What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-06-07 13:27:56 | Issu de pirates \\ 'ultimatum \\' sur la violation des données de la paie Hackers Issue \\'Ultimatum\\' Over Payroll Data Breach (lien direct) |
Le gang de ransomware CLOP a publié des sociétés "un ultimatum" ciblées dans un récent hack à grande échelle de données de paie
The Clop ransomware gang issued "an ultimatum" companies targeted in a recent large-scale hack of payroll data |
Ransomware Data Breach Hack | ★★ | |
 |
2023-06-06 19:20:00 | Ce nouveau satellite entre en orbite avec une mission: se faire abuser des pirates This new satellite enters orbit with one mission: To get abused by hackers (lien direct) |
Si les pirates s'ennuient ici sur Terre, ils auront bientôt la chance de tester leurs compétences dans l'espace.Le défi est le suivant: lors de la conférence Def Con Security à Las Vegas en août, ils devront pirater à distance le satellite Moonlighter, qui a été lancé avec succès dans l'espace plus tôt cette semaine.Moonlighter est une mini-satellite de 5 kilogrammes -
If hackers get bored here on Earth, they\'ll soon have the chance to test their skills in space. The challenge is this: during the DEF CON security conference in Las Vegas in August, they\'ll have to remotely hack the Moonlighter satellite, which successfully launched into space earlier this week. Moonlighter is a 5-kilogram mini-satellite - |
Hack Conference | ★★★★ | |
 |
2023-06-06 13:00:00 | Cyberheistnews Vol 13 # 23 [réveil] Il est temps de se concentrer davantage sur la prévention du phishing de lance CyberheistNews Vol 13 #23 [Wake-Up Call] It\\'s Time to Focus More on Preventing Spear Phishing (lien direct) |
CyberheistNews Vol 13 #23 | June 6th, 2023
[Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing
Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks).
A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly.
This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches."
Let that sink in for a moment.
What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks.
[CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports
NEW! KnowBe4 |
Ransomware Malware Hack Tool Threat | ★★ | |
|
2023-06-03 11:00:00 | Dans d'autres nouvelles: utilisation du gouvernement de logiciels espions, nouveaux outils de sécurité industrielle, Japan Router Hack In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack (lien direct) |
> News Cybersecurity que vous avez peut-être manqué cette semaine: les logiciels espions utilisés par divers gouvernements, de nouvelles vulnérabilités, des produits de sécurité industrielle et des attaques de routeurs Linux.
>Cybersecurity news that you may have missed this week: the spyware used by various governments, new vulnerabilities, industrial security products, and Linux router attacks. |
Hack Industrial | ★★ | |
|
2023-06-02 09:47:24 | Apple nie aider le gouvernement américain à pirater les iPhones russes Apple Denies Helping US Government Hack Russian iPhones (lien direct) |
> Apple a nié avoir travaillé avec n'importe quel gouvernement pour ajouter des délais à ses produits après que la Russie a accusé la société d'avoir aidé les iPhones de piratage de la NSA.
>Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping the NSA hack iPhones. |
Hack | ★★ | |
|
2023-06-02 09:04:59 | Zero-day in Moveit File Transfer Software exploité pour voler des données aux organisations Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations (lien direct) |
> Une vulnérabilité zéro-jour dans le produit du logiciel de progression \\ Moveit Transfer a été exploitée pour pirater des organisations et voler leurs données.
>A zero-day vulnerability in Progress Software\'s MOVEit Transfer product has been exploited to hack organizations and steal their data. |
Hack Vulnerability | ★★★ | |
 |
2023-06-01 20:44:00 | Le nouveau hack zéro clique cible les utilisateurs iOS avec des logiciels malveillants radiculaires furtifs New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware (lien direct) |
Une menace persistante avancée auparavant inconnue (APT) vise les appareils iOS dans le cadre d'une campagne mobile sophistiquée et de longue date surnommée la triangulation de l'opération qui a commencé en 2019.
