What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-11 10:04:02 | Smashing Security podcast #214: Valentine scams, SolarWinds, and a data deletion bungle (lien direct) | Fingerprints and DNA records have been deleted from the UK's police database, the SolarWinds hack continues to wreak havoc and raise questions, and we have some advice for how to fall in love safely under lockdown... All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Professor Alan Woodward. | Hack | ||
 |
2021-02-11 01:02:36 | Poor Password Security Lead to Recent Water Treatment Facility Hack (lien direct) | New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments.
The breach, which occurred last Friday, involved an unsuccessful attempt on the part of an adversary to increase sodium hydroxide dosage in the water supply to dangerous levels |
Hack | ||
 |
2021-02-10 21:20:19 | Hacker Sets Alleged Auction for Witcher 3 Source Code (lien direct) | The ransomware gang behind the hack of CD Projekt Red may be asking for $1 million opening bids for the company's valuable data. | Ransomware Hack | ||
 |
2021-02-10 16:48:33 | Researcher manages to hack into 35 tech firms (lien direct) | Security researcher, Alex Birsan had an idea last year while working with Justin Gardner, another researcher. This idea led to him being able to gain access to over 35 major tech companies’ internal systems in a supply chain attack. Among these were Microsoft, Apple, Netflix and Uber. This particular supply chain attack is so sophisticated, […] | Hack | Uber | |
 |
2021-02-10 16:03:00 | (Déjà vu) Researcher Hacks Apple and Microsoft (lien direct) | Novel supply chain attack allows researcher to hack internal systems of major companies | Hack | ||
|
2021-02-10 13:49:32 | Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple (lien direct) | Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. | Hack | ||
 |
2021-02-09 16:14:00 | SolarWinds hack explained: Everything you need to know (lien direct) | Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. | Hack | ||
 |
2021-02-09 15:47:24 | (Déjà vu) Cyberpunk 2077 Video Game Developer Hit by Hack Attack (lien direct) | Polish video game maker CD Projekt RED, the company behind The Witcher and Cyberpunk 2077, said Tuesday hackers had stolen data in a "targeted cyber attack". "An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note," the company said on Twitter. | Hack | ||
 |
2021-02-09 13:04:16 | (Déjà vu) Researcher hacks over 35 tech firms in novel supply chain attack (lien direct) | A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [...] | Hack | Uber Uber | |
|
2021-02-09 13:04:16 | Researcher hacks Microsoft, Apple, more in novel supply chain attack (lien direct) | A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties. [...] | Hack | Uber Uber | |
 |
2021-02-09 11:00:00 | Zero Trust policies - Not just for humans, but for machines and applications too (lien direct) | This blog was written by an independent guest blogger. Hackers are continually finding more and more pathways into an organization’s internal environment. Not only is access widely available, it can also be alarmingly simple. Rather than having to actively hack systems, hackers often just log in using easily-obtained or compromised user identities and credentials. To avert these types of attacks, many organizations have adopted zero trust policies that require a user to provide additional authentication before accessing an organization’s resources and data. Traditional, identity-centric zero trust practices focusing solely on protecting the credentials of human users ignore a substantial set of vulnerabilities, namely those involving interactions between machines, applications and workloads. “Machine identities,” which now outnumber human identities 20:1, present organizations with additional security challenges. To address those challenges, businesses must implement effective processes for recognizing machine identities, provisioning their access to resources, and continuously authenticating identities during interactions with organizational resources. What is Zero Trust? Zero trust security models assume that no identity is inherently trustworthy. All identities are equally distrusted - whether customer, employee, device or process - and require additional authentication. A well-known example of a zero trust policy is the use of multi-factor authentication to verify a user’s identity. Identity authentication issues for machine identities, while similar, become a bit more complicated. But, as discussed below, there are policies and processes an organization should consider when implementing zero trust programs that will effectively protect both human and machine identities. Effective application of Zero Trust