What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-30 10:40:51 | (Déjà vu) North Korea-Backed Hacking Collective Lazarus Group Suspected to be Behind Recent Harmony Bridge Attack (lien direct) | The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge. Last week Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached. The incident involved the exploiter carrying out multiple transactions on […] | Medical | APT 38 | ★★★★ |
|
2022-06-30 10:14:22 | A conversation with Andrew Clarke, Global Head of Channel and Strategic Alliances at One Identity (lien direct) | The COVID-19 pandemic and ensuing work-from-home revolution has thrust identity management to the top of corporate agendas. As such, security professionals can no longer be satisfied with securing their perimeters, they now have to account for countless employees, devices and identities – all operating off site. One Identity recognised the paradigm shift early. Already an […] | ★★ | ||
|
2022-06-30 10:11:38 | (Déjà vu) Walmart Denies Being Hit by Yanlouwang Ransomware Attack (lien direct) | The American retailer Walmart has denied being hit with a ransomware attack by the Yanlouwang gang after hackers claimed to encrypt thousands of computers. According to BleepingComputer, Walmart said that their “Information Security team is monitoring our systems 24/7,” and believe the claims to be inaccurate. “We believe this claim is inaccurate and are not […] | Ransomware | ||
|
2022-06-30 09:54:39 | (Déjà vu) YTStealer Malware Found to Steal Accounts From Creators (lien direct) | YTStealer, a new information-stealing malware, is targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels. Focusing on one goal has given YTStealer’s authors the capacity to make its token-stealing operation very effective, according to a report published earlier this week by Intezer. Most of its distribution uses lures impersonating […] | Malware | ★★★★★ | |
|
2022-06-30 09:09:48 | Cybersecurity leaders are anticipating mass resignations within the year (lien direct) | A new survey from Bridewell, a cybersecurity services company, found that 95% of respondents are experiencing factors that would make them likely to leave in the next 12 months. Of the 521 critical national infrastructure decision makers who were surveyed, 40% said stress could push them to leave their job with the next year. These […] | |||
|
2022-06-29 13:05:43 | European Cybersecurity Blogger Awards 2022 Winners Announced (lien direct) | Hosted by Eskenzi PR and sponsored by KnowBe4 and Qualys, the European Cybersecurity Blogger Awards has announced this year's winners and runners-up. The awards returned as an in-person event on the first evening of Infosecurity Europe (21st of June 2022) at Tapa Tapa restaurant right next to ExCel, following a two-year virtual hiatus over the […] | |||
|
2022-06-29 12:11:21 | The Top Mobile Security Threats of 2022 (lien direct) | Whether you are ordering food online, booking a doctor’s appointment, or checking your balance, you are doing it through your phone. For many years we believed that we had a valid reason to trust our phone with sensitive information. Today, we have to acknowledge that this isn’t completely true and examine the risks inherent in […] | Threat | ||
|
2022-06-29 10:47:40 | (Déjà vu) Evilnum Hackers Return With New Activity Targeting International Migration Campaigns (lien direct) | The Evilnum hacking group have been targeting European organisations that are involved in international migration, showing renewed signs of malicious activity within the group. Evilnum is an advanced persistent threat (APT) that has been active since at least 2019 and had its campaign and tools exposed in 2020. In 2020, ESET published a technical report […] | Tool Threat | ||
|
2022-06-29 10:07:08 | Appointment of four new executives ignites Illusive\'s international expansion (lien direct) | Today, Illusive has announced the appointment of four new executive hires since the launch of Illusive SpotlightTM, which has driven great interest and adoption of the solution. Illusive has appointed Kristen Twining as VP of Sales – Americas, and Carlos Ferro as VP of Sales – EMEA and APAC to support the company's rapid sales […] | |||
|
2022-06-29 08:34:53 | The Human Side of Cybersecurity – KnowBe4 (lien direct) | Javvad Malik is the Lead Security Awareness Advocate of KnowBe4 which provides a security awareness training for the millions of employees of their combined 50,000 organizational customers worldwide. “We focus on the human side of security as opposed to the technology side that most other people focus on, because the technology can be brilliant, but […] | Guideline | ★★ | |
|
