What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-13 14:02:59 | Lazarus Group, Cobalt Gang and FIN7 the Worst Threat Actors Targeting the Financial Services Sector (lien direct) | A new industry report by Blueliv, an Outpost24 company, has deep dived into the evolving threat landscape that is surrounding the financial services sector. Using advanced threat intelligence gathered by Blueliv's Threat Compass; the 'Follow the Money' report reveals the main cyber threats and the culprits behind these malicious attacks to forewarn these vital institutions. Threat intelligence gathered by Blueliv from the dark web and deep web showed that the main cyberthreats targeting the industry included: Phishing, […] | Threat | APT 38 | |
|
2022-01-13 10:46:50 | EU to launch Cyberattack simulations on supply chains (lien direct) | Later this week, EU governments will be staging a large-scale cyberattack against multiple of the member states. The attacks will specifically target supply chains and will aim to push governments to coordinate public communications and a diplomatic response. This exercise will last around six weeks and its purpose is to test Europe’s stress resilience, strengthen […] | |||
|
2022-01-12 11:28:55 | Several EA accounts compromised by phishing mails (lien direct) | Recently, it has been revealed that several EA Sports accounts were compromised by hackers via phishing techniques. The threat-actors exploited EA’s live chat, targeting high-profile players for account takeover. The attackers utilised social engineering methods, exploiting errors within the customer experience team and using this to bypass two-factor authentication. As a result, EA has released […] | |||
|
2022-01-11 15:32:35 | KITEWORKS AND TOTEMO JOIN FORCES TO DELIVER MOST COMPREHENSIVE PRIVATE CONTENT COMMUNICATIONS PLATFORM (lien direct) | London, UK, January 11, 2022 – Kiteworks, which governs and protects sensitive digital content moving within, into, and out of global enterprises, announced today that Kiteworks and totemo, the leading email encryption gateway provider used by hundreds of the largest multinational enterprises in the German, Austrian, and Swiss markets, have joined forces. Integration of totemo's email encryption […] | Guideline | ||
|
2022-01-11 13:21:36 | Cyber attacks on corporations hit record breaking highs (lien direct) | New data has found that the number of global weekly cyberattacks has reached the highest record to date. The data has shown that there were 925 attempts per organization in Q4 2021. The data also revealed that the number of attempted attacks has been on a steady increase since Q2 2020, having seen 50% more […] | ★★★★ | ||
|
2022-01-11 11:43:30 | How banks can help counter Human Trafficking (lien direct) | Today marks National Human Trafficking Awareness Day. While predominately recognised in the US, it is for sure a global issue that banks can help address with the right technology and training, according to Brian Ferro, director of AML at Feedzai and certified anti-money laundering specialist. More than 40 million people are trapped in modern-day slavery, […] | |||
|
2022-01-11 11:19:31 | £92m lost to romance scammers in 2021 (lien direct) | Users of dating sites have been warned to be weary of romance scams between Christmas Day and Valentine’s Day. This is because during this time, scammers are out in full force seeking to establish contact and build rapport with victims and extort them for money. According to the National Fraud Intelligence Bureau (NFIB), just last […] | |||
|
2022-01-11 10:21:52 | DDoS Attacks Increasing Again (lien direct) | Distributed denial-of-service (DDoS) attacks are increasingly being accompanied by huge demands against their marks, according to an annual survey from Cloudflare. Ransom-motivated DDoS attacks increased 29% year-on-year and 175% between Q3 2021 and Q4 2021, according to the research on cyberattack trends showing that companies must do more to prevent DDoS attack vectors. The manufacturing […] | |||
|
2022-01-10 12:49:54 | NPM libraries \'colors\' and \'faker\' corrupted (lien direct) | Applications using the open-source libraries ‘colors’ and ‘faker’ have been breaking and printing gibberish. These libraries serve hundreds of thousands of projects, with millions of weekly downloads for open-source projects like Amazon’s Cloud Development Kit. Projects that were using the code began to print messages, including text, such as ‘LIBERTY LIBERTY LIBERTY’, to the surprise […] | |||
|
2022-01-10 11:25:50 | The latest on the Log4j vulnerability (lien direct) | The threat posed by the Log4j vulnerability hasn’t gone away over the holidays, with the UK’s National Health Service (NHS) issuing a warning that hackers are actively targeting the security flaw and recommending that organisations within the health service apply the necessary updates in order to protect themselves. “Affected organisations should review the VMware Horizon […] | Vulnerability Threat | ||
