What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-01-21 04:08:58 | BitDam Study Exposes High Miss Rates of Leading Email Security Systems (lien direct) | Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines.
Actually, you don't have to. This actually happened.
Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt to defraud several people. How did this happen? Is it similar to how the DNC server was hacked? |
|||
|
2020-01-20 06:24:27 | Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack (lien direct) | Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix.
I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit |
Vulnerability | ||
|
2020-01-20 04:22:32 | Evaluating Your Security Controls? Be Sure to Ask the Right Questions (lien direct) | Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options.
But what do you specifically want to know? And how are the findings relevant to the threat landscape you face at this moment?
"Decide what you want to know and then choose the best tool for the job." |
Tool Threat | ||
|
2020-01-18 07:56:53 | Microsoft Warns of Unpatched IE Browser Zero-Day That\'s Under Active Attacks (lien direct) | Internet Explorer is dead, but not the mess it left behind.
Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild - and there is no patch yet available for it.
The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote |
Vulnerability | ||
|
2020-01-16 11:23:34 | Use iPhone as Physical Security Key to Protect Your Google Accounts (lien direct) | Great news for iOS users!
You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication.
Android users have had this feature on their smartphones since last year, but now Apple product owners can also use this advanced, phishing-resistant form of |
|||
|
2020-01-16 10:07:24 | Broadening the Scope: A Comprehensive View of Pen Testing (lien direct) | Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation.
However, the results are also capable of doing even more. They identify and quantify security risk, and can be used as a keystone in |
Tool | ||
|
2020-01-15 01:20:44 | Download Ultimate \'Security for Management\' Presentation Template (lien direct) | There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization.
Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO.
This person is the |
|||
|
2020-01-14 11:51:32 | Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA (lien direct) | After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products.
What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 |
|||
|
2020-01-14 06:52:42 | Adobe Releases First 2020 Patch Tuesday Software Updates (lien direct) | Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator.
It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users.
Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or |
|||
|
2020-01-11 02:22:37 | PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability (lien direct) | It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.
Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC |
Vulnerability | ||
|
2020-01-09 02:34:19 | Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now! (lien direct) | Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems?
If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website.
Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing |
Vulnerability | ||
|
2020-01-08 02:05:50 | Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS (lien direct) | TikTok, the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds-but it's not over yet, as the security of billions of TikTok users would be now under question.
The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers |
Hack | ||
|
2020-01-07 08:41:42 | 3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group (lien direct) | Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone-even if downloaded from the official Google Store store-you have been hacked and being tracked.
These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber |
APT-C-17 | ||
|
2020-01-07 07:02:17 | Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020? (lien direct) | January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7.
From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day.
Cynet 360 autonomous breach protection is a |
Vulnerability | ||
|
2020-01-03 02:58:18 | Xiaomi Cameras Connected to Google Nest Expose Video Feeds From Others (lien direct) | Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information.
In one such recent privacy mishap, smart IP cameras manufactured by Chinese smartphone maker Xiaomi found mistakenly sharing surveillance footage |
|||
|
2020-01-02 12:13:32 | Landry\'s Restaurant Chain Suffers Payment Card Theft Via PoS Malware (lien direct) | Landry's, a popular restaurant chain in the United States, has announced a malware attack on its point of sale (POS) systems that allowed cybercriminals to steal customers' payment card information.
Landry's owns and operates more than 600 bars, restaurants, hotels, casinos, food and beverage outlets with over 60 different brands such as Landry's Seafood, Chart House, Saltgrass Steak House, |
Malware | ||
|
2019-12-25 08:44:16 | How Organizations Can Defend Against Advanced Persistent Threats (lien direct) | Advanced persistent threats (APTs) have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time.
They typically perform complex hacks that allow them to steal or destroy data and resources.
According to Accenture, APTs have been organizing themselves into groups that |
Threat | ||
|
2019-12-23 04:41:59 | The Best Templates for Posting Cybersecurity Jobs (lien direct) | The cybersecurity of a company is heavily reliant upon the skills and knowledge of the people who install, manage, and operate its security products. This means that recruiting and nurturing the best security team possible should be a CISO's top priority.
Cynet's Ultimate Cybersecurity Job Posting Templates (download here) provide a list of the main responsibilities and skills for typical |
|||
|
2019-12-21 07:39:11 | Hacker Who Tried to Blackmail Apple for $100,000 Sentenced in London (lien direct) | A 22-year-old man who claimed to have access to over 300 million iCloud accounts and threatened to factory reset all accounts unless Apple pays ransom has pleaded guilty in London for trying to blackmail Apple.