"Les cibles sont infectées à l'aide d'exploits de clics zéro via la plate-forme iMessage, et le malware s'exécute avec les privilèges racine, obtenant un contrôle complet sur les données de l'appareil et de l'utilisateur", a déclaré Kaspersky.
Le Russe
A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said. The Russian |
Malware Hack Threat | ★★ | |
 |
2023-05-31 20:36:49 | Dissidents iraniens \\ 'affirmation de piratage présidentiel probablement légitime, disent les experts Iranian dissidents\\' claim of presidential hack likely legitimate, experts say (lien direct) |
L'opération de piratage et de fuite révélée lundi comprend une mine de fichiers liés au président iranien Ebrahim Raisi.
The hack and leak operation revealed Monday includes a trove of files related to Iranian President Ebrahim Raisi. |
Hack | ★★ | |
|
2023-05-31 13:00:00 | Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks (lien direct) |
CyberheistNews Vol 13 #22 | May 31st, 2023
[Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks
With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.
When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report.
According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry:
51% of invoice fraud attacks targeted the financial services industry
42% were payroll fraud attacks
63% were payment fraud
To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox.
The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage.
Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
|
Ransomware Malware Hack Tool Threat Conference | Uber ChatGPT ChatGPT Guam | ★★ |
 |
2023-05-27 12:14:25 | CISA avertit les agences Govt de Barracuda zéro-jour récemment corrigé CISA warns govt agencies of recently patched Barracuda zero-day (lien direct) |
La CISA a mis en garde contre une vulnérabilité zéro-jour récemment exploitée la semaine dernière pour pirater les appareils électroménagers de la Gateway (ESG) de Barracuda.[...]
CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway (ESG) appliances. [...] |
Hack Vulnerability | ★★ | |
|
2023-05-26 10:31:56 | Pare-feu zyxel piraté par Mirai Botnet Zyxel Firewalls Hacked by Mirai Botnet (lien direct) |
> Un botnet Mirai a exploité une vulnérabilité récemment corrigée suivie sous le nom de CVE-2023-28771 pour pirater de nombreux pare-feu zyxel.
>A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. |
Hack Vulnerability | ★★ | |
 |
2023-05-25 19:31:34 | Faites de votre maison intelligente une maison sécurisée également: sécuriser vos appareils de maison intelligente IoT Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices (lien direct) |
> 
Ce n'est que une ampoule intelligente.Pourquoi voudrait-on pirater cela?Grande question.Parce que ça arrive au cœur ...
> 
It\'s only a smart lightbulb. Why would anyone want to hack that? Great question. Because it gets to the heart...
|
Hack | ★★ | |
|
2023-05-25 09:56:37 | Vulnérabilité zéro-jour exploitée pour pirater les appareils de passerelle de sécurité par e-mail Barracuda Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances (lien direct) |
> Barracuda Networks avertit les clients du CVE-2023-2868, un jour nul exploité pour pirater certains appareils électroménagers (ESG). .
>Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances. |
Hack Vulnerability | ★★ | |
 |
2023-05-24 10:00:00 | Lorsque la sécurité Internet est une exigence, envisagez de fibre dédiée When internet security is a requirement, look to dedicated fiber (lien direct) |
With increased dangers lurking in digital spaces, the need for cybersecurity is now a commonly known fact for just about all business owners. When it comes to protecting their network, most start with the basic firewall. While added layers are required, there is something even more fundamental that should not be overlooked: the physical connection itself. It is like making sure you have secure and quality doors and windows prior to putting alarms on them. So, what type of internet connection is the most secure? To answer this question, I consulted with Robert Lozanski, a member of AT&T\'s Solution Consultant team whose primary role is to design full networking solutions for businesses. In the following paragraphs, let’s go through the different types of connections and assess the quality - as well as the security level - of each one. Meet the contenders First off, it is important to understand the different types of internet connections. The most common ones are copper, fiber, and wireless networks. Copper: Copper cables are the original internet connections. They transmit data in the form of electrical signals. While this type of connection has been used for years, copper is difficult to maintain, has limited speed options, and degrades with time. As a result, many providers are making a shift away from it. Cellular: A cellular network provides access to the Internet by transmitting data over the air. The network connects to cellular towers rather than cables in the ground. While cellular internet has made huge technological advancements with the rollout of 5G, it still has its limitations. Cellular networks currently have lower speed tiers than many wired options – but this may change in the future. Fiber: Fiber optic internet uses a network of bundled strands of glass called fiber optic cables to deliver internet service through pulses of light. Fiber optics are the newest and most reliable type of internet connections. They also offer the highest speed options. Assessing the security of the connections A common way to assess a network is by measuring it against the CIA triad: Confidentiality, Integrity, and Availability. Among the different internet transport types, some are more secure than others because of the way they fulfill the three CIA requirements. In other words, a secure network will have high levels of confidentiality, integrity, and availability. As of 2023, 5G wireless connections have security layer options and speeds that make them strong contenders in the networking market. However, wired connections are still the primary choice for businesses prioritizing their internet connections due to wired connection’s reliability and bandwidth availability. According to Lozanski, "while a cellular network solution is utilitarian for its mobility and flexibility, wired connections still offer an added layer of security because they will provide faster speeds and performance. A cellular connection can perform like a broadband connection with fluctuations throughout the day, but it won’t offer the same speeds.” Between the two wired connections mentioned, copper and fiber, there is not much competition. With speeds up to 1Tbps, fiber moves at the speed of light and offers availability and reliability that copper wired connections cannot provide. However, the search for the most secure connection does not stop there. Even though fiber optic connections are made of glass and move at the speed of light, the way the connection is delivered may vary, and in turn offer different levels of security. The simplest way to break down this d | Hack Prediction | ★★ | |
 |
2023-05-23 13:45:45 | Rapport sur les cyberattaques 2022: les PME suisses particulièrement menacées Bericht zu Cyberattacken 2022: Schweizer KMU besonders bedroht (lien direct) |
Le rapport demi-année en 2022 du National Center for Cyber Security (NCSC) montre une menace élevée, en particulier pour le Centre national en mai.Le danger de devenir victime d'une infection des ransomwares est resté presque le même, en particulier le groupe russophone attiré par le bit actif et les avantages de vulnérabilités non rémunérées et de configurations incorrectes & # 8211;Le groupe a attiré l'attention des services secrètes occidentaux après le hack Royal Mail UK, qui est désavantageux pour le secteur des ransomwares.
-
rapports spéciaux
/ /
affiche
Der im Mai veröffentlichte Halbjahresbericht 2022 des Nationalen Zentrums für Cybersicherheit (NCSC) zeigt insgesamt eine hohe Bedrohungslage besonders für KMU auf. Die Gefahr Opfer einer Ransomware-Infektion zu werden, ist nahezu gleichgeblieben, besonders die russischsprachige Gruppe Lockbit war aktiv und profitiert von ungepatchten Schwachstellen und fehlerhaften Konfigurationen – spätestens nach dem Royal Mail UK Hack hat die Gruppe die Aufmerksamkeit der westlichen Geheimdienste auf sich gezogen, was sich zukünftig nachteilig auf das Ransomware-Business auswirken dürfte. - Sonderberichte / affiche |
Hack | ★★ | |
|
2023-05-23 13:00:00 | Cyberheistnews Vol 13 # 21 [Double Trouble] 78% des victimes de ransomwares sont confrontées à plusieurs extensions en tendance effrayante CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend (lien direct) |
CyberheistNews Vol 13 #21 | May 23rd, 2023
[Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend
New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture.
You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them.
According to the report, in 2023:
7% of organizations were victims of a ransomware attack
7% of those paid a ransom
73% were able to recover data
Only 21.6% experienced solely the encryption of data and no other form of extortion
It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents.
IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent.
In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all.
Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats
[Free Tool] Who Will Fall Victim to QR Code Phishing Attacks?
Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters.