2022-06-28 15:57:17 | 5 Cyber Security Tips for Smart Buildings (lien direct) | In the recent past, there have been a lot of stories of companies succumbing to IT cybersecurity threats. Property owners are incorporating and relying on smart building technologies more and more, and it has become even more important to think about cyberthreat prevention. It can seem like a daunting task to identify and eliminate vulnerabilities. […] | |||
|
2022-06-28 13:18:04 | Cybersecurity is complex – but it doesn\'t need to be costly or complicated (lien direct) | The pandemic tested the business resilience of every organisation. Small and medium sized enterprises (SMEs) had to maximise their digital footprint to keep operational, service their customers and survive. Just as companies are starting to return to some semblance of new normal, another threat is on the horizon. The pandemic has fuelled an increase in […] | Threat | ||
|
2022-06-28 10:53:00 | Cyber Insurance: The Good, the Bad, and the Ugly (lien direct) | The past decade has seen cybersecurity barge its way into the mainstream. A meteoric rise in attack rates during COVID-19, major incidents such as the Colonial Pipeline attack, and an increasingly tense geopolitical landscape have all contributed to cybersecurity's current position at the top of global news feeds. As cybercrime infects every facet of our […] | |||
|
2022-06-28 09:29:28 | $100m Stolen from California Based Cryptocurrency Firm by Unidentified Hackers (lien direct) | An unidentified hacker group has stolen more than $100million from Californian cryptocurrency firm Harmony. Last Thursday, the company made the announcement via Twitter. They said that they had identified a theft occurring on the Horizon bridge amounting to approximately $100m. The first Tweet reads, “we have begun working with national authorities and forensic specialists to identify […] | |||
|
2022-06-28 09:13:17 | Cybersecurity Experts Warn of Emerging Threat of “Black Basta” Ransomware (lien direct) | The ransomware-as-a-service (RaaS) Black Basta has struck 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the cybersecurity landscape. The speed at which it has accumulated victims in such a short time frame has made it a prominent new threat for the cybersecurity of governments […] | Ransomware Threat | ||
|
2022-06-28 09:13:15 | Global Police Operation Cracks Down on Widespread Criminal Activity (lien direct) | Police from South America and Europe have teamed up to take action against an organised crime group involved in human trafficking for sexual exploitation. Between the 20th and 23rd June, the police swooped on 14 locations, arrested 10 and interviewed eight victims. Among the items seized in the searches were vehicles, hard drives, electronic equipment, […] | |||
|
2022-06-24 12:39:47 | A conversation with Jim Dolce, CEO of Lookout (lien direct) | Jim is a veteran of cybersecurity. He has founded four successful companies, held senior positions at both Juniper and Akamai technologies, and now serves as CEO of Lookout. Lookout was founded in 2007 as an endpoint security service, but the acquisition of CipherCloud in March of 2021 marked the beginning of the company's expansion into […] | ★★★★★ | ||
|
2022-06-23 11:44:47 | Biden signs cyber bills into law (lien direct) | On Tuesday President Biden signed two pieces of legislation into law which were aimed at enhancing the cybersecurity capabilities of federal, state and local governments. The signing was preceded by an earlier law which increased the ability of the federal government to collect data about cyberattacks. These laws are a direct response to the marked […] | ★★★★ | ||
|
2022-06-23 10:55:09 | (Déjà vu) Microsoft Office 365 Feature Could Help Ransomware Attackers Infiltrate Cloud Files (lien direct) | A “dangerous piece of functionality” has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack allows file-encrypting malware to launch and “encrypt files stored on SharePoint and OneDrive in a way […] | Ransomware Malware | ||
|
2022-06-22 13:58:30 | Ukrainian cybersecurity officials disclose two new hacking campaigns (lien direct) | Cybersecurity officials from the Computer Emergency Response Team of Ukraine (CERT-UA) exposed two new hacking campaigns against targets there this week. One utilized a phony tax collection document purportedly sent by the national tax agency and the other using a malicious document that discussed the threat of nuclear attack from Russia. The officials warned that […] | Threat | ||
|
2022-06-22 10:31:08 | (Déjà vu) New Phishing Attack Infects Devices With Cobalt Strike (lien direct) | Security researchers have discovered a new malicious spam campaign that delivers the ‘Matanbuchus’ malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads. First spotted in February 2021 in advertisements on the dark web, […] | Spam Malware Threat | ||