In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the "Turkish Crime Family" and in possession of 319 million iCloud accounts. |
Guideline | ||
|
2019-12-21 05:56:48 | Hackers Behind GozNym Malware Sentenced for Stealing $100 Million (lien direct) | Three members of an international organized cybercrime group that was behind a multi-million dollar theft primarily against U.S. businesses and financial institutions have been sentenced to prison, the U.S. Justice Department announced.
The criminals used the GozNym banking Trojan to break into more than 4,000 victim computers globally, primarily in the United States and Europe, between 2015 |
Malware | ||
|
2019-12-20 02:05:48 | Hackers Stole Customers\' Payment Card Details From Over 700 Wawa Stores (lien direct) | Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months?
If yes, your credit and debit card details may have been stolen by cybercriminals.
Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident that may have exposed payment card information of thousands of customers who used their cards at |
Data Breach | ||
|
2019-12-19 06:42:10 | Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw (lien direct) | If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time.
Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three "moderately critical" vulnerabilities in its core system.
Considering that Drupal-powered websites are |
|||
|
2019-12-19 04:39:59 | Top 5 Essential Features of Effective Cybersecurity for Web Apps (lien direct) | There's hardly any business nowadays that don't use computers and connect to the Internet. Companies maintain an online presence through their official websites, blogs, and social media pages.
People use online services to conduct day to day activities like banking. And of course, there are many businesses that are completely based on the web like online markets, e-Commerce websites and |
|||
|
2019-12-19 03:45:54 | British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S. (lien direct) | A British man suspected to be a member of 'The Dark Overlord,' an infamous international hacking group, has finally been extradited to the United States after being held for over two years in the United Kingdom.
Nathan Francis Wyatt, 39, appeared in federal court in St. Louis, Missouri, on Wednesday to face charges related to his role in hacking healthcare and accounting companies in the U.S. |
|||
|
2019-12-18 10:40:37 | Google Offers Financial Support to Open Source Projects for Cybersecurity (lien direct) | Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products.
The initiative, called "Patch Rewards Program," was launched nearly 6 years ago, under which Google rewards |
|||
|
2019-12-18 07:18:05 | LifeLabs Paid Hackers to Recover Stolen Medical Data of 15 Million Canadians (lien direct) | LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers.
The company announced the breach in a press release posted on its website, revealing that an unknown attacker unauthorizedly accessed its computer systems last month and stole customers |
Data Breach | ||
|
2019-12-18 05:34:27 | 14 Ways to Evade Botnet Malware Attacks On Your Computers (lien direct) | Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly roaming the web in search of their next big score.
Every manner of sensitive information, such as confidential employee records, customers' financial data, protected medical documents, and government files, are all subject to their relentless threats to cybersecurity.
Solutions span a broad |
Malware | ||
|
2019-12-17 12:45:11 | This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members (lien direct) | WhatsApp, the world's most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned.
Just by sending a maliciously crafted message to a targeted group, an attacker can trigger a fully-destructive WhatsApp crash-loop, |
|||
|
2019-12-17 05:19:16 | The 2020 State of Breach Protection Survey – Call for Participation (lien direct) | 2010-2019 decade will be remembered as the time in which cybersecurity became acknowledged as a critical concern for all organizations.
With rapidly growing security needs and respective budgets, it is now more essential than ever for security decision-makers to zoom out of the 'products' mindset and assess their security stack in light of the overall breach protection value that their |
|||
|
2019-12-16 05:11:49 | 5 Reasons Why Programmers Should Think like Hackers (lien direct) | Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation.
It's a meticulous process that cannot be completed without going through all the essential points. In all of these, security must be taken into account. As you come up with a solution to the problem and write the |
★★ | ||
|
2019-12-13 02:53:40 | Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites (lien direct) | Attention WordPress users!
Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions.
Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow |
Hack Vulnerability | ★★ | |
|
2019-12-12 11:06:05 | Russian Police Raided NGINX Moscow Office, Detained Co-Founders (lien direct) | Russian law enforcement officers have raided the Moscow offices of Nginx-the company behind the world's second most popular web server software-over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider.
According to multiple reports from local media and social media, the police conducted searches and has also detained several employees of |
★★★★★ | ||
|
2019-12-11 08:16:14 | New Zeppelin Ransomware Targeting Tech and Health Companies (lien direct) | A new variant of Vega ransomware family, dubbed Zeppelin, has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada.
