What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-03 11:00:05 | Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain (lien direct) | Targets include EU directorates, companies making vaccine shipping containers, a website development firm linked to vaccine supply chains. | |||
|
2020-12-03 11:00:04 | 8% of all Google Play apps vulnerable to old security bug (lien direct) | Devs have not updated a crucial library inside their apps, leaving users exposed to dangerous attacks. Some of the vulnerable apps include Microsoft's Edge browser, Grindr, OKCupid, and Cisco Teams. | |||
|
2020-12-03 11:00:03 | New TrickBot version can tamper with UEFI/BIOS firmware (lien direct) | New TrickBot feature scares security researchers. | |||
|
2020-12-03 11:00:00 | This phishing group is targeting COVID-19 vaccine supply chains (lien direct) | Clues indicate state-sponsored hackers may be to blame. | |||
|
2020-12-03 10:49:47 | Compounder Finance DeFi project allegedly pulls the rug from under investors, $11 million stolen (lien direct) | One investor is offering a $100,000 bounty leading to the unmasking of the thief, or thieves, involved. | Guideline | ||
|
2020-12-02 14:00:02 | Open source software security vulnerabilities exist for over four years before detection (lien direct) | GitHub research suggests there is a need to reduce the time between bug detection and fixes. | |||
|
2020-12-02 11:52:18 | Absa bank embroiled in data leak, rogue employee accused of theft (lien direct) | Personal information belonging to banking customers was compromised. | |||
|
2020-12-02 09:30:05 | Ivanti announces double acquisition of MobileIron, Pulse Secure in zero-trust security push (lien direct) | Ivanti says the deals strengthen the company in the mobile zero-trust security space. | |||
|
2020-12-01 19:00:00 | Malicious npm packages caught installing remote access trojans (lien direct) | JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware. | |||
|
2020-12-01 17:55:51 | FBI warns of email forwarding rules being abused in recent hacks (lien direct) | FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators." | |||
|
2020-12-01 15:53:43 | Microsoft removes 18 malicious Edge extensions for injecting ads into web pages (lien direct) | Some extensions mimicked official apps while others copied popular Chrome extensions. | |||
|
2020-12-01 09:54:40 | \'Hacker_R_US\' gets eight years in prison for bomb threats and DDoS extortion (lien direct) | 'Hacker_R_US' was one of the two members of the Apophis Squad hacker group. | |||
|
2020-12-01 09:00:03 | 2020\'s worst cryptocurrency breaches, thefts, and exit scams (lien direct) | Cryptocurrency exchanges have felt the impact of everything from vulnerability exploit to social engineering scams over this year. | Vulnerability | ||
|
2020-12-01 06:00:03 | The biggest hacks, data breaches of 2020 (lien direct) | A pandemic is no reason for hackers to hold off cyberattacks against everything from government bodies to healthcare providers. | |||
|
2020-12-01 02:34:00 | Microsoft links Vietnamese state hackers to crypto-mining malware campaign (lien direct) | Vietnamese state hackers imitate Chinese groups and start making money on the side while spying for their government. | Malware | ||
|
2020-11-30 21:20:13 | Docker malware is now common, so devs need to take Docker security seriously (lien direct) | Three years after the first malware attacks targeting Docker, developers are still misconfiguring and exposing their Docker servers online. | Malware | ||
|
2020-11-30 13:36:00 | Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up (lien direct) | If Cloudflare, AWS, or GoDaddy go down, around 40% of the Alexa Top 100,000 websites will also go down with DNS resolution problems. | |||
|
2020-11-30 10:00:03 | This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins (lien direct) | The research highlights the potential dangers of new 'biohacking' techniques. | |||
|
2020-11-27 14:09:25 | A hacker is selling access to the email accounts of hundreds of C-level executives (lien direct) | Access is sold for $100 to $1500 per account, depending on the company size and exec role. | |||
|
2020-11-27 10:07:06 | Networking equipment vendor Belden discloses data breach (lien direct) | Belden says hackers accessed a limited number of company's file servers. | Data Breach | ||
|
2020-11-26 21:22:59 | Personal data of 16 million Brazilian COVID-19 patients exposed online (lien direct) | Among those affected by the leak are Brazil President Jair Bolsonaro, seven ministers, and 17 provincial governors. | |||
|
2020-11-26 09:31:21 | Sophos notifies customers of data exposure after database misconfiguration (lien direct) | Exclusive: Company says that only a small subset of customers were impacted. | |||
|
2020-11-25 23:34:00 | Xbox bug could have allowed hackers to link gamer tags with players\' emails (lien direct) | The bug could have been exploited by playing around in a browser's developer console and editing a cookie field. | |||
|
2020-11-25 20:46:28 | Security researcher accidentally discovers Windows 7 and Windows Server 2008 zero-day (lien direct) | The vulnerability was discovered while the security researcher was working on a Windows security tool. | Vulnerability | ||
|
2020-11-25 17:08:25 | Three members of TMT cybercrime group arrested in Nigeria (lien direct) | The TMT group has infected more than 50,000 organizations around the world with malware. | |||
