What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-08-07 05:33:51 | Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users (lien direct) | A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans.
The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that |
Data Breach | ||
|
2020-08-07 01:30:27 | How COVID-19 Has Changed Business Cybersecurity Priorities Forever (lien direct) | For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the |
|||
|
2020-08-06 21:24:36 | Intel, ARM, IBM, AMD Processors Vulnerable New Side-Channel Attacks (lien direct) | It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures.
Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and |
|||
|
2020-08-05 11:57:24 | Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack (lien direct) | A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers.
Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP |
|||
|
2020-08-05 03:20:22 | Case Study: How Incident Response Companies Choose IR Tools (lien direct) | Many companies today have developed a Cybersecurity Incident Response (IR) plan. It's a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner. Otherwise, the organization will develop a plan while frantically responding to the incident, a recipe ripe for mistakes.
Heavyweight boxer Mike Tyson once |
|||
|
2020-08-05 02:46:54 | Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts (lien direct) | Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account.
Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to log in to |
Vulnerability | ||
|
2020-08-04 01:32:36 | US Government Warns of a New Strain of Chinese \'Taidoor\' Virus (lien direct) | Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks.
Named "Taidoor," the malware has done an 'excellent' job of compromising systems as early as 2008, with the actors deploying it on victim networks for stealthy remote access.
"[The] FBI has |
Malware | ||
|
2020-07-31 13:01:24 | 17-Year-Old \'Mastermind\', 2 Others Behind the Biggest Twitter Hack Arrested (lien direct) | Three young individuals - 17, 19, and 22-year-old - have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts as part of a massive bitcoin scam.
According to the U.S. Department of Justice, Mason Sheppard, aka "Chaewon," 19, from the United Kingdom, Nima Fazeli, aka "Rolex," 22, from Florida and an |
Hack | ||
|
2020-07-31 06:47:40 | EU sanctions hackers from China, Russia, North Korea who\'re wanted by the FBI (lien direct) | The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states.
The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are 'WannaCry', 'NotPetya', and 'Operation Cloud |
NotPetya Wannacry | ||
|
2020-07-31 03:10:39 | New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks (lien direct) | Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.
Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network |
|||
|
2020-07-30 03:40:30 | (Déjà vu) Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes (lien direct) | Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants.
Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate |
|||
|
2020-07-29 12:50:40 | Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems (lien direct) | A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system.
Dubbed 'BootHole' and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could |
Vulnerability | ||
|
2020-07-29 07:33:30 | Is Your Security Vendor Forcing You To Move to the Cloud? You Don\'t Have To! (lien direct) | Many endpoint security vendors are beginning to offer their applications only in the cloud, sunsetting their on-premise offerings. This approach may be beneficial to the vendor, but many clients continue to need on-premise solutions.
Vendors that sunset on-premise solutions force clients that prefer on-premise solutions to either change their operating environment and approach or change |
|||
|
2020-07-29 04:12:17 | Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures (lien direct) | Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology (OT) networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems (ICS).
A new report published by industrial cybersecurity company Claroty demonstrates multiple severe |
|||
|
2020-07-29 03:10:06 | OkCupid Dating App Flaws Could\'ve Let Hackers Read Your Private Messages (lien direct) | Cybersecurity researchers today disclosed several security issues in popular online dating platform OkCupid that could potentially let attackers remotely spy on users' private information or perform malicious actions on behalf of the targeted accounts.
According to a report shared with The Hacker News, researchers from Check Point found that the flaws in OkCupid's Android and web applications |
|||
|
2020-07-28 05:56:43 | Undetectable Linux Malware Targeting Docker Servers With Exposed APIs (lien direct) | Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud.
Docker is a popular platform-as-a-service (PaaS) solution for Linux and Windows designed to make it easier for developers to |
Malware | ||
|
2020-07-27 23:57:33 | QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices (lien direct) | Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage (NAS) appliances.
Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America.
" |
Malware Threat | ||
|
2020-07-27 01:39:23 | Learn Machine Learning and AI – Online Training Program @ 93% OFF (lien direct) | Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations.