With the increased popularity of QR codes, users are more at |
Ransomware Hack Tool Vulnerability Threat Prediction | ChatGPT | ★★ |
 |
2023-05-23 03:22:09 | #TripwireBookClub – How to Hack Like a Legend (lien direct) | Celui-ci a pris un peu plus de temps à lire que la plupart des livres que nous passons en revue, mais c'est entièrement sur moi… tout le monde l'a terminé il y a quelque temps.Cette fois-ci, nous regardons comment pirater comme une légende: casser les fenêtres par le flux de spar.La page de presse No Starch indique que le livre est «rempli de trucs intéressants, de conseils ingénieux et de liens vers des ressources utiles pour vous donner un guide pratique et pratique pour pénétrer et contourner les systèmes de sécurité Microsoft».Le contenu du livre est assez intéressant, et il couvre un certain nombre de sujets, notamment AMSI, Microsoft Advanced Threat Analytics, Kerberoasting ...
This one took a bit longer to read than most of the books we review, but that\'s entirely on me… everyone else finished it a while ago. This time around, we\'re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.” The content of the book is quite interesting, and it covers a number of topics including AMSI, Microsoft Advanced Threat Analytics, Kerberoasting... |
Hack Threat | ★★ | |
|
2023-05-23 03:22:09 | #TripwireBookClub & # 8211;Comment pirater comme une légende #TripwireBookClub – How to Hack Like a Legend (lien direct) |
Celui-ci a pris un peu plus de temps à lire que la plupart des livres que nous passons en revue, mais c'est entièrement sur moi… tout le monde l'a terminé il y a quelque temps.Cette fois-ci, nous regardons comment pirater comme une légende: casser les fenêtres par le flux de spar.La page de presse No Starch indique que le livre est «rempli de trucs intéressants, de conseils ingénieux et de liens vers des ressources utiles pour vous donner un guide pratique et pratique pour pénétrer et contourner les systèmes de sécurité Microsoft».Le contenu du livre est assez intéressant, et il couvre un certain nombre de sujets, notamment AMSI, Microsoft Advanced Threat Analytics, Kerberoasting ...
This one took a bit longer to read than most of the books we review, but that\'s entirely on me… everyone else finished it a while ago. This time around, we\'re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.” The content of the book is quite interesting, and it covers a number of topics including AMSI, Microsoft Advanced Threat Analytics, Kerberoasting... |
Hack Threat | ★★ | |
|
2023-05-18 15:34:54 | Apple corrige trois nouveaux jours zéro exploités pour pirater les iPhones, les Mac Apple fixes three new zero-days exploited to hack iPhones, Macs (lien direct) |
Apple a abordé trois nouvelles vulnérabilités zéro-jours exploitées dans les attaques pour pirater les iPhones, les Mac et les iPads.[...]
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads. [...] |
Hack | ★★ | |
|
2023-05-16 13:00:00 | CyberheistNews Vol 13 # 20 [pied dans la porte] Les escroqueries de phishing du Q1 2023 \\ |Infographie CyberheistNews Vol 13 #20 [Foot in the Door] The Q1 2023\\'s Top-Clicked Phishing Scams | INFOGRAPHIC (lien direct) |
CyberheistNews Vol 13 #20 | May 16th, 2023
[Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC
KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.
IT and Online Services Emails Drive Dangerous Attack Trend
This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work.
Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical.
Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following:
Common "In-The-Wild" Emails for Q1 2023
Top Phishing Email Subjects Globally
Top 5 Attack Vector Types
Top 10 Holiday Phishing Email Subjects in Q1 2023
This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.
Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l |
Ransomware Spam Malware Hack Tool Threat | ★★ | |
|
2023-05-12 09:22:58 | Australian Enterprise Software Maker Technologyone reprend le trading après le piratage Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack (lien direct) |
Le fabricant de logiciels d'entreprise australienne a déclaré que son système interne Microsoft 365 avait été compromis dans une cyberattaque.
