Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 10:07:00 |
GandCrab ransomware affiliate arrested for phishing attacks (lien direct) |
A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 09:36:45 |
Security bug hunters focus on misconfigured services, earn big rewards (lien direct) |
An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 08:01:31 |
Microsoft releases ProxyLogon updates for unsupported Exchange Servers (lien direct) |
Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 04:16:56 |
(Déjà vu) GitHub fixes bug causing users to log into other accounts (lien direct) |
Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 04:16:56 |
GitHub bug caused users to login to other user accounts (lien direct) |
Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 16:20:06 |
New Sarbloh ransomware supports Indian farmers\' protest (lien direct) |
A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 15:30:00 |
Microsoft 365 adds \'External\' email tags for increased security (lien direct) |
Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 15:06:34 |
Hackers hiding Supernova malware in SolarWinds Orion linked to China (lien direct) |
Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. [...] |
Malware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 13:21:05 |
Google Chrome to block port 554 to stop NAT Slipstreaming attacks (lien direct) |
Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 11:05:59 |
European Banking Authority discloses Exchange server hack (lien direct) |
The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. [...] |
Hack
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 10:21:59 |
Flagstar Bank hit by data breach exposing customer, employee data (lien direct) |
US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. [...] |
Ransomware
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 09:56:58 |
CISA takes over .GOV top-level domain (TLD) administration (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) is taking over the administration of the.gov top-level domain (TLD) as its new policy and management authority. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-08 08:55:30 |
Unpatched QNAP devices are being hacked to mine cryptocurrency (lien direct) |
Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-07 16:28:08 |
Microsoft\'s MSERT tool now finds web shells from Exchange Server attacks (lien direct) |
Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. [...] |
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-07 13:43:45 |
(Déjà vu) How to use Google\'s \'Chrome Labs\' to test new browser features (lien direct) |
Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-07 13:43:45 |
Google\'s Chrome Labs makes it easier to test new browser features (lien direct) |
Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-07 10:00:00 |
Microsoft Office 365 gets protection against malicious XLM macros (lien direct) |
Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 15:39:09 |
How to customize your Windows 10 desktop with these free tools (lien direct) |
With Windows, you've got an almost limitless number of free, open-source and paid apps to customize the appearance of desktop. In this article, we're going to share a list of open-source and free tools to change the desktop wallpaper animation when you move your cursor, add support for widgets, and more. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 14:04:41 |
This new Microsoft tool checks Exchange Servers for ProxyLogon hacks (lien direct) |
Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. [...] |
Tool
|
|
★★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 12:47:07 |
Ransomware gang plans to call victim\'s business partners about attacks (lien direct) |
The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 11:25:28 |
Windows 10 21H1 inches closer to release - Here\'s the latest news (lien direct) |
Microsoft is gearing up to release Windows 10 version 21H1, aka the Spring Update, as they broadly release the feature update to all Windows Insiders in the Beta channel. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 10:02:00 |
Microsoft is giving Windows admins full control over driver updates (lien direct) |
Microsoft has announced a new deployment service for drivers and firmware that will make it easier for IT admins to select the right drivers for devices on their enterprise network. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-06 09:05:00 |
Samsung fixes critical Android bugs in March 2021 updates (lien direct) |
This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 18:53:22 |
The Week in Ransomware - March 5th 2021 - Targeting service providers (lien direct) |
This week we have seen ransomware attacks targeting online service providers and MSPs to not only encrypt the victim but also cause significant outages for their customers. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 17:16:11 |
US indicts John McAfee for cryptocurrency fraud, money laundering (lien direct) |
US federal prosecutors have charged John McAfee, founder of cybersecurity firm McAfee, and his executive advisor Jimmy Gale Watson Jr for cryptocurrency fraud and money laundering. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 16:49:54 |
New ransomware only decrypts victims who join their Discord server (lien direct) |
