Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-11-16 18:23:36 |
Hacked Security Software Used in Novel South Korean Supply-Chain Attack (lien direct) |
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea. |
Medical
|
APT 38
|
|
|
2020-11-16 16:53:53 |
Exposed Database Reveals 100K+ Compromised Facebook Accounts (lien direct) |
Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others. |
|
|
|
|
2020-11-16 13:00:59 |
Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut (lien direct) |
A report on the underground economy finds that malicious actors are offering cloud-based troves of stolen data, accessible with handy tools to slice and dice what's on offer. |
|
|
★★★
|
|
2020-11-14 14:00:40 |
Scams Ramp Up Ahead of Black Friday Cybercriminal Craze (lien direct) |
With more online shoppers this year due to COVID-19, cybercriminals are pulling the trigger on new scams ahead of Black Friday and Cyber Monday. |
|
|
|
|
2020-11-13 19:05:25 |
Amazon Sues Instagram, TikTok Influencers Over Knockoff Scam (lien direct) |
'Order This, Get This': Social-media influencers are in Amazon's legal crosshairs for promoting generic Amazon listings with the promise to get prohibited counterfeit luxury items instead. |
|
|
|
|
2020-11-13 18:22:11 |
Botnet Attackers Turn to Vulnerable IoT Devices (lien direct) |
Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks. |
|
|
|
|
2020-11-13 18:11:09 |
Nation-State Attackers Actively Target COVID-19 Vaccine-Makers (lien direct) |
Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. |
|
|
|
|
2020-11-13 18:10:58 |
2020 Reader Survey: Share Your Feedback to Help Us Improve (lien direct) |
|
|
|
|
|
2020-11-13 17:04:48 |
Ticketmaster Scores Hefty Fine Over 2018 Data Breach (lien direct) |
The events giant faces a GDPR-related penalty in the U.K., and more could follow. |
Data Breach
|
|
|
|
2020-11-13 16:07:30 |
(Déjà vu) Credential-Stuffing Attack Hits The North Face (lien direct) |
The North Face has reset an undisclosed number of customer accounts after detecting a credential-stuffing attack on its website. |
|
|
|
|
2020-11-13 12:54:20 |
Report: CISA Chief Expects White House to Fire Him (lien direct) |
Chris Krebs, the first and current director of the CISA, said his protection of election process drew ire from Trump administration. |
|
|
★★★★★
|
|
2020-11-12 22:19:20 |
Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software (lien direct) |
The modular malware is highly sophisticated but may not be able to capture credit-card info. |
Malware
|
|
|
|
2020-11-12 21:33:28 |
Animal Jam Hacked, 46M Records Roam the Dark Web (lien direct) |
Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum. |
|
|
|
|
2020-11-12 18:12:44 |
Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys (lien direct) |
Hacker forums are a rich source of threat intelligence. |
Threat
|
|
|
|
2020-11-12 16:52:08 |
Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks (lien direct) |
Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations. |
|
|
★★★
|
|
2020-11-12 14:10:57 |
2 More Google Chrome Zero-Days Under Active Exploitation (lien direct) |
Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution. |
Guideline
|
|
★★★★★
|
|
2020-11-11 21:04:06 |
Silver Peak SD-WAN Bugs Allow for Network Takeover (lien direct) |
Three security vulnerabilities can be chained to enable unauthenticated remote code execution. |
|
|
★★★
|
|
2020-11-11 19:03:15 |
Nvidia Warns Windows Gamers of GeForce NOW Flaw (lien direct) |
Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW. |
|
|
★★★★★
|
|
2020-11-11 18:42:49 |
Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic (lien direct) |
Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data. |
Ransomware
|
|
|
|
2020-11-11 17:47:20 |
Minecraft Apps on Google Play Fleece Players Out of Big Money (lien direct) |
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month. |
|
|
|
|
2020-11-11 14:45:50 |
High-Severity Cisco DoS Flaw Can Immobilize ASR Routers (lien direct) |
The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software. |
|
|
|
|
2020-11-11 13:34:14 |
COVID-19 Data-Sharing App Leaked Healthcare Worker Info (lien direct) |
Philippines COVID-KAYA app allowed for unauthorized access typically protected by 'superuser' credentials and also may have exposed patient data. |
|
|
|
|
2019-05-21 15:15:00 |
HCL Exposes Customer, Personnel Info in Wide-Ranging Data Leak (lien direct) |
HCL domain pages exposed sensitive data - including passwords and project analysis reports - for thousands of employees and customers. |
|
|
|
|
2019-05-21 14:22:03 |
Millions of Golfers Land in Privacy Hazard After Cloud Misconfig (lien direct) |
A database with millions of data points on games played plus sensitive information was left right in the middle of the internet fairway for all to see. |
|
|
|
|
2019-05-20 20:08:03 |
Sharing Threat Intelligence: Time for an Overhaul (lien direct) |
All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC. |
Threat
|
|
|
|
2019-05-20 18:44:05 |