policies to machine identities Effective zero trust policies require frequent and continuous validation of all “users.” But to be as effective as possible, the policy must address the question “Who or what constitutes a user?” It is quite normal to think only of human users when the word “identity” is used. But there are any number of intermediate nodes between a human end user and the resources they access within an organization, including devices, applications and networks, as well as the organization’s databases that contain relevant data. In addition to having their own identities, each of these nodes can be associated with and accessed by a number of other identities, whether they be other devices, workloads, microservices, applications or human users. And each identity involved in an interaction, from human user identities to the machine identities, is a potential target for a hacker. Many businesses reach the point of zero trust too late, after a problem such as a breach or a failed security audit has already happened. Prudent businesses, however, implement strong zero trust policies proactively. Effective policies require strong, well-protected, frequently modified credentials and limit access to essential processes and data without negatively impacting interactions and workloads. Zero trust is not a perfect solution with respect to machine identities, but it can be effective. Organizations should consider the f | Hack | ||
 |
2021-02-04 12:39:25 | SolarWinds patches vulnerabilities that could allow full system control (lien direct) | Fixes come as SolarWinds sorts out its role in a major hack on its customers. | Hack | ||
 |
2021-02-04 12:11:53 | Another SolarWinds Orion Hack (lien direct) | At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks: Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised. […] Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies... | Hack Vulnerability Threat | ★★★★★ | |
 |
2021-02-03 20:49:15 | Alleged China-linked hackers used SolarWinds bug to breach National Finance Center (lien direct) | Alleged China-linked hackers have exploited a flaw in the SolarWinds Orion software to hack systems at the U.S. National Finance Center. FBI investigators discovered that allegedly China-linked hackers have exploited a flaw in the SolarWinds Orion software to break into the systems of the U.S. National Finance Center. The National Finance Center is a federal […] | Hack | ||
 |
2021-02-03 01:46:33 | A Second SolarWinds Hack Deepens Third-Party Software Fears (lien direct) | It appears that not only Russia but also China targeted the company, a reminder of the many ways interconnectedness can go wrong. | Hack | ||
 |
2021-02-02 11:02:08 | Experts Advise After Personal Data Of 1.4 Million Washington Exposed (lien direct) | The personal unemployment claims data of at least 1.4 million Washingtonians may have been stolen in a hack of software used by the state auditor's office, Auditor Pat McCarthy said… | Hack | ||
|
2021-02-01 21:12:13 | SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat (lien direct) | Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks. | Hack | ||
|
2021-02-01 14:30:28 | Russian Hack Brings Changes, Uncertainty to US Court System (lien direct) | Trial lawyer Robert Fisher is handling one of America's most prominent counterintelligence cases, defending an MIT scientist charged with secretly helping China. But how he'll handle the logistics of the case could feel old school: Under new court rules, he'll have to print out any highly sensitive documents and hand-deliver them to the courthouse. | Hack | ||
|
2021-01-28 15:52:29 | Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball (lien direct) | A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. | Hack | ||
|
2021-01-28 12:44:11 | Stack Overflow Shares Technical Details on 2019 Hack (lien direct) | Stack Overflow, the popular Q&A platform for programmers, this week shared technical information on how its systems were breached back in 2019, and it turns out that the hacker often viewed questions posted on Stack Overflow to learn how to conduct various activities on the compromised systems. | Hack | ||
|
2021-01-27 20:24:01 | North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities (lien direct) | Threat experts at Google say that they have identified an ongoing hacking campaign that has targeted computer security experts, specifically those researching the very type of software vulnerabilities exploited by cybercriminals. Read more in my article on the Hot for Security blog. | Hack Threat | ||
|
