What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-01-10 10:05:13 | (Déjà vu) European Skin Care Sites attacked by Card-Stealing Scripts (lien direct) | Multiple European websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase. Two MageCart groups were competing for the credit card data on Perricone MD websites in the U.K., Italy, and Germany, but current evidence shows that only one exfiltrated the details successfully. Source: Bleeping […] | |||
|
2020-01-10 10:03:21 | Exploited zero-day flaw patched by Mozilla (lien direct) | The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads an official advisory posted by Mozilla, citing the two […] | Vulnerability Guideline | ||
|
2020-01-10 10:01:19 | 300 without jobs because Company shuts down of ransomware (lien direct) | An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn’t go according to plan following a ransomware incident that took place at the start of October 2019. Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before […] | Ransomware | Heritage | |
|
2020-01-10 09:59:30 | Nobel laureate Paul Krugman fell for a phishing scam (lien direct) | Paul Krugman, the Nobel Prize-winning economist and columnist for the New York Times, took to Twitter Wednesday to share some alarming news. “Well, I’m on the phone with my computer security service, and as I understand it someone compromised my IP address and is using it to download child pornography,” Krugman said in a since-deleted […] | |||
|
2020-01-09 10:08:05 | CES Suffers Cyberattack on First Day in Las Vegas (lien direct) | The attack, still under investigation, hit early in the morning of Jan. 7. On the opening day of the huge Consumer Electronics Show (CES), officials in Las Vegas were busy assessing the damage from a cyberattack that hit the city. Officials there reportedly said preliminary analysis indicated that no sensitive data was compromised in the […] | |||
|
2020-01-09 10:05:31 | Ransomware manages to find its way into enterprise networks (lien direct) | Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming language, with an unusually high level of obfuscation. It was discovered by researchers at MalwareHunterTeam; analyzed […] | Ransomware Threat | ||
|
2020-01-09 10:03:58 | Google Play has exploited Android bug which delivers spyware (lien direct) | Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android (CVE-2019-2215) to install the app aimed at spying on users. The existence of CVE-2019-2215 was discovered in late 2019 when it was spotted being exploited in the wild. Researchers with Google's Threat Analysis Group and […] | Threat | ||
|
2020-01-09 10:02:19 | National oil company hit by new Iranian data wiper (lien direct) | Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain’s national oil company, ZDNet has learned from multiple sources. The incident took place on December 29. The attack did not have the long-lasting effect hackers might have wanted, as only a portion of Bapco’s computer fleet was impacted, with […] | Malware | ||
|
2020-01-08 10:12:58 | Warning of Potential Iranian Cyberattacks by DHS (lien direct) | Recent US military action in Baghdad could prompt retaliatory attacks against US organizations, it says. Concerns about an Iranian cyber response to the recent American military strike in Baghdad grew this week with the US Department of Homeland Security urging organizations to be on heightened alert for denial-of-service and other more destructive attacks. Source: Dark […] | |||
|
2020-01-08 10:11:12 | (Déjà vu) Minnesota Hospital Breach Exposes Medical Info of Roughly 50K (lien direct) | The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health. Alomere Health is a community-owned and non-profit general medical and surgical hospital with 127 beds that has been twice named as one of the Top 100 Hospitals by Thompson Reuters. Source: Bleeping Computer | |||
|
2020-01-08 10:09:53 | Deepfakes banned by Facebook but not all altered content (lien direct) | Facebook is rolling out a new set of rules aimed at curbing the spread of manipulated media as the specter of highly convincing deepfake videos looms large over not only the US presidential elections. An announcement by the platform's vice president of global policy management Monika Bickert reveals that Facebook is deploying a multi-pronged approach to deal […] | |||
|
2020-01-08 10:07:46 | Travelex suffers ransomware attack and results to pen and paper (lien direct) | Police are investigating hackers holding Travelex’s computers for ransom, forcing the company’s staff to resort to using pen and paper to record transactions. The firm initially said it had discovered the attack on New Year’s Day and immediately took its systems down, with its early investigations suggesting that no personal or customer data has been compromised. Source: […] | Ransomware | ||
|
2020-01-08 10:05:39 | (Déjà vu) Iran Cyberattack Scare exploited by Microsoft Phishing Scam (lien direct) | An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials. With the rising escalations between the United States and Iran, the U.S. government has been issuing warnings about possible cyberattacks by Iran and potential attacks on critical U.S. […] | |||
|