For any aspiring developer, learning how to code smart software is a good move. These skills are highly valued in tech, finance, sales, marketing, and many other sectors.
The Hacker News |
|||
|
2020-07-24 02:11:18 | Researchers Reveal New Security Flaw Affecting China\'s DJI Drones (lien direct) | Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers.
The twin reports, courtesy of cybersecurity firms Synacktiv and GRIMM |
|||
|
2020-07-24 01:10:41 | Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack (lien direct) | Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The Hacker News on condition of anonymity.
The company's website and the Twitter account say, "We are currently experiencing an outage that affects Garmin.com and |
Ransomware | ||
|
2020-07-23 02:18:46 | North Korean Hackers Spotted Using New Multi-Platform Malware Framework (lien direct) | Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.
Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the |
Malware Medical | APT 38 | |
|
2020-07-22 00:10:14 | US Charges 2 Chinese Hackers for Targeting COVID-19 Research and Trade Secrets (lien direct) | The U.S. Department of Justice (DoJ) yesterday revealed charges against two Chinese nationals for their alleged involvement in a decade-long hacking spree targeting dissidents, government agencies, and hundreds of organizations in as many as 11 countries.
The 11-count indictment, which was unsealed on Tuesday, alleges LI Xiaoyu (李啸宇) and DONG Jiazhi (董家志) stole terabytes of sensitive data, |
|||
|
2020-07-21 08:05:25 | Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions (lien direct) | An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information, cybersecurity firm Malwarebytes revealed in the latest report shared with The Hacker News.
The attacks were observed during the first week of July, coinciding the passage of controversial security law in Hong |
Threat | ||
|
2020-07-20 05:43:56 | 21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges (lien direct) | The United States Department of Justice has extradited two criminals from the Republic of Cyprus-one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah.
Both suspects-Joshua Polloso Epifaniou, 21, a resident of Nicosia, and Ghassan Diab, 37, a citizen of Lebanon-were arrested |
|||
|
2020-07-17 03:48:40 | (Déjà vu) Why Application Security Should Be Considered An Enabler For Business (lien direct) | If you ask Alex, he won't admit being old-fashioned. He has been working in the IT industry for a while now and accepts that security is important for the business's health. But reluctant to take security as the business enabler.
In today's environment, moving to digitization is a critical step required to drive innovation and business growth. When the application development takes the driver |
|||
|
2020-07-17 03:23:46 | Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online (lien direct) | An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods."
IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of nearly five hours worth of video recordings of the state-sponsored group it calls ITG18 (also called Charming Kitten, Phosphorous, or APT35) that |
Threat Conference | APT 35 | ★★★★★ |
|
2020-07-16 04:00:51 | Why Can Application Security Be Considered A Enabler For Business? (lien direct) | If you ask Alex, he won't admit being old-fashioned. He has been working in the IT industry for a while now and accepts that security is important for the business's health. But reluctant to take security as the business enabler.
In today's environment, moving to digitization is a critical step required to drive innovation and business growth. When the application development takes the driver |
|||
|
2020-07-16 03:28:33 | New Android Malware Now Steals Passwords For Non-Banking Apps Too (lien direct) | Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps-in total 337 non-financial Android applications on it's target list.
Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked |
Malware | ||
|
2020-07-16 03:09:15 | A New Flaw In Zoom Could Have Let Fraudsters Mimic Organisations (lien direct) | In a report shared with The Hacker News, researchers at cybersecurity firm CheckPoint today disclosed details of a minor but easy-to-exploit flaw they reported in Zoom, the highly popular and widely used video conferencing software.
The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential |
|||
|
2020-07-15 22:11:20 | Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time (lien direct) | Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history.
A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a |
Hack | Uber | |
|
2020-07-15 05:39:17 | 4 Dangerous Brazilian Banking Trojans Now Trying to Rob Users Worldwide (lien direct) | Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe.
Collectively called the "Tetrade" by Kaspersky researchers, the malware families - comprising Guildma, Javali, Melcoz, and Grandoreiro - have evolved their capabilities to function as a backdoor and adopt |
Malware | ||
|
2020-07-14 10:47:11 | 17-Year-Old Critical \'Wormable\' RCE Vulnerability Impacts Windows DNS Servers (lien direct) | Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability-carrying a severity score of 10 out of 10 on the CVSS scale-affecting Windows Server versions 2003 to 2019.
