What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-19 11:18:49 | UK blames China for Microsoft Exchange Server hack (lien direct) | The government says the country is responsible for "systematic cyber sabotage." | Hack | ||
 |
2021-07-19 03:38:11 | Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely (lien direct) | The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.
The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any |
Hack | ||
|
2021-07-16 04:13:36 | Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware (lien direct) | Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally.
The spyware vendor was also formally identified as the commercial surveillance company that Google's |
Hack | ||
 |
2021-07-15 12:22:43 | Tulsa Says Network Hack Gained Some Social Security Numbers (lien direct) | Hackers gained access to the Social Security numbers of more than two dozen people during a ransomware attack that forced the city of Tulsa to shut down parts of its computer network for months, officials said. | Hack | ||
|
2021-07-13 11:10:03 | Critical Vulnerability Can Be Exploited to Hack Schneider Electric\'s Modicon PLCs (lien direct) | A vulnerability affecting some of Schneider Electric's Modicon programmable logic controllers (PLCs) can be exploited to bypass authentication mechanisms, allowing attackers to take complete control of the targeted device. | Hack Vulnerability | ||
 |
2021-07-13 05:45:00 | Dutch prosecutor ordered to give evidence on EncroChat hack (lien direct) | A vulnerability affecting some of Schneider Electric's Modicon programmable logic controllers (PLCs) can be exploited to bypass authentication mechanisms, allowing attackers to take complete control of the targeted device. | Hack | ||
 |
2021-07-10 12:10:15 | (Déjà vu) Microsoft removes Windows 11 hack to enable Windows 10 Start Menu (lien direct) | Microsoft removed a registry hack in the latest preview build that allowed Windows 11 users to revert to the "Classic" Windows 10 Start Menu. [...] | Hack | ||
|
2021-07-10 12:10:15 | Microsoft removes Window 11 hack to enable Windows 10 Start Menu (lien direct) | Microsoft removed a registry hack in the latest preview build that allowed Windows 11 users to revert to the "Classic" Windows 10 Start Menu. [...] | Hack | ||
|
2021-07-09 03:53:15 | Morgan Stanley Hit by Accellion Hack Through Third-Party Vendor (lien direct) | Investment banking firm Morgan Stanley has informed the New Hampshire Attorney General that personal information of some customers was compromised through a third-party vendor that was using the Accellion FTA service. | Hack | ||
 |
2021-07-08 22:58:05 | Multiple Sage X3 vulnerabilities expose systems to hack (lien direct) | Rapid7 researchers discovered security vulnerabilities in the Sage X3 ERP product that could allow to take control of vulnerable systems. Researchers from Rapid7 discovered a total of four security vulnerabilities in the Sage X3 enterprise resource planning (ERP) solution. Chaining two of the vulnerabilities discovered by the expert, an attacker could execute malicious commands and take control of vulnerable […] | Hack | ||
|
2021-07-08 19:30:40 | Morgan Stanley discloses data breach after the hack of a third-party vendor (lien direct) | The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. Investment banking firm Morgan Stanley has disclosed a data breach after threat actors have compromised the Accellion FTA server of the third-party vendor Guidehouse. The company has offices in more than […] | Data Breach Hack Threat | ||
 |
2021-07-08 11:20:37 | ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures (lien direct) | It was bound to happen: a supply-chain compromise, ala SolarWinds, has been combined with a ransomware assault, akin to Colonial Pipeline, with devasting implications. Related: The targeting of supply chains Last Friday, July 2, in a matter of a few … (more…) | Ransomware Hack | ||
|
2021-07-08 09:19:53 | Morgan Stanley reports data breach after vendor Accellion hack (lien direct) | Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third party vendor. [...] | Data Breach Hack | ||
|
2021-07-07 11:24:04 | Researchers Reproduce Exploit Used in Kaseya Hack (lien direct) | Kaseya CEO Downplays Impact of Cyberattack Researchers have successfully reproduced the exploit used in the recent cyberattack targeting IT management software maker Kaseya and its customers. | Hack | ||
|
2021-06-30 11:40:04 | GUEST ESSAY: Why online supply chains remain at risk - and what companies can do about it (lien direct) | The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront. Related: Equipping Security Operations Centers (SOCs) for the long haul Enterprises have long operated in … (more…) | Hack | ||
 |