|
2022-01-10 10:59:54 | Cyberattack causes jail lockdown (lien direct) | An emergency notice was filed by Bernalillo County in federal court last week, after a ransomware attack affected the Metropolitan Detention Center. The incident made it impossible for the MDC to comply with terms of a settlement agreement in a lawsuit over the jail conditions. The attack impacted the offices and systems in a variety […] | Ransomware | ||
|
2022-01-05 12:17:46 | DatPiff\'s users\' data available on hacking forum (lien direct) | Around 7.5 million DatPiff users‘ account credentials and emails are available to download on RaidForum, a popular hacking forum. DatPiff is a mixtape hosting site that allows users to upload or download samples for free. The site has gained over 15 million users since launching in 2005. It appears that DatPiff’s users’ data has been […] | |||
|
2022-01-04 14:29:33 | Exchange Server Bug Fixed (lien direct) | Messages from corporate emails were being undelivered at the start of the new year due to a Microsoft Exchange Server bug. Microsoft published an update on 1st January 2022, stating that emails were getting stuck in transport queues of on-premise Exchange Servers. This problem was caused by a “date check failure” in the servers malware […] | Malware | ||
|
2022-01-04 13:44:32 | Vulnerability lets anyone send emails from Uber.com (lien direct) | Researcher Seif Elsallamy recently discovered a vulnerability in Uber’s emailing system, which allows anyone to send an email on behalf of the company. If exploited, threat actors would be able to email the 57 million Uber users and drivers whose data was leaked in the 2016 data breach. Uber has been made aware of the […] | Vulnerability Threat | Uber Uber | |
|
2022-01-04 12:44:43 | Broward Health data breach exposes data of 1,357,879 individuals (lien direct) | Broward Health, a Florida-based healthcare system with over thirty locations, has suffered a significant data breach impacting over a million individuals. The incident took place last October, and Broward Health was able to identify the intrusion four days after the compromise. Authorities were informed immediately, and employees were invited to reset their credentials. It now […] | Data Breach | ||
|
2022-01-04 12:12:43 | New iOS vulnerability DoS bug revealed (lien direct) | A new denial of service (DoS) vulnerability dubbed “doorLock” was recently revealed in Apple HomeKit, impacting iOS 14.7 through 15.2. Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices. According to the researcher who disclosed the details, Apple has been aware of the vulnerability since […] | Vulnerability | ||
|
2021-12-24 12:12:42 | The IT Security Guru Buyer\'s Guide 2022 (lien direct) | Cybersecurity and compliance are now essential pillars within the modern enterprise. They are integral to the business continuity and legal responsibility of every organization, large or small. What's more, these obligations are exponentially more complex than they were just 5 years ago. However, since these are relatively new obligations that means finding the best vendors […] | ★★★★★ | ||
|
2021-12-24 11:41:17 | Flaw behind Gatekeeper bypass fixed on macOS (lien direct) | Apple has fixed the macOS vulnerability that could be exploited by unsigned and unauthorized script-based apps to bypass macOS security protocols on fully patched systems. The flaw was identified as CVE-2021-30853, and the vulnerability has been addressed on macOS 11.6. | Vulnerability | ||
|
2021-12-24 11:32:34 | (Déjà vu) Unique cyber-attacks declined for the first time in 3 years (lien direct) | New data has found that unique cyber-attacks have declined for the first time since 2018. The research has shown that in Q3 2021 there has been a 4.8% decline in unique attacks, which is the first decline recorded since 2018. The researchers have said that this reduction was mainly due to a decline in ransomware […] | Ransomware | ||
|
2021-12-24 11:24:05 | New CoinSpot phishing campaign discovered (lien direct) | A new phishing campaign is targeting CoinSpot cryptocurrency exchange users in order to steal two-factor authentication (2FA) codes. The threat actors are sending emails from a Yahoo email address, which replicates CoinSpot emails, asking recipients to cancel or confirm a withdrawal transaction. The researchers who discovered the campaign said “the threat actor observed here been […] | Threat | Yahoo Yahoo | |
|