Australian enterprise software maker TechnologyOne said its internal Microsoft 365 system was compromised in a cyberattack. |
Hack | ★★ | |
 |
2023-05-11 17:59:43 | Ex-ingénieur de l'ubiquiti derrière le vol de données «à couper le souffle» obtient une peine de prison de 6 ans Ex-Ubiquiti engineer behind “breathtaking” data theft gets 6-year prison term (lien direct) |
L'ingénieur a tenté de prétendre que le piratage était un «exercice de sécurité non autorisé».
Engineer tried to claim that the hack was an “unsanctioned security drill.” |
Hack | ★★ | |
|
2023-05-11 13:20:00 | La National Crime Agency de l'UK \\ remporte un défi juridique majeur sur ENCROCHAT HACK UK\\'s National Crime Agency wins major legal challenge over Encrochat hack (lien direct) |
Britain\'s National Crime Agency (NCA) won a major legal challenge on Thursday that had threatened to undermine thousands of arrests based on evidence gathered when French and Dutch police hacked the Encrochat messaging service. The Investigatory Powers Tribunal - the only court in the U.K. that can hear complaints about the intelligence services and the
Britain\'s National Crime Agency (NCA) won a major legal challenge on Thursday that had threatened to undermine thousands of arrests based on evidence gathered when French and Dutch police hacked the Encrochat messaging service. The Investigatory Powers Tribunal - the only court in the U.K. that can hear complaints about the intelligence services and the |
Hack | ★★ | |
|
2023-05-11 13:10:06 | Détails divulgués pour la chaîne d'exploitation qui permet le piratage des routeurs Netgear Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers (lien direct) |
> Claroty a divulgué les détails de 5 vulnérabilités qui peuvent être enchaînées dans un exploit permettant aux attaquants non authentifiés de pirater les routeurs Netgear.
>Claroty has disclosed the details of 5 vulnerabilities that can be chained in an exploit allowing unauthenticated attackers to hack Netgear routers. |
Hack | ★★ | |
|
2023-05-10 16:20:00 | Mastermind derrière Twitter 2020 Hack plaide coupable et risque jusqu'à 70 ans de prison Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison (lien direct) |
A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform.
Joseph James O\'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter," the U.S. Department of
A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O\'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter," the U.S. Department of |
Hack | ★★ | |
|
2023-05-10 11:55:00 | Un homme britannique impliqué dans Twitter Hack a été extradé pour nous, plaide coupable à de nombreux cybercrimes British man involved in Twitter hack extradited to US, pleads guilty to numerous cybercrimes (lien direct) |
Un homme britannique a plaidé coupable à New York mardi à son rôle dans le piratage Twitter de juillet 2020, aux côtés de plusieurs autres cyber-infractions, notamment le vol de crypto-monnaie à travers des attaques d'échange de sim et de cyberterre un mineur.Joseph James O \\ 'Connor, 23 ans, a été extradé vers les États-Unis d'Espagne en avril.Il fait face à 77
A British man pleaded guilty in New York on Tuesday to his role in the Twitter hack of July 2020, alongside multiple other cyber offenses including stealing cryptocurrency through SIM swapping attacks and cyberstalking a minor. Joseph James O\'Connor, 23, was extradited to the United States from Spain in April. He faces up to 77 |
Hack | ★★ | |
|
2023-05-10 09:27:41 | Twitter Celebrity Hacker plaide coupable aux États-Unis Twitter Celebrity Hacker Pleads Guilty in US (lien direct) |
> Joseph James O \\ 'Connor a plaidé coupable pour son rôle dans des plans pour pirater les comptes Twitter de célébrités comme Barack Obama et Elon Musk.
>Joseph James O\'Connor pleaded guilty for his role in schemes to hack the Twitter accounts of celebrities like Barack Obama and Elon Musk. |
Hack | ★★ | |
 |
2023-05-10 09:18:04 | Hack pour ton collège ! (lien direct) | L'Académie de Versailles lance sa compétition de hacking éthique pour les élèves de 4ème et 3ème. Un CTF adapté pour les futurs professionnels de la cyber de demain !... | Hack | ★★ | |
 |
2023-05-09 23:51:49 | Britannique plaide coupable aux États-Unis à 2020 Twitter Hack Briton pleads guilty in US to 2020 Twitter hack (lien direct) |
C'était probablement le piratage le plus en vue de l'histoire des médias sociaux, frappant des dizaines de comptes célèbres.