2021-06-29 11:30:29 | Speed or Security? Don\'t Compromise (lien direct) | “Speed is the new currency of business.” Chairman and CEO of Salesforce Marc R. Benioff's words are especially potent today as many organizations small and large look for ways to speed up production during their shifts to digital. In software development, speed is a critical factor. Everything from shifting priorities to manual processes and siloed teams can seriously impede deployment schedules. One of the biggest obstacles, however, is a lack of security throughout every step of the production process to ensure that coding mistakes and flaws are found and fixed before they turn into project-derailing problems. A lack of an efficient and flexible AppSec program becomes an issue when you look at the data: Cyberattacks occur every 39 seconds. 60 percent of developers are releasing code 2x faster than before. 76 percent of applications have least at least one security flaw on first scan. 85 percent of orgs admit to releasing vulnerable code to production because of time restraints. A mere 15 percent of orgs say that all of their development teams participate in formal security training. But there's good news, too. We know from our annual State of Software Security report that frequent scanning with the right tools in the right parts of your software development lifecycle can help your team close security findings much faster. For example, scanning via API alone cuts remediation time for 50 percent of flaws by six days, slamming that window of opportunity shut for cyberattackers. The Veracode Static Analysis family helps you do just that. It plugs into critical parts of your software development lifecycle (SDLC), providing automated feedback right in your IDE and pipeline so that your developers can improve the quality of their code while they work. You can also run a full policy scan before deployment to understand what your developers need to focus on and to prove compliance. Together, these scans throughout My Code, Our Code, and Production Code boost quality and security to reduce the risk of an expensive and time-consuming breach down the road. Automation and developer education In addition to having the right scans in the right places, there are supporting steps you can take to ensure the quality of your code without sacrificing speed. Automation through integrations is an important piece of the puzzle because it speeds everything up and boosts efficiency. The automated feedback from Veracode Static Analysis means your team of developers has clear insight into existing flaws so they can begin prioritization to eliminate the biggest risks first. Automation also sets the standard for consistency which, as you go, improves speed. Developer education also helps close gaps in information and communication with security counterparts so that they can work towards a common goal. It goes both ways – if the security leaders at your organization can walk the walk and talk the talk of the developer, everyone will have an easier time communicating goals and solving security problems. One way to close those gaps is through hands-on developer education with a tool like Veracode Security Labs. The platform utilizes real applications in contained environments that developers can hack or patch in real-time so that they learn to think like an attacker and stay one step ahead. Like Static Analysis, Security Labs helps meet compliance needs too, with customized education in the languages your developers use most. The prioritization conundrum Security debt can feel like a horror movie villain as it lingers in the background. But it isn't always teeming with high-risk flaws that should be tackled first, and so it's important to carefully consider how to approach prioritization. A recent analyst report, Building an Enterprise DevSecOps Program, found that everything can feel like a priority: “During our research many security pros told us that all vulnerabilities started looking like high priorities, and it was incredibly difficult to differentiate a vulnerability with impact on the organization from one which | Hack Tool Vulnerability Guideline | ||
|
2021-06-28 18:10:20 | SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing (lien direct) | Microsoft has blunted the ongoing activities of the Nobelium hacking collective, giving us yet another glimpse of the unceasing barrage of hack attempts business networks must withstand on a daily basis. Related: Reaction to Biden ‘s cybersecurity executive order Nobelium … (more…) | Malware Hack Threat | ★★★★★ | |
|
2021-06-27 11:25:36 | Security Affairs newsletter Round 320 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Norway blames China-linked APT31 for 2018 government hack Poland: The leader of the PiS party blames Russia for […] | Hack Guideline | APT 31 | |
 |
2021-06-25 19:52:13 | (Déjà vu) NFC flaws let researchers hack an ATM by waving a phone (lien direct) | Flaws in card-reader technology can wreak havoc with point-of-sale systems and more. | Hack | ||
|
2021-06-25 12:55:40 | Flaws in FortiWeb WAF expose Fortinet devices to remote hack (lien direct) | Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote attackers to execute arbitrary commands. Fortinet has recently addressed a high-severity vulnerability (CVE-2021-22123) affecting its FortiWeb web application firewall (WAF), a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server […] | Hack Vulnerability | ||
 |
2021-06-24 18:32:09 | NFC Flaws Let Researchers Hack ATMs by Waving a Phone (lien direct) | Flaws in card reader technology let a security firm consultant wreak havoc with point-of-sale systems and more. | Hack | ||
|
2021-06-21 11:33:59 | Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light (lien direct) | 
|
Hack | ||
|
2021-06-20 16:36:59 | Norway blames China-linked APT31 for 2018 government hack (lien direct) | Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government's IT network. Norway's Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government's IT network in 2018. The attribution of the attack to the APT31 grouo is based […] | Hack | APT 31 | |
|
2021-06-18 23:34:04 | North Korea Exploited VPN Flaw to Hack South\'s Nuclear Research Institute (lien direct) | South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart.
