What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-09-20 03:51:48 | Two Widely Used Ad Blocker Extensions for Chrome Caught in Ad Fraud Scheme (lien direct) | Two widely used Adblocker Google Chrome extensions mimicking as - AdBlock and uBlock Origin - have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently.
There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and aiding productivity, but at the same time, |
|||
|
2019-09-19 09:48:13 | Update Google Chrome Browser to Patch New Critical Security Flaws (lien direct) | Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately.
Started rolling out to users worldwide this Wednesday, the Chrome 77.0.3865.90 version contains security patches for 1 critical and 3 high-risk security vulnerabilities, the most severe of which could allow |
|||
|
2019-09-18 07:11:00 | IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador\'s History (lien direct) | Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history.
Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured |
Data Breach | ||
|
2019-09-18 06:05:13 | Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month (lien direct) | Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam-they mine cryptocurrencies as well.
Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading |
Spam | ||
|
2019-09-18 03:29:53 | The Definitive RFP Templates for EDR/EPP and APT Protection (lien direct) | Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise-in fact, every organization, regardless of vertical and size is at risk, whether as a direct target, supply chain or collateral damage.
The vast majority of security decision-makers acknowledge they need to address the |
Threat | ||
|
2019-09-18 02:21:57 | Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions (lien direct) | A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin-one of the most popular applications for managing the MySQL and MariaDB databases.
phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and many other |
Tool Vulnerability | ||
|
2019-09-17 10:54:08 | BREAKING - U.S Sues Edward Snowden and You\'d be Surprised to Know Why (lien direct) | The United States today filed a lawsuit against Edward Snowden, a former employee of the CIA and NSA government agencies who made headlines worldwide in 2013 after he fled the country and leaked top-secret information about NSA's global and domestic surveillance activities.
And, you would be more surprised to know the reason for this lawsuit.
No, it's not for leaking secrets; instead, for |
|||
|
2019-09-17 05:26:19 | Exclusive: Thousands of Google Calendars Leaking Private Information Online (lien direct) | "Warning - Making your calendar public will make all events visible to the world, including via Google search. Are you sure?"
Remember this security warning? No?
If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you're exposing all your events |
|||
|
2019-09-17 01:43:33 | 125 New Flaws Found in Routers and NAS Devices from Popular Brands (lien direct) | The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it?
As we connect everything from coffee maker to front-door locks and cars to the Internet, we're creating more potential-and possibly more dangerous-ways for hackers to wreak |
|||
|
2019-09-16 04:57:16 | How Cloud-Based Automation Can Keep Business Operations Secure (lien direct) | The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time.
Ironically, the incident, which exposed some 106 million Capital One customers' accounts, has only reinforced the belief that the cloud remains the safest way to store sensitive data.
"You have to compare [the cloud] |
Data Breach | ||
|
2019-09-16 04:24:51 | WhatsApp \'Delete for Everyone\' Doesn\'t Delete Media Files Sent to iPhone Users (lien direct) | Mistakenly sent a picture to someone via WhatsApp that you shouldn't have?
Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy.
WhatsApp and its rival Telegram messenger offer "Delete for Everyone," a potentially life-saving feature |
|||
|
2019-09-14 03:16:10 | US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks (lien direct) | The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure.
Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean |
|||
|
2019-09-13 11:06:09 | Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug (lien direct) | Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system.
Yes, we're excited about, but here comes the bad news...
iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information.
Jose Rodriguez, a Spanish security researcher, contacted The Hacker |
Vulnerability | ||
|
2019-09-12 04:56:01 | New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS (lien direct) | Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.
Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser, a dynamic SIM toolkit that is widely being used by |
Vulnerability | ||
|
2019-09-12 04:44:00 | WebARX - A Defensive Core For Your Website (lien direct) | Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web.
It built a defensive core for websites which is embedded deep inside the company's DNA as even ARX in their name refers to the citadel (the core fortified area of a town or |
Vulnerability | ||
|
2019-09-12 02:28:40 | (Déjà vu) CISO Kit - Breach Protection in the Palm of Your Hand (lien direct) | CISOs and CIOs need to know better than anyone the security pulse of their organizations. On the other hand, they cannot be flooded with every changing detail.
