What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-04-14 12:17:00 | Tasmanie: 150 000 personnes et entreprises touchées par le groupe de ransomwares CLOP Tasmania: 150,000 individuals and businesses affected by Clop ransomware group (lien direct) |
Le gouvernement de l'État australien de Tasmanie a confirmé vendredi «environ 150 000 personnes et entreprises» dans l'État insulaire ont été directement affectées par le piratage du produit de transfert de fichiers Goanywhere de Fortra \\.Dans [une mise à jour] (https://www.premier.tas.gov.au/site_resources_2015/additional_releases/update-on-cyber-investigation3) du ministre de la Science et de la technologie de l'État, Madeleine Ogilvie, The Tasmanian \'s Science, Madeleine Ogilvie, TasmanianLe gouvernement a déclaré qu'il continuait à enquêter sur le
The government of the Australian state of Tasmania confirmed on Friday “approximately 150,000 individuals and businesses” in the island state were directly affected by the hack of Fortra\'s GoAnywhere file transfer product. In [an update](https://www.premier.tas.gov.au/site_resources_2015/additional_releases/update-on-cyber-investigation3) from the state\'s minister for science and technology, Madeleine Ogilvie, the Tasmanian government said it is continuing to investigate the |
Ransomware Hack | ★★ | |
 |
2023-04-13 10:04:00 | Les systèmes d'irrigation en Israël perturbés par des attaques de pirates contre les circuits intégrés Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS (lien direct) |
> Les systèmes d'irrigation ont été perturbés récemment en Israël dans une attaque qui montre à nouveau à quel point il est facile de pirater les systèmes de contrôle industriel (ICS).
>Irrigation systems were disrupted recently in Israel in an attack that once again shows how easy it is to hack industrial control systems (ICS). |
Hack Industrial | ★★★ | |
 |
2023-04-11 13:16:54 | Cyberheistnews Vol 13 # 15 [Le nouveau visage de la fraude] FTC fait la lumière sur les escroqueries d'urgence familiale améliorées AI-AI CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams (lien direct) |
CyberheistNews Vol 13 #15 | April 11th, 2023
[The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams
The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress."
They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how."
"Don\'t Trust The Voice"
The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one.
"So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends."
Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams
A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation
Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making |
Ransomware Data Breach Spam Malware Hack Tool Threat | ChatGPT ChatGPT | ★★ |
|
2023-04-11 12:00:00 | [Outil gratuit] Voir quels utilisateurs sont susceptibles de se faire un comportement de sécurité risqué avec l'aperçu gratuit de SecurityCoach! [Free Tool] See Which Users Are Susceptible to Risky Security Behavior with SecurityCoach Free Preview! (lien direct) |
Data Breach Hack | ★★ | ||
 |
2023-04-10 18:34:05 | Quelqu'un a-t-il vraiment piraté la plante d'Oldsmar, en Floride, de traitement de l'eau?De nouveaux détails suggèrent peut-être pas. Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. (lien direct) |
> Les déclarations du FBI et de l'ancien directeur de la ville d'Oldsmar indiquent ce qui s'est passé à l'usine peut ne pas avoir été l'œuvre d'un pirate extérieur.
>Statements from the FBI and former Oldsmar city manager indicate what happened at the plant may not have been the work of an outside hacker. |
Hack | ★★★ | |
 |
2023-04-10 12:24:43 | CISA ordonne aux agences Govt de mettre à jour les iPhones, Mac avant le 1er mai CISA orders govt agencies to update iPhones, Macs by May 1st (lien direct) |
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a ordonné aux agences fédérales de corriger deux vulnérabilités de sécurité activement exploitées dans la nature pour pirater les iPhones, les Mac et les iPads.[...]