However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan, breathe a sigh of relief, as the ransomware terminates its operations if found itself on machines |
Ransomware | ★★★★ | |
|
2019-12-11 03:08:40 | New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage (lien direct) | A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised.
Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be |
★★ | ||
|
2019-12-10 22:19:18 | Latest Microsoft Update Patches New Windows 0-Day Under Active Attack (lien direct) | With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.
Microsoft's December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27 important, 1 |
Vulnerability | ★★★★ | |
|
2019-12-10 08:58:49 | Adobe Releases Patches for \'Likely Exploitable\' Critical Vulnerabilities (lien direct) | The last Patch Tuesday of 2019 is finally here.
Adobe today released updates for four of its widely used software-including Adobe Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets-to patch a total of 25 new security vulnerabilities.
Seventeen of these flaws have been rated as critical in severity, with most of them carrying high priority patches, indicating that the vulnerabilities |
|||
|
2019-12-10 08:22:30 | Download: The 2020 Cybersecurity Salary Survey Results (lien direct) | The 2020 Cybersecurity Salary Survey was an online survey published in The Hacker News and created to provide insight into the details related to cybersecurity compensation.
There were over 1,500 security professionals who completed the survey. Today you can access the aggregated and analyzed 2020 Cybersecurity Salary Survey Results and gain insight to the main ranges and factors of current |
|||
|
2019-12-10 01:28:44 | Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus (lien direct) | Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection.
Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services |
Ransomware | ||
|
2019-12-05 11:16:51 | FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware (lien direct) | The United States Department of Justice today disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan using which the duo stole more than $100 million over a period of 10 years.
Maksim Yakubets, the leader of 'Evil Corp' hacking group, and his co-conspirator Igor Turashev primarily distributed Dridex - also known as 'Bugat' |
Malware Guideline | ||
|
2019-12-05 04:02:57 | Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD (lien direct) | OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework.
The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, |
Vulnerability | ||
|
2019-12-05 01:07:48 | ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector (lien direct) | Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East.
Dubbed ZeroCleare, the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups-APT34, also known as ITG13 and Oilrig, and Hive0081, |
Malware | APT 34 | |
|
2019-12-04 04:48:22 | Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices (lien direct) | Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.
One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take |
|||
|
2019-12-04 00:16:59 | Europol Shuts Down Over 30,500 Piracy Websites in Global Operation (lien direct) | In a coordinated global law enforcement operation, Europol has taken down more than 30,500 websites for distributing counterfeit and pirated items over the Internet and arrested three suspects.
Among other things, the seized domains reportedly offered various counterfeit goods and pirated products and services, including pirated movies, illegal television streaming, music, electronics, |
|||
|
2019-12-03 10:16:57 | Avast and AVG Browser Extensions Spying On Chrome and Firefox Users (lien direct) | If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible.
Avast Online Security
AVG Online Security
Avast SafePrice
AVG SafePrice
Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than |
|||
|
2019-12-03 08:43:50 | Top 5 Cybersecurity and Cybercrime Predictions for 2020 (lien direct) | We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post.
Compliance fatigue will spread among security professionals
Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019.
Driven by laudable |
|||
|
2019-12-02 23:28:16 | Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild (lien direct) | Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities.
Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a |
Vulnerability | ||
|
2019-12-02 06:26:26 | New Facebook Tool Let Users Transfer Their Photos and Videos to Google (lien direct) | Facebook has finally started implementing the open source data portability framework as the first phase of 'Data Transfer Project,' an initiative the company launched last year in collaboration with Google, Apple, Microsoft, and Twitter.
Facebook today announced a new feature that will allow its users to transfer their Facebook photos and videos to their Google Photos accounts-directly and |
Tool | ★★★ | |
|
2019-11-29 04:41:02 | Europol Shuts Down \'Imminent Monitor\' RAT Operations With 13 Arrests (lien direct) | In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely.
The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to |
Tool | ★★★★ | |
|
2019-11-27 18:56:21 | Magento Marketplace Suffers Data Breach Exposing Users\' Account Info (lien direct) | If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately.
Adobe-the company owning Magento e-commerce platform-today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals. |
Data Breach | ||
|
2019-11-27 02:22:58 | Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019 (lien direct) | As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year.
According to a report published by Google's Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with "credential phishing emails" that tried to trick |
Threat |
To see everything:
