What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-21 09:26:11 | ChromeLoader, what took you so long? Malvertising irritant now slings ransomware (lien direct) | Doesn't make cents, makes bigger bucks instead ... probably ChromeLoader – the malware that exploded onto the scene this year by hijacking browsers to redirect users to pages of ads – is apparently evolving into a more significant threat by deploying malicious payloads that go beyond malvertising.… | Ransomware Malware Threat | ||
|
2022-09-20 00:09:39 | NASA to live-stream SLS rocket fuel leak repair test (lien direct) | For those on tenterhooks over this Moon mission NASA will televise a test on Wednesday to confirm whether a repair made to its Space Launch System (SLS) rocket has fixed the hydrogen leak that forced officials to scrub a previous launch attempt.… | |||
|
2022-09-19 17:12:15 | Grand Theft Auto 6 maker confirms source code, vids stolen in cyber-heist (lien direct) | So is that three or four stars? Take-Two Interactive confirmed on Monday that its Rockstar Games subsidiary has been compromised and confidential data for Grand Theft Auto 6 has been stolen.… | |||
|
2022-09-19 13:37:53 | GPT-3 \'prompt injection\' attack causes bad bot manners (lien direct) | Also, EA goes kernel-deep to stop cheaters, PuTTY gets hijacked by North Korea, and more. In Brief OpenAI's popular natural language model GPT-3 has a problem: It can be tricked into behaving badly by doing little more than telling it to ignore its previous orders.… | |||
|
2022-09-17 07:32:11 | Can reflections in eyeglasses actually leak info from Zoom calls? Here\'s a study into it (lien direct) | About time someone shined some light onto this Boffins at the University of Michigan in the US and Zhejiang University in China want to highlight how bespectacled video conferencing participants are inadvertently revealing sensitive on-screen information via reflections in their eyeglasses.… | |||
|
2022-09-16 21:45:39 | School chat app Seesaw abused to send \'inappropriate image\' to parents, teachers (lien direct) | This is why we don't reuse passwords, kids Parents and teachers received a link to an "inappropriate image" this week via Seesaw after miscreants hijacked accounts in a credential stuffing attack against the popular school messaging app.… | |||
|
2022-09-16 06:04:05 | Eastern European org hit by second record-smashing DDoS attack (lien direct) | Cough, cough, U, cough, kraine Akamai says it has absorbed the largest-ever publicly known distributed denial of service (DDoS) attack – an assault against an unfortunate Eastern European organization that went beyond 700 million packets per second.… | |||
|
2022-09-16 05:33:56 | EU puts smart device manufacturers on the hook for cyber security (lien direct) | Requires five years of patching, 24 hour incident reporting, and proper security … for starters The European Commission has revealed a Cyber Resilience Act that will require manufacturers of connected devices to secure them properly before shipping, disclose and fix flaws promptly, and guarantee fixes will flow for five years.… | |||
|
2022-09-16 03:13:43 | Uber reels from \'security incident\' in which cloud systems seemingly hijacked (lien direct) | AWS and G Suite admin accounts likely popped, HackerOne bug bounty page hit, and more Uber is tonight reeling from what looks like a substantial cybersecurity breach.… | Uber | ||
|
2022-09-15 02:12:07 | WordPress-powered sites backdoored after FishPig suffers supply chain attack (lien direct) | And two other security snafus in this web publishing world It's only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites.… | |||
|
2022-09-14 13:30:10 | Google fined $4b after Euro court snips 5% off earlier price (lien direct) | Search giant's appeal lands flat as fine imposed for anticompetitive practice in Android search The European General Court has imposed a €4.125 billion (about $4.13 billion) fine on Google, largely upholding an earlier ruling on the ad-tech giant's anticompetitive practices in mobile search.… | |||
|
2022-09-14 00:57:37 | Ransomware gang threatens 1m-plus medical record leak (lien direct) | Criminals continue to target some of the most vulnerable Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.… | Ransomware | ||
|
2022-09-13 07:30:11 | Cisco: Yes, Yanluowang leaked our data. No, it\'s not serious (lien direct) | Everything's fine! The Yanluowang ransomware group behind the May attack on Cisco Systems has publicly leaked the stolen files on the dark web over the weekend, but the networking giant says there's nothing to worry about.… | Ransomware | ||
|
2022-09-13 05:30:08 | Chinese-linked cyber crims nab $529 million from Indian nationals (lien direct) | Authorities also bust a shell company scam operation with links to the Middle Kingdom Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh.… | |||
|
2022-09-12 23:07:44 | Apple patches iPhone and macOS flaws under active attack (lien direct) | High-value targets tend to get hit Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited.… | |||
|
2022-09-10 11:00:07 | Shape-shifting cryptominer savaging Linux endpoints and IoT (lien direct) | Also, Authorities seize WT1SHOP selling 5.8m sets of PII, The North Face users face tough secuirty hike In brief AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones.… | Malware | ||
