Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-12-08 20:35:11 |
Divers Pull Rare Surviving WWII Enigma Cipher Machine from Bottom of the Baltic (lien direct) |
This sealogged Nazi machine will undergo restoration. |
|
|
|
|
2020-12-08 20:23:30 |
Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays (lien direct) |
Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020. |
|
|
|
|
2020-12-08 20:03:49 |
Apple Manufacturer Foxconn Confirms Cyberattack (lien direct) |
Manufacturing powerhouse confirmed North American operations impacted by November cyberattack. |
|
|
|
|
2020-12-08 19:00:16 |
The Remote-Work Transition Shifts Demand for Cyber Skills (lien direct) |
According to Cyberseek, an interactive mapping tool that tracks the current state of the security job market, there are more than half a million open cybersecurity positions available in the U.S. alone (522,000). |
Tool
|
|
|
|
2020-12-08 17:00:44 |
Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution (lien direct) |
A CISA alert is flagging a critical default credentials issue that affects 100+ types of devices found in hospitals, from MRI machines to surgical imaging. |
|
|
|
|
2020-12-08 16:36:45 |
Adobe Warns Windows, macOS Users of Critical-Severity Flaws (lien direct) |
Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom. |
|
|
★★★
|
|
2020-12-08 13:54:41 |
Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users (lien direct) |
It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure. |
|
|
|
|
2020-12-08 11:00:53 |
\'Amnesia:33\' TCP/IP Flaws Affect Millions of IoT Devices (lien direct) |
A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns. |
|
|
|
|
2020-12-07 22:06:34 |
NSA Warns: Patched VMware Bug Under Active Attack (lien direct) |
Feds are warning that adversaries are exploiting a weeks-old bug in VMware's Workspace One Access and VMware Identity Manager products. |
|
|
|
|
2020-12-07 21:30:02 |
Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping (lien direct) |
The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more. |
Malware
|
|
|
|
2020-12-07 20:38:09 |
Europol Warns COVID-19 Vaccine Rollout Vulnerable to Fraud, Theft (lien direct) |
With the promise of a widely available COVID-19 vaccine on the horizon, Europol, the European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity. The agency joins a chorus of security professionals that have concerns about widespread attacks on the COVID-19 vaccine rollout. The warning comes after Europol discovered […] |
|
|
|
|
2020-12-07 20:01:47 |
\'Free\' Cyberpunk 2077 Downloads Lead to Data Harvesting (lien direct) |
The hotly anticipated game -- featuring a digital Keanu Reeves as a major character -- is being used as a lure for cyberattacks. |
|
|
|
|
2020-12-07 17:19:24 |
Insider Report: Healthcare Security Woes Balloon in COVID-Era (lien direct) |
As hackers put a bullseye on healthcare, Threatpost spotlights how hospitals, researchers and patients have been affected and how the sector is bolstering their cyber defenses. |
|
|
|
|
2020-12-07 17:16:59 |
Chinese Breakthrough in Quantum Computing a Warning for Security Teams (lien direct) |
China joins Google in claiming quantum supremacy with new technology, ratcheting up RSA decryption concerns. |
|
|
|
|
2020-12-07 17:03:20 |
Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times (lien direct) |
In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive. Lost in the chaos was IT security. |
|
|
|
|
2020-12-07 16:15:48 |
QNAP High-Severity Flaws Plague NAS Systems (lien direct) |
The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. |
|
|
|
|
2020-12-07 14:18:43 |
RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report (lien direct) |
The group published files stolen from the Brazilian aircraft manufacturer in a ransomware attack last month. |
Ransomware
|
|
|
|
2020-12-04 21:33:42 |
Making Sense of the Security Sensor Landscape (lien direct) |
Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors. |
|
|
|
|
2020-12-04 20:40:45 |
High-Severity Chrome Bugs Allow Browser Hacks (lien direct) |
Desktop versions of the browser received a total of eight fixes, half rated high-severity. |
|
|
|
|
2020-12-04 19:23:35 |
Novel Online Shopping Malware Hides in Social-Media Buttons (lien direct) |
The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. |
Malware
|
|
|
|
2020-12-04 15:31:15 |
VMware Rolls a Fix for Formerly Critical Zero-Day Bug (lien direct) |
VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important." |
Vulnerability
|
|
|
|
2020-12-04 14:25:55 |
Vancouver Metro Disrupted by Egregor Ransomware (lien direct) |
The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week. |
Ransomware
Threat
|
|
|
|
2020-12-03 22:04:33 |
Kmart Latest Victim of Egregor Ransomware – Report (lien direct) |
The struggling retailer's back-end services have been impacted, according to a report, just in time for the holidays. |
Ransomware
|
|
★★★★★
|
|
2020-12-03 18:58:57 |
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions (lien direct) |
