What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-20 14:38:03 | DraftKings Data Breach Impacts Personal Information of 68,000 Customers (lien direct) | Sports betting firm DraftKings says the personal data of 68,000 individuals has been compromised in a recent data breach. The incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings' systems, the company says. | Data Breach | ★★ | |
|
2022-12-20 11:41:31 | New \'RisePro\' Infostealer Increasingly Popular Among Cybercriminals (lien direct) | A recently identified information stealer named 'RisePro' is being distributed by pay-per-install malware downloader service 'PrivateLoader', cyberthreat firm Flashpoint reports. Written in C++, RisePro harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs. | Malware | ★★ | |
|
2022-12-19 17:33:17 | Malicious PyPI Module Poses as SentinelOne SDK (lien direct) | Security researchers with ReversingLabs warn of a new supply chain attack using a malicious PyPI module that poses as a software development kit (SDK) from the cybersecurity firm SentinelOne. | ★★★ | ||
|
2022-12-16 11:31:18 | Social Blade Confirms Breach After Hacker Offers to Sell User Data (lien direct) | Social media analytics service Social Blade has confirmed a security breach after a hacker offered to sell a database allegedly stolen from the company's systems. | ★★ | ||
|
2022-12-15 12:56:02 | Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG (lien direct) | Australia's TPG Telecom this week announced that a threat actor has gained unauthorized access to a service hosting the email accounts of 15,000 customers. The second largest telecommunications company in the country, TPG Telecom was formerly known as Vodafone Hutchison Australia, but was renamed after its merger with TPG. | Hack Threat | ★★ | |
|
2022-12-15 12:48:47 | Hacker Claims Breach of FBI\'s Critical-Infrastructure Portal (lien direct) | A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of InfraGard, an FBI-run outreach program that shares sensitive information on national security and cybersecurity threats with public officials and private sector actors who run U.S. critical infrastructure. | ★★ | ||
|
2022-12-14 16:19:14 | Google Announces Vulnerability Scanner for Open Source Developers (lien direct) | Google this week announced OSV-Scanner, a free scanner that open source developers can use to receive vulnerability details relevant to their projects. The high number of dependencies that software projects rely on increases the risk of falling victim to a supply chain attack or to the exploitation of unknown vulnerabilities. | Vulnerability | ★ | |
|
2022-12-14 09:07:55 | HackerOne Surpasses $230 Million in Paid Bug Bounties (lien direct) | Bug bounty platform HackerOne says ethical hackers have identified and reported more than 65,000 software vulnerabilities in 2022. The popular hacker-powered platform, which hosts bug bounty programs for both private and public organizations, including government agencies, has paid out a total of $230 million in bug bounties since its inception. | ★★★★ | ||
|
2022-12-13 11:42:17 | Twitter Responds to Recent Data Leak Reports (lien direct) | Twitter has responded to recent data leak reports, confirming that the exposed information is the same as the one that was making the rounds earlier this year. | ★ | ||
|
2022-12-13 10:35:25 | Uber Data Leaked Following Breach at Third-Party Vendor (lien direct) | Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor. Over the weekend, a user with the moniker 'UberLeak' made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems. | Uber Uber | ★★★ | |
|
2022-12-12 12:46:57 | Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware (lien direct) | Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers. | Ransomware | ★★ | |
|
2022-12-12 12:21:29 | Rackspace Hit With Lawsuits Over Ransomware Attack (lien direct) | At least two lawsuits have been filed against Texas-based cloud company Rackspace over the recently disclosed ransomware attack. | Ransomware | ★ | |
|
2022-12-11 11:36:02 | As Wiretap Claims Rattle Government, Greece Bans Spyware (lien direct) | Lawmakers in Greece on Friday approved legislation banning commercial spyware and reforming rules for legally-sanctioned wiretaps following allegations that senior government officials and journalists had been targeted by shadowy surveillance software. The 156-142 vote in parliament followed two days of debate, during which opposition lawmakers accused the government of attempting to cover up the illegal surveillance. | ★★ | ||
|
2022-12-10 16:12:19 | Video: Deep Dive on PIPEDREAM/Incontroller ICS Attack Framework (lien direct) | ★★★ | |||
|
2022-12-09 10:36:21 | Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet (lien direct) | More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns. | ★★★ | ||
|
2022-12-08 15:20:51 | WAFs of Several Major Vendors Bypassed With Generic Attack Method (lien direct) | Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors. | Industrial | ★★ | |
|
2022-12-08 13:36:43 | Iranian Hackers Deliver New \'Fantasy\' Wiper to Diamond Industry via Supply Chain Attack (lien direct) | An Iran-linked advanced persistent threat (APT) actor named Agrius is using a new wiper in attacks targeting entities in South Africa, Israel and Hong Kong, cybersecurity firm ESET reports. | Threat | ★★ | |
