What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-15 15:07:54 | Zendesk Vulnerability Could Have Given Hackers Access to Customer Data (lien direct) | An SQL injection vulnerability in Zendesk Explore could have allowed a threat actor to leak Zendesk customer account information, data security firm Varonis reports. Zendesk Explore is the analytics and reporting service of Zendesk, a popular customer support software-as-a-service solution. | Vulnerability Threat | ||
|
2022-11-15 14:28:22 | Bishop Fox Adds $46 Million to Series B Funding Round (lien direct) | Continuous attack surface management pioneer Bishop Fox continues to attract the attention of investors with the banking of another $46 million in growth funding led by WestCap. | |||
|
2022-11-14 13:52:06 | Aiphone Intercom System Vulnerability Allows Hackers to Open Doors (lien direct) | A vulnerability in Aiphone intercom products