:40:10 |
Fake support agents call victims to install Android banking malware (lien direct) |
The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials. [...] |
Malware
Threat
|
|
|
|
2021-12-03 12:16:45 |
FBI: Cuba ransomware breached 49 US critical infrastructure orgs (lien direct) |
The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. [...] |
Ransomware
|
|
|
|
2021-12-03 10:34:03 |
Researchers discover 14 new data-stealing web browser attacks (lien direct) |
IT security researchers from Ruhr-Universität Bochum (RUB) and the Niederrhein University of Applied Sciences have discovered 14 new types of 'XS-Leak' cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox. [...] |
|
|
|
|
2021-12-03 10:07:06 |
Zoho: Patch new ManageEngine bug exploited in attacks ASAP (lien direct) |
Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installation to the latest available version. [...] |
|
|
|
|
2021-12-02 16:46:44 |
Microsoft Edge now bashes Google Chrome when you download it (lien direct) |
Microsoft Edge is now displaying in-browser alerts that discourage users from downloading Google Chrome by bashing the popular browser. [...] |
|
|
|
|
2021-12-02 16:34:34 |
Phishing actors start exploiting the Omicron COVID-19 variant (lien direct) |
Phishing actors have quickly started to exploit the emergence of the Omicron COVID-19 variant and now use it as a lure in their malicious email campaigns. [...] |
|
|
|
|
2021-12-02 15:28:25 |
Twitter removes 3,400 accounts used in govt propaganda campaigns (lien direct) |
Twitter today announced the permanent removal of more than 3,400 accounts linked to governments of six countries running manipulation or spam campaigns. [...] |
Spam
|
|
|
|
2021-12-02 11:04:23 |
Russian internet watchdog announces ban of six more VPN products (lien direct) |
Russia's internet watchdog, 'Roskomnadzor', has announced the ban of six more VPN products, bringing the total number to more than a dozen, shows a notification to companies in the country. [...] |
|
|
|
|
2021-12-02 09:30:31 |
Nine WiFi routers used by millions were vulnerable to 226 flaws (lien direct) |
Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. [...] |
|
|
|
|
2021-12-02 05:12:19 |
New malware hides as legit nginx process on e-commerce servers (lien direct) |
eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. [...] |
Malware
|
|
|
|
2021-12-01 20:18:12 |
Planned Parenthood LA discloses data breach after ransomware attack (lien direct) |
Planned Parenthood Los Angeles has disclosed a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients. [...] |
Ransomware
Data Breach
|
|
|
|
2021-12-01 18:43:10 |
Emotet now spreads via fake Adobe Windows App Installer packages (lien direct) |
The notorious Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software. [...] |
Malware
|
|
★★★
|
|
2021-12-01 18:03:42 |
(Déjà vu) Former Ubiquiti dev charged for trying to extort his employer (lien direct) |
Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker. [...] |
|
|
|
|
2021-12-01 18:03:42 |
Former Ubiquity dev charged for trying to extort his employer (lien direct) |
Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker. [...] |
|
|
|
|
2021-12-01 16:23:56 |
Bulletproof hosting founder imprisoned for helping cybercrime gangs (lien direct) |
34-year-old Russian Aleksandr Grichishkin, the founder of a bulletproof hosting service, was sentenced to 60 months in prison for allowing cybercrime gangs to use the platform in attacks targeting US financial institutions between 2008 to 2015. [...] |
|
|
|
|
2021-12-01 14:55:12 |
Microsoft fixes installation issues in new Windows 11 dev build (lien direct) |
Microsoft has addressed a long list of issues and added more Windows 11 start menu customization options with the release of Windows 11 Insider Preview Build 22509 to the Dev Channel. [...] |
|
|
|
|
2021-12-01 13:33:17 |
Malicious Android app steals Malaysian bank credentials, MFA codes (lien direct) |
A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks. [...] |
|
|
|
|
2021-12-01 12:39:15 |
Mozilla fixes critical bug in cross-platform cryptography library (lien direct) |
Mozilla has addressed a critical memory corruption vulnerability affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. [...] |
Vulnerability
|
|
|
|
2021-12-01 11:21:48 |
Microsoft Exchange servers hacked to deploy BlackByte ransomware (lien direct) |
BlackByte ransomware actors were observed exploiting the ProxyShell set of vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) to compromise Microsoft Exchange servers. [...] |
Ransomware
|
|
|
|
2021-12-01 06:06:52 |
Europol: 18k money mules caught laundering money from online fraud (lien direct) |
Europol has announced the arrest of 1,803 money mules out of 18,351 identified following an international money-laundering crackdown operation codenamed "EMMA 7." [...] |
|
|
|
|
2021-12-01 05:33:22 |
VirusTotal Collections feature helps keep neat IoC lists (lien direct) |
Scanning service VirusTotal announced today a new feature called Collections that lets researchers create and share reports with indicators of compromise observed in security incidents. [...] |
|
|
|
|
2021-12-01 05:00:00 |
State-backed hackers increasingly use RTF injection for phishing (lien direct) |
Three APT hacking groups from India, Russia, and China, were observed using a novel RTF (rich text format) template injection technique in their recent phishing campaigns. [...] |
|
|
|
|
2021-11-30 18:04:42 |
Microsoft Defender scares admins with Emotet false positives (lien direct) |
Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload. [...] |
Malware
|
|
|
|
2021-11-30 16:46:32 |
(Déjà vu) FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs (lien direct) |
The FBI seized $2.2 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer. [...] |
Ransomware
|
|
|
|
2021-11-30 16:46:32 |
FBI seized $2.2M from affiliate of REvil, Gandcrab ransomware gangs (lien direct) |