|
2022-09-08 12:00:09 | Lazarus Group unleashed a MagicRAT to spy on energy providers (lien direct) | Cisco finds custom malware in North Korea's latest cyberespionage effort The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos.… | Malware Medical | APT 38 | |
|
2022-09-07 12:34:49 | Cybercriminals target games popular with kids to distribute malware (lien direct) | Kaspersky research finds Minecraft and Roblox have the most malicious files associated with them With 3 billion players globally, the $200 billion gaming market is an increasingly ripe target for cybercriminals – with the perennially popular Minecraft one of the most targeted lures.… | Malware | ||
|
2022-09-07 05:15:14 | As Cybersecurity Week begins, Beijing claims US attacked Uni doing military research (lien direct) | National Security Agency apparently has tools that crack Solaris boxes China has accused the United States of a savage cyber attack on a university famed for conducting aerospace research and linked to China's military.… | |||
|
2022-09-06 17:45:09 | (Déjà vu) Ransomware gang hits second-largest US school district (lien direct) | FBI and CISA on-site to assist with incident response over Labor Day weekend Cybercriminals hit the Los Angeles Unified School District (LAUSD) over the holiday weekend with a ransomware attack that temporarily shut down email, computer systems, and applications.… | Ransomware | ||
|
2022-09-06 16:15:14 | Newly discovered cyberspy crew targets Asian governments and corporations (lien direct) | Worok uses mix of publicly available tools, custom malware to steal info, gang active since 2020 A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access.… | Malware | ||
|
2022-09-06 13:30:10 | Unhappy about excluding nation-state attacks from cyberinsurance? Get ready to pay (lien direct) | Lloyd's defends stance as critics say policy tweaks make it less worthwhile to spend on premiums Critics unhappy about insurers excluding certain nation-state attacks from cyber policies should consider the alternative: higher prices, according to Lloyd's of London.… | |||
|
2022-09-05 06:57:12 | Microsoft mistakenly rated Chromium, Electron, as malware (lien direct) | Windows Defender update fixed the mess after a weekend of false positive weirdness Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them.… | Malware | ||
|
2022-09-02 01:11:24 | Ex-NSA trio who spied on Americans for UAE now banned from arms exports (lien direct) | From hero to zero-day ... to plain zero Three former US government cyber-spies who, among other things, illicitly compromised and snooped on Americans' devices for the United Arab Emirates government have been banned from participating in international arms exports under a deal reached with Uncle Sam.… | |||
|
2022-09-01 07:04:15 | Oh no, that James Webb Space Telescope snap might actually contain malware (lien direct) | Is nothing sacred? Scumbags are using a photo from the James Webb Space Telescope to smuggle Windows malware onto victims' computers – albeit in a roundabout way.… | Malware | ||
|
2022-08-31 05:02:05 | China-linked APT40 gang targets wind farms, Australian government (lien direct) | ScanBox installed after victims lured to fake Murdoch news sites with phishing emails Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site.… | APT 40 | ||
|
2022-08-30 22:58:05 | Find a security hole in Google\'s open source and you could bag a $31,337 reward (lien direct) | Will it be enough to prevent the next software supply-chain attack? Google has created a bug bounty program that will reward those who find and report vulnerabilities in its open-source projects, thereby hopefully strengthening software supply-chain security.… | ★★★★★ | ||
|
2022-08-30 10:27:12 | That \'clean\' Google Translate app is actually Windows crypto-mining malware (lien direct) | Ah, nothing like a classic Trojan horse Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.… | Malware | ||
|
2022-08-30 00:43:14 | Google Play to ban Android VPN apps from interfering with ads (lien direct) | Developers say this is not the privacy protection it's made out to be Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications.… | |||
|
2022-08-26 19:21:03 | PyPI warns of first-ever phishing campaign against its users (lien direct) | On the bright side, top devs are getting hardware security keys The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service.… | |||
|
2022-08-26 16:33:28 | Now Oktapus gets access to some DoorDash customer info via phishing attack (lien direct) | Double check who exactly you're sending your username and password to, eh? DoorDash has confirmed that "a small percentage" of its customers and delivery drivers' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were exposed as part of a broad phishing campaign dubbed Oktapus.… | |||
|
2022-08-25 18:01:53 | Crooks target top execs on Office 365 with MFA-bypass scheme (lien direct) | The 'widespread' campaign hunts for multimillion-dollar transactions A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication.… | |||
|
2022-08-25 09:24:07 | Shout-out to whoever went to Black Hat with North Korean malware on their PC (lien direct) | I am the one who NOCs The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.… | Malware | ||
|