|
2020-11-25 10:55:21 | YouTube suspends OANN for allegedly peddling fake COVID-19 cures (lien direct) | If the outlet wants to monetize videos in the future, it must reapply to YouTube's member program. | |||
|
2020-11-25 10:07:21 | Home Depot agrees to $17.5 million settlement over 2014 data breach (lien direct) | The US retailer's point-of-sale systems were infected with malware. | Data Breach | ||
|
2020-11-24 20:44:00 | 2FA bypass discovered in web hosting software cPanel (lien direct) | More than 70 million sites are managed via cPanel software, according to the company. | |||
|
2020-11-24 15:00:04 | Stantinko\'s Linux malware now poses as an Apache web server (lien direct) | Eight-year-old Stantinko botnet updates its Linux malware. | Malware | ||
|
2020-11-24 13:18:14 | Spotify launches \'rolling reset\' on customer accounts, passwords linked to data leak (lien direct) | A third-party server containing Spotify credentials was uncovered by researchers. | |||
|
2020-11-24 12:22:43 | Baidu\'s Android apps caught collecting sensitive user details (lien direct) | Data collection issue identified in Baidu Maps and Baidu Search Box apps, both removed from the Play Store in October 2020. | |||
|
2020-11-24 11:00:00 | New WAPDropper malware abuses Android devices for WAP fraud (lien direct) | New WAPDropper malware signs up Android users to premium services provided by telecoms in Thailand and Malaysia. | Malware | ||
|
2020-11-24 10:29:05 | SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire (lien direct) | The agency claims that business deals were made up to lure investors into funding the startup. | |||
|
2020-11-24 10:27:00 | Hacker leaks the user data of event management app Peatix (lien direct) | More than 4.2 million user accounts have been made available for download online earlier this month. | |||
|
2020-11-23 17:37:13 | Tesla Model X hacked and stolen in minutes using new key fob hack (lien direct) | Tesla is rolling out over-the-air software updates this week to prevent the attack from hijacking owner key fobs. | Hack | ||
|
2020-11-23 15:10:12 | Malware creates scam online stores on top of hacked WordPress sites (lien direct) | The malware gang also poisoned the victims' XML sitemaps with thousands of scammy entries, lowering the sites' SERP ranking. | Malware | ||
|
2020-11-23 13:35:05 | GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave (lien direct) | The domain registrar has confirmed that employees became embroiled in wider attacks. | |||
|
2020-11-23 12:28:00 | TikTok patches reflected XSS bug, one-click account takeover exploit (lien direct) | The vulnerabilities impacted the video platform's website. | |||
|
2020-11-21 20:25:18 | (Déjà vu) Manchester United football club discloses security breach (lien direct) | Football club said it's not "currently aware of any breach of personal data associated with our fans or customers." | |||
|
2020-11-21 08:00:03 | Botnets have been silently mass-scanning the internet for unsecured ENV files (lien direct) | Threat actors are looking for API tokens, passwords, and database logins usually stored in ENV files. | Threat | ||
|
2020-11-20 17:55:35 | Drupal sites vulnerable to double-extension attacks (lien direct) | The 90s called. They want their vulnerability back. | Vulnerability | ||
|
2020-11-20 14:19:03 | Two Romanians arrested for running three malware services (lien direct) | The two ran two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan. | Malware | ||
|
2020-11-20 05:45:03 | The malware that usually installs ransomware and you need to remove right away (lien direct) | If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems. | Ransomware Malware | ||
|
2020-11-19 19:55:00 | Facebook Messenger bug could have allowed hackers to spy on users (lien direct) | The now-patched Messenger bug could have allowed callers to connect audio calls without the callee's knowledge or approval. | |||
|
2020-11-19 15:59:00 | LidarPhone attack converts smart vacuums into microphones (lien direct) | LidarPhone attack works by converting a smart vacuum's LiDAR navigational component into a laser microphone. | |||
|
2020-11-19 09:27:48 | New Grelos skimmer variant reveals overlap in Magecart group activities, malware infrastructure (lien direct) | The discovery of a new skimmer variant reveals the difficulties associated with tracking separate Magecart campaigns. | Malware | ||
|
2020-11-19 09:00:03 | Fearing drama, Mozilla opens public consultation before worldwide Firefox DoH rollout (lien direct) | Mozilla wants to enable DNS-over-HTTPS (DoH) in Firefox for all users worldwide, but wants to hear from ISPs, governments, and companies beforehand. | |||
|
2020-11-18 19:08:52 | Starting next year, Chrome extensions will show what data they collect from users (lien direct) | Google will add a "Privacy practices" section on each Chrome extension's Web Store page listing what data they collect from users and what the developer plans to do with it. | |||
|
2020-11-18 17:00:04 | Cisco Webex bugs allow attackers to join meetings as ghost users (lien direct) | Attackers can join Webex meetings as ghost users, and even remain inside rooms after getting kicked. | |||
|
2020-11-18 16:17:33 | Liquid crypto-exchange says hacker accessed internal network, stole user data (lien direct) | Liquid admins said the intrusion was detected before any funds were stolen. |
To see everything:
Our RSS (filtrered)
