Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-11-06 06:00:03 |
Ransomware gangs that steal your data don\'t always delete it (lien direct) |
Coveware: Half of the Q3 2020 ransomware investigations involved data exfiltration, with cases doubling from the previous quarter. |
Ransomware
|
|
|
|
2020-11-05 19:42:18 |
Apple fixes three iOS zero-days exploited in the wild (lien direct) |
Apple has patched the three zero-days with today's release of iOS 14.2. |
|
|
|
|
2020-11-05 17:20:09 |
Italian beverage vendor Campari knocked offline after ransomware attack (lien direct) |
Campari has refused to engage with the ransomware gang and is restoring systems. |
Ransomware
|
|
|
|
2020-11-05 14:06:00 |
GitHub denies getting hacked (lien direct) |
Someone attached a copy of the GitHub Enterprise Server source code to GitHub's DMCA section, but the GitHub CEO said they mistakenly leaked that code months ago. |
|
|
|
|
2020-11-05 10:46:53 |
New APT hacking group leverages \'KilllSomeOne\' DLL side-loading (lien direct) |
A new entry into the APT scene has peppered its malware with political messages. |
Malware
|
|
|
|
2020-11-05 09:21:31 |
US, Brazilian law enforcement seize $24 million in cryptocurrency generated through online fraud (lien direct) |
Suspects involved in the scheme are being accused of defrauding investors of over $200 million. |
|
|
|
|
2020-11-05 08:33:41 |
Capcom quietly discloses cyberattack impacting email, file servers (lien direct) |
The attack forced Capcom to temporarily pull services to stop the attack from spreading. |
|
|
|
|
2020-11-05 07:35:29 |
Company that runs US illegal immigration detention centers discloses ransomware attack (lien direct) |
Data for inmates and employees at three centers in California, Florida, and Pennsylvania was exposed in a ransomware attack on August 19. |
Ransomware
|
|
|
|
2020-11-04 17:50:03 |
Russian authorities make rare arrest of malware author (lien direct) |
Malware dev made the grave error of deploying his malware inside Russia's borders. |
Malware
|
|
|
|
2020-11-04 12:25:51 |
As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor (lien direct) |
The ransomware's 'retirement' has left a hole that Egregor operators may capitalize on. |
Ransomware
|
|
|
|
2020-11-04 11:22:48 |
Police launch pilot program to tap resident Ring camera live streams (lien direct) |
The small trial could herald a wider rollout with participating residents in the future. |
|
|
|
|
2020-11-04 10:12:33 |
23,600 hacked databases have leaked from a defunct \'data breach index\' site (lien direct) |
Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September. |
|
|
|
|
2020-11-04 01:22:14 |
Toy maker Mattel discloses ransomware attack (lien direct) |
Mattel said the ransomware attack had "no material impact to [its] operations or financial condition." |
Ransomware
|
|
|
|
2020-11-04 00:30:00 |
REvil ransomware gang \'acquires\' KPOT malware (lien direct) |
Ransomware gang who claims to have earned $100 million buys the source code of the KPOT information stealer trojan for $6,500. |
Ransomware
Malware
|
|
|
|
2020-11-03 21:42:00 |
US voters targeted with robocalls telling them to stay home or vote tomorrow (lien direct) |
Robocalls have been reported in Florida, Georgia, Iowa, Kansas, Michigan, Nebraska, New York, New Hampshire, and North Carolina. |
|
|
|
|
2020-11-03 18:24:54 |
After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version (lien direct) |
Android smartphone users are advised to update Chrome to version 86.0.4240.185 or later. |
|
|
|
|
2020-11-03 17:01:52 |
Configuration snafu exposes passwords for two million marijuana growers (lien direct) |
Passwords for GrowDiaries users were stored using the weak MD5 hashing function, putting customer accounts at risk of attacks. |
|
|
|
|
2020-11-03 10:17:28 |
FireEye releases ThreatPursuit, a Windows VM for threat intel analysts (lien direct) |
ThreatPursuit VM comes packed with more than 50 tools threat intelligence analysts use to hunt adversaries. |
Threat
|
|
|
|
2020-11-03 09:41:56 |
Russian hacker jailed over botnet data scraping scheme that drained victim bank accounts (lien direct) |
Prosecutors estimate the scheme has caused financial losses of at least $100 million. |
|
|
|
|
2020-11-03 06:00:04 |
Oracle publishes rare out-of-band security update for WebLogic servers (lien direct) |
Oracle releases additional fix to patch a bug for the second time after the publication of proof-of-concept exploit code. |
|
|
|
|
2020-11-03 00:40:58 |
Adobe hires new CSO in Mark Adams to guide the company in its post-Flash era (lien direct) |
Adams served as CSO for Blizzard Entertainment for four years before joining Adobe today. |
|
|
|
|
2020-11-02 22:34:56 |
Google patches second Chrome zero-day in two weeks (lien direct) |
Google Chrome 86.0.4240.183 available for download. Patches 10 security bugs, including an actively-exploited zero-day. |
|
|
|
|
2020-11-02 21:48:06 |
Hacker group uses Solaris zero-day to breach corporate networks (lien direct) |
The zero-day appears to have been bought off a black-market website for $3,000. |
|
|
|
|
2020-11-02 20:01:47 |
Malicious npm package opens backdoors on programmers\' computers (lien direct) |
JavaScript library posing as a Twilio-related library opens backdoors to let attackers access infected workstations. |
|
|
|
|
2020-11-02 08:31:26 |
Marriott fined £18.4 million by UK watchdog over customer data breach (lien direct) |