2021-12-23 12:09:51 | Monongalia Health System victim to BEC attack (lien direct) | Monongalia Health System, Inc., a health system for three hospitals based in West Virginia, USA, has been hit by a business email compromise (BEC) scam. The health system provider was unaware that their cybersecurity defences had been infiltrated. They were alerted by a vendor who had reported not receiving payment in July 2021. Since alerted […] | |||
|
2021-12-23 11:56:33 | World\'s top cybsersecurity agencies warn of Apache vulnerability threats (lien direct) | The Fives Eyes intelligence alliance have warned that threat actors are actively exploiting an Apache vulnerability in the Log4j logging library. The Five Eyes alliance, consisting of cybersecurity agencies in US, UK, Australia, Canada and New Zealand, announced in a joint statement on Wednesday that, “sophisticated cyber threat actors are actively scanning networks to potentially […] | Vulnerability Threat | ||
|
2021-12-23 11:18:29 | Belgium\'s Military hit by cyber attack (lien direct) | The Belgium Defense Ministry has announced that it has experienced a cyberattack after threat actors exploited a Log4j vulnerability. The attack took place on December 16 and was confirmed this week. According to a Belgium military spokesman, Commander Olivier Séverin, the incident caused damage to internet-connected services, which in turn halted part of the ministry’s […] | Threat | ||
|
2021-12-22 15:23:05 | What\'s in store for cybersecurity in 2022? (lien direct) | As 2021 draws to an end, it's safe to say it was an eventful year from a cybersecurity perspective. Ransomware became the go-to for cybercriminal gangs and insecure databases still plagued organisations. So, what's on the horizon for 2022? More of the same or will hackers turn their attentions elsewhere? We asked some security experts […] | Ransomware | ||
|
2021-12-22 10:23:46 | Just Dance latest cyber-attack victim (lien direct) | Popular gaming platform Ubisoft has this week confirmed a cyber attack, which affected the IT infrastructure of Just Dance. The gaming giant explained in a statement, that the attack was brought on by a misconfiguration, which was quickly fixed upon identification. However, before the remediation was issued, unauthorised individuals were able to access and potentially […] | |||
|
2021-12-21 12:14:45 | New phishing campaign claims $80m per month (lien direct) | A new phishing campaign has been discovered by researchers which is estimated to have cost victims approximately $80 million per month globally. Researchers have reported that the campaign offers fake giveaways and surveys from popular brands in order to steal data from victims in over 90 countries worldwide, including US, Canada and Italy. The researchers […] | |||
|
2021-12-21 11:31:35 | Hellmann warns customers to be aware of scammers (lien direct) | Hellman fell victim to a cyberattack, which was confirmed on December 9th and initially impacted all connections to their central data centre. While business operations have since started back up, there has been an increase in customers reporting fraudulent calls and mails attempting to scam them out of money. The company is still investigating what […] | |||
|
2021-12-21 11:13:37 | Warning over patching Active Directory takeover flaws (lien direct) | Customers of Microsoft are being cautioned to patch a couple of Active Directory domain service privilege escalation flaws that together could allow bad actors takeover of Windows domains. The two security updates go by CVE-2021-42287 and CVE-2021-42278 and were originally reported by Andrew Bartlett of Catalyst IT. The urgency to patch these security vulnerabilities escalated as a new […] | Patching | ||
|
2021-12-20 12:04:15 | Fraudsters thriving off new Spiderman film hype (lien direct) | Spiderman fans have been warned to watch out for the latest scam, in which fraudsters are using the hype around the newest film to spread malicious files and phishing pages. Kaspersky researchers have discovered that scammers are taking advantage of the latest installment of the super-hero franchise, by tricking fans into entering their payment details […] | ★★★ | ||
|
2021-12-20 11:59:42 | 1.8 million card details stolen from sporting goods sites (lien direct) | Around 1.8 million customers credit card details were stolen following a cyberattack on four affiliated online sporting goods websites. The incident took place on October 1st, 2021, affecting Tackle Warehouse LLC, Running Warehouse LLC, Tennis Warehouse LLC and Skate Warehouse LLC. The website owners only became aware of the incident on October 15th, 2021. An […] | ★★★★ | ||
|
2021-12-17 17:13:22 | Nozomi Networks and BT Team to Deliver Advanced OT and IoT Cybersecurity to Enterprises Worldwide (lien direct) | Nozomi Networks Inc., the leader in OT and IoT security, and BT, a leading provider of global communications and security services, this week announced they have partnered to broaden BT's portfolio of security solutions available for industrial and critical infrastructure organizations around the world. A member of Nozomi Networks' MSSP Elite Partner Program, BT will […] | Guideline | ||