It was probably the most high-profile hack in social media history, hitting dozens of famous accounts. |
Hack | ★★ | |
|
2023-05-08 18:12:00 | Les pirates ont volé une base de données avec les informations du client de Western Digital Hackers stole database with customer info from Western Digital (lien direct) |
Le géant du stockage de données Western Digital a déclaré que les pirates ont volé une base de données contenant les informations personnelles des clients [lors d'une cyberattaque] (https://therecord.media/western-digital-cyberattack-data-abri) survenu le 26 mars.L'entreprise - qui a eu des revenus en 2022 d'environ 19 milliards de dollars et est surtout connu pour la marque Sandisk de disques durs portables et de cartes mémoire amovibles - a annoncé le piratage
Data storage giant Western Digital said hackers stole a database containing the personal information of customers [during a cyberattack](https://therecord.media/western-digital-cyberattack-data-breach) that occurred on March 26. The company - which had 2022 revenues of about $19 billion and is best known for the SanDisk brand of portable hard drives and removable memory cards - announced the hack |
Hack | ★★ | |
|
2023-05-05 15:41:29 | L'ancien chef de la sécurité de l'uber a été condamné à la couverture du piratage Ex-Uber security chief sentenced over covering up hack (lien direct) |
Joseph Sullivan a été condamné pour couvrer une violation de sécurité de 57 millions de comptes d'utilisateurs en 2016.
Joseph Sullivan was convicted over covering up a security breach of 57 million user accounts in 2016. |
Hack | Uber | ★★ |
 |
2023-05-04 16:30:00 | Brightline Hack expose les données de plus de 780 000 patients en santé mentale d'enfants Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients (lien direct) |
Brightline a déclaré que la violation était due à une faille zéro-jour dans Fortra Goanywhere MFT
Brightline said the breach was due to a zero-day flaw in Fortra GoAnywhere MFT |
Hack | ★★ | |
|
2023-05-02 13:00:00 | Cyberheistnews Vol 13 # 18 [Eye on Ai] Chatgpt a-t-il la cybersécurité indique-t-elle? CyberheistNews Vol 13 #18 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? (lien direct) |
CyberheistNews Vol 13 #18 | May 2nd, 2023
[Eye on AI] Does ChatGPT Have Cybersecurity Tells?
Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card.
It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is.
"When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes."
That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive.
One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves.
Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 |
Ransomware Malware Hack Threat | ChatGPT ChatGPT | ★★ |
 |
2023-05-02 10:00:00 | Solarwinds: L'histoire inédite du piratage de chaîne d'approvisionnement le plus audacieux SolarWinds: The Untold Story of the Boldest Supply-Chain Hack (lien direct) |
Les assaillants étaient dans des milliers de réseaux d'entreprises et de gouvernement.Ils pourraient encore être là maintenant.Dans les coulisses de l'enquête Solarwinds.
The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation. |
Hack | ★★ | |
|
2023-05-01 23:40:36 | T-Mobile révèle la 2e violation de données de 2023, celle des épingles de compte qui fuient et plus T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more (lien direct) |
Le piratage affectant 836 abonnés, a duré plus d'un mois avant sa découverte.