The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads. [...] |
Hack | ★★ | |
 |
2023-04-10 08:28:05 | Piratage de télécopieur a correctement des choses, encore et encore et encore et encore Pager hack faxed things up properly, again, and again, and again (lien direct) |
Où pouvez-vous lire une histoire qui commence par un piratage Wang et se termine par un mariage? Qui, moi? Ah, cher lecteur, à quel pointEncore une fois au Water-Cooliner Analog Le registre aime appeler qui, moi?où nous admettons nos erreurs passées sans crainte de jugement.Ok, peut-être un petit jugement … | Hack | ★★ | |
 |
2023-04-08 01:20:44 | Apple émet des correctifs d'urgence pour les exploits de style spyware 0-jour & # 8211;Mettez à jour maintenant! Apple issues emergency patches for spyware-style 0-day exploits – update now! (lien direct) |
Un bug pour pirater votre navigateur, puis un bug pour PWN le noyau ... signalé dans le Wild by Amnesty International.
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International. |
Hack | ★★★ | |
|
2023-04-07 14:22:20 | Apple corrige deux jours zéro exploités pour pirater les iPhones et les Mac Apple fixes two zero-days exploited to hack iPhones and Macs (lien direct) |
Apple a publié des mises à jour de sécurité d'urgence pour aborder deux nouvelles vulnérabilités zéro-jours exploitées dans les attaques pour compromettre les iPhones, les Mac et les iPads.[...]
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. [...] |
Hack | ★★ | |
 |
2023-04-07 14:20:59 | Les JO 2024 ont déjà débuté pour les hackers (lien direct) | Les Jeux Olympiques 2024 pointent le bout de leurs médailles. Mais avant ce grand rendez-vous accueilli par la France, les hackers éthiques sont là. Au FIC, Yes We Hack et Eviden étaient déjà dans les startingblock pour déceler le moindre faux départ.... | Hack | ★★★ | |
 |
2023-04-07 13:00:00 | Cybercriminels \\ 'peut \\' voler votre voiture, en utilisant un nouveau piratage IoT Cybercriminals \\'CAN\\' Steal Your Car, Using Novel IoT Hack (lien direct) |
Le SUV de votre famille pourrait être parti dans la nuit grâce à une attaque de fissure et de piratage de phares.
Your family\'s SUV could be gone in the night thanks to a headlight crack and hack attack. |
Hack | ★★ | |
|
2023-04-06 13:42:04 | Les voleurs utilisent un hack d'injection pour voler des voitures Thieves Use CAN Injection Hack to Steal Cars (lien direct) |
> Un haut-parleur portable d'aspect innocent peut masquer un dispositif de piratage qui lance des attaques d'injection de Can, qui ont été utilisées pour voler des voitures.
>An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars. |
Hack | ★★★ | |
|
2023-04-05 18:49:18 | Hack et entrez!Les portes de garage «sécurisées» que n'importe qui peut ouvrir de n'importe où & # 8211;Que souhaitez-vous savoir Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know (lien direct) |
Prenez un message / lecture / vous êtes juste joué / un grand hack phat ...
Grab a message/Play it back/You\'ve just performed/A big phat hack... |
Hack | ★★ | |
 |
2023-04-05 18:15:08 | CVE-2023-28852 (lien direct) | GLPI est un progiciel gratuit et logiciel de gestion informatique.À partir de la version 9.5.0 et avant les versions 9.5.13 et 10.0.7, un utilisateur avec les droits d'administration du tableau de bord peut pirater le formulaire de tableau de bord pour stocker un code malveillant qui sera exécuté lorsque d'autres utilisateurs utiliseront le tableau de bord connexe.Les versions 9.5.13 et 10.0.7 contiennent un correctif pour ce problème.
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue. |
Hack | ||
|
2023-04-04 13:00:00 | CyberheistNews Vol 13 # 14 [Eyes sur le prix] Comment les inconvénients croissants ont tenté un courteur par e-mail de 36 millions de vendeurs CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist (lien direct) |
CyberheistNews Vol 13 #14 | April 4th, 2023
[Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.
It\'s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor\'s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there\'s the now-obvious problem with it looking very much like .com to the cursory glance).
The email attaches a legitimate-looking payoff letter complete with loan details. According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT).
This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, your users need to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through security awareness training combined with frequent simulated phishing and other social engineering tests.