Finding the right balance that enables them to clearly grasp the big picture required in making sound decisions is a task many security executives find challenging. Threat actors do not acknowledge off-hours or weekends, introducing the |
Threat | ||
|
2019-09-12 01:55:04 | Popular Period Tracking Apps Share Your Sexual Health Data With Facebook (lien direct) | Hello Ladies, let's talk about periods, privacy, and Facebook.
Are you using an app on your smartphone to keep tracks on your periods?
Well, it's worrying, because it might be sharing your extremely sensitive information like menstrual cycle and sexual activities with Facebook.
A new investigative report from UK-based advocacy group Privacy International revealed how some most popular |
|||
|
2019-09-11 10:03:18 | (Déjà vu) The Hottest Malware Hits of the Summer (lien direct) | It's been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here's a recap of the most burning strains and trends seen in the wild during the months of July and August 2019.
Malware Evolution Trends
The heat must have had an effect as this summer saw malware |
Ransomware Malware | ||
|
2019-09-11 06:09:04 | NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs (lien direct) | Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer.
Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff |
Malware Vulnerability | ||
|
2019-09-11 04:54:04 | Breach Protection in the Palm of Your Hand (lien direct) | CISOs and CIOs need to know better than anyone the security pulse of their organizations. On the other hand, they cannot be flooded with every changing detail.
Finding the right balance that enables them to clearly grasp the big picture required in making sound decisions is a task many security executives find challenging. Threat actors do not acknowledge off-hours or weekends, introducing |
Threat | ||
|
2019-09-11 03:58:03 | Google to Experiment \'DNS over HTTPS\' (DoH) Feature in Chrome 78 (lien direct) | Immediately after Mozilla announced its plan to soon enable 'DNS over HTTPS' (DoH) by default for Firefox users in the United States, Google today says it is planning an experiment with this privacy-focused technology in its upcoming Chrome 78.
Under development since 2017, 'DNS over HTTPS' performs DNS lookups-finding the server IP address of a certain domain name-over an encrypted HTTPS |
|||
|
2019-09-11 00:48:02 | Mozilla Launches \'Firefox Private Network\' VPN Service as a Browser Extension (lien direct) | Mozilla has officially launched a new privacy-focused VPN service, called Firefox Private Network, as a browser extension that aims to encrypt your online activity and limit what websites and advertisers know about you.
Firefox Private Network service is currently in beta and available only to desktop users in the United States as part of Mozilla's recently expunged "Firefox Test Pilot" |
|||
|
2019-09-10 23:32:04 | Hundreds of BEC Scammers Arrested in Nigeria and U.S. - $3.7 Million Recovered (lien direct) | Breaking News - The Nigerian prince and his allies who might have also asked you over an email for your assistance to help save "the first African astronaut lost in space" have finally been arrested by the FBI.
Don't take it too seriously, as there's no Nigerian prince or an astronaut seeking your help.
Instead, it was an infamous 'Nigerian 419' scam email template where fraudsters try to |
|||
|
2019-09-10 11:36:01 | (Déjà vu) Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client (lien direct) | Get your update caps on.
Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity.
Two of the security vulnerabilities patched by the tech giant this month are listed as "publicly known" at the time of release, one of which is an |
Patching | ||
|
2019-09-10 09:42:03 | Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext (lien direct) | What could be worse than your router leaking its administrative login credentials in plaintext?
Cybersecurity researchers from Trustwave's SpiderLabs have discovered multiple security vulnerabilities in some router models from two popular manufacturers-D-Link and Comba Telecom-that involve insecure storage of credentials, potentially affecting every user and system on that network.
Researcher |
|||
|
2019-09-10 08:31:02 | Adobe Releases Security Patches For Critical Flash Player Vulnerabilities (lien direct) | It's Patch Tuesday again-the day of the month when both Adobe and Microsoft release security patches for vulnerabilities in their software.