|
2022-12-08 12:01:56 | CloudSEK Blames Hack on Another Cybersecurity Company (lien direct) | Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee's Jira account. As part of the targeted cyberattack, an unknown party used session cookies for the employee's Jira account to gain access to various types of internal data. | Data Breach Hack | ★★ | |
|
2022-12-07 14:08:48 | New Zealand Government Hit by Ransomware Attack on IT Provider (lien direct) | The New Zealand government this week confirmed being impacted by a ransomware attack on managed service provider (MSP) Mercury IT, which has disrupted businesses and public authorities in the country. A small business with only 25 employees, Mercury IT provides cybersecurity, IT, telecoms, and support services for multiple organizations in the country. | Ransomware | ★★ | |
|
2022-12-07 09:30:23 | Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates (lien direct) | Google this week announced the December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws. The most severe of the RCE bugs is CVE-2022-20411, an issue in Android's System component that could be exploited over Bluetooth. | Mobile | ★★★★ | |
|
2022-12-06 14:44:04 | Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen (lien direct) | Cloud company Rackspace has confirmed being targeted in a ransomware attack after it was forced to shut down its Hosted Exchange environment. Rackspace's hosted Microsoft Exchange service started experiencing problems on Friday, December 2. The company shut down the impacted environment and confirmed on Saturday that it was a security incident. | Ransomware | ★ | |
|
2022-12-05 17:45:25 | SIM Swapper Who Stole $20 Million Sentenced to Prison (lien direct) | Nicholas Truglia, of Florida, was sentenced to 18 months in prison last week for stealing more than $20 million in a SIM swapping scheme. According to the indictment, in January 2018, Truglia, now aged 25, participated in a scheme to hack into online accounts in an effort to steal cryptocurrency. He pleaded guilty in late 2021. | Hack Guideline | ★★ | |
|
2022-12-02 13:48:36 | Report: California Gun Data Breach Was Unintentional (lien direct) | California's Department of Justice mistakenly posted the names, addresses and birthdays of nearly 200,000 gun owners on the internet because officials didn't follow policies or understand how to operate their website, according to an investigation released Wednesday. | Data Breach | ★★★★ | |
|
2022-12-02 11:56:50 | Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws (lien direct) | Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric's GX Works3 engineering workstation software that could be exploited to hack safety systems. | Hack | ★★★ | |
|
2022-12-02 11:32:25 | Google Migrating Android to Memory-Safe Programming Languages (lien direct) | Google is seeing a significant decrease in memory safety issues in Android due to the progressive migration to memory-safe programming languages, such as Rust. | ★★★ | ||
|
2022-12-01 17:17:52 | Wipers Are Widening: Here\'s Why That Matters (lien direct) | In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven't stayed in one place – they're emerging globally, which underscores the fact that cybercrime knows no borders. | Malware | ★★★ | |
|
2022-12-01 15:40:48 | \'Schoolyard Bully\' Android Trojan Targeted Facebook Credentials of 300,000 Users (lien direct) | Mobile security firm Zimperium is warning of an Android trojan that may have stolen Facebook credentials from a large number of users. | ★★ | ||
|
2022-12-01 15:27:15 | Investors Double Down on Pangea Cyber API Security Bet (lien direct) | Pangea Cyber, an early stage startup working on technology in the API security services space, has banked $26 million in a new funding round led by Google Ventures. | ★★ | ||
|
2022-12-01 11:47:33 | GoTo, LastPass Notify Customers of New Data Breach Related to Previous Incident (lien direct) | LastPass, the company known for its popular password manager, and its affiliate, GoTo, are informing customers about a new data breach that appears to be related to a cybersecurity incident disclosed a few months ago. | Data Breach | LastPass | ★★ |
|
2022-12-01 09:22:15 | Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data (lien direct) | The Synopsys Cybersecurity Research Center (CyRC) is warning of multiple vulnerabilities found in three applications that allow Android users to use their device as a keyboard and mouse. | ★★★ | ||
|
2022-11-30 16:30:22 | One Year Later: Log4Shell Remediation Slow, Painful Slog (lien direct) | Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world. | ★★★ | ||
|
2022-11-30 11:07:46 | Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives (lien direct) | A China-linked cyberespionage group tracked as UNC4191 has been observed using self-replicating malware on USB drives to infect targets, and the technique could allow them to steal data from air-gapped systems, Google-owned Mandiant reports. | Malware | ★★★ | |
|
2022-11-29 13:32:35 | Ransomware Gang Takes Credit for Maple Leaf Foods Hack (lien direct) | The Black Basta ransomware group has taken credit for the recently disclosed attack on Canadian meat giant Maple Leaf Foods. The cybercriminals have made public several screenshots of technical documents, financial information and other corporate files to demonstrate that they gained access to Maple Leaf Foods systems. | Ransomware Hack | ★★★ | |
|
2022-11-29 12:02:35 | Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability (lien direct) | Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products. | Vulnerability | ★★★ | |
|
2022-11-28 17:45:52 | Virginia County Confirms Personal Information Stolen in Ransomware Attack (lien direct) | Southampton County in Virginia last week started informing individuals that their personal information might have been compromised in a ransomware attack. The incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the data that was stored on it. | Ransomware Threat | ★★★ | |
|
2022-11-28 17:02:26 | Project Zero Flags \'Patch Gap\' Problems on Android (lien direct) | Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices. | ★★ | ||
|
2022-11-28 15:54:53 | Irish Regulator Fines Meta 265 Million Euros Over Data Breach (lien direct) | Ireland's data regulator on Monday slapped Facebook owner Meta with a 265-million-euro ($275-million) fine after details of more than half a billion users were leaked on a hacking website. | Data Breach | ★★★★ | |
|
2022-11-28 15:10:07 | Hack-for-Hire Group Targets Android Users With Malicious VPN Apps (lien direct) | A hack-for-hire group known as Bahamut has been targeting Android users with trojanized versions of legitimate VPN applications, ESET reports. | Bahamut Bahamut | ★★ | |
|
2022-11-28 12:48:49 | Twitter Data Breach Bigger Than Initially Reported (lien direct) | A massive Twitter data breach disclosed a few months ago appears to be bigger than initially reported. | Data Breach | ★★★ | |
|
2022-11-22 11:49:59 | Cisco Secure Email Gateway Filters Bypassed Due to Malware Scanner Issue (lien direct) | An anonymous researcher has disclosed several methods that can be used to bypass some of the filters in Cisco's Secure Email Gateway appliance and deliver malware using specially crafted emails. | Malware | ★★★★ | |
|
2022-11-21 18:02:59 | California County Says Personal Information Compromised in Data Breach (lien direct) | The County of Tehama, California, has started informing employees, recipients of services, and affiliates that their personal information might have been compromised in a data breach. | Data Breach | ||
|
2022-11-18 12:31:59 | Microsoft Warns of Cybercrime Group Delivering Royal Ransomware, Other Malware (lien direct) | A threat actor tracked as DEV-0569 and known for the distribution of various malicious payloads was recently observed updating its delivery methods, Microsoft warns. | Malware Threat | ||
|
2022-11-18 12:06:24 | Omron PLC Vulnerability Exploited by Sophisticated ICS Malware (lien direct) | A critical vulnerability has not received the attention it deserves | Malware Vulnerability | ||
|
2022-11-18 10:29:12 | Hive Ransomware Gang Hits 1,300 Businesses, Makes $100 Million (lien direct) | The Hive ransomware gang has victimized more than 1,300 businesses, receiving over $100 million in ransom payments over the past year and a half, US government agencies say. | Ransomware | ||
|
2022-11-17 12:21:56 | Hundreds Infected With \'Wasp\' Stealer in Ongoing Supply Chain Attack (lien direct) | Security researchers are raising alarm on an ongoing supply chain attack that uses malicious Python packages to distribute an information stealer. | |||
|
2022-11-17 09:39:05 | Magento Vulnerability Increasingly Exploited to Hack Online Stores (lien direct) | E-commerce malware and vulnerability detection firm Sansec warns of a surge in cyberattacks targeting CVE-2022-24086, a critical mail template vulnerability affecting Adobe Commerce and Magento stores. | Malware Hack Vulnerability | ||
|
2022-11-16 16:54:50 | Cyber Resilience: The New Strategy to Cope With Increased Threats (lien direct) | As part of last month's Cybersecurity Awareness Month, I was traveling around the globe to provide organizations actionable tips on how to strengthen their cybersecurity posture and allow for accelerated recovery from cyberattacks. Through my conversations with hundreds of analysts, system integrators, and secur | |||
|
2022-11-16 14:00:31 | Over 12,000 Cyber Incidents at DoD Since 2015, But Incident Management Still Lacking (lien direct) | The US Government Accountability Office (GAO) this week has published a report detailing issues identified in the Department of Defense's (DoD) cyber incident management processes. | |||
|
2022-11-16 11:57:42 | Google Ready to Roll Out Android Privacy Sandbox in Beta (lien direct) | Google this week announced plans to roll out Android Privacy Sandbox in beta starting early next year, delivering a more private advertising experience to mobile users. | |||
|
2022-11-16 10:54:15 | Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers (lien direct) | A team of researchers from the University of Michigan, University of Pennsylvania and NASA have identified a potentially serious vulnerability in networking technology used in spacecraft, aircraft, and industrial control systems. | Hack Vulnerability |
To see everything:
Our RSS (filtrered)