2022-08-24 06:28:07 | Lloyd\'s to exclude certain nation-state attacks from cyber insurance policies (lien direct) | Kim Jong-un has entered the chat Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time.… | |||
|
2022-08-22 22:00:12 | Novant Health admits leak of 1.3m patients\' info to Facebook (lien direct) | But don't worry, Zuck would never misuse this type of sensitive data Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta.… | ★★★★ | ||
|
2022-08-22 21:00:08 | Hiding a phishing attack behind the AWS cloud (lien direct) | Scammers are using cloud services to create and host web pages that can be used to lure victims into handing over their credentials Criminals are slipping phishing emails past automated security scanners inside Amazon Web Services (AWS) to establish a launching pad for attacks.… | |||
|
2022-08-22 16:08:11 | LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data (lien direct) | Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. The high-profile gang is now apparently under a distributed denial-of-service (DDoS) because of it.… | Ransomware | ||
|
2022-08-22 06:20:10 | Zoom patches make-me-root security flaw, patches patch (lien direct) | Plus: See if in-app browsers are monitoring you, a novel industrial network attack technique, and more In brief Zoom fixed a pair of privilege escalation vulnerabilities, which were detailed at the Black Hat conference this month, but that patch was bypassed, necessitating yet another fix.… | |||
|
2022-08-22 05:01:10 | NSO Group CEO steps down, 100 employees let go too (lien direct) | Controversial Pegasus spyware maker to focus on NATO sales while battling various court cases Pegasus spyware-maker NSO Group announced on Sunday it will reorganize, replacing its CEO and letting go of around 100 workers.… | |||
|
2022-08-22 00:59:10 | Huawei dangles developer incentives to sell Harmony OS around the world (lien direct) | Plus: Indonesia's four-hour takedown demand; Peak Facebook in Korea?; Alibaba frees font; and more. Asia In Brief Huawei last week unveiled initiatives to encourage developers to work on its Harmony OS – the platform it created after US sanctions denied the Chinese giant access to Google's Android operating system.… | |||
|
2022-08-19 18:30:15 | Microsoft looks beyond the US with Windows Subsystem for Android (lien direct) | Realizes there's a big beautiful world out there and sets sail for Japan Microsoft has taken a tentative step to expand the Windows Subsystem for Android outside of the US by making the preview available in Japan.… | |||
|
2022-08-19 07:37:15 | Two years on, Apple iOS VPNs still leak IP addresses (lien direct) | Privacy, it's a useful marketing term *Offer does not apply in China Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there's no sign of a fix.… | Vulnerability | ||
|
2022-08-18 16:00:05 | Google blocks third record-breaking DDoS attack in as many months (lien direct) | 46 million requests per second network flood comes as attacks increase by more than 200% compared to last year Google says it has blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second.… | |||
|
2022-08-18 06:28:12 | Ransomware attack on UK water company clouded by confusion (lien direct) | Clop gang thought it hit Thames Water – but real victim was elsewhere A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.… | Ransomware | ||
|
2022-08-17 18:41:18 | After 7 years, long-term threat DarkTortilla crypter is still evolving (lien direct) | .NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to evolve rapidly, with almost 10,000 code samples being uploaded to VirusTotal over a 16-month period.… | Malware Threat | ||
|
2022-08-17 12:25:09 | UK launches \'consultation\' with EU over exclusion from science programs (lien direct) | Billions in funding at stake as PM hopeful Liz Truss says bloc 'in breach of agreement' The UK government has launched formal consultations with the EU over the failure to secure its inclusion in the EU's €95.5 billion ($97.6 billion) research funding program since the island nation left the world's richest trading bloc.… | |||
|
2022-08-17 08:00:20 | Mozilla finds 18 of 25 popular reproductive health apps leak data (lien direct) | Scary in post-Roe America, and Poland, and far too many other places It's official: your period and/or pregnancy tracker will probably share your data with law enforcement. And they might even do it on purpose.… | |||
|
2022-08-17 03:01:05 | Open source VideoLAN media player asks why it\'s blocked in India (lien direct) | Rubbishes suggestions poisoned clones or ancient malware are worthy reasons for ban Developers of the open source VideoLAN media player have started sniping at India's government over an apparent block on the project's website.… | Malware | ||
|
2022-08-16 21:25:11 | SEC says brokerage accounts hijacked for $1.3m pump-and-dump scam (lien direct) | 18 people and businesses charged, one giant web of connections America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits.… | |||
|
2022-08-16 16:43:06 | PC store told it can\'t claim full cyber-crime insurance after social-engineering attack (lien direct) | Two different kinds of fraud, says judge while throwing out lawsuit against insurer A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.… |
To see everything:
Our RSS (filtrered)