Blog post with screenshots and links:https://blog.knowbe4.com/36-mil-vendor-email-compromise-attack
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 i |
Ransomware Malware Hack Threat | ChatGPT ChatGPT APT 43 | ★★ |
 |
2023-04-04 09:24:00 | Les sociétés de crypto-monnaie ciblées dans une attaque sophistiquée de la chaîne d'approvisionnement 3CX Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack (lien direct) |
L'adversaire derrière l'attaque de la chaîne d'approvisionnement ciblant 3CX a déployé un implant de deuxième étape distinguant spécifiquement un petit nombre de sociétés de crypto-monnaie.
La société russe de cybersécurité Kaspersky, qui a suivi en interne la porte dérobée polyvalente sous le nom de Gopuram depuis 2020, a déclaré avoir observé une augmentation du nombre d'infections en mars 2023 coïncidant avec la violation du 3CX.
The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020, said it observed an increase in the number of infections in March 2023 coinciding with the 3CX breach. |
Hack Threat | ★★★ | |
 |
2023-04-03 18:03:55 | Hack de chaîne d'approvisionnement massive 3CX. Massive 3CX Supply Chain Hack Targeted Cryptocurrency Firms (lien direct) |
Les pirates nord-coréens semblent avoir utilisé le logiciel VoIP corrompu pour s'en occuper seulement une poignée d'entreprises cryptographiques avec une «précision chirurgicale».
North Korean hackers appear to have used the corrupted VoIP software to go after just a handful of crypto firms with "surgical precision." |
Hack | ★★ | |
 |
2023-04-03 16:30:00 | US DOD dévoile le site Web pour pirater le programme Bounty Bount de Pentagone US DoD Unveils Website For Hack the Pentagon Bug Bounty Program (lien direct) |
Ce sera une ressource pour les organisations du DoD, les fournisseurs et les chercheurs en sécurité
It will be a resource for DoD organizations, vendors and security researchers |
Hack | ★★ | |
 |
2023-04-03 16:04:36 | Capita Cyberattack a rendu ses programmes Microsoft Office 365 inaccessibles Capita Cyberattack Made Its Microsoft Office 365 Programs Inaccessible (lien direct) |
Capita a reconnu qu'une cyberattaque avait eu lieu vendredi dernier.De nombreux clients du Royaume-Uni, y compris des organisations gouvernementales, ont connu des perturbations en raison de l'incident, ce qui a perturbé l'accès aux applications internes Microsoft Office 365 dans le cabinet de services informatiques et de conseil.Dans une déclaration envoyée aux actionnaires ce matin, Capita a déclaré que le piratage n'avait pas compromis [& # 8230;]
Capita has acknowledged that a cyberattack occurred last Friday. Many clients across the UK, including government organizations, experienced disruption due to the incident, which disrupted access to internal Microsoft Office 365 apps at the IT services and consultancy firm. In a statement sent to shareholders this morning, Capita stated that the hack did not compromise […] |
Hack | ★★★ | |
|
2023-04-03 13:47:40 | Vulnérabilité du plugin Elementor Pro exploité pour pirater les sites Web WordPress Elementor Pro Plugin Vulnerability Exploited to Hack WordPress Websites (lien direct) |
> Une vulnérabilité sévère dans le plugin Elementor Pro WordPress est exploitée pour injecter des logiciels malveillants en sites Web vulnérables.
>A severe vulnerability in the Elementor Pro WordPress plugin is being exploited to inject malware into vulnerable websites. |
Malware Hack Vulnerability | ★★ | |
|
2023-04-03 10:13:07 | Europe, Amérique du Nord le plus touché par le piratage de la chaîne d'approvisionnement 3CX Europe, North America Most Impacted by 3CX Supply Chain Hack (lien direct) |
> L'Europe, les États-Unis et l'Australie semblent être les plus touchées par le hack de chaîne d'approvisionnement 3CX, selon les données de deux sociétés de cybersécurité.
