What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-24 06:28:07 | Lloyd\'s to exclude certain nation-state attacks from cyber insurance policies (lien direct) | Kim Jong-un has entered the chat Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time.… | |||
|
2022-08-22 22:00:12 | Novant Health admits leak of 1.3m patients\' info to Facebook (lien direct) | But don't worry, Zuck would never misuse this type of sensitive data Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta.… | ★★★★ | ||
|
2022-08-22 21:00:08 | Hiding a phishing attack behind the AWS cloud (lien direct) | Scammers are using cloud services to create and host web pages that can be used to lure victims into handing over their credentials Criminals are slipping phishing emails past automated security scanners inside Amazon Web Services (AWS) to establish a launching pad for attacks.… | |||
|
2022-08-22 16:08:11 | LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data (lien direct) | Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. The high-profile gang is now apparently under a distributed denial-of-service (DDoS) because of it.… | Ransomware | ||
|
2022-08-22 06:20:10 | Zoom patches make-me-root security flaw, patches patch (lien direct) | Plus: See if in-app browsers are monitoring you, a novel industrial network attack technique, and more In brief Zoom fixed a pair of privilege escalation vulnerabilities, which were detailed at the Black Hat conference this month, but that patch was bypassed, necessitating yet another fix.… | |||
|
2022-08-22 05:01:10 | NSO Group CEO steps down, 100 employees let go too (lien direct) | Controversial Pegasus spyware maker to focus on NATO sales while battling various court cases Pegasus spyware-maker NSO Group announced on Sunday it will reorganize, replacing its CEO and letting go of around 100 workers.… | |||
|
2022-08-22 00:59:10 | Huawei dangles developer incentives to sell Harmony OS around the world (lien direct) | Plus: Indonesia's four-hour takedown demand; Peak Facebook in Korea?; Alibaba frees font; and more. Asia In Brief Huawei last week unveiled initiatives to encourage developers to work on its Harmony OS – the platform it created after US sanctions denied the Chinese giant access to Google's Android operating system.… | |||
|
2022-08-19 18:30:15 | Microsoft looks beyond the US with Windows Subsystem for Android (lien direct) | Realizes there's a big beautiful world out there and sets sail for Japan Microsoft has taken a tentative step to expand the Windows Subsystem for Android outside of the US by making the preview available in Japan.… | |||
|
2022-08-19 07:37:15 | Two years on, Apple iOS VPNs still leak IP addresses (lien direct) | Privacy, it's a useful marketing term *Offer does not apply in China Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there's no sign of a fix.… | Vulnerability | ||
|
2022-08-18 16:00:05 | Google blocks third record-breaking DDoS attack in as many months (lien direct) | 46 million requests per second network flood comes as attacks increase by more than 200% compared to last year Google says it has blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second.… | |||
|
2022-08-18 06:28:12 | Ransomware attack on UK water company clouded by confusion (lien direct) | Clop gang thought it hit Thames Water – but real victim was elsewhere A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.… | Ransomware | ||
|
2022-08-17 18:41:18 | After 7 years, long-term threat DarkTortilla crypter is still evolving (lien direct) | .NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to evolve rapidly, with almost 10,000 code samples being uploaded to VirusTotal over a 16-month period.… | Malware Threat | ||
|
2022-08-17 12:25:09 | UK launches \'consultation\' with EU over exclusion from science programs (lien direct) | Billions in funding at stake as PM hopeful Liz Truss says bloc 'in breach of agreement' The UK government has launched formal consultations with the EU over the failure to secure its inclusion in the EU's €95.5 billion ($97.6 billion) research funding program since the island nation left the world's richest trading bloc.… | |||
|
2022-08-17 08:00:20 | Mozilla finds 18 of 25 popular reproductive health apps leak data (lien direct) | Scary in post-Roe America, and Poland, and far too many other places It's official: your period and/or pregnancy tracker will probably share your data with law enforcement. And they might even do it on purpose.… | |||
|
2022-08-17 03:01:05 | Open source VideoLAN media player asks why it\'s blocked in India (lien direct) | Rubbishes suggestions poisoned clones or ancient malware are worthy reasons for ban Developers of the open source VideoLAN media player have started sniping at India's government over an apparent block on the project's website.… | Malware | ||
|
2022-08-16 21:25:11 | SEC says brokerage accounts hijacked for $1.3m pump-and-dump scam (lien direct) | 18 people and businesses charged, one giant web of connections America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits.… | |||
|
2022-08-16 16:43:06 | PC store told it can\'t claim full cyber-crime insurance after social-engineering attack (lien direct) | Two different kinds of fraud, says judge while throwing out lawsuit against insurer A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.… | |||
|
2022-08-16 12:33:06 | 1,900 Signal users exposed: Twilio attacker \'explicitly\' looked for certain numbers (lien direct) | Bad guy also got SMS verification codes, and re-registered one of the numbers they searched for The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed.… | |||
|
2022-08-16 05:31:12 | Digital Ocean dumps Mailchimp after attack leaked customer email addresses (lien direct) | Somebody went after crypto-centric companies' outsourced email but the damage was felt in the cloud Junior cloud Digital Ocean has revealed that some of its clients' email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp.… | APT 32 | ||
|
2022-08-13 10:00:09 | Ukraine\'s cyber chief comes to Black Hat in surprise visit (lien direct) | Tl;DR - the news isn't good Black Hat In Brief Victor Zhora, Ukraine's lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country's conflict with Russia. The picture Zhora painted was bleak.… | Guideline | ||
|
2022-08-12 20:00:08 | Twitter unveils US midterm election integrity plans, upsets almost everyone (lien direct) | Don't feed the trolls? Users deem policy an attack on conservatives, dystopian, and election manipulation Twitter has announced its plans to fight misinformation during the 2022 US midterm elections, including activating its Civic Integrity Policy (CIP).… | |||
|
2022-08-12 19:30:13 | US reveals \'Target\' pic of Conti man with $10m reward offer (lien direct) | Fashion Police chipping in on the bounty related to costliest strain of ransomware on record The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew.… | Ransomware | ||
|
2022-08-12 18:00:13 | Microsoft trumps Google for 2021-22 bug bounty payouts (lien direct) | Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers.… | |||
|
2022-08-12 14:00:09 | Google fined $42.5m over misleading Android location settings in Australia (lien direct) | Ad behemoth committed to 'providing the most helpful products possible' Google is being ordered to pay A$60 million ($42.5 million) in penalties to Australia's competition and national consumer law regulator regarding the collection and use of location data on Android phones.… | |||
|
2022-08-12 13:06:23 | Emergency services call-handling provider: Ransomware forced it to pull servers offline (lien direct) | Advanced's infrastructure still down and out, recovery to take weeks or more Advanced, the MSP forced to shut down some of its servers last week after identifying an "issue" with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks.… | Ransomware | ||
|
2022-08-11 23:03:21 | Higher risks and premiums are creating critical gap in cyber insurance (lien direct) | Most organizations don't have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says Black Hat Many organizations are increasingly unprepared to deal with the skyrocketing costs of a ransomware attacks, at a time when the number of incidents and the payments demanded by cybercriminals are rising rapidly.… | Ransomware | ||
|
2022-08-11 21:30:10 | Russian invasion has dangerously destabilized cyber security norms (lien direct) | The inside scoop on the Ukrainian IT army, and what could happen next Black Hat The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms - and infrastructure security, according to journalist and author Kim Zetter.… | |||
|
2022-08-11 19:15:10 | Ex-CIA security boss predicts coming crackdown on spyware (lien direct) | Plus, spoiler alert: ransomware is gonna get a lot worse Black Hat It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.… | Ransomware | ||
|
2022-08-11 18:30:13 | Sonatype spots another PyPI package behaving badly (lien direct) | Identity of a real person was used to lend credence to a package that dropped cryptominer in memory Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.… | Malware | ||
|
2022-08-11 05:59:10 | Cisco admits corporate network compromised by gang with links to Lapsus$ (lien direct) | Voice-phished their way in, but Switchzilla claims no damage done Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work.… | Ransomware | ||
|
2022-08-10 22:00:55 | Google tells Apple to \'fix text messaging\' in bid to promote RCS protocol (lien direct) | iMessage talks to Android users via outdated SMS/MMS, ad giant complains Google has launched a campaign to pressure Apple to adopt Rich Communications Services (RCS), a protocol used by most mobile industry vendors but not the iPhone maker.… | |||
|
2022-08-10 16:00:06 | Google\'s bug bounty boss: Finding and patching vulns? \'Totally useless\' (lien direct) | Disclosing exploits, however, will earn you $100k Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.… | Patching | ||
|
2022-08-10 14:23:11 | Cloudflare: Someone tried to pull the Twilio phishing tactic on us too (lien direct) | Attack was foiled by content delivery network's hardware security keys Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.… | |||
|
2022-08-10 10:32:05 | Businesses should dump Windows for the Linux desktop (lien direct) | It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab Opinion I've been preaching the gospel of the Linux desktop for more years than some of you have been alive. However, unless you argue that the Linux desktop includes Android smartphones and ChromeOS laptops, there will be no year of the Linux desktop.… | |||
|
2022-08-08 17:45:05 | Twilio customer data exposed after its staffers got phished (lien direct) | Comms giant says several other firms targeted in 'sophisticated attack' Twilio confirmed a breach of the communication giant's network and accessed "a limited number" of customer accounts after tricking some employees into falling for a phishing attack.… | |||