|
2022-06-21 11:13:30 | (Déjà vu) UK Government Proposes New Post-Brexit Data Laws (lien direct) | The UK government has proposed new data laws that are designed to boost economic growth and innovation, in addition to clamp down on nuisance calls and minimise cookie pop-ups online. The Data Reform Bill, published after a consultation period, is designed to update the UK’s existing data rules, post Brexit. It is designed to unlock […] | |||
|
2022-06-21 10:36:05 | Cato SASE Cloud Updated to Allow for Network-based Security (lien direct) | Cato Networks, a Tel-Aviv based network security company, announced on Tuesday that it was going to be adding network-based capabilities to their Cato SASE cloud product. The Cato SASE Cloud (secure access service edge) was born out of the explosion of remote users and Software as a Service (SaaS) applications. From this came a need […] | |||
|
2022-06-21 10:31:50 | (Déjà vu) Google Chrome Extentions Can Be Fingerprinted to Track Users Digitally (lien direct) | A researcher has created a website that uses your installed Google Chrome extensions to generate a fingerprint (or tracking hash) of your device that can be used to track you digitally. Digital fingerprints can be used based on various characteristics of a device connecting to a website, including GPU performance, installed Windows applications, hardware configuration, […] | |||
|
2022-06-21 08:58:07 | Lookout Discovers Android Spyware Deployed in Kazakhstan (lien direct) | Lookout has announced the discovery of an enterprise-grade Android surveillanceware currently used by the government of Kazakhstan within its borders. Lookout researchers also found evidence of deployment of the spyware – which Lookout researchers have named “Hermit” – in Italy and in northeastern Syria. Hermit is likely developed by Italian spyware vendor RCS Lab S.p.A. […] | Cloud | APT 37 | |
|
2022-06-20 10:28:47 | German Green Party\'s Emails Compromised by Hackers (lien direct) | A German Green Party spokesperson told POLITICO that email accounts belonging to the party had been compromised in a cybersecurity incident. Omid Nouripour and Ricarda Lang, the party’s co-leaders, were among the hacking victims, in which some messages were forwarded to external servers. Additionally, German magazine Der Spiegel reported Thursday that the attack also affected […] | Guideline | ||
|
2022-06-20 09:33:21 | WordPress Update Millions of Sites to patch a Critical Vulnerability Affecting the Ninja Forms Plugin (lien direct) | Content management system (CMS) provider WordPress has forcibly updated over a million sites in order to patch a critical vulnerability affecting the Ninja Forms plugin. The Wordfence threat intelligence team spotted the flaw in June and documented it in an advisory by the company on Thursday. The document said that the code injection vulnerability made […] | Vulnerability Threat | ||
|
2022-06-20 09:16:31 | (Déjà vu) US Man Sentenced to Nine Years in Prison After Hacking Thousands of iCloud Accounts (lien direct) | A man from California was sentenced to time in prison on Wednesday after being found guilty of hacking thousands of iCloud accounts, stealing people’s nude images and videos and sharing them with conspirators. Hao Huo Chi acted under the online name of ‘icloudripper4you’. He would have illegally obtained the iCloud account credentials of approximately 4700 […] | |||
|
2022-06-17 10:41:03 | (Déjà vu) Chinese Hackers Exploited Critical Security Vulnerability in Sophos Firewall (lien direct) | A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos’ firewall product that came to public attention earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. Volexity said in a report, “the attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form […] | Vulnerability Threat | ||
|
2022-06-17 10:20:40 | New MaliBot Android Banking Malware Poses as Cryptocurrency Mining App (lien direct) | A new Android banking malware named MaliBot has been discovered by cybersecurity researchers. The malware poses as a cryptocurrency mining app or the Chrome web browser to target users in Spain and Italy. MaliBot focuses on stealing financial information, like e-banking credentials, crypto wallet passwords, and sensitive personal details. It is also capable of snatching […] | Malware | ||
|