Hack affecting 836 subscribers, lasted for more than a month before it was discovered. |
Data Breach Hack | ★★ | |
|
2023-05-01 12:09:00 | Les fonds de pension britanniques ont averti de vérifier les données des clients après la violation de Capita UK pension funds warned to check on clients\\' data after Capita breach (lien direct) |
Des centaines de fonds de pension au Royaume-Uni ont été invités à vérifier si leurs clients ont été volés à la suite du piratage de Capita en mars.Capita, la plus grande entreprise d'externalisation du pays, détient des contrats pour administrer les systèmes de paiement pour les fonds de pension utilisés par plus de 4 millions de personnes en Grande-Bretagne.Le
Hundreds of pension funds in the United Kingdom have been told to check whether their clients\' data had been stolen as a result of the Capita hack in March. Capita, the country\'s largest outsourcing company, holds contracts to administer the payment systems for pension funds used by more than 4 million individuals in Britain. The |
Hack | ★★★ | |
 |
2023-04-28 19:15:12 | Pirater le processus de mise à pied Hacking the Layoff Process (lien direct) |
Mon dernier livre, un hacker & # 8217; s esprit , est rempli d'histoires sur les systèmes de piratage riches et puissants, mais il était difficile de trouver des histoires de piratage par les moins puissants.Voici celui que je viens de trouver.Un Article Les grandes entreprises travaillent par inadvertance à un piratage d'employé pour éviter d'être licencié:
Le logiciel & # 8230; Le logiciel effectue une analyse statistique lors des terminaisons pour voir si certains groupes sont affectés négativement, ont déclaré que ces revues peuvent découvrir d'autres problèmes.Sur une liste de candidats à la mise à pied, une entreprise pourrait constater qu'il est sur le point de licencier par inadvertance un employé qui a précédemment ouvert une plainte contre un gestionnaire & # 8212; une décision qui pourrait être considérée comme des représailles, a-t-elle dit ...
My latest book, A Hacker’s Mind, is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Here’s one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being fired: …software performs a statistical analysis during terminations to see if certain groups are adversely affected, said such reviews can uncover other problems. On a list of layoff candidates, a company might find it is about to fire inadvertently an employee who previously opened a complaint against a manager—a move that could be seen as retaliation, she said... |
Hack | ★★★ | |
 |
2023-04-27 16:55:18 | S3 EP132: La preuve de concept permet à toute personne pirater à volonté S3 Ep132: Proof-of-concept lets anyone hack at will (lien direct) |
Quand Doug dit: "Happy Remote Code Execution Day, Duck" ... c'est l'ironie.Pour éviter tout doute :-)
When Doug says, "Happy Remote Code Execution Day, Duck"... it\'s irony. For the avoidance of all doubt :-) |
Hack | ★★★ | |
|
2023-04-25 13:00:00 | Cyberheistnews Vol 13 # 17 [Head Start] Méthodes efficaces Comment enseigner l'ingénierie sociale à une IA CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
 |
2023-04-24 17:45:05 | Compte de Kucoin Twitter piraté, pertes 22,6 000 $ en crypto arnaque KuCoin Twitter Account Hacked, Losses $22.6K In Crypto Scam (lien direct) |
Une fausse fraude à des cadeaux qui a entraîné un vol de plus de 22,6 000 $ de crypto-monnaie a été promue par les attaquants après que leur compte Twitter de Kucoin ait été compromis.La plate-forme Bitcoin Trading and Exchange s'est engagée à indemniser entièrement les victimes pour toutes les pertes résultant du piratage de son poignée Twitter officielle, qui a été [& # 8230;]
A fake giveaway fraud that resulted in the theft of more than $22.6K in cryptocurrency was promoted by attackers after their access to KuCoin’s Twitter account was compromised. The bitcoin trading and exchange platform has pledged to fully compensate victims for all losses resulting from the hack of its official Twitter handle, which has been […] |
Hack | ★★ | |
|
2023-04-24 17:12:21 | Intel Let Google Cloud pirater ses nouvelles puces sécurisées et a trouvé 10 bogues Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs (lien direct) |
Pour protéger son infrastructure de cloud informatique confidentielle et obtenir des informations critiques, Google s'appuie sur ses relations avec les fabricants de puces.
To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers. |
Hack Cloud | ★★★ | |
|
2023-04-24 11:42:12 | Un défaut critique dans le produit INEA ICS expose les organisations industrielles aux attaques à distance Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks (lien direct) |
> La vulnérabilité critique trouvée dans INEA RTU peut être exploitée pour pirater à distance les appareils et provoquer des perturbations dans les organisations industrielles.
>Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations. |
Hack Vulnerability Industrial | ★★★★ | |
|
2023-04-22 13:00:00 | Les criminels utilisent de minuscules appareils pour pirater et voler des voitures Criminals Are Using Tiny Devices to Hack and Steal Cars (lien direct) |
Apple contrer les logiciels espions de l'Apple, la montée en puissance d'un marché noir GPT-4, la Russie cible les connexions Internet StarLink, et plus encore.
Apple thwarts NSO\'s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more. |
Hack | ★★ | |
|
2023-04-22 12:16:00 | Lazarus X_Trader Hack a un impact sur les infrastructures critiques au-delà Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach (lien direct) |
Lazare, le prolifique groupe de piratage nord-coréen derrière l'attaque de la chaîne d'approvisionnement en cascade ciblant 3CX, a également violé deux organisations d'infrastructures critiques dans le secteur de l'énergie et de l'énergie et deux autres entreprises impliquées dans le négociation financière en utilisant l'application X_Trader Trojanisée.
Les nouvelles conclusions, qui viennent gracieuseté de l'équipe Hunter Hunter de Symantec \\, confirment les soupçons antérieurs que le
Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec\'s Threat Hunter Team, confirm earlier suspicions that the |
Hack Threat | APT 38 | ★★ |
|
2023-04-20 13:38:56 | Attaque de la chaîne d'approvisionnement en cascade: 3cx piraté après l'application Trojanisée téléchargée par l'employé Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App (lien direct) |
> 3CX Hack est la première attaque de chaîne d'approvisionnement en cascade connue, la violation commençant après qu'un employé a téléchargé un logiciel compromis d'une autre entreprise.
>3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm. |
Hack | ★★★★ | |
|
2023-04-20 08:00:00 | Hack 3cx causé par l'attaque de la chaîne d'approvisionnement des logiciels de trading 3CX hack caused by trading software supply chain attack (lien direct) |
Une enquête sur l'attaque de la chaîne d'approvisionnement du mois dernier du mois dernier a découvert qu'elle avait été causée par un autre compromis de la chaîne d'approvisionnement où des attaquants nord-coréens présumés ont violé le site de Stock Trading Automation Company Trading Technologies pour pousser les builds de logiciels trojanisés.[...]
An investigation into last month\'s 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds. [...] |
Hack | ★★★ | |
 |
2023-04-19 21:40:00 | Russian Fancy Bear APT a exploité les routeurs de Cisco non corrigés pour nous pirater, UE Gov \\ 't agences Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov\\'t Agencies (lien direct) |
Le groupe de menaces de scène nationale a déployé des logiciels malveillants personnalisés sur les versions archaïques du système d'exploitation du routeur de Cisco \\.Les experts préviennent que de telles attaques ciblant les infrastructures du réseau sont en augmentation.
The nation-stage threat group deployed custom malware on archaic versions of Cisco\'s router operating system. Experts warn that such attacks targeting network infrastructure are on the rise. |
Malware Hack Threat | APT 28 | ★★ |
|
2023-04-19 13:39:53 | Le service des casiers judiciaires a toujours perturbé 4 semaines après le piratage Criminal Records Service still disrupted 4 weeks after hack (lien direct) |
Les personnes souhaitant travailler avec des enfants ou obtenir des visas d'émigration sont toujours confrontés à de longs retards.
People wishing to work with children or gain emigration visas are still facing long delays. |
Hack | ★★ | |
|
2023-04-19 09:03:31 | États-Unis, Royaume-Uni: la Russie exploitant la vieille vulnérabilité pour pirater les routeurs Cisco US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers (lien direct) |
> Les agences gouvernementales américaines et britanniques ont émis un avertissement conjoint pour le groupe russe APT28 ciblant les routeurs Cisco en exploitant une ancienne vulnérabilité.
>US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. |
Hack Vulnerability | APT 28 | ★★ |
|
2023-04-18 13:00:00 | Cyberheistnews Vol 13 # 16 [doigt sur le pouls]: comment les phishers tirent parti de l'IA récent Buzz CyberheistNews Vol 13 #16 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
To see everything:
Our RSS (filtrered)