2020-01-07 15:36:03 | 2020 in cyber: The view from the security frontline (lien direct) | By John Conwell, data scientist at DomainTools The security industry is in constant flux. As attackers move the goal posts in order to further their own nefarious aims, the security industry scrambles to keep up. As we approach the beginning of a brand-new year, and a brand-new decade, I have outlined some areas where I […] | |||
|
2020-01-07 10:03:53 | US Government Publishing Office Website attack (lien direct) | The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran. An obscure US federal website was attacked and vandalized on January 4, resulting in the site being taken down for more than 24 hours. Source: Dark Reading | |||
|
2020-01-07 10:00:32 | (Déjà vu) InfoTrax Breached 20+ Times (lien direct) | The Federal Trade Commission (FTC) finalized a settlement with a Utah-based tech company that got hacked and had the personal info of over a million clients stolen following a series of more than 20 undetected network intrusions. InfoTrax Systems, a provider of back-end operations systems and online distributor of MLM software for the Direct Sales […] | |||
|
2020-01-07 09:59:40 | (Déjà vu) Austria Unprepared After Cyberattack on Foreign Ministry Says MP (lien direct) | The Austrian State Department’s IT systems were under a ‘serious attack’ suspected to be carried out by a state-backed threat group according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI). “A coordination committee has been set up on the basis of the Network and Information System Security Act, […] | Threat | ||
|
2020-01-07 09:58:24 | Pro-Iran Messages sent by Hackers Deface U.S. Gov (lien direct) | A U.S. government website was vandalized late Saturday by hackers who posted images of a bloodied President Donald Trump being punched in the face and pro-Iran messages. The defaced website was the Federal Depository Library Program (FDLP) website, which makes U.S. federal government publications available to the public for free. The hackers, who struck as tensions between the […] | |||
|
2020-01-07 09:57:04 | ToTok has Returned to Google Play Despite Claims being a \'Spy Tool\' (lien direct) | The communications app faces continued backlash after a New York Times report said it was used as a government spying tool. Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due to claims that it was being used for government espionage. Source: Threat Post | Threat | ||
|
2020-01-06 09:58:36 | Iran retaliation may include cyberattacks warns DHS (lien direct) | Although it stressed there is no evidence of a specific credible threat to the U.S. after the killing Iranian General Qasem Soleimani, the Department of Homeland Security Saturday issued a National Terrorism Advisory System Bulletin warning of retaliation, including cyberattacks. Source: SC Magazine | Threat | ||
|
2020-01-06 09:57:53 | Ongoing cyberattack State actors may be behind Austria\'s foreign ministry (lien direct) | An ongoing and “serious cyberattack” at Austria's foreign ministry could be the work of nation-state actors, the country's government said. The ministry has set up a “coordination committee” to respond to the attack, which started as the country's Greens party okayed an alliance with conservatives. Source: SC Magazine | |||
|
2020-01-06 09:55:33 | AI developed in robots to detect harassment in emails (lien direct) | Artificial intelligence programmers are developing bots that can identify digital bullying and sexual harassment. Known as “#MeTooBots” after the high-profile movement that arose after allegations against the Hollywood producer Harvey Weinstein, the bots can monitor and flag communications between colleagues and are being introduced by companies around the world. Source: The Guardian | |||
|
2020-01-06 09:54:05 | Japanese sex hotels search engine announces security breach (lien direct) | HappyHotel.jp is a website that operates similarly to Booking.com, but lets registered users search and book rooms in love hotels across Japan. In a message posted on its website, Almex, the company behind the service, said it detected unauthorized access to its servers on December 22, last year. The security incident is as bad as it gets, and […] | |||
|
2020-01-06 09:53:00 | Email scammers angle for cash by attacking London veterans group (lien direct) | A London regimental association is on alert after email scammers posing as the group's president tried to fool veterans into sending cash. The First Hussars Association, representing about 140 retired members of the London-based regiment, saw its members targeted by two fraudulent emails in a week, president Lt.-Col. Joe Murray said. Source: The Sudbury Star | |||
|
2020-01-03 16:42:06 | Cybersecurity Predictions for 2020: What Do Experts Think? (lien direct) | Tim Mackey, Principal Security Strategist for the Synopsys CyRC (Cybersecurity Research Centre): Politicians, be weary of digital assistants Cyber-attacks on 2020 candidates will become more brazen. While attacks on campaign websites have already occurred in past election cycles, targeted attacks on a candidate's digital identity and personal devices will mount. With digital assistants operating in […] | |||
|
2020-01-03 10:42:12 | Poloniex Forces Password Reset After Data Leak Found Online (lien direct) | The Poloniex cryptocurrency trading platform has reset some of their user’s passwords after a list of alleged username and password combinations was found circulating on Twitter. On December 30th, 2019, users began receiving an email from Poloniex stating that their user name and password for the trading site may have been included in a data leak circulating on Twitter. | |||