Adobe has just released its monthly security updates to address a total of 3 security vulnerabilities in only two of its products this time-Adobe Flash Player and Adobe Application Manager (AAM).
None of the security vulnerabilities patched this month in |
|||
|
2019-09-09 06:18:04 | New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data (lien direct) | Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server.
Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and |
Malware | ||
|
2019-09-09 01:12:03 | Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers (lien direct) | Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously constructed JPEG image file.
The vulnerabilities reside in HHVM (HipHop Virtual Machine)-a high-performance, open source virtual machine developed by Facebook for |
|||
|
2019-09-06 06:02:01 | A Summer of Discontent: The Hottest Malware Hits (lien direct) | It's been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here's a recap of the most burning strains and trends seen in the wild during the months of July and August 2019.
Malware Evolution Trends
The heat must have had an effect as this summer saw malware |
Ransomware Malware | ||
|
2019-09-06 05:48:02 | Exim TLS Flaw Opens Email Servers to Remote \'Root\' Code Execution Attacks (lien direct) | A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers.
Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches that affect all |
Vulnerability | ||
|
2019-09-06 04:26:02 | Multiple Code Execution Flaws Found In PHP Programming Language (lien direct) | Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers.
Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming language that |
|||
|
2019-09-06 02:01:00 | Flaws in Over Half a Million GPS Trackers Expose Children Location Data (lien direct) | What if the tech intended to ensure that your kids, senior citizens, and pets are safe even when they're out of sight inadvertently expose them to stalkers?
An estimated 600,000 GPS tracking devices for sale on Amazon and other large online merchants for $25–$50 have been found vulnerable to a handful of dangerous vulnerabilities that may have exposed user's real-time locations, security |
|||
|
2019-09-05 23:52:03 | Google Fined $170 Million For Violating Kids\' Privacy On YouTube (lien direct) | Google has finally agreed to pay $170 million fine to settle allegations by the Federal Trade Commission and the New York attorney general that its YouTube service earned millions by illegally harvesting personal information from children without their parents' consent.
The settlement requires Google to pay $136 million to the FTC and an additional $34 million fine to New York state for |
|||
|
2019-09-05 02:15:03 | Twitter temporarily disables \'Tweeting via SMS\' after CEO gets hacked (lien direct) | Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers.
Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile phone number |
|||
|
2019-09-04 06:23:01 | Just An SMS Could Let Remote Attackers Access All Your Emails, Experts Warn (lien direct) | Whenever you insert a new SIM in your phone and connects to your cellular network for the very first time, your carrier service automatically configures or sends you a message containing network-specific settings required to connect to data services.
While manually installing it on your device, have you ever noticed what configurations these messages, technically known as OMA CP messages, |
|||
|
2019-09-04 04:10:05 | New Free Offering Enables Any MSP and Security Integrator to Add Incident Response to their Services Portfolio (lien direct) | The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house.
Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security |
|||
|
2019-09-04 02:21:01 | Firefox 69 Now Blocks 3rd-Party Tracking Cookies and Cryptominers By Default (lien direct) | Mozilla has finally enabled the "Enhanced Tracking Protection" feature for all of its web browser users worldwide by default with the official launch of Firefox 69 for Windows, Mac, Linux, and Android.
The company enabled the "Enhanced Tracking Protection" setting by default for its browser in June this year, but only for new users who downloaded and installed a fresh copy of Firefox. |
|||
|
2019-09-04 01:37:02 | Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days (lien direct) | Well, there's some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide. The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 million payouts to anyone who sells 'full chain, zero-click, with persistence' Android zero-days. | Vulnerability | ||
|
2019-09-03 08:31:02 | XKCD Forum Hacked – Over 562,000 Users\' Account Details Leaked (lien direct) | XKCD-one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language-has suffered a data breach exposing data of its forum users.
The security breach occurred two months ago, according to security researcher Troy Hunt who alerted the company of the incident, with unknown hackers stealing around 562,000 |
Data Breach | ||
|
2019-09-03 03:05:02 | BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks (lien direct) | Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News.
