Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-11-18 12:00:03 |
The worst passwords of 2020 show we are just as lazy about security as ever (lien direct) |
Can't we do any better than “123456”? |
|
|
|
|
2020-11-18 11:51:08 |
Amazon Web Services\' new Network Firewall solution rolls out (lien direct) |
The firewall solution is aimed at securing virtual networks and AWS workloads. |
|
|
|
|
2020-11-18 11:08:39 |
Hacking group exploits ZeroLogon in automotive, industrial attack wave (lien direct) |
A massive campaign is underway around the globe, with automotive, pharmaceutical and engineering entities top targets. |
|
|
|
|
2020-11-18 09:33:22 |
Capcom confirms Ragnar Locker ransomware attack, data exposure (lien direct) |
Customer, employee, and shareholder information is potentially embroiled in the leak. |
Ransomware
|
|
|
|
2020-11-18 05:00:04 |
Chaes malware strikes customers of Latin America\'s largest e-commerce platform (lien direct) |
The new malware strain is being deployed in attacks against MercadoLivre users. |
Malware
|
|
|
|
2020-11-18 00:32:00 |
Trump fires CISA Director Chris Krebs (lien direct) |
Trump fires the CISA Director over a recent statement calling the recent presidential election the most secure in US history. |
|
|
|
|
2020-11-18 00:32:00 |
Trump fires CISA boss Chris Krebs (lien direct) |
Rumors that President Trump was planning to fire CISA's top official started circulating last week after the White House discovered that CISA officials have been debunking "election fraud" rumors often started by the President. |
|
|
|
|
2020-11-17 22:46:00 |
Ransomware attack forces web hosting provider Managed.com to take servers offline (lien direct) |
Ransomware attack on Managed.com appears to have taken place on Monday, November 16. |
Ransomware
|
|
|
|
2020-11-17 17:00:00 |
Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation (lien direct) |
Support for FTP links will be disabled for 50% of Chrome 87 users, with a complete removal scheduled for Chrome 88. |
|
|
|
|
2020-11-17 14:00:00 |
Researchers warn of internet security risks connected to Tesla Backup Gateway (lien direct) |
Hundreds of Tesla gateway systems have been found, exposed and open, online. |
|
|
|
|
2020-11-17 12:42:09 |
Firefox 83 released with \'HTTPS-Only Mode\' that only loads HTTPS sites (lien direct) |
Mozilla expects that HTTPS-Only Mode will soon become the default browsing state for most web browsers. |
|
|
|
|
2020-11-17 11:11:00 |
Cryptocurrency platform dangles \'bug bounty\' carrot to hacker who stole $2 million (lien direct) |
Akropolis has not yet gone to law enforcement, giving the hacker time to consider the proposal. |
|
|
|
|
2020-11-17 09:00:04 |
More than 200 systems infected by new Chinese APT \'FunnyDream\' (lien direct) |
New Chinese APT discovered targeting Southeast Asian governments. |
|
|
|
|
2020-11-17 06:00:03 |
More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug (lien direct) |
Millions of computers and servers across the globe remain unpatched for some of today's most dangerous bugs. |
|
|
|
|
2020-11-16 19:21:00 |
New Zoom feature can alert room owners of possible Zoombombing disruptions (lien direct) |
The new "At-Risk Meeting Notifier" Zoom feature scans the internet and alerts conference organizers when a link to their Zoom meeting has been posted online. |
|
|
|
|
2020-11-16 13:20:24 |
The ransomware landscape is more crowded than you think (lien direct) |
More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. |
Ransomware
|
|
|
|
2020-11-16 10:30:03 |
Lazarus malware strikes South Korean supply chains (lien direct) |
The malware is passing security checks through the abuse of stolen software certificates. |
Malware
|
APT 38
|
|
|
2020-11-13 15:33:53 |
Hacker steals $2 million from cryptocurrency service Akropolis (lien direct) |
Cryptocurrency borrowing and lending service Akropolis said it suffered a "flash loan" attack. |
|
|
|
|
2020-11-13 14:00:00 |
Microsoft says three APTs have targeted seven COVID-19 vaccine makers (lien direct) |
The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium. |
Medical
|
APT 38
APT 28
APT 43
|
|
|
2020-11-13 10:28:38 |
Chainalysis launches program to manage cryptocurrency seized by law enforcement (lien direct) |
The program will monitor and store virtual coins confiscated in criminal cases. |
|
|
|
|
2020-11-13 10:02:07 |
Amazon files lawsuit against Instagram, TikTok influencers over \'dupe\' sales scam (lien direct) |
The company claims influencers worked together to promote fake products listed on Amazon's platform. |
|
|
|
|
2020-11-13 05:40:03 |
Info of 27.7 million Texas drivers exposed in Vertafore data breach (lien direct) |
Vertafore blames incident on human error after user data was stored on an unsecured external storage service. The files were accessed by an external party. |
Data Breach
|
|
|
|
2020-11-13 00:07:00 |
Australian government warns of possible ransomware attacks on health sector (lien direct) |
The ACSC says it has seen an uptick in attacks targeting the health sector with SDBBot, a known precursor of the Clop ransomware. |
Ransomware
|
|
|
|
2020-11-12 20:48:30 |
BlackBerry discovers new hacker-for-hire mercenary group (lien direct) |
CostaRicto is the fifth hacker-for-hire mercenary group discovered this year. |
|
|
|
|
2020-11-12 13:58:14 |
Comodo open-sources its EDR solution (lien direct) |