A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices. |
|
|
|
|
2020-12-03 17:20:02 |
DeathStalker APT Spices Things Up with PowerPepper Malware (lien direct) |
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation. |
Malware
|
|
|
|
2020-12-03 17:00:26 |
Reverse Engineering Tools: Evaluating the True Cost (lien direct) |
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears. |
|
|
|
|
2020-12-03 15:47:40 |
Cyberattacks Target COVID-19 Vaccine \'Cold-Chain\' Orgs (lien direct) |
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort. |
|
|
|
|
2020-12-03 15:18:52 |
As Modern Mobile Enables Remote Work, It Also Demands Security (lien direct) |
Lookout's Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working. |
|
|
|
|
2020-12-03 14:27:32 |
Clop Gang Makes Off with 2M Credit Cards from E-Land (lien direct) |
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailer's stores. |
Ransomware
|
|
|
|
2020-12-03 14:00:41 |
Code42 Incydr Series: Honing in on High-Risk Users with Code42 Incydr (lien direct) |
Incydr lets you monitor your high-risk users without impeding their ongoing work. |
|
|
|
|
2020-12-03 11:00:10 |
Google Play Apps Remain Vulnerable to High-Severity Flaw (lien direct) |
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Cisco Teams and Edge. |
|
|
|
|
2020-12-02 21:38:55 |
Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks (lien direct) |
Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump. |
|
|
|
|
2020-12-02 21:21:55 |
Think-Tanks Under Attack by Foreign APTs, CISA Warns (lien direct) |
The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors. |
Malware
|
|
|
|
2020-12-02 20:17:34 |
Xerox DocuShare Bugs Allowed Data Leaks (lien direct) |
CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes. |
Guideline
|
|
|
|
2020-12-02 18:06:30 |
Turla\'s \'Crutch\' Backdoor Leverages Dropbox in Espionage Attacks (lien direct) |
In a recent cyberattack against an E.U. country's Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents. |
|
|
|
|
2020-12-02 17:09:09 |
Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data (lien direct) |
The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year. |
|
|
|
|
2020-12-02 15:44:59 |
Microsoft Revamps \'Invasive\' M365 Feature After Privacy Backlash (lien direct) |
The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts. |
Tool
|
|
|
|
2020-12-02 14:00:19 |
DNS Filtering: A Top Battle Front Against Malware and Phishing (lien direct) |
Peter Lowe with DNSFilter discusses the science behind domain name system (DNS) filtering and how this method is effective in blocking out phishing and malware. |
Malware
|
|
|
|
2020-12-02 13:52:19 |
iPhone Bug Allowed for Complete Device Takeover Over the Air (lien direct) |
Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May. |
|
|
|
|
2020-12-01 21:28:45 |
Android Messenger App Still Leaking Photos, Videos (lien direct) |
The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers. |
|
|
★★
|
|
2020-12-01 19:35:50 |
Cayman Islands Bank Records Exposed in Open Azure Blob (lien direct) |
An offshore Cayman Islands bank's backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs. |
|
|
|
|
2020-12-01 17:06:11 |
Zoom Impersonation Attacks Aim to Steal Credentials (lien direct) |
The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account. |
|
|
|
|
2020-12-01 16:57:07 |
Electronic Medical Records Cracked Open by OpenClinic Bugs (lien direct) |
Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more. |
|
|
|
|
2020-12-01 13:18:34 |
Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout (lien direct) |
New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data. |
|
|
|
|
2020-11-30 21:25:27 |
Post-Cyberattack, UVM Health Network Still Picking Up Pieces (lien direct) |
More than a month after the cyberattack first hit, the UVM health network is still grappling with delayed payment processing and other issues. |
|
|
|
|
2020-11-30 21:19:50 |
Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom Demand (lien direct) |
The ransomware group has leaked stolen data to add pressure on the company to pay up. |
Ransomware
|
|
|
|
2020-11-30 19:39:24 |
Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign (lien direct) |
A strain of the 13-year old backdoor Bandook trojan has been spotted in an espionage campaign. |
|
|
|
|
2020-11-30 17:52:50 |
MacOS Users Targeted By OceanLotus Backdoor (lien direct) |
The new backdoor comes with multiple payloads and new detection evasion tactics. |
|
APT 32
|
|
|
2020-11-30 17:46:24 |
Pandemic, A Driving Force in 2021 Financial Crime (lien direct) |
Ransomware gangs with zero-days and more players overall will characterize financially motivated cyberattacks next year. |
Ransomware
|
|
|
|
2020-11-28 15:00:10 |
2021 Healthcare Cybersecurity Priorities: Experts Weigh In (lien direct) |
Hackers are putting a bullseye on healthcare. Experts explore why hospitals are being singled out and what any company can do to better protect themselves. |
|
|
|