2021-01-26 22:35:03 | Fidelis, Mimecast, Palo Alto Networks, Qualys also impacted by SolarWinds hack (lien direct) | Security vendors Fidelis, Mimecast, Palo Alto Networks, and Qualys revealed that were also impacted by SolarWinds supply chain attack The SolarWinds supply chain attack is worse than initially thought, other security providers, confirmed that they were also impacted. Mimecast, Palo Alto Networks, Qualys, and Fidelis confirmed to have installed tainted updates of the SolarWinds Orion […] | Hack | ||
|
2021-01-26 18:57:39 | More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack (lien direct) | Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it's unclear if it was specifically targeted. | Hack Threat | ||
 |
2021-01-26 17:37:13 | Ghost hack – criminals use deceased employee\'s account to wreak havoc (lien direct) | Most companies are quick to remove ex-staff from the payroll, but often not so quick to shut down their network access. | Hack | ||
|
2021-01-25 14:24:50 | Russian Hack of US Agencies Exposed Supply Chain Weaknesses (lien direct) | The elite Russian hackers who gained access to computer systems of federal agencies last year didn't bother trying to break one by one into the networks of each department. | Hack | ||
|
2021-01-25 13:29:09 | Intel Latest Hack – Industry Comment (lien direct) | Following news last week that Intel has suffered a breach in which hackers obtained financially sensitive information that forced the company to release earnings early, please find comment below from cybersecurity experts.… | Hack | ||
|
2021-01-22 22:39:24 | FSB warns Russian businesses of cyber attacks as retaliation for SolarWinds hack (lien direct) | Russian authorities are alerting Russian organizations of potential cyberattacks launched by the United States in response to SolarWinds attack. The Russian intelligence agency FSB has issued a security alert this week warning Russian organizations of potential cyberattacks launched by the United States in response to the SolarWinds supply chain attack. The alert was issued after […] | Hack | ||
|
2021-01-22 16:03:09 | Biden Orders Intel Agencies to Provide Full Assessment of SolarWinds Hack (lien direct) | Just says into his leadership role, U.S. President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack, which fueled a global cyber espionage campaign impacting many high-profile government agencies and businesses. | Hack Guideline | ||
|
2021-01-22 16:02:33 | Intel\'s Early Earnings Release Triggered by Hack (lien direct) | U.S. chip-making giant Intel Corp. has acknowledged a website hack and premature data disclosure forced the early release of its earnings report for the fourth quarter of 2020. | Hack | ||
|
2021-01-22 11:51:59 | 2 million users had their data stolen following MyFreeCams hack (lien direct) | MyFreeCams is an adult video chat platform which provides free access to chat rooms with models, as well as paid services. A hacker has claimed that they have accessed MyFreeCams’ database using a SQL injection attack. After gaining access to the platform’s database the hacker stolen 2 million paying users’ emails, usernames, and plain text […] | Hack | ||
|
2021-01-21 03:59:10 | Here\'s How SolarWinds Hackers Stayed Undetected for Long Enough (lien direct) | Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history.
Calling the threat actor "skillful and methodic operators who follow |
Hack Threat | ||
|
2021-01-20 11:33:16 | Expert Comment On New Malware Strain Found In SolarWinds Hack (lien direct) | Please see below for comment from cybersecurity experts on the new strain of malware, Raindrop found in relation to SolarWinds: Please see below for comment from cybersecurity experts on the… The ISBuzz Post: This Post Expert Comment On New Malware Strain Found In SolarWinds Hack | Malware Hack | Solardwinds | |
|
2021-01-19 19:04:57 | FireEye Releases New Open Source Tool in Response to SolarWinds Hack (lien direct) | FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds. | Hack Tool Threat | ||
 |
2021-01-18 12:38:11 | (Déjà vu) Cascade HacktheBox Walkthrough (lien direct) | Today, we're going to solve another Hack the box Challenge called “Cascade” and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. This laboratory is of a medium level. Solving this lab is | Hack | ||
|
2021-01-13 22:49:05 | Attackers targeted Accellion FTA in New Zealand Central Bank attack (lien direct) | The root cause for the hack of the New Zealand Central Bank was the Accellion FTA (File Transfer Application) file sharing service. During the weekend, the New Zealand central bank announced that a cyber attack hit its infrastructure. According to the Government organization, one of its data systems has been breached by an unidentified hacker, commercially […] | Hack | ★★ | |
|