|
2020-01-03 10:40:14 | Microsoft helps shutter domains run by North Korean cybergang Thallium (lien direct) | A U.S. district court issued an order enabling Microsoft to take over 50 domains used by a North Korea-based cybercrime gang to conduct spear phishing campaigns. Microsoft's Digital Crimes Unit and the Microsoft Threat Intelligence Center took down the domains controlled by a group it named Thallium after researching the malicious actors activity and filing […] | Threat Cloud | APT 37 | |
|
2020-01-03 10:37:24 | US Army Bans TikTok Over China Security Concerns (lien direct) | The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows. With backlash swelling around TikTok's relationship with China, the United States Army this week announced that U.S. soldiers can no longer have the social media app on government-owned phones. TikTok, a social media app used […] | |||
|
2020-01-03 10:34:23 | Python 2.7 Reaches End of Life After 20 Years of Development (lien direct) | As of January 1st, 2020, Python 2.7 has officially reached the end of life and will no longer receive security updates, bug fixes, or other improvements going forward. Released in 2000, Python 2.7 has been used by developers, administrators, and security professionals for 20 years. While Python 3 was released in 2006, due to the number […] | |||
|
2020-01-03 10:30:36 | Ransomware Attack on Maritime Facility Results in Coast Guard Warning (lien direct) | The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The ransomware program, identified as Ryuk, was delivered via a phishing email containing a malicious link […] | Ransomware | ||
|
2020-01-02 11:52:55 | Security Awareness Training Company KnowBe4 Enters 2020 with Record Growth (lien direct) | KnowBe4, the company that provides the world's largest security awareness training and simulated phishing platform, today announced a massive year-over-year sales increase with another record-breaking quarter. In the fourth quarter of 2019, KnowBe4 reached 54% growth over Q4 2018, increasing customer accounts to well over 30,000. The 27th consecutive quarter of hyper-growth has been driven […] | |||
|
2020-01-02 10:09:07 | Starbucks Devs Leave API Key in GitHub Public Repo (lien direct) | One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The severity rating of the vulnerability was set to critical as the key allowed access to a Starbucks JumpCloud API. Source: Bleeping Computer | Vulnerability | ||
|
2020-01-02 10:07:01 | (Déjà vu) Sextortion Email Scammers are Trying Out New Tactics to Circumnavigate Spam Filter (lien direct) | Sextortion scammers have started to utilize new tactics to bypass spam filters and secure email gateways so that their scam emails are delivered to their intended recipients. Sextortion scams are emails that pretend to be from an attacker who has hacked your PC and installed malware that can monitor what sites you visit and create […] | Spam Malware | ||
|
2020-01-02 10:03:51 | Active Network, A School Software Vendor, Suffers Data Breach (lien direct) | Active Network's Blue Bear Software platform reported that unauthorized activity in its network earlier this year resulted in customer PII being exposed. The company reported the issue to the California Attorney General's office stating it recently became aware that between Oct. 1, 2019 and Nov. 13, 2019 there was illegal activity taking place on its Blue Bear […] | Data Breach | ||
|
2020-01-02 10:01:29 | IoT Company Wyze Suffered a Leak of 2.4m Emails and Device Data (lien direct) | An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers. Wyze makes smart home cameras and connected devices like connected bulbs and plugs, which can be integrated with smart home assistants like Amazon Alexa and Google Assistant. The database, which was […] | |||
|
2019-12-20 19:00:17 | 267 million Facebook user IDs and phone numbers exposed in unencrypted database (lien direct) | More than 267 million records pertaining to Facebook users have been exposed on an unsecured database that can be easily accessed by anyone with an internet connection. The report comes from tech company, Comparitech, who partnered with researcher Bob Diachenko What was leaked? In total 267,140,436 records were exposed, with the majority of affected users […] | |||
|
2019-12-20 10:36:36 | Fileless Malware Attacks used to Breach Windows Remote Desktop Service (lien direct) | Threat actors breaching company networks are deploying a cornucopia of malware over the remote desktop protocol (RDP), without leaving a trace on target hosts. Cryptocurrency miners, info-stealers, and ransomware are executed in RAM using a remote connection, which also serves for exfiltrating useful information from compromised machines. Source: Bleeping Computer | Ransomware Malware | ||
|
2019-12-20 10:34:59 | Scammers are Using the New Star Wars Film to Mask Viruses (lien direct) | Phishers are using “black SEO” to lure users in to malicious downloads masquerading as the latest Star Wars movie. Whenever the internet lights up in anticipation of anything, there are fraudsters and scammers waiting in the wings to take advantage of it. This week's premiere of Star Wars: The Rise of Skywalker is no exception, […] | |||
|