A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 14:13:45 |
SITA data breach affects millions of travelers from major airlines (lien direct) |
Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 12:38:10 |
Chrome extension turns on YouTube captions when eating noisy chips (lien direct) |
A new AI-powered Google Chrome extension will automatically turn on YouTube extensions if it detects you are eating noisy chips. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 10:12:40 |
Microsoft: Exchange updates can install without fixing vulnerabilities (lien direct) |
Due to the critical nature of recently issued Microsoft Exchange security updates, admins need to know that the updates may have installation issues on servers where User Account Control (UAC) is enabled. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-05 08:28:59 |
Ongoing phishing attacks target US brokers with fake FINRA audits (lien direct) |
The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 20:14:58 |
Supermicro, Pulse Secure release fixes for \'TrickBoot\' attacks (lien direct) |
Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware's UEFI firmware-infecting module, known as TrickBoot. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 15:58:41 |
(Déjà vu) CompuCom MSP hit by DarkSide ransomware cyberattack (lien direct) |
US managed service provider CompuCom has suffered a DarkSide ransomware attack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware. [...] |
Ransomware
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 14:05:09 |
(Déjà vu) Microsoft reveals 3 new malware strains used by SolarWinds hackers (lien direct) |
Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 14:05:09 |
Microsoft reveals new malware used by the SolarWinds hackers (lien direct) |
Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:34:15 |
(Déjà vu) Notorious Maza cybercrime forum attacked by other hackers (lien direct) |
The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:34:15 |
Maza forum hacked in recent attacks targeting cybercrime forums (lien direct) |
The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:18:23 |
(Déjà vu) Microsoft Edge is now 41% faster with new Startup Boost feature (lien direct) |
Microsoft Edge was redesigned with Chromium in January 2020 and it's getting better every month with new updates. Earlier this year, Microsoft announced that it's enabling support for sleeping tabs and now Microsoft is rolling out two new features - vertical tabs and startup boost. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:18:23 |
Microsoft Edge gets tab enhancements and improved performance (lien direct) |
Microsoft Edge was redesigned with Chromium in January 2020 and it's getting better every month with new updates. Earlier this year, Microsoft announced that it's enabling support for sleeping tabs and now Microsoft is rolling out two new features - vertical tabs and startup boost. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 13:04:03 |
FireEye finds new malware likely linked to SolarWinds hackers (lien direct) |
FireEye discovered a new "sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 12:09:34 |
VMware releases fix for severe View Planner RCE vulnerability (lien direct) |
VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 11:37:15 |
(Déjà vu) Hijacking traffic to Microsoft\'s windows.com with bitflipping (lien direct) |
A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to the nature of bit flipping. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 11:37:15 |
Researcher bitsquats Microsoft\'s windows.com to steal traffic (lien direct) |
A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to the nature of bit flipping. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 11:00:33 |
Hacked SendGrid accounts used in phishing attacks to steal logins (lien direct) |
A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 09:44:39 |
Windows DNS SIGRed bug gets first public RCE PoC exploit (lien direct) |
A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 08:04:48 |
DHS orders agencies to urgently patch or disconnect Exchange servers (lien direct) |
The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-04 07:34:20 |
Ransomware is a multi-billion industry and it keeps growing (lien direct) |
An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 18:15:09 |
CompuCom MSP confirms ongoing outage following malware incident (lien direct) |
The US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware, BleepingComputer has learned. [...] |
Malware
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 17:15:16 |
Microsoft: Windows 10 \'Known Issue Rollback\' auto-fixes update bugs (lien direct) |
Microsoft has shared details on Known Issue Rollback (KIR), a Windows 10 capability used to revert buggy non-security fixes delivered through Windows Update. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 15:01:00 |
Hackers share methods to bypass 3D Secure for payment cards (lien direct) |
Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure (3DS) protocol used for authorizing online card transactions. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-03 14:53:59 |
BEC scammers are targeting investors for massive payouts (lien direct) |
Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average. [...] |
|
|
|