What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-12 12:11:03 | (Déjà vu) Copycats imitate novel supply chain attack that hit tech giants (lien direct) | This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms. [...] | |||
|
2021-02-12 12:11:03 | Copycat researchers imitate supply chain attack that hit tech giants (lien direct) | This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms. [...] | |||
|
2021-02-12 11:02:37 | (Déjà vu) Yandex suffers data breach after sysadmin sold access to user emails (lien direct) | Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [...] | Data Breach | ||
|
2021-02-12 11:02:37 | Russian Yandex informs of sysadmin giving access to user mailboxes (lien direct) | Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [...] | |||
|
2021-02-12 08:53:53 | Microsoft: Windows 10 1909 reaches end of service in May (lien direct) | Microsoft has reminded customers that some editions of Windows 10, version 1909 (also known as the November 2019 Update) will reach end of service in May 2021. [...] | |||
|
2021-02-11 18:30:22 | Avaddon ransomware fixes flaw allowing free decryption (lien direct) | The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor. [...] | Ransomware | ||
|
2021-02-11 14:34:14 | (Déjà vu) Internet Explorer 11 zero-day vulnerability gets unofficial micropatch (lien direct) | An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...] | Vulnerability | ||
|
2021-02-11 14:34:14 | Internet Explorer 11 zero-day vulnerability gets a free micropatch (lien direct) | An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...] | Vulnerability | ||
|
2021-02-11 13:40:47 | (Déjà vu) Microsoft releases emergency fix for Windows 10 WiFi crashes (lien direct) | Microsoft has released an emergency KB5001028 out-of-band update to fix a bug causing Windows 10 to crash when connecting to WPA3 Wi-Fi networks. [...] | |||
|
2021-02-11 13:40:47 | Windows 10 emergency update fixes WPA3 Wi-Fi blue screen crashes (lien direct) | Microsoft has released an emergency KB5001028 out-of-band update to fix a bug causing Windows 10 to crash when connecting to WPA3 Wi-Fi networks. [...] | |||
|
2021-02-11 13:11:25 | Microsoft warns of an increasing number of web shell attacks (lien direct) | Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month. [...] | |||
|
2021-02-11 12:55:35 | Singtel, QIMR Berghofer report Accellion-related data breaches (lien direct) | Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. [...] | Vulnerability | ||
|
2021-02-11 12:05:44 | Buggy WordPress plugin exposes 100K sites to takeover attacks (lien direct) | Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence. [...] | |||
|
2021-02-11 10:02:36 | Intel fixes vulnerabilities in Windows, Linux graphics drivers (lien direct) | Intel addressed 57 vulnerabilities during this month's Patch Tuesday, including high severity ones impacting Intel Graphics Drivers. [...] | |||
|
2021-02-11 09:00:00 | 12-year-old Windows Defender bug gives hackers admin rights (lien direct) | Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. [...] | Vulnerability | ||
|
2021-02-11 06:01:01 | TrickBot\'s BazarBackdoor malware is now coded in Nim to evade antivirus (lien direct) | TrickBot's stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software. [...] | Malware | ||
|
2021-02-11 04:21:08 | (Déjà vu) Hackers ask only $1,500 for access to breached company networks (lien direct) | The number of offers for network access and their median prices on the public face of hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. [...] | |||
|
2021-02-11 04:21:08 | Network hackers asked for over $1 million in initial access offers (lien direct) | The number of offers for network access and their median prices on the public face of hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. [...] | |||
|
2021-02-10 17:01:53 | French MNH health insurance company hit by RansomExx ransomware (lien direct) | French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company's operations. BleepingComputer has learned. [...] | Ransomware | ||
|
2021-02-10 15:47:49 | US Coast Guard orders maritime facilities to report SolarWinds breaches (lien direct) | The U.S. Coast Guard (USCG) has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack. [...] | |||
|
2021-02-10 12:56:34 | Microsoft now forces secure RPC to block Windows ZeroLogon attacks (lien direct) | Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates. [...] | Vulnerability | ||
|
2021-02-10 10:43:45 | Hackers auction alleged stolen Cyberpunk 2077, Witcher source code (lien direct) | Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack. [...] | Ransomware Threat | ||
|
2021-02-10 10:34:46 | SIM hijackers arrested after stealing millions from US celebrities (lien direct) | Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium. [...] | |||
|
2021-02-10 09:28:54 | (Déjà vu) Microsoft Office February security updates patch Sharepoint, Excel RCE bugs (lien direct) | Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. [...] | |||
|