2019-12-20 10:32:05 | Vivaldi Can Now Impersonate Google Chrome to Avoid Detection (lien direct) | With today’s release of the new Vivaldi 2.10, the browser will impersonate Google Chrome when visiting certain sites. It does this to prevent the browser from being blocked based on its user agent. Even though Vivaldi is a Chromium-based browser and should be supported at every site that supports Chrome, many sites will block the […] | |||
|
2019-12-20 10:30:15 | Emotet Malware Uses Greta Thunberg Demonstration Invites as Decoy (lien direct) | Emotet has started a new spam campaign that is banking off the popularity of environmental activist Greta Thunberg and her dedication to the climate movement. Unsuspecting users who think they are getting info about an upcoming “climate crisis” demonstration, will instead find that they have become infected with Emotet and other malware. Source: Bleeping […] | Spam Malware | ★★ | |
|
2019-12-20 10:25:24 | Open Database on Dark Web Exposes Info of 267 Million Facebook Users (lien direct) | An unsecured database on the dark web left the personal information of more than 267 million Facebook users, mostly in the U.S., exposed. Although the database, discovered by security researcher Bob Diachenko and Comparitech and traced to Vietnam, is now inaccessible, it laid bare names, phone numbers, timestamps and Facebook IDs and that information also […] | ★★★ | ||
|
2019-12-19 09:57:46 | (Déjà vu) Attackers fake being German Authorities to Distribute Emotet Malware (lien direct) | An active malspam campaign is distributing Emotet banking Trojan payloads via emails camouflaged to look like messages delivered by several German federal authorities warns the BSI, Germany’s federal cybersecurity agency. Source: Bleeping Computer | Malware | ||
|
2019-12-19 09:51:45 | Maze Ransomware hits Canadian Insurance Firm (lien direct) | An insurance and financial services company based out of Manitoba, Canada is the latest victim of the Maze Ransomware with allegedly 245 computers encrypted during a cyberattack in October. The victim, Andrew Agencies. is a full-service insurance company with 125 employees and 18 locations based out of Manitoba, Saskatchewan, and Alberta, Canada. Source: Bleeping Computer | Ransomware | ||
|
2019-12-19 09:49:53 | Millions of child-tracking smartwatches expose Cloud flaw (lien direct) | Parents buy their children GPS-enabled smartwatches to keep track of them, but security flaws mean they're not the only ones who can. This year alone, researchers have found several vulnerabilities in a number of child-tracking smartwatches. But new findings out today show that nearly all were harboring a far greater, more damaging flaw in a common shared cloud […] | |||
|
2019-12-19 09:48:35 | (Déjà vu) 26,000 North American Customers Records Exposed by Honda (lien direct) | Automotive giant Honda exposed roughly 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers after misconfiguring an Elasticsearch cluster on October 21, 2019. Honda’s security team in Japan promptly secured the publicly accessible server within just a few hours after being contacted by Security Discovery researcher Bob Diachenko on December 12. Source: Bleeping Computer | |||
|
2019-12-18 10:19:03 | (Déjà vu) Cyber-Espionage Campaign Targets 100s of Companies (lien direct) | Hundreds of industrial companies are currently the targets of cyber-espionage activity from an advanced threat actor. The adversary uses a new version of an older info-stealer to extract sensitive data and files. The attacker uses spear-phishing emails with malicious attachments often disguised as PDF files. Separ is the malware of choice, which steals login data […] | Malware Threat | ||
|
2019-12-18 10:17:56 | (Déjà vu) Vulnerable Windows PCs identified with New BlueKeep Scanner (lien direct) | A new scanning tool is now available for checking if your computer is vulnerable to the BlueKeep security issue in Windows Remote Desktop Services. Despite Microsoft rolling out a patch in mid-May, there are tens of thousands of devices exposing a Remote Desktop Protocol (RDP) service to the public internet. Source: Bleeping Computer | Tool | ||
|
2019-12-18 10:16:17 | (Déjà vu) Over 1,000 U.S. Schools in 2019 hit by Ransomware attack (lien direct) | Since January, 1,039 schools across the U.S. have been potentially hit by a ransomware attack after 72 school districts and/or educational institutions have publicly reported being a ransomware victim according to a report from security solutions provider Armor. Source: Bleeping Computer | Ransomware | ||
|
2019-12-18 10:15:06 | 38,000 people will get a new password this week by standing in line (lien direct) | A non-standard and somewhat weird password reset operation is currently underway at a German university, where more than 38,000 students and staff were asked this week to stand in line with their ID card and a piece of paper to receive new passwords for their email accounts. All of this is going on at the […] | |||
|
2019-12-18 10:13:28 | (Déjà vu) Patient Records of 15 Million People Exposed (lien direct) | A cyberattack against LifeLabs exposed personal information on patients in Ontario and British Columbia. A cyberattack against LifeLabs, Canada’s largest medical testing provider, left personal information of more than 15 million individuals exposed before the company paid a ransom to retrieve the data. According to a letter sent to customers, the names, addresses, email addresses, customer […] |
To see everything:
Our RSS (filtrered)