|
2021-12-17 14:00:51 | How COVID-19 made the Zero Trust model the right approach to modernise networks (lien direct) | The COVID-19 pandemic is likely to go down in history as one of the defining moments of our lifetime. From a business perspective, it transformed business models, changed customer expectations, and disrupted the networks that run businesses. These changes are long lasting and accelerated the digital transformation journey, a journey that is now driven by […] | |||
|
2021-12-16 21:47:37 | (Déjà vu) Anubis Android Malware Found Targeting Nearly 400 Financial Apps (lien direct) | Security researchers at Lookout have discovered the Anubis Android Banking malware is again wreaking havoc after being found targeting the customers of nearly 400 financial institutions, cryptocurrency wallets and virtual payment platforms. This new malware campaign is also masquerading as the official account management application from leading French telecommunications company, Orange S.A. The infamous Anubis […] | Malware Guideline | ||
|
2021-12-16 13:07:52 | Security awareness gaps identified in the UK according to new Armis study (lien direct) | Armis, the unified asset visibility and security platform provider, has released findings from a nationwide study of 2,000 UK employees that analysed their thoughts on the country's cyber resilience and their own attitudes to security. The results demonstrate the lack of awareness towards cybersecurity in the UK. Despite 60% admitting to having been impacted by a […] | ★★★★ | ||
|
2021-12-16 10:24:11 | Digital Security by Design reinforced through new Government National Cyber Strategy (lien direct) | The UK Government announced their new National Cyber Strategy. The strategy officially launched yesterday morning (Wednesday 15th December) at the International Convention Centre in Birmingham. Stephen Barclay MP, Chancellor of the Duchy of Lancaster, set out the Strategy's vision for the UK to be a leading responsible and democratic cyber power, able to protect and promote […] | Guideline | ★★★★ | |
|
2021-12-10 15:12:46 | Securing Diversity for Success (lien direct) | With work still to be done to boost diversity and inclusion in cyber security, KPMG UK's Katie Diacon unpacks where some of the challenges exist, and what could make a difference. Cyber security is one of the most innovative and dynamic sectors to work in, and it is increasingly vital to the operational resilience of […] | |||
|
2021-12-10 13:05:03 | 10 countries take part in financial cyberattack war game (lien direct) | Reuters has reported exclusively on a simulated war game in which 10 countries, including Israel, the US, UK, Germany, Italy and Switzerland, cooperated to fight a mock cyberattack on the global financial system. The event evolved over 10 days as sensitive data emerged on the Dark Web and the war game used fake news reports […] | |||
|
2021-12-10 11:40:12 | Nobelium hackers targeting governments and businesses (lien direct) | The hackers responsible for the SolarWinds supply chain attacks have again been linked to multiple attacks targeting businesses and governments globally. The hacking group is continuing to refine and retool its methods at an incredible speed while targeting cloud solution providers, services and reseller companies. The intrusions are being actively tracked under two different activity […] | ★★ | ||
|
2021-12-10 11:22:39 | Weak passwords caused 30% of security breaches (lien direct) | A recent survey, conducted by GoodFirms, assesses the risk factors associated with password management and how to safeguard them from attacks or breaches. The results revealed that 30% of respondents reported password leaks and security breaches as a result of poor password practices. Surveyees admitted to making poor password choices, such as sharing them with […] | |||
|
2021-12-09 10:47:55 | Call centre network security at risk: GOautodial vulnerability could lead to information disclosure and RCE (lien direct) | GOautodial, an open source call center software suite with 50,000 users around the world, has patched two vulnerabilities that could lead to information disclosure and remote code execution (RCE). Unearthed by Scott Tolley of the Synopsys Cybersecurity Research Center (CyRC), the first bug – tracked as CVE-2021-43175 – has been rated medium severity. An API router accepts a username, password, and action […] | Vulnerability Guideline | ★★ | |
|