2021-02-10 03:30:00 | (Déjà vu) Microsoft fixes Windows 10 bug letting attackers trigger BSOD crashes (lien direct) | Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. [...] | Threat | ||
|
2021-02-10 03:30:00 | Microsoft fixes the Windows 10 console driver crash bug (lien direct) | Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. [...] | Threat | ||
|
2021-02-09 19:07:10 | Apple fixes SUDO root privilege escalation flaw in macOS (lien direct) | Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [...] | Vulnerability | ||
|
2021-02-09 15:42:45 | HelloKitty ransomware behind CD Projekt Red cyberattack, data theft (lien direct) | The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize. [...] | Ransomware Threat | ||
|
2021-02-09 13:52:25 | Microsoft urges customers to patch critical Windows TCP/IP bugs (lien direct) | Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible. [...] | |||
|
2021-02-09 13:29:13 | Windows 10 Cumulative Updates KB4601315 & KB4601319 released (lien direct) | As part of the February Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. [...] | |||
|
2021-02-09 13:25:48 | Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day (lien direct) | Today is Microsoft's February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day. [...] | |||
|
2021-02-09 13:09:11 | New BendyBear APT malware gets linked to Chinese hacking group (lien direct) | Unit 42 researchers today have shared info on a new polymorphic and "highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. [...] | Malware | ||
|
2021-02-09 13:04:16 | (Déjà vu) Researcher hacks over 35 tech firms in novel supply chain attack (lien direct) | A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [...] | Hack | Uber Uber | |
|
2021-02-09 13:04:16 | Researcher hacks Microsoft, Apple, more in novel supply chain attack (lien direct) | A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [...] | Hack | Uber Uber | |
|
2021-02-09 12:30:24 | Adobe fixes critical Reader vulnerability exploited in the wild (lien direct) | Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. [...] | Vulnerability | ||
|
2021-02-09 12:05:12 | Office 365 will help admins find impersonation attack targets (lien direct) | Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap. [...] | |||
|
2021-02-09 08:37:48 | Microsoft: Recent Windows 10 gaming issues caused by Discord bug (lien direct) | Microsoft has acknowledged a known issue that was causing Direct3D 12 games to fail to launch or crash with an error on some Windows 10 devices. [...] | |||
|
2021-02-09 05:33:42 | CD PROJEKT RED gaming studio hit by ransomware attack (lien direct) | CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. [...] | Ransomware | ||
|
2021-02-08 17:50:12 | Hackers tried poisoning town after breaching its water facility (lien direct) | A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. [...] | |||
|
2021-02-08 15:05:54 | Critical vulnerability fixed in WordPress plugin with 800K installs (lien direct) | The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. [...] | Vulnerability | ||
|
2021-02-08 14:10:42 | Cyberpunk 2077 bug fixed that let malicious mods take over PCs (lien direct) | CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files. [...] | Vulnerability | ||
|
2021-02-08 13:53:02 | Microsoft: Keep your guard up even after Emotet\'s disruption (lien direct) | Microsoft warns customers not to let their guard down even after hundreds of Emotet botnet servers were taken down in late January 2021. [...] | |||
|
2021-02-08 11:52:26 | Android app joins the dark side, sends malware update to millions (lien direct) | Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update. [...] | Malware | ||
|
2021-02-08 08:52:48 | Microsoft to alert Office 365 users of nation-state hacking activity (lien direct) | Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap. [...] | |||
|
2021-02-07 13:53:26 | Ziggy ransomware shuts down and releases victims\' decryption keys (lien direct) | The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. [...] | Ransomware | ||
|
2021-02-07 10:40:12 | New phishing attack uses Morse code to hide malicious URLs (lien direct) | A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. [...] | |||
|
2021-02-07 09:31:22 | Fortinet fixes critical vulnerabilities in SSL VPN and web firewall (lien direct) | Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. [...] | |||
|
2021-02-07 04:00:00 | Removal notice for Signal article (lien direct) | Due to conflicting information BleepingComputer has received, we have removed our original article. [...] | |||
|
2021-02-07 04:00:00 | Signal ignores proxy censorship vulnerability, bans researchers (lien direct) | Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship. However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users. [...] | |||
|
2021-02-06 15:07:59 | Mozilla fixes Windows 10 NTFS corruption bug in Firefox (lien direct) | Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser. [...] |
To see everything:
Our RSS (filtrered)