2021-01-13 17:14:04 | Official: Number of Victims of Russian Hack Likely to Grow (lien direct) | The number of federal agencies and private companies who learn that they have been affected by a massive Russian hack is expected to grow as the investigation into it continues, the U.S. government's chief counterintelligence official said Tuesday. | Hack | ||
|
2021-01-13 13:48:05 | SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale (lien direct) | Someone has set up a website named SolarLeaks where they are offering to sell gigabytes of files allegedly obtained as a result of the recently disclosed SolarWinds breach. | Hack | ||
|
2021-01-13 12:03:23 | Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack (lien direct) | Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers. | Hack Threat | ||
|
2021-01-12 13:54:54 | ServMon HacktheBox Walkthrough (lien direct) | Today, we're going to solve another Hack the box Challenge called “ServMon” and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. This laboratory is of an easy level. Solving this lab is not that tough if have... Continue reading → | Hack | ||
 |
2021-01-12 12:13:00 | Affaire SolarWinds : les premiers indices techniques pointent vers la Russie (lien direct) | Le code de la porte dérobée, utilisée dans ce hack de premier ordre, ressemble en partie à celui d'une autre porte dérobée, utilisée par le groupe de hackers russes Turla... Qui est lui-même une émanation du service de renseignement FSB.  |
Hack | ||
|
2021-01-12 08:33:19 | New Sunspot malware found while investigating SolarWinds hack (lien direct) | Cybersecurity firm CrowdStrike has discovered the malware used by the SolarWinds hackers to inject backdoors in Orion platform builds during the supply-chain attack that led to the compromise of several companies and government agencies. [...] | Malware Hack | Solardwinds | |
|
2021-01-11 17:53:21 | SolarWinds Hack Potentially Linked to Turla APT (lien direct) | Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. | Hack Mobile | Solardwinds Solardwinds | |
|
2021-01-11 14:48:00 | Expert Reaction On INM Alleged Data Hack Case (lien direct) | It has been reported that Independent News and Media (INM) is trying to stall a case that is being taken against it and its former chairman, Leslie Buckley, by two members of… The ISBuzz Post: This Post Expert Reaction On INM Alleged Data Hack Case | Hack | ||
|
2021-01-11 12:55:17 | Data stolen from New Zealand\'s Central Bank following hack (lien direct) | New Zeland’s central bank, The Reserve Bank of New Zealand, has recently been hacked, with both personally and commercially sensitive information being stolen in the hack. News of the hack was first revealed on Sunday, and it has been reported that it was due to the breach of a third-party file sharing service which the […] | Hack | ||
|
2021-01-10 23:11:27 | Russian Hacker Gets 12-Years Prison for Massive JP Morgan Chase Hack (lien direct) | A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies.
Andrei Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online |
Hack | ||
|
2021-01-09 14:09:45 | SolarWinds hackers also used common hacker techniques, CISA revealed (lien direct) | CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity and Infrastructure Security Agency (CISA) revealed that threat actors behind the SolarWinds supply chain attack also employed common hacker techniques to compromise the networks of the targeted organizations, including password guessing and password spraying. “Frequently, […] | Hack Threat | ||
 |
2021-01-08 21:36:00 | CISA: SolarWinds hackers also used password guessing to breach targets (lien direct) | CISA says the threat actor behind the SolarWinds hack also used password guessing and password spraying to breach targets, not just trojanized updates. | Hack Threat | ||
|
2021-01-08 17:19:09 | SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack (lien direct) | Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds. | Hack | ||
|
2021-01-07 14:23:56 | Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack (lien direct) | An expert found multiple serious vulnerabilities in Fortinet's FortiWeb web application firewall (WAF) that could expose corporate networks to hack. Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities in Fortinet's FortiWeb web application firewall (WAF) that could be exploited by attackers to hack into corporate networks. The flaws, tracked as CVE-2020-29015, CVE-2020-29016, CVE-2020-29018, and […] | Hack | ||
|
2021-01-07 14:03:50 | US Judiciary adds safeguards after potential breach in SolarWinds hack (lien direct) | The Administrative Office of the U.S. Courts is investigating a potential compromise of the federal courts' case management and electronic case files system which stores millions of highly sensitive and confidential judiciary records. [...] | Hack |
To see everything:
Our RSS (filtrered)