2022-06-17 09:23:15 | (Déjà vu) Several Data-Stealing Apps Remain on Google Play Store According to Cybersecurity Researchers (lien direct) | Cybersecurity researchers from Dr. Web claim to have spotted numerous apps on the Google Play Store in May with adware and information-stealing malware built in. According to the report, the most dangerous of these apps features spyware tools capable of stealing information from other apps’ notifications, mainly to capture one-time two-factor authentication (2FA) one-time passwords […] | Malware Tool | ||
|
2022-06-16 10:02:48 | Hackers Exploit Old Telerik Flaws to Deploy Cobalt Strike (lien direct) | ‘Blue Mockingbird’, a threat actor, targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. The attacker leverages the CVE-2019-18935 flaw, a critical severity (CVSS v3.1: 9.8) deserialisation that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. In May 2020, the same […] | Threat Guideline | ||
|
2022-06-16 09:36:25 | Microsoft Patch Fixes Follina Bug (lien direct) | Microsoft issued its last regular patch update round this week, fixing over 50 CVEs, including the malicious zero-day bug “Follina.” Officially named CVE-2022-30190, Follina, as reported last week, is being exploited in the wild by state-backed actors and the operators behind Qakbot, which has links to ransomware groups. It’s a remote code execution (RCE) bug […] | Ransomware | ||
|
2022-06-16 09:17:42 | New Zimbra Bug Allows Data Stealing With No User Interaction (lien direct) | Technical details have emerged about a vulnerability affecting certain versions of the Zimbra email solution that hackers could exploit to steal logins without user interaction or authentication. The security issue is currently being tracked as CVE-2022-27924 and impacts Zimbra releases 8.8x and 9.x for both open-source and commercial versions of the platform. Since the 10th […] | Vulnerability | ||
|
2022-06-15 14:30:50 | Obrela sponsors open-source Commix project (lien direct) | Obrela Security Industries, a security analytics and cyber risk management services, has announced its sponsorship of Commix, an open-source pen-testing tool, to address command injection vulnerabilities. Obrela aims to address the emerging demand for end-to-end security services by offering an ‘umbrella’ of security solutions. George Patsis, CEO, at Obrela Security Industries said that this sponsorship […] | ★★ | ||
|
2022-06-15 13:39:41 | Survey Finds IT Leaders Eager to Eliminate Passwords (lien direct) | The age of the password may soon be over. A survey conducted by Ping Identity and Yubico concluded that leaders of the IT industry have serious issues with the modern password-based security system. 94% of IT leaders have serious issues with user-generated passwords and half of those surveyed believe that passwords are too weak for […] | Guideline | ||
|
2022-06-15 10:41:47 | New Iranian Spear-Phishing Campaign Hijacks Email Conversations (lien direct) | A major new state-backed spear-phishing operation targeting multiple high-ranking Israeli and US officials has been uncovered by security researchers. The campaign has been traced to the Iranian Phosphorus ATP group, according to Check Point. It has targeted former Israeli foreign minister and deputy Prime Minister Tzipi Livni, a former US ambassador to Israel, and a […] | Conference | APT 35 | |
|
2022-06-15 10:23:51 | (Déjà vu) FDNY Building Digital Firewall to Protect Emergency Workers From Cyber Attacks (lien direct) | The New York City Fire Department (FDNY) said it’s aiming to build a digital firewall to protect the city’s emergency workers from cyber-attacks. The request was published in the City Record and called for consultant services “for the development and implementation of protective strategies to address the cyber-threat of doxxing and to provide resiliency for the […] | |||
|
2022-06-15 09:43:21 | Avera Health Data Breach Affects 700 Patients (lien direct) | A news release from Avera Health, a Sioux Falls-based healthcare system, confirms that a data breach in March exposed the sensitive data of 700 patients. Among the stolen information was names, Social Security numbers, phone numbers, addresses, birth dates and email addresses. The healthcare group learned about the data breach on March 25th yet only […] | Data Breach | ||
|
2022-06-15 09:33:58 | Ransomware Gang Develops New Website That Allows Victims To Search For Their Data (lien direct) | BlackCat, the ALPHV ransomware gang, has created a website that allows customers and employees of their victim to check if their data was stolen in an attack. Ransomware gangs typically quietly steal corporate data and harvest everything of value. After they’ve done this, the threat actor starts to encrypt devices. The hackers then, in a […] | Ransomware Threat | ||
|