|
2022-08-08 11:45:08 | Slack leaked hashed passwords from its servers for years (lien direct) | Users who created shared invitation links for their workspace had login details slip out among encrypted traffic Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace users.… | |||
|
2022-08-08 09:03:13 | Yeah, we\'ll just take that first network handshake. What could possibly go wrong? (lien direct) | Almost taking the fall for another person's mistake Who, Me? Brickbats and bouquets are the way of things in the world of IT. Consider today's Who, Me? entry where our hero nearly fell on his sword when a bug bounty might have been more appropriate.… | |||
|
2022-08-08 06:31:12 | Dark Utilities C2 service draws thousands of cyber criminals (lien direct) | Nascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks A platform that makes it easier for cyber criminals to establish command-and-control (C2) servers has already attracted 3,000 users since launching earlier this year, and will likely expand its client list in the coming months.… | |||
|
2022-08-05 19:43:59 | Nomad to crypto thieves: Please give us back 90%, keep 10% as a reward. Deal? (lien direct) | The Feds may see things differently Cryptocurrency bridge Nomad sent a message to the looters who drained nearly $200 million in tokens from its coffers earlier this week: return at least 90 percent of the ill-gotten gains, keep 10 percent as a bounty for discovering the security flaw, and Nomad will consider this a "white-hat" hack, as opposed to plain old theft, and not take legal action.… | |||
|
2022-08-05 13:00:11 | Major outage at IT service provider forces NHS 111 call handlers to use \'pen and paper\' (lien direct) | Suspected security attack at Advanced takes down part of server estate that hosted range of apps Tech services provider Advanced has taken part of its infrastructure offline as it tries to contain a suspected security incident, with a range of hosted applications not available to health customers, including NHS 111 emergency services.… | |||
|
2022-08-04 23:45:04 | Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google (lien direct) | I got played via the Play store Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.… | |||
|
2022-08-04 19:27:14 | Specs leak of 5.7GHz AMD Ryzen 7000 chips with double the L2 cache (lien direct) | These might be the 5nm Zen 4 desktop processors due to land this quarter AMD's Ryzen 7000 desktop processors will reportedly top 5.7 GHz in the case of the Zen giant's top-of-the-line 7950X, when they launch later this quarter.… | |||
|
2022-08-04 13:00:09 | US aims to step up security for federal datacenters: Both physical and cyber (lien direct) | Bit barns threatened by malware flingers, but fire, storms, or bad guys arriving at the sites are also bad news Proposed legislation in the US will seek to ensure greater protection for government datacenters from the threat of cyberattacks, but also physical dangers such as natural disasters and terrorism.… | Malware Threat | ||
|
2022-08-04 12:23:31 | Taiwanese military reports DDoS in wake of Pelosi visit (lien direct) | Controversial visit to Taiwan continues to reverberate through cyberspace, the real world, and the semiconductor industry Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors.… | |||
|
2022-08-04 06:31:14 | Student crashes Cloudflare beta party, redirects email, bags a bug bounty (lien direct) | Simple to exploit, enough to pocket $3,000 A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else's email.… | Vulnerability | ||
|
2022-08-01 07:27:07 | Akamai: We stopped record DDoS attack in Europe (lien direct) | A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days Akamai Technologies squelched the largest-ever distributed denial-of-service (DDoS) attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period.… | |||
|
2022-08-01 00:30:12 | Spyware developer charged by Australian Police after 14,500 sales (lien direct) | PLUS: India open to space tourism; China/Indonesia infosec pact; Paytm denies breach; Infosys dodges government again; and more Asia In Brief Australia's federal police (AFP) on Friday charged a man with creating and profiting from spyware that allowed total remote control of victims' computers.… | |||
|
2022-07-29 19:39:27 | Feds put $10m bounty on Putin pal accused of bankrolling US election troll farm (lien direct) | Just in time for the midterms The Feds have put up a $10 million reward for information about foreign interference in US elections in general, and more specifically a Russian oligarch and close friend of President Vladimir Putin accused of funding an organization that meddled in the 2016 presidential elections.… | |||
|
2022-07-29 07:05:12 | BreachForums booms on the back of billion-record Chinese data leak (lien direct) | Plenty of recent users appear to be from China, and hoping for more leaks of local data The popularity of stolen data bazaar BreachForums surged after it was used to sell a giant database of stolen information describing Chinese citizens, threat intelligence firm Cybersixgill said on Thursday.… | Threat | ||
|
2022-07-29 04:29:08 | US court system suffered \'incredibly significant attack\' – sealed files at risk (lien direct) | Effects still being felt today across US government The United States' federal court system "faced an incredibly significant and sophisticated cyber security breach, one which has since had lingering impacts on the department and other agencies."… |
To see everything:
