Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-09-23 13:16:25 |
Google Report Spotlights Uptick in Controversial \'Geofence Warrants\' by Police (lien direct) |
Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause. |
|
|
|
|
2021-09-23 13:00:25 |
Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products (lien direct) |
Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid. |
|
|
|
|
2021-09-23 13:00:16 |
Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API (lien direct) |
Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection. |
|
|
|
|
2021-09-23 11:10:45 |
Large-Scale Phishing-as-a-Service Operation Exposed (lien direct) |
Discovery of BulletProofLink-which provides phishing kits, email templates, hosting and other tools-sheds light on how wannabe cybercriminals can get into the business. |
|
|
|
|
2021-09-22 22:17:33 |
Crystal Valley Farm Coop Hit with Ransomware (lien direct) |
It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure. |
Ransomware
|
|
|
|
2021-09-22 19:41:59 |
Netgear SOHO Security Bug Allows RCE, Corporate Attacks (lien direct) |
The issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security. |
|
|
|
|
2021-09-22 17:22:53 |
Unpatched Apple Zero-Day in macOS Finder Allows Code Execution (lien direct) |
All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS. |
|
|
|
|
2021-09-22 16:50:34 |
How REvil May Have Ripped Off Its Own Affiliates (lien direct) |
A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates' cuts of ransom payments. |
|
|
|
|
2021-09-22 16:17:33 |
VMware Warns of Ransomware-Friendly Bug in vCenter Server (lien direct) |
VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.
|
Patching
|
|
|
|
2021-09-22 14:52:40 |
TikTok, GitHub, Facebook Join Open-Source Bug Bounty (lien direct) |
The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain. |
|
|
★★★★★
|
|
2021-09-22 14:10:57 |
Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts (lien direct) |
The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime. |
Ransomware
|
|
|
|
2021-09-21 19:22:19 |
Epik Confirms Hack, Gigabytes of Data on Offer (lien direct) |
"Time to find out who in your family secretly ran ... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security. |
|
|
|
|
2021-09-21 17:49:24 |
Hackers Are Going \'Deep-Sea Phishing,\' So What Can You Do About It? (lien direct) |
Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses. |
|
|
|
|
2021-09-21 16:02:35 |
Turla APT Plants Novel Backdoor In Wake of Afghan Unrest (lien direct) |
“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
|
Malware
|
|
|
|
2021-09-21 13:14:02 |
BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom (lien direct) |
Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks. |
Ransomware
|
|
|
|
2021-09-21 13:00:56 |
46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe? (lien direct) |
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old. |
|
|
|
|
2021-09-20 21:25:24 |
Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate (lien direct) |
Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety. |
|
|
|
|
2021-09-20 19:50:19 |
Europol Breaks Open Extensive Mafia Cybercrime Ring (lien direct) |
Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits. |
|
|
|
|
2021-09-20 19:02:57 |
Payment API Bungling Exposes Millions of Users\' Payment Data (lien direct) |
Misconfigured APIs make any app risky, but when you're talking about financial apps, you're talking about handing ne'er-do-wells the power to turn your pockets inside-out. |
|
|
|
|
2021-09-20 13:00:24 |
Bring Your APIs Out of the Shadows to Protect Your Business (lien direct) |
APIs are immensely more complex to secure. Shadow APIs-those unknown or forgotten API endpoints that escape the attention and protection of IT¬-present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do. |
|
|
|
|
2021-09-17 17:16:42 |
Porn Problem: Adult Ads Persist on US Gov\'t, Military Sites (lien direct) |
Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. |
|
|
|
|
2021-09-17 13:20:03 |
Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do (lien direct) |
Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms. |
|
|
|
|
2021-09-17 12:57:42 |
AT&T Phone-Unlocking Malware Ring Costs Carrier $200M (lien direct) |
With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan. |
Malware
|
|
|
|
2021-09-17 12:07:59 |
Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang (lien direct) |
Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. |
Ransomware
|
|
|
|
2021-09-16 18:26:59 |
Airline Credential-Theft Takes Off in Widening Campaign (lien direct) |
A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom. |