>Europe, the United States and Australia seem to be the most impacted by the 3CX supply chain hack, according to data from two cybersecurity firms. |
Hack | ★★ | |
|
2023-04-03 08:26:07 | Un espace Google utilisé par un pirate informatique (lien direct) | Pour vanter un faux site de streaming, un pirate s'est invité dans un site Google afin de piéger les amateurs de football.... | Hack Threat | ★★★ | |
|
2023-03-31 12:16:00 | Plus de preuves relie l'attaque de la chaîne d'approvisionnement 3CX au groupe de piratage nord-coréen [More evidence links 3CX supply-chain attack to North Korean hacking group] (lien direct) |
L'attaque de la chaîne d'approvisionnement contre la société de téléphone d'entreprise 3CX a utilisé le code de piratage qui «correspond exactement» au malware maltraité précédemment dans les attaques par un groupe nord-coréen notoire, selon une nouvelle analyse.L'établissement de l'étendue des dommages causés par le pirat
The supply-chain attack on the enterprise phone company 3CX used hacking code that “exactly matches” malware previously seen in attacks by a notorious North Korean group, according to new analysis. Establishing the extent of the damage caused by the hack has been a priority for researchers after a number of cybersecurity businesses went public with |
Malware Hack | APT 38 | ★★ |
|
2023-03-31 11:15:07 | Mandiant enquêtant sur le piratage 3CX car les preuves montrent que les attaquants ont eu accès pendant des mois [Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months] (lien direct) | > Plusieurs sociétés de cybersécurité ont publié des articles de blog, des avis et des outils pour aider les organisations qui pourraient avoir été frappées par l'attaque de la chaîne d'approvisionnement 3CX.
>Several cybersecurity companies have published blog posts, advisories and tools to help organizations that may have been hit by the 3CX supply chain attack. |
Hack | ★★ | |
 |
2023-03-30 12:19:17 | Les pirates pro-russes Target Target ont élu des responsables américains soutenant l'Ukraine [Pro-Russian hackers target elected US officials supporting Ukraine] (lien direct) | Le groupe suivi depuis 2021 exploite les serveurs Zimbra non corrigés pour pirater des comptes de messagerie.
Group tracked since 2021 exploits unpatched Zimbra servers to hack email accounts. |
Hack | ★★★ | |
|
2023-03-28 13:00:00 | Cyberheistnews Vol 13 # 13 [Oeil Overner] Comment déjouer les attaques de phishing basées sur l'IA sournoises [CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks] (lien direct) |
CyberheistNews Vol 13 #13 | March 28th, 2023
[Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks
Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO.
"A leader tasked with cybersecurity can get ahead of the game by understanding where we are in the story of machine learning (ML) as a hacking tool," Tyson writes. "At present, the most important area of relevance around AI for cybersecurity is content generation.
"This is where machine learning is making its greatest strides and it dovetails nicely for hackers with vectors such as phishing and malicious chatbots. The capacity to craft compelling, well-formed text is in the hands of anyone with access to ChatGPT, and that\'s basically anyone with an internet connection."
Tyson quotes Conal Gallagher, CIO and CISO at Flexera, as saying that since attackers can now write grammatically correct phishing emails, users will need to pay attention to the circumstances of the emails.
"Looking for bad grammar and incorrect spelling is a thing of the past - even pre-ChatGPT phishing emails have been getting more sophisticated," Gallagher said. "We must ask: \'Is the email expected? Is the from address legit? Is the email enticing you to click on a link?\' Security awareness training still has a place to play here."
Tyson explains that technical defenses have become very effective, so attackers focus on targeting humans to bypass these measures.
"Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. "This is where we can install a tripwire in our mindsets: we should be hyper aware of what it is we are acting upon when we act upon it.
"Not until an employee sends a reply, runs an attachment, or fills in a form is sensitive information at risk. The first ring of defense in our mentality should be: \'Is the content I\'m looking at legit, not just based on its internal aspects, but given the entire context?\' The second ring of defense in our mentality then has to be, \'Wait! I\'m being asked to do something here.\'"
New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture.
Remember: Culture eats strategy for breakfast and is always top-down.
Blog post with links:https://blog.knowbe4.com/identifying-ai-enabled-phishing
|
Ransomware Malware Hack Tool Threat Guideline | ChatGPT ChatGPT | ★★★ |
 |
2023-03-24 12:45:57 | Blackfield Hackthebox Procédure pas à pas [Blackfield HacktheBox Walkthrough] (lien direct) | Le résumé Blackfield est une machine Windows Active Directory et est considérée comme une boîte dure par le piratage de la boîte.Cette boîte a diverses vulnérabilités intéressantes,
Summary Blackfield is a windows Active Directory machine and is considered as hard box by the hack the box. This box has various interesting vulnerabilities, |
Hack | ★★ | |
|
2023-03-24 12:10:00 | Fonds britannique de protection des pensions, dernière victime de Goanywhere Hack [UK Pension Protection Fund latest victim of GoAnywhere hack] (lien direct) |
Le Fonds de protection contre les pensions du Royaume-Uni, l'un des plus grands propriétaires d'actifs de Grande-Bretagne, Gestion & Pound; 39 milliards, a confirmé qu'il avait été affecté par le piratage du service de transfert de fichiers populaire Goanywhere.Un grand nombre d'organisations ont confirmé ces derniers jours que les pirates avaient accédé à leurs données en relation avec l'incident, y compris [la ville de Toronto
The U.K. Pension Protection Fund, one of Britain\'s largest asset owners, managing £39 billion, has confirmed it has been affected by the hack of popular file transfer service GoAnywhere. A large number of organizations have confirmed in recent days that hackers had accessed their data in connection to the incident, including [the City of Toronto |
Hack | ★★★ | |
 |
2023-03-23 16:57:08 | Commentaire d'expert: Withsecure - sur le récent Rio Tinto Hack [Expert comment: WithSecure - On the recent Rio Tinto hack] (lien direct) | Suite à la nouvelle que les anciens et actuels employés australiens de Rio Tinto ont peut-être fait voler des données personnelles par un groupe de cybercrimins, Paul Brucciani Cyber Security Conseiller à Withsecure Explique.
-
mise à jour malveillant
Following the news that former and current Australian employees of Rio Tinto may have had Personal data stolen by a cybercriminal group, Paul Brucciani Cyber Security Advisor at WithSecure explain. - Malware Update |
Hack General Information | ★ | |
|
2023-03-23 15:18:39 | La méthode post-exploitation OKTA expose les mots de passe utilisateur [Okta Post-Exploitation Method Exposes User Passwords] (lien direct) | La saisie accidentelle d'un mot de passe dans le champ de nom d'utilisateur de la plate-forme les économise pour auditer les journaux, auxquels les acteurs de menace peuvent accéder et utiliser pour compromettre les services d'entreprise.
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services. |
Hack Threat | ★★ | |
 |
2023-03-23 14:00:11 | Bitcoin : des pirates ont dépouillé des distributeurs automatiques de cryptos (lien direct) |  Des hackers ont découvert une faille de sécurité dans certains distributeurs automatiques de Bitcoin. En exploitant la brèche, ils ont volé 1,5 million de dollars en cryptomonnaies à l'insu du fabricant, General Bytes. |
Hack | ★★★ | |
|
2023-03-23 11:09:06 | Les logiciels malveillants de volume d'informations Python utilisent Unicode pour échapper à la détection [Python info-stealing malware uses Unicode to evade detection] (lien direct) | Un package Python malveillant sur PYPI utilise Unicode comme technique d'obscurcissement pour échapper à la détection tout en volant et en exfiltrant les développeurs \\ 'des informations d'identification et d'autres données sensibles à partir de dispositifs compromis.[...]