The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which - "27.102.114[.]89 |
Hack Vulnerability | ||
 |
2021-06-17 11:24:00 | Smashing Security podcast #232: Zoomolympics and language matters (lien direct) | Video gaming giant Electronic Arts suffers a hack following slack security, the Japanese Olympics are proving unpopular with everyone apart from cybercriminals, and le coq est mort. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis. | Hack | ||
 |
2021-06-17 00:09:00 | How to hack a bicycle – Peloton Bike+ rooting bug patched (lien direct) | It's a bike, Jim, but not as we know it. | Hack | ||
|
2021-06-16 02:14:53 | Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets (lien direct) | As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets.
"Ransomware operators often buy access from independent cybercriminal groups who infiltrate major |
Ransomware Hack Threat | ||
|
2021-06-15 06:39:02 | Apple fixes ninth zero-day bug exploited in the wild this year (lien direct) | Apple has fixed two iOS zero-day vulnerabilities that "may have been actively exploited" to hack into older iPhone, iPad, and iPod devices. [...] | Hack | ||
|
2021-06-14 22:16:47 | Apple: WebKit Bugs Exploited to Hack Older iPhones (lien direct) | Apple late Monday shipped an out-of-band iOS update for older iPhones and iPads alongside a warning that a pair of WebKit security vulnerabilities may have been actively exploited. | Hack | ||
|
2021-06-14 21:00:28 | CodeCov Kills Off Bash Uploader Blamed for Supply Chain Hack (lien direct) | Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash Uploader tool that was responsible for the breach. | Hack Tool | ||
 |
2021-06-14 17:13:00 | REvil Claims Responsibility for Invenergy Hack (lien direct) | Ransomware group that attacked JBS says it also hacked Chicago-based clean energy company | Ransomware Hack | ||
 |
2021-06-11 16:39:10 | Cyberpunk 2077 Hacked Data Circulating Online (lien direct) | CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer. | Hack | ||
|
2021-06-10 14:26:25 | Episode 216: Signed, Sealed and Delivered: The Future of Supply Chain Security (lien direct) | In this episode of the podcast
(#216) we talk with Brian Trzupek, Digicert's Vice President of Product, about the growing urgency of securing software supply chains, and how digital code signing can help prevent compromises like the recent hack of the firm SolarWinds.