|
|
|
|
2021-09-16 13:08:24 |
Financial Cybercrime: Following Cryptocurrency via Public Ledgers (lien direct) |
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack. |
|
|
|
|
2021-09-16 13:00:37 |
REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out (lien direct) |
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13. |
Ransomware
|
|
|
|
2021-09-16 13:00:01 |
DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast (lien direct) |
Imperva's Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
|
|
|
|
|
2021-09-16 12:01:55 |
HP Omen Hub Exposes Millions of Gamers to Cyberattack (lien direct) |
A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming. |
|
|
|
|
2021-09-16 11:37:48 |
Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk (lien direct) |
Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said. |
|
|
|
|
2021-09-15 19:01:48 |
No Patch for High-Severity Bug in Legacy IBM System X Servers (lien direct) |
Two of IBM's aging flagship server models, retired in 2020, won't be patched for a command-injection flaw. |
|
|
|
|
2021-09-15 13:06:52 |
Attackers Impersonate DoT in Two-Day Phishing Scam (lien direct) |
Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site. |
Threat
|
|
|
|
2021-09-14 21:02:49 |
Adobe Snuffs Critical Bugs in Acrobat, Experience Manager (lien direct) |
Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop. |
|
|
★★
|
|
2021-09-14 20:29:14 |
Microsoft Patches Actively Exploited Windows Zero-Day Bug (lien direct) |
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. |
Threat
|
|
|
|
2021-09-14 20:05:52 |
2021\'s Most Dangerous Software Weaknesses (lien direct) |
Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers. |
|
|
|
|
2021-09-14 17:21:59 |
ZLoader\'s Back, Abusing Google AdWords, Disabling Windows Defender (lien direct) |
The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in. |
|
|
|
|
2021-09-14 15:03:41 |
Pair of Google Chrome Zero-Day Bugs Actively Exploited (lien direct) |
The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. |
|
|
|
|
2021-09-14 13:45:31 |
Unpatched Bugs Plague Databases; Your Data Is Probably Not Secure – Podcast (lien direct) |
Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.
|
|
|
|
|
2021-09-14 13:10:49 |
Romance, BEC Scams Lands Soldier in Jail for 46 Months (lien direct) |
A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans. |
Guideline
|
|
|
|
2021-09-14 11:24:06 |
BlackMatter Ransomware Hits Japanese Tech Giant Olympus (lien direct) |
The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups. |
Ransomware
|
|
|
|
2021-09-13 18:59:22 |
REvil\'s Back; Coder Fat-Fingered Away Its Decryptor Key? (lien direct) |
How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That's how we sh*t ourselves.” |
Ransomware
|
|
★★
|
|
2021-09-13 18:41:05 |
WhatsApp\'s End-to-End Encryption Isn\'t Actually Broken (lien direct) |
WhatsApp's moderators sent messages flagged by intended recipients. Researchers say this isn't concerning -- yet. |
|
|
|
|
2021-09-13 18:17:37 |
Honing Cybersecurity Strategy When Everyone\'s a Target for Ransomware (lien direct) |
Aamir Lakhani, researcher at FortiGuard Labs, explains why organizations must extend cyber-awareness training across the entire enterprise, from Luddites to the C-suite. |
Ransomware
|
|
|
|
2021-09-13 18:08:10 |
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing (lien direct) |
The security vulnerability can be exploited with a malicious CSV file. |
Vulnerability
|
|
|
|
2021-09-10 20:17:59 |
MyRepublic Data Breach Raises Data-Protection Questions (lien direct) |
The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say. |
Data Breach
|
|
|
|
2021-09-10 19:37:45 |
Top Steps for Ransomware Recovery and Preparation (lien direct) |
Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future. |
Ransomware
|
|
|
|
2021-09-10 16:31:14 |
Yandex Pummeled by Potent Meris DDoS Botnet (lien direct) |
Record-breaking distributed denial of service attack targets Russia's version of Google - Yandex. |
|
|
|
|
2021-09-10 16:25:53 |
SOVA, Worryingly Sophisticated Android Trojan, Takes Flight (lien direct) |
The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.' |
Malware
|
|
|
|
2021-09-10 14:35:50 |
5 Steps For Securing Your Remote Work Space (lien direct) |
With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home.
Here are five recommendations for securing your home office. |
|
|
|
|
2021-09-10 10:46:17 |
Stolen Credentials Led to Data Theft at United Nations (lien direct) |
Threat actors accessed the organization's proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks. |
Threat
|
|
|