2021-12-09 10:42:15 | NIST analysis shows record number of reported vulnerabilities in 2021 (lien direct) | The National Institute of Standards and Technology (NIST) released analysis showing the number of vulnerabilities reported in 2021 was 18,378 this year. The figure set a record for the fifth year in a row, though the amount of high severity vulnerabilities fell when compared with 2020 There were 3,646 reported high risk vulnerabilities in 2021, as […] | ★★★★★ | ||
|
2021-12-09 10:40:28 | Passport forgeries at all time high (lien direct) | A new Identity Fraud Report, conducted by Onfido, has revealed that passports are the most frequently attacked form of identity document. In fact, over the course of the past year, fraudsters increasingly forged passports as opposed to national identity cards. Onfido’s researchers believe this to be a sign of fraudsters changing their methods: “they [are […] | |||
|
2021-12-09 10:28:42 | Cybercriminals take advantage of unpatched Hikvision systems (lien direct) | Moobot botnet is leveraging a known remote code execution (RCE) vulnerability in Hikvision products (CVE-2021-36260) to spread a Moobot, which carries out distributed denial of service (DDoS) attacks. The attack surface could be significant: China-based Hikvision touted itself as the “world's leading video-surveillance products supplier” on the company site. Although a patch was released in September, […] | Vulnerability Guideline | ||
|
2021-12-08 11:40:00 | Omicron variant being used to phish students (lien direct) | A new phishing attack, discovered by Proofpoint, is using the Omicron variant of COVID-19 to steal students’ credentials and gain access to accounts. The threat-actors targeting US universities are leveraging the concern around the new virus strain to trick students into opening attachments that lead students to spoofed university login portals. This isn’t an entirely […] | Guideline | ||
|
2021-12-08 11:03:58 | (Déjà vu) Ransomware attack locks hotel guests out of rooms (lien direct) | Earlier this week, Nordic Choice Hotels announced an attack on its IT systems, which they believed to be a “computer virus”. However it has since been revealed that it was the target of Conti ransomware, leading to hotel guests being locked out of their rooms. As IoT becomes more connected the threat of home and corporate […] | Threat Guideline | ||
|
2021-12-07 16:15:54 | Zero Trust core to contemporary cybersecurity strategy, One Identity research finds (lien direct) | One Identity, the unified identity security company, has released global survey findings that unpack the current state of Zero Trust awareness and adoption across the enterprise. After a year plagued by one disastrous cybersecurity incident after another, new findings from One Identity reveal that only 1 in 5 security stakeholders are confident in their organisation’s […] | ★★★ | ||
|
2021-12-07 11:52:04 | Dozens of malicious APT15 sites seized by Microsoft (lien direct) | Microsoft has seized a number of malicious sites which were targeting organisations based in 29 countries worldwide. The sites were used by the Nickle hacking group. Nickle is a China-based group also tracked as Playful Dragon, Royal APT, APT15, KE3CHANG and Vixen Panda. The group compromised serves belonging to diplomatic entities, government organisations and NGOs […] | APT 15 APT 15 APT 25 | ★★★ | |
|
2021-12-07 11:44:50 | Fraudsters abuse Twitter APIs to monitor public tweets and pish cryptocurrency scams (lien direct) | Fraudsters use bots to monitor Tweets requesting support to MetaMask, TrustWallet, and other crypto wallets to respond with scams within seconds, BleepingComputer reports. To launch these targeted attacks, scammers monitor all public Tweets fro specific keywords and phrases, such as “support”, “assistance” and “help”, paired with “MetaMask”, “Phantom”, “Yoro” and “TrustWallet”. Twitter bots are used […] | ★★ | ||
|
2021-12-07 10:48:37 | Conti ransomware hits Nordic Choice Hotels (lien direct) | Earlier this week, Nordic Choice Hotels announced an attack on its IT systems, which they believed to be a “computer virus”. It has now been confirmed that they were, in fact, hit by Conti ransomware, which has affected the hotel’s guest reservation and room key card systems. Fortunately, there is no indications that passwords or […] | Ransomware | ||
|
2021-12-07 10:24:21 | (Déjà vu) Kafka Cloud Clusters Expose Sensitive Data (lien direct) | Some of the world's largest companies have exposed large amounts of sensitive information from the cloud, researchers said – thanks to misconfigured Kafdrop services. Kafdrop is the management interface for Apache Kafka, an open-source, cloud-native platform for managing data streams. Kafka has several common use cases; for instance, in the finance sector it's often used […] |
To see everything:
Our RSS (filtrered)