OpenEDR, announced in September, is available on GitHub starting this week. |
|
|
|
|
2020-11-12 11:40:43 |
KuCoin CEO says 84% of stolen cryptocurrency has been recovered (lien direct) |
Estimates suggest millions of dollars in cryptocurrency could still be outstanding. |
|
|
|
|
2020-11-12 10:32:49 |
New ModPipe malware targets hospitality, hotel point of sale systems (lien direct) |
The backdoor has been created to target PoS devices actively used by thousands of hotels and restaurants. |
Malware
|
|
|
|
2020-11-12 05:20:03 |
Microsoft urges users to stop using phone-based multi-factor authentication (lien direct) |
Microsoft recommends using app-based authenticators and security keys instead. |
|
|
|
|
2020-11-11 22:40:00 |
Google patches two more Chrome zero-days (lien direct) |
Google has now patched five Chrome zero-days in three weeks. |
|
|
|
|
2020-11-11 18:32:18 |
Recent ransomware wave targeting Israel linked to Iranian threat actors (lien direct) |
Israeli companies have seen an uptick in attacks and successful infections with the Pay2Key and WannaScream ransomware. |
Ransomware
Threat
|
|
|
|
2020-11-11 15:50:26 |
Play Store identified as main distribution vector for most Android malware (lien direct) |
Mammoth research project using Symantec (now NortonLifeLock) telemetry confirms what everyone suspected. |
Malware
|
|
|
|
2020-11-11 12:59:41 |
Palo Alto Networks acquires attack surface manager Expanse in $800m deal (lien direct) |
Expanse's platform will be added to the Cortex product suite. |
|
|
|
|
2020-11-11 11:31:42 |
Avast warns of Minecraft skin, mod apps fleecing \'millions\' of Android users (lien direct) |
Ridiculously expensive subscriptions are costing users as much as $120 per month. |
|
|
|
|
2020-11-11 08:23:29 |
Adobe releases new security fixes for Connect, Reader Mobile (lien direct) |
This month's update is small in comparison to last month's flurry of emergency fixes. |
|
|
|
|
2020-11-11 06:00:03 |
Facebook link preview feature used as a proxy in website-scraping scheme (lien direct) |
Mysterious groups have been scraping data from internet sites by abusing Facebook's link preview feature, using Facebook API servers as proxies to avoid getting blacklisted. |
|
|
|
|
2020-11-10 18:27:00 |
Microsoft November 2020 Patch Tuesday arrives with fix for Windows zero-day (lien direct) |
The Microsoft November 2020 Patch Tuesday fixes 112 vulnerabilities, 24 of which are remote code execution (RCE) bugs. |
|
|
|
|
2020-11-10 18:00:00 |
New Platypus attack can steal data from Intel CPUs (lien direct) |
Intel has released microcode updates today to prevent attackers from abusing the Intel RAPL mechanism to steal sensitive data from its CPUs. |
|
|
|
|
2020-11-10 13:34:42 |
Critical privilege escalation bugs squashed in WordPress Ultimate Member plugin (lien direct) |
The vulnerabilities impacted roughly 100,000 websites. |
|
|
|
|
2020-11-10 08:58:13 |
Chrome to block tab-nabbing attacks (lien direct) |
Firefox and Safari are already blocking these types of web attacks |
|
|
|
|
2020-11-10 06:00:04 |
New \'Ghimob\' malware can spy on 153 Android mobile applications (lien direct) |
New Ghimob Android trojan rises and evolves from Brazil to spread internationally. |
Malware
|
|
|
|
2020-11-09 23:18:13 |
(Déjà vu) Npm package caught stealing sensitive Discord and browser files (lien direct) |
Malicious code was found hidden inside a JavaScript library named Discord.dll. |
|
|
|
|
2020-11-09 20:59:00 |
Bug hunter wins \'Researcher of the Month\' award for DOD account takeover bug (lien direct) |
Severe bug would have allowed hackers to hijack DOD accounts just by modifying a few parameters in web requests sent to DOD servers. |
|
|
|
|
2020-11-09 19:13:40 |
Zoom settles FTC charges for misleading users about security features (lien direct) |
The FTC accused Zoom of misrepresenting how its call encryption features worked. |
|
|
|
|
2020-11-09 12:49:00 |
Compal, the second-largest laptop manufacturer in the world, hit by ransomware (lien direct) |
Compal factories build laptops for Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu. |
Ransomware
|
|
|
|
2020-11-09 06:00:02 |
Ransomware hits e-commerce platform X-Cart (lien direct) |
Company says it has now recovered from the attack and all customer sites are now back up. |
Ransomware
|
|
|
|
2020-11-08 16:25:12 |
Windows 10, iOS, Chrome, and many others fall at China\'s top hacking contest (lien direct) |
Winning hacker team pockets $744,500 at the Tianfu Cup, China's top hacking contest. |
|
|
|
|
2020-11-08 11:52:00 |
Yahoo Mail discontinues automatic email forwarding for free users (lien direct) |
Automatic email forwarding to be discontinued on January 1, 2021. Existing users told to get a Pro account. |
|
Yahoo
|
|
|
2020-11-07 08:00:03 |
FBI: Hackers stole source code from US government agencies and private companies (lien direct) |
FBI blames intrusions on improperly configured SonarQube source code management tools. |
|
|
|
|
2020-11-06 17:00:00 |
Linux version of RansomEXX ransomware discovered (lien direct) |
This marks the first time a major Windows ransomware strain has been ported to Linux to aid hackers in their targeted intrusions. |
Ransomware
|
|
|
|
2020-11-06 12:42:03 |
Israeli companies targeted with new Pay2Key ransomware (lien direct) |
Security firm Check Point reports what appears to be a targeted attack against Israeli companies. |
Ransomware
|
|
|