2022-06-15 09:19:44 | New cybersecurity bill to require mandatory reporting of ransomware, other attacks (lien direct) | The Canadian legislature plans to introduce a bill on June 14th which would make the reporting of cybersecurity breaches mandatory for private-sector organizations. The legislations aims to target the underreporting of ransomware attacks which has proven to be a problem for cybersecurity regulators. According to SecOps report released by Deep Instinct, 38% of surveyed cybersecurity professionals […] | Ransomware | ||
|
2022-06-14 13:18:40 | Searchlight Security appoints Cylance and Blackberry\'s Eric Milam to lead its dark web intelligence product strategy (lien direct) | Searchlight Security appointed Eric Milam as their new Executive Vice President of Product. Milam is a renowned cybersecurity expert who brings deep expertise in threat intelligence and research, a decisive leadership style, and a creative approach to cyber-security problem-solving and solution design. Milam has worked previously as a VP of Research & Intelligence at Blackberry […] | Threat Guideline | ||
|
2022-06-14 10:45:11 | Poll Shows That More Than 40 Million UK Consumers Have Been Targeted by Digital Fraudsters So Far This Year (lien direct) | So far in 2022 more than 40 million UK consumers are thought to have been targeted by digital fraudsters. This is a double-digit increase from the same time last year. In May, Citizens Advice commissioned a poll of over 2000 adults in the UK asking if they had been contacted by scammers since the start […] | |||
|
2022-06-14 10:13:08 | Kaiser Permanente Discloses Data Breach at WA Health Plan, 69K Impacted (lien direct) | On April 5th, Kaiser Permanente discovered and, within an hour, terminated an unauthorized parties’ breach into an employee’s emails from the Kaiser Foundation Health Plan of Washington. Access to these emails exposed the names, dates of service, medical record numbers, and laboratory test result information. Kaiser has so far not found any indication that the […] | Data Breach | ||
|
2022-06-14 09:45:15 | 45% of cybersecurity pros are considering quitting the industry due to stress (lien direct) | The results of the third edition of the annual Voice of SecOPs Report found that 45% of respondents in C-suite and senior cybersecurity roles were considering exiting the industry due to stress and incessant threats from ransomware. 46% of those surveyed knew someone in the past year who left due to stressors. Threats from ransomware […] | Ransomware Threat | ||
|
2022-06-14 09:26:51 | Two Convicted in Major Drugs Bust Discovered by Police on EncroChat (lien direct) | UK law enforcement have shut down one of the country’s largest-ever drugs laboratories, thanks to the takedown of a popular encrypted comms service in 2020. Before police cracked it two years ago, EncroChat was used by tens of thousands of criminals globally. Hundreds of arrests and several convictions have been made as a result. The […] | |||
|
2022-06-14 09:00:41 | Google Engineer Suspended After Claiming AI Became Sentient (lien direct) | An engineer at Google has claimed that the AI system he was working on has became sentient. There is renewed urgency to design ethical codes and regulations for the industry. Blake Lemoine wrote in a blog post over the weekend describing how LaMDA, the chatbot-generating system, that he was working on told him that it […] | ★★★★★ | ||
|
2022-06-13 16:16:26 | API Security: Best Tools and Resources (lien direct) | Every organisation is facing a multitude of security challenges. These range from getting the basics right, like ensuring the correct firewall is in place, to higher-level challenges, such as API security and data privacy. One of the greatest challenges facing organizations these days is a comprehensive approach to API security. With an expanding number […] | Tool | ||
|
2022-06-13 11:20:02 | Russia Reportedly Warns of “Direct Military Clash” if Cyber-Attacks on its Infrastructure Continue (lien direct) | Reportedly, the Russian government has warned the U.S. and its allies that continued cyber-attacks on its infrastructure risks a “direct military clash.” The threats follow reports from last week that Russia’s Ministry of Construction, Housing and Utilities website had been hacked and replaced with a message stating “Glory to Ukraine” on its homepage. A foreign […] | Threat | ||
|
2022-06-13 10:39:20 | Large Numbers of Extortion Emails Blocked Daily (lien direct) | Security researchers warn users that they block millions of extortion scam emails each day. On average one million extortion emails are blocked every 24 hours, according to Proofpoint. On high volume days two million emails are blocked. They usually come in the form of sextortion, whereby the attacker claims to have a webcam video of […] |
To see everything:
Our RSS (filtrered)