Windows 10 Update Bricks PCs, Microsoft Offers Workarounds (lien direct) |
A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist. |
|
|
★★★
|
|
2019-05-20 15:55:03 |
Salesforce Woes Linger as Admins Clean Up After Service Outage (lien direct) |
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses. |
|
|
|
|
2019-05-20 15:14:05 |
Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws (lien direct) |
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown. |
|
|
|
|
2019-05-20 14:22:00 |
Slack Bug Allows Remote File Hijacking, Malware Injection (lien direct) |
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel. |
Malware
|
|
|
|
2019-05-20 13:42:05 |
ZombieLoad: How Intel\'s Latest Side Channel Bug Was Discovered and Disclosed (lien direct) |
Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws. |
|
|
|
|
2019-05-17 19:28:04 |
WordPress WP Live Chat Support Plugin Fixes XSS Flaw (lien direct) |
A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. |
|
|
|
|
2019-05-17 17:06:00 |
Ransomware \'Remediation\' Firm Exposed: Researchers Weigh in on Paying (lien direct) |
The decision to pay a ransom in the case of a ransomware attack can be a complex one for businesses. |
Ransomware
|
|
|
|
2019-05-17 15:44:03 |
How Decoding Network Traffic Can Save Your Data Bacon (lien direct) |
The importance of reading the network tealeaves of a company's network traffic to head off an attack. |
|
|
|
|
2019-05-17 11:37:04 |
News Wrap: WhatsApp, Microsoft, Intel and Cisco Flaws (lien direct) |
From a zero day flaw in WhatsApp, to Patch Tuesday fixes, Threatpost breaks down the top vulnerabilities of this week. |
|
|
|
|
2019-05-16 18:36:03 |
Mobile Risks Boom in a Post-Perimeter World (lien direct) |
The bloom is on mobile, whether it be the enterprise, employees or the cybercriminals plotting new ways to slip past a corporate defenses in a post-parameter world. |
|
|
|
|
2019-05-16 18:01:05 |
Forbes Becomes Latest Victim of Magecart Payment Card Skimmer (lien direct) |
The web skimming script was recently found stealing payment data on the websites of Forbes Magazine as well as seven others. |
|
|
|
|
2019-05-16 13:53:03 |
Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution (lien direct) |
The vendor also issued a patch schedule for the still-unpatched bug in its Secure Boot trusted hardware environment, which affects most of its enterprise and SMB portfolio, amounting to millions of vulnerable devices. |
|
|
|
|
2019-05-16 13:05:00 |
Cybercrime Gang Behind GozNym Banking Malware Dismantled (lien direct) |
Europol said it has dismantled the cybercrime network behind the GozNym malware, which siphoned more than $100 million from businesses. |
Malware
|
|
|
|
2019-05-15 20:01:03 |
Google Titan Security Key Recalled After Bluetooth Pairing Bug (lien direct) |
Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols. |
|
|
|
|
2019-05-15 16:48:01 |
Intel ZombieLoad Side-Channel Attack: 10 Takeaways (lien direct) |
Here are 10 top takeaways from Intel's most recent class of Spectre-like speculative execution vulnerabilities, disclosed this week. |
|
|
|
|
2019-05-15 14:50:00 |
Billions of Malicious Bots Take to Cipher-Stunting to Hide (lien direct) |
Attackers have been tampering with TLS signatures at a scale never before seen using a technique called cipher-stunting. |
|
|
|
|
2019-05-14 20:49:04 |
(Déjà vu) Microsoft Patches Zero-Day Bug Under Active Attack (lien direct) |
Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities. |
|
|
|
|
2019-05-14 20:31:03 |
Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More (lien direct) |
A massive update addresses the breadth of the computing giant's product portfolio. |
|
|
|
|
2019-05-14 18:01:04 |
Intel CPUs Impacted By New Class of Spectre-Like Attacks (lien direct) |
Intel has disclosed a new class of speculative execution side channel attacks. |
|
|
|
|
2019-05-14 16:18:03 |
Adobe Addresses Critical Adobe Flash Player, Acrobat Reader Flaws (lien direct) |
Adobe has issued patches for 87 vulnerabilities on Patch Tuesday - the bulk of which exist in Adobe's Acrobat and Reader product. |
|
|
|
|
2019-05-14 15:21:01 |
Linux Kernel Flaw Allows Remote Code-Execution (lien direct) |
The bug is remotely exploitable without authentication or user interaction. |
|
|
|
|
2019-05-14 12:58:02 |
(Déjà vu) WhatsApp Zero-Day Exploited in Targeted Spyware Attacks (lien direct) |
WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims' phones. |
Vulnerability
|
|
|
|
2019-05-14 12:00:05 |
Cynet: An Autonomous Security Platform for Any Size Organization (lien direct) |
Cynet protects the entire internal environment – including hosts, files, users and the network. |
|
|
|
|
2019-05-13 22:17:05 |
Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices (lien direct) |
The two high-severity bugs impact a wide array of enterprise, military and government networks. |
|
|
|
|
2019-05-13 21:02:01 |
Twitter Leaks Apple iOS Users\' Location Data to Ad Partner (lien direct) |
A Twitter glitch "inadvertently" leaked iOS users' location data to an unnamed partner. |
|
|
|