The post Episode 216: Signed, Sealed and Delivered: The Future of Supply Chain...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/654400338/0/thesecurityledger -->»
|
Hack | ||
 |
2021-06-10 13:52:44 | Cyberguerre : l\'armée américaine présente les résultats de son bug bounty " Hack the Army 3.0 " (lien direct) | Le groupe russe à l'origine du piratage Solarwinds ayant lancé une nouvelle série d'offensives contre des agences gouvernementales américaines, les plus hautes institutions du pays sont plus que jamais sous pression pour réussir à contenir la cyber menace. The post Cyberguerre : l'armée américaine présente les résultats de son bug bounty " Hack the Army 3.0 " first appeared on UnderNews. | Hack | ||
 |
2021-06-09 12:07:07 | Experts Inisght On Security Threats Of VPN And What Organisations Can Do To Manage The Risk Of Ransomware. (lien direct) | BACKGROUND: In light of the ongoing conversation around the Colonial Pipeline hack and the latest findings showing that hackers used a VPN account to breach the network using just a… | Hack | ||
|
2021-06-04 14:09:26 | How to hack into 5500 accounts… just using “credential stuffing” (lien direct) | Passwords - don't just pay them lip service. | Hack | ||
|
2021-06-04 06:14:00 | Secrecy around EncroChat cryptophone hack breaches French constitution, court hears (lien direct) | Passwords - don't just pay them lip service. | Hack | ||
|
2021-06-03 08:20:00 | FBI: REvil Ransomware Group Behind JBS Attack (lien direct) | The FBI said it would be working to bring the REvil group to justice for the hack on JBS | Ransomware Hack | ||
|
2021-06-02 07:54:01 | Experts React: On JBS Foods Hack Must Prompt Supply Chain Cyber Protection (lien direct) | BACKGROUND: The world’s largest meat supplier, JBS Foods, has been hit by a cyber-attack, the latest in a string of high-profile international hacks which show no sign of slowing down. Hackers… | Hack | ||
|
2021-06-01 12:41:33 | Swedish Public Health Agency Says Disease Database Targeted in Cyberattacks (lien direct) | The Swedish Public Health Agency (Folkhälsomyndigheten) is currently investigating several attempts to hack into SmiNet, a database that stores reports of infectious diseases, including COVID-19 cases. | Hack | ||
|
2021-05-30 14:19:20 | US Says Agencies Largely Fended Off Latest Russian Hack (lien direct) | The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. | Hack | ||
|
2021-05-29 13:00:00 | US Soldiers Exposed Nuclear Secrets on Digital Flashcards (lien direct) | Plus: A major hack in Japan, Citizen app run amuck, and more of the week's top security news. | Hack | ||
|
2021-05-28 20:16:19 | CVE-2020-15782 flaw in Siemens PLCs allows remote hack (lien direct) | Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated attacker to hack the devices. Researchers at industrial cybersecurity firm Claroty have discovered a high-severity vulnerability in Siemens PLCs, tracked as CVE-2020-15782, that could be exploited by remote and unauthenticated attackers to bypass memory protection. The […] | Hack Vulnerability | ||
|
2021-05-28 15:08:02 | Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs (lien direct) | Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers (PLCs) made by Siemens. | Hack Vulnerability | ||
|
2021-05-27 14:24:34 | US Pipelines Ordered to Increase Cyber Defenses After Hack (lien direct) | U.S. pipeline operators will be required for the first time to conduct a cybersecurity assessment under a Biden administration directive in response to the ransomware hack that disrupted gas supplies in several states this month. | Ransomware Hack | ||
|
2021-05-27 13:56:20 | Fujitsu SaaS Hack Sends Govt. of Japan Scrambling (lien direct) | Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities. | Hack Threat | ||
|
2021-05-27 12:58:14 | (Déjà vu) Expert Reaction On Japanese Government Agencies Suffer Data Breaches After Fujitsu Hack (lien direct) | Offices of multiple Japanese agencies were breached via Fujitsu’s “ProjectWEB” information sharing tool. Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data. It is not… | Hack | ||
 |
2021-05-27 11:41:26 | The Story of the 2011 RSA Hack (lien direct) | Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come. | Hack | ★★★★ | |
|
2021-05-27 10:57:54 | Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack (lien direct) |  Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.
Features of Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub contains many frameworks, databases, applications, programming languages and more such as:
Drupal
ffmpeg
CouchDB
ActiveMQ
Glassfish
Joombla
JBoss
Kibana
Laravel
Rails
Python
Tomcat
And many, many more.
Read the rest of Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack now! Only available at Darknet.
|
Hack | ||
|
2021-05-27 09:48:37 | US announces new security directive after critical pipeline hack (lien direct) | The US Department of Homeland Security (DHS) has announced new pipeline cybersecurity requirements after the largest fuel pipeline in the United States was forced to shut down operations in early May following a ransomware attack. [...] | Ransomware Hack |
To see everything:
Our RSS (filtrered)