Yes, that's correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick |
|||
|
2019-09-03 01:22:02 | Chinese Face-Swapping App ZAO Sparks Privacy Concerns After Going Crazily Viral (lien direct) | What could be more exciting than seeing yourself starring alongside your favorite actor in a movie, music video, or TV program?
Yes, that's possible-well, kind of, by using a new AI-based deepfake app that has gone viral in China over this weekend, climbing to the top of the free apps list in the Chinese iOS App Store in just three days.
Dubbed ZAO, the app is yet another deepfake app for |
|||
|
2019-08-30 11:02:04 | Foxit PDF Software Company Suffers Data Breach-Asks Users to Reset Password (lien direct) | If you have an online account with Foxit Software, you need to reset your account password immediately-as an unknown attacker has compromised your personal data and log-in credentials.
Foxit Software, a company known for its popular lightweight Foxit PDF Reader and PhantomPDF applications being used by over 525 million users, today announced a data breach exposing the personal information of |
Data Breach | ||
|
2019-08-30 02:37:03 | Ransomware Hits Dental Data Backup Service Offering Ransomware Protection (lien direct) | THIS WEEK IN THE IRONIC NEWS:
DDS Safe, an online cloud-based data backup system that hundreds of dental practice offices across the United States are using to safeguard medical records and other information of their patients from ransomware attacks has been hit with ransomware.
Provided by two Wisconsin-based companies, Digital Dental Record and PerCSoft, the backend system of affected |
Ransomware | ||
|
2019-08-30 00:33:03 | Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years (lien direct) | Beware Apple users!
Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today.
The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered earlier this year in the wild, involving at least five unique iPhone exploit chains capable of |
|||
|
2019-08-29 11:38:00 | Google Will Now Pay Anyone Who Reports Apps Abusing Users\' Data (lien direct) | In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform.
The expansion in Google's vulnerability reward program majorly includes two main announcements.
First, a new program, dubbed 'Developer Data |
Malware Vulnerability | ||
|
2019-08-29 08:34:01 | Capital One Hacker Also Accused of Hacking 30 More Companies and CryptoJacking (lien direct) | Former Amazon employee Paige Thompson, who was arrested last month in relation to the Capital One data breach, has been accused of hacking not only the U.S. credit card issuer, but also more than 30 other companies.
An indictment unsealed on Wednesday revealed that Thompson not just stole data from misconfigured servers hosted with a cloud-computing company, but also used the computing power |
|||
|
2019-08-29 01:24:05 | Apple Changes the Way It Listens to Your Siri Recordings Following Privacy Concerns (lien direct) | Apple today announced some major changes to its controversial 'Siri audio grading program' following criticism for employing humans to listen to audio recordings of users collected via its voice-controlled Siri personal assistant without their knowledge or consent.
The move came a month after The Guardian reported that third-party contractors were regularly listening to private conversations |
|||
|
2019-08-28 08:37:00 | Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards (lien direct) | Cybersecurity researchers have discovered over 80 Magecart compromised e-commerce websites that were actively sending credit card information of online shoppers to the attackers-controlled servers.
Operating their businesses in the United States, Canada, Europe, Latin America, and Asia, many of these compromised websites are reputable brands in the motorsports industry and high fashion, |
|||
|
2019-08-28 03:17:05 | French Police Remotely Removed RETADUP Malware from 850,000 Infected PCs (lien direct) | The French law enforcement agency, National Gendarmerie, today announced the successful takedown of one of the largest wide-spread RETADUP botnet malware and how it remotely disinfected more than 850,000 computers worldwide with the help of researchers.
Earlier this year, security researchers at Avast antivirus firm, who were actively monitoring the activities of RETADUP botnet, discovered a |
Malware | ||
|
2019-08-27 11:36:03 | Imperva Breach Exposes WAF Customers\' Data, Including SSL Certs, API Keys (lien direct) | Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today.
The security breach particularly affects customers of Imperva's Cloud Web Application Firewall (WAF) product, formerly known as Incapsula, a |
Data Breach Guideline |
To see everything:
Our RSS (filtrered)