A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers\' account credentials and other sensitive data from compromised devices. [...] |
Malware Hack | ★★★ | |
|
2023-03-21 15:36:27 | NBA alerte les fans après le piratage du fournisseur de services tiers [NBA Alerts Fans After Hack Of The Third-Party Service Provider] (lien direct) | Un avis a été émis par la National Basketball Association (NBA) pour informer ses fans d'un incident de violation de données qui a entraîné le vol de certaines informations personnelles.Un e-mail intitulé & # 8220; Avis de cybersécurité incident & # 8221;à un nombre non spécifié de fans les informant qu'un tiers non autorisé avait obtenu leur nom et leur e-mail [& # 8230;]
A notice has been issued by the National Basketball Association (NBA) to inform its fans about a data breach incident that resulted in the theft of certain personal information. An email titled “Notice of Cybersecurity Incident” to an unspecified number of fans informing them that an unauthorized third party had obtained their name and email […] |
Data Breach Hack | ★★ | |
|
2023-03-20 14:35:48 | Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes (lien direct) | >Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars' worth of crypto-coins. | Hack | ★★ | |
|
2023-03-20 13:29:00 | NBA alerts fans after hack of third-party service provider (lien direct) |
The National Basketball Association (NBA) said it is contacting fans after an unnamed service provider was hacked. An NBA spokesperson did not respond to questions about what service provider was hacked and when, but told The Record that the league is now trying to help those affected. “We were recently made aware that an unauthorized |
Hack | ★★ | |
|
2023-03-16 16:31:10 | ReMarkable emits Type Folio keyboard cover for e-paper tablet (lien direct) | Distraction-free long-life e-ink handheld writing tool becomes a typing tool too... but leaves us conflicted Norwegian e-ink tablet maker reMarkable has launched the Type Folio, a keyboard cover, causing one Reg hack to feel strangely conflicted.… | Hack Tool | ★★ | |
|
2023-03-15 14:06:14 | Hacker selling data allegedly stolen in US Marshals Service hack (lien direct) | A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service (USMS) servers. [...] | Hack Threat | ★★★★ | |
|
2023-03-14 22:00:00 | Kremlin-backed hackers blamed in recent phishing attempts on EU agencies (lien direct) |
A Russian state-backed hacker group known as Nobelium is behind recent attempted cyberattacks on diplomatic entities and government agencies in the European Union, cybersecurity researchers say. In a campaign identified in early March, the hackers sent phishing emails with content related to diplomatic relations between Poland and the U.S., according to a report by cybersecurity |
Hack | APT 29 | ★★★ |
|
2023-03-14 20:09:54 | Still using authenticators for MFA? Software for sale can hack you anyway (lien direct) | Some forms of multi-factor authentication only go so far in preventing account takeovers. | Hack | ★★ | |
|
2023-03-14 09:00:07 | Hack crypto : 197 millions de dollars volés grâce à une faille… et une tactique bien connue (lien direct) |  Un nouveau piratage secoue le monde des cryptomonnaies. En exploitant une faille de sécurité passée inaperçue pendant huit mois, des hackers ont pu voler 197 millions de dollars en monnaies numériques. |
Hack | ★★★ | |
|
2023-03-13 14:32:01 | CISA Warns of Plex Vulnerability Linked to LastPass Hack (lien direct) | >CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. | Hack Vulnerability | LastPass LastPass | ★★★ |
|
2023-03-10 09:30:00 | Acronis Clarifies Hack Impact Following Data Leak (lien direct) | >Acronis said a single customer's account was compromised after a hacker leaked gigabytes of information on a cybercrime forum. | Hack | ★★ | |
|
2023-03-09 21:19:11 | New Rise In ChatGPT Scams Reported By Fraudsters (lien direct) | Since the release of ChatGPT, the cybersecurity company Darktrace has issued a warning, claiming that a rise in criminals utilizing artificial intelligence to craft more intricate schemes to defraud employees and hack into organizations has been observed. The Cambridge-based corporation said that AI further enabled “hacktivist” cyberattacks employing ransomware to extract money from businesses. The […] | Ransomware Hack | ChatGPT ChatGPT | ★★ |
|
2023-03-09 16:30:00 | Acer Confirms Unauthorized Access But Says No Consumer Data Stolen (lien direct) | Kernelware threat actor claimed responsibility for the hack on a dark web forum | Hack Threat | ★★ | |
|
2023-03-09 12:24:39 | AT&T alerts 9 million customers of data breach after vendor hack (lien direct) | AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its marketing vendors was hacked in January. [...] | Data Breach Hack | ★★ | |