The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted |
Vulnerability | ★★ | |
|
2020-07-14 07:45:35 | Adobe Issues July 2020 Critical Security Patches for Multiple Software (lien direct) | Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications.
Out of these 13 vulnerabilities, four have been rated critical, and nine are important in severity.
The affected products that received security patches today include:
Adobe Creative Cloud Desktop Application
Adobe Media Encoder
Adobe Genuine Service
Adobe |
|||
|
2020-07-14 02:10:51 | CompTIA Certification Prep Courses – Get Lifetime Access @ 99% Discount (lien direct) | In the world of professional IT, recruiters look for certificates as an important criterion for eligibility. Any résumé that includes CompTIA certificates tends to rise up the pile.
Of course, there are many different CompTIA exams you can choose from based on your interest and already chosen path.
Our educational and industry partners have introduced "Complete 2020 CompTIA Certification |
|||
|
2020-07-14 00:17:22 | New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers (lien direct) | SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications.
The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity |
Vulnerability | ||
|
2020-07-11 12:03:58 | Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily (lien direct) | Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos.
The Indian video sharing app, called Chingari, is available for Android and iOS |
Vulnerability | ||
|
2020-07-10 05:35:03 | Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 (lien direct) | A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.
By the way, if someone is still using Windows 7, they deserve to get hacked, including many organizations without extended support, because it's only a matter of time before they'll be a |
Vulnerability | ||
|
2020-07-09 03:01:04 | Joker Malware Apps Once Again Bypass Google\'s Security to Spread via Play Store (lien direct) | Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge.
In a report published by Check Point research today, the malware - infamously called Joker (or Bread) - has found another trick to bypass Google's Play Store protections: |
Malware | ||
|
2020-07-08 02:18:21 | The Incident Response Challenge 2020 - Results and Solutions Announced (lien direct) | In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals.
The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook solution and think outside of the box. Over 2,500 IR professionals competed to be recognized as |
|||
|
2020-07-08 00:43:59 | Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products (lien direct) | Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products.
Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the |
|||
|
2020-07-07 02:56:05 | Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service (lien direct) | Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.
The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with |
Malware | ||
|
2020-07-06 04:40:46 | Cato MDR: Managed Threat Detection and Response Made Easy (lien direct) | Lately, we can't help noticing an endless cycle where the more enterprises invest in threat prevention; the more hackers adapt and continue to penetrate enterprises.
To make things worse, detecting these penetrations still takes too long with an average dwell time that exceeds 100 (!) days.
To keep the enterprise protected, IT needs to figure out a way to break this endless cycle without |
Threat | ||
|
2020-07-04 07:26:31 | Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers (lien direct) | Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.
The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers |
Vulnerability | ||
|
2020-07-03 04:56:19 | Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network (lien direct) | In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders.
Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customized |
|||
|
2020-07-02 02:59:35 | Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking (lien direct) | A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely.
The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.
According to a |
|||
|
2020-07-01 05:25:32 | Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws (lien direct) | Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users.
To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July.
That's likely because both flaws reside in the Windows Codecs |
|||
|
2020-07-01 03:43:24 | Use This Definitive RFP Template to Effectively Evaluate XDR solutions (lien direct) | A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response.
Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions.
XDR has been referred to as the next step in the evolution of Endpoint |
Threat | ||
|
2020-07-01 02:08:13 | A New Ransomware Targeting Apple macOS Users Through Pirated Apps (lien direct) | Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps.
According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant - dubbed "EvilQuest" - is packaged along with legitimate apps, which upon installation, disguises itself as Apple's |
Ransomware Malware | ||
|
2020-06-30 00:45:13 | Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware (lien direct) | Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes.
The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker |
Threat | ||
|
2020-06-29 04:21:46 | Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards (lien direct) | A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes.
Aleksei Yurievich Burkov, 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud-one count of access |
Guideline |
To see everything:
Our RSS (filtrered)