The fine has been slashed from over £99 million originally proposed In light of the pandemic. |
Data Breach
|
|
|
|
2020-11-02 06:00:03 |
CERT/CC launches Twitter bot to give security bugs random names (lien direct) |
CERT/CC attempts to reduce the use of sensationalized vulnerability names that needlessly scare software users. |
Vulnerability
|
|
★★★★
|
|
2020-11-01 11:36:20 |
US Cyber Command exposes new Russian malware (lien direct) |
Together with CISA and the FBI, US Cyber Command wish Russian state hackers a "Happy Halloween!" |
Malware
|
|
|
|
2020-10-31 16:30:02 |
Chrome will soon have its own dedicated certificate root store (lien direct) |
Currently, Chrome uses the certificate root store part of each operating system. Google plans to manage its own list of "approved" certificates from now on, similar to Firefox. |
|
|
|
|
2020-10-30 18:29:00 |
Google discloses Windows zero-day exploited in the wild (lien direct) |
Windows zero-day (not yet patched) is used as part of an exploit chain that also includes a Chrome zero-day (already patched). |
|
|
|
|
2020-10-29 11:05:05 |
McAfee debuts remote browser isolation solution, XDR platform (lien direct) |
The company's new offerings are designed with real-time protection and incident management in mind. |
|
|
|
|
2020-10-26 22:27:31 |
Hacker steals $24 million from cryptocurrency service \'Harvest Finance\' (lien direct) |
Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds. |
|
|
|
|
2020-10-26 18:51:57 |
Adware found in 21 Android apps with more than 7 million downloads (lien direct) |
Six of the 21 apps are still available on the Google Play Store. |
|
|
|
|
2020-10-26 15:42:49 |
Over 100 irrigation systems left exposed online without a password (lien direct) |
More than half of the exposed systems are located inside Israel. |
|
|
|
|
2020-10-26 11:54:30 |
The rise of the social bandits: How politics, injustice shapes how we view hacktivism (lien direct) |
If they don't listen to us, do they deserve it? |
|
|
|
|
2020-10-26 09:09:22 |
KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others (lien direct) |
New KashmirBlack botnet is believed to have infected hundreds of thousands of websites since November 2019. |
|
|
|
|
2020-10-23 18:31:26 |
Apple notarizes six malicious apps posing as Flash installers (lien direct) |
Apple notarization process bypassed for the second time in six weeks. |
|
|
|
|
2020-10-23 15:04:27 |
Phishing groups are collecting user data, email and banking passwords via fake voter registration forms (lien direct) |
With the election window closing, phishing groups are striking the iron while it's hot. |
|
|
|
|
2020-10-23 11:52:36 |
Nvidia tackles code execution flaws, data leaks in GeForce Experience (lien direct) |
The worst of the bugs is an uncontrolled search path issue with severe, exploitable consequences. |
|
|
|
|
2020-10-22 21:04:00 |
FBI, CISA: Russian hackers breached US government networks, exfiltrated data (lien direct) |
Intrusions blamed on a Russian hacker group known as Energetic Bear. |
|
|
|
|
2020-10-22 19:50:42 |
NSA whistleblower Edward Snowden granted permanent residency in Russia (lien direct) |
Edward Snowden has been living in Russia since June 2013. |
|
|
|
|
2020-10-22 16:47:00 |
EU sanctions Russia over 2015 German Parliament hack (lien direct) |
Germany had been asking and pushing EU officials for an official statement and sanctions against Russia since earlier this year. |
Hack
|
|
|
|
2020-10-22 14:09:24 |
Firefox \'Site Isolation\' feature enters user testing, expected next year (lien direct) |
Users can test Firefox Site Isolation in Nightly builds. |
|
|
|
|
2020-10-22 10:39:11 |
New Windows RAT can be controlled via a Telegram channel (lien direct) |
New RAT shows a rising trend in the cybercrime underground, with more malware being released with control-by-Telegram features. |
Malware
|
|
|
|
2020-10-22 08:51:08 |
SEC issues Kik $5 million penalty over illegal cryptocurrency offering (lien direct) |
The US regulator alleged that Kik's ICO flouted investment and securities law. |
|
|
|
|
2020-10-22 00:44:00 |
US blames Iran for spoofed Proud Boys emails threatening Democrat voters (lien direct) |
US claims Iran is behind a wave of emails purporting to be from right-wing Proud Boys group that threatened registered Democrat voters with repercussions if they didn't vote for Trump. |
|
|
|
|
2020-10-21 16:31:25 |
WordPress deploys forced security update for dangerous bug in popular plugin (lien direct) |
More than one million WordPress sites were running a vulnerable version of the Loginizer plugin. |
|
|
|
|
2020-10-21 09:25:27 |
Adobe releases another out-of-band patch, squashing critical bugs across creative software (lien direct) |
10 products are impacted, including Photoshop, Illustrator, Dreamweaver, and InDesign. |
|
|
|
|
2020-10-21 05:00:05 |
MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states (lien direct) |
Threat actors range from DDoS botnets to Chinese state-sponsored hacking groups. |
Threat
|
|
|
|
2020-10-20 20:28:00 |
Google releases Chrome security update to patch actively exploited zero-day (lien direct) |
Google Chrome 86.0.4240.111 released with a fix. |
|
|
|
|
2020-10-20 19:38:16 |
Microsoft says it took down 94% of TrickBot\'s command and control servers (lien direct) |
TrickBot survived an initial takedown attempt, but Microsoft and its partners are countering TrickBot operators after every move, taking down any new infrastructure the group is attempting to bring up online. |
|
|
|