|
2023-03-08 16:59:49 | Israel blames prolific Iranian-linked hacking group for February university hack (lien direct) | >MuddyWater has been attacking targets around the world for years, according to the U.S. and other western governments. | Hack | ★★ | |
|
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
|
2023-03-07 14:30:00 | Internal documents show Mexican army used spyware against civilians, set up secret military intelligence unit (lien direct) |
_Two digital rights groups, Mexico's R3D and the University of Toronto's Citizen Lab, have just released an update to their “[Ejército Espía](https://ejercitoespia.r3d.mx/)” (“Spying Government”) report from late last year. In October 2022, they revealed that the Mexican army bought spyware and deployed it against at least two Mexican journalists and a human rights advocate between 2019 and 2021. While they had compelling circumstantial evidence, there was no smoking gun. The newly-released internal classified documents appear to prove it._
_Luis Fernando Garcia, a lawyer and executive director of R3D, told Click Here in an interview that a roster of freedom of information requests and internal Ministry of Defense documents – released as part of last year's massive hack-and-leak operation by the hacktivist group Guacamaya – connect officials at the highest levels of the Mexican army to the purchase of Pegasus spyware. R3D found a 2019 acceptance letter that links the military to a company with the exclusive right to sell licenses for the NSO Group's Pegasus spyware in Mexico._
_NSO Group created Pegasus in 2011 and it has been linked to everything from the capture of the drug lord El Chapo to the murder of journalist Jamal Khashoggi. Pegasus' super power is its ability to infect smartphones without a user knowing - the phone becomes a spy in their pocket, capturing their location, their communications, and information on their friends._
_Among the new revelations are documents from the Mexican Secretariat of National Defense , or SEDENA, that discuss a previously unknown military intelligence agency in charge of the nation's surveillance programs. The leaked files show the agency, referred to as CMI or the Military Intelligence Center, spied on a human rights advocate named Raymundo Ramos who has been investigating a suspected extrajudicial killing by the Army that occurred in July 2020 in a border town called Nuevo Laredo._
_The interview has been edited for space and clarity. A fuller version of the story can be heard on the [Click Here](https://podcasts.apple.com/us/podcast/click-here/id1225077306) podcast._
**CLICK HERE: For people who don't know, can you explain the mission of R3D (The Digital Rights Defense Network)?**
**LUIS FERNANDO GARCIA:** The Digital Rights Defense Network is a NGO that works on issues related to human rights and technology. Since the beginning we've been working to uncover and to investigate and pushback against the surveillance apparatus in Mexico.
**CH: You started your latest investigation into government surveillance in collaboration with the University of Toronto's Citizen Lab in early 2022. What did the initial investigation [[published last October](https://ejercitoespia.r3d.mx/)] reveal?**
**LG:** We started checking phones of human rights defenders, journalists, trying to see if we could find forensic evidence of Pegasus in Mexico. We started to document cases of people who were infected in 2019, 2020, and 2021, which means [it was deployed] during the current government, not the previous government.
A week or maybe less from our publication date, something really important happened. The army's email system was hacked and an activist group called Guacamaya was offering access to those emails to media organizations and to human rights organizations. And this gave us like the missing key that we needed to actually point the finger at the army and say we found these Pegasus cases [and connected them to the military].
**CH: Can you talk about some of the specific things you discovered in the Guacamaya documents?**
**LG:** We were able to find a kind of acceptance letter from the army, directed to the secretary, which is the head of the army - the General Secretary of National Defense in Mexico. And here it talks about a contract with Comercializadora Antsua |
Hack | ★★★★★ | |
|
2023-03-04 14:00:00 | The LastPass Hack Somehow Gets Worse (lien direct) | Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more. | Hack | LastPass LastPass | ★★★ |
|
2023-03-03 11:33:13 | Warning on SolarWinds-like supply-chain attacks: \'They\'re just getting bigger\' (lien direct) | Industry hasn't 'improved much at all' SCSW Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel.… | Hack | ★★★ |
To see everything:
Our RSS (filtrered)