The FBI seized $2.2 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer. [...] |
Ransomware
|
|
★★★★
|
|
2021-11-30 15:06:34 |
Finland warns of Flubot malware heavily targeting Android users (lien direct) |
Finland's National Cyber Security Centre (NCSC-FI) has issued a "severe alert" to warn of a massive campaign targeting the country's Android users with Flubot banking malware pushed via text messages sent from compromised devices. [...] |
Malware
|
|
|
|
2021-11-30 13:55:57 |
Smartwatches for children are a privacy and security nightmare (lien direct) |
Researchers analyzed the security of four popular smartwatches for children and found pre-installed downloaders, weak passwords, and unencrypted data transmissions. [...] |
|
|
|
|
2021-11-30 12:26:05 |
EwDoor botnet targets AT&T network edge devices at US firms (lien direct) |
A recently discovered botnet is attacking unpatched AT&T enterprise network edge devices using exploits for a four-year-old critical severity Blind Command Injection security flaw. [...] |
|
|
|
|
2021-11-30 11:07:09 |
Android banking malware infects 300,000 Google Play users (lien direct) |
Malware campaigns distributing Android trojans that steals online bank credentials have infected almost 300,000 devices through malicious apps pushed via Google's Play Store. [...] |
Malware
|
|
|
|
2021-11-30 08:26:13 |
DNA testing firm discloses data breach affecting 2.1 million people (lien direct) |
DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons. [...] |
Data Breach
|
|
|
|
2021-11-30 08:00:00 |
8-year-old HP printer vulnerability affects 150 printer models (lien direct) |
Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard. [...] |
Vulnerability
|
|
|
|
2021-11-30 06:56:06 |
Yanluowang ransomware operation matures with experienced affiliates (lien direct) |
An affiliate of the recently discovered Yanluowang ransomware operation is focusing its attacks on U.S. organizations in the financial sector using BazarLoader malware in the reconnaissance stage. [...] |
Ransomware
Malware
|
|
|
|
2021-11-29 13:26:30 |
Dark web market Cannazon shuts down after massive DDoS attack (lien direct) |
Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack. [...] |
|
|
|
|
2021-11-29 11:30:07 |
Stealthy WIRTE hackers target governments in the Middle East (lien direct) |
A stealthy hacking group named WIRTE has been linked to a government-targeting campaign conducting attacks since at least 2019 using malicious Excel 4.0 macros. [...] |
|
|
|
|
2021-11-29 10:45:36 |
Zoom finally adds automatic updates to Windows, macOS clients (lien direct) |
Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients. [...] |
|
|
|
|
2021-11-29 10:11:40 |
Telegram channel admins who sold fake vaccine cards arrested (lien direct) |
The Italian financial crime agency (Guardia di Finanza - GdF) has announced the arrest of several individuals suspected of managing Telegram channels to promote fake vaccine certificates, aka 'Green Passes.' [...] |
|
|
|
|
2021-11-29 09:40:21 |
Panasonic discloses data breach after network hack (lien direct) |
Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month. [...] |
Data Breach
Hack
Threat
|
|
|
|
2021-11-29 08:43:29 |
APT37 targets journalists with Chinotto multi-platform malware (lien direct) |
North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android devices. [...] |
Malware
Cloud
|
APT 37
|
|
|
2021-11-28 17:47:39 |
(Déjà vu) Customize the Windows 11 experience with these free apps (lien direct) |
Windows 11 is now available with a long list of limitations and missing features. The big feature update is currently available for download as an optional update and if you've already upgraded to the new operating system, you can try the third-party programs highlighted below. [...] |
|
|
|
|
2021-11-28 17:47:39 |
Customize Windows 11 experience with these free apps (lien direct) |
Windows 11 is now available with a long list of limitations and missing features. The big feature update is currently available for download as an optional update and if you've already upgraded to the new operating system, you can try the third-party programs highlighted below. [...] |
|
|
|
|
2021-11-27 10:00:00 |
New Windows 10 zero-day gives admin rights, gets unofficial patch (lien direct) |
Free unofficial patches have been released to protect Windows users from a local privilege escalation (LPE) zero-day vulnerability in the Mobile Device Management Service impacting all Windows 10 versions from v1809 to v21H1. [...] |
Vulnerability
|
|
|
|
2021-11-26 15:41:42 |
IKEA email systems hit by ongoing cyberattack (lien direct) |
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. [...] |
Threat
|
|
|
|
2021-11-26 13:42:44 |
Google, Apple fined by Italian authority for aggressive data collection (lien direct) |
Italy's competition authority (Autorita Garante della Concorrenza e del Mercato) has announced a fine of 10 million Euros ($11.3 million) against Google and Apple. [...] |
|
|
|
|
2021-11-26 13:02:16 |
TrickBot phishing checks screen resolution to evade researchers (lien direct) |
The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers. [...] |
Malware
|
|
|
|
2021-11-26 10:31:37 |
(Déjà vu) Marine services provider Swire Pacific Offshore hit by ransomware (lien direct) |
Swire Pacific Offshore (SPO) has discovered an unauthorized network infiltration onto its IT systems, resulting in the compromise of some employee data. [...] |
Ransomware
|
|
|
|
2021-11-26 10:31:37 |
Marine services giant Swire Pacific Offshore hit by ransomware (lien direct) |
Swire Pacific Offshore (SPO) has discovered an unauthorized network infiltration onto its IT systems, resulting in the compromise of some employee data. [...] |
Ransomware
|
|
|
|
2021-11-26 09:21:46 |
Interpol arrests over 1,000 suspects linked to cyber crime (lien direct) |
Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling. [...] |
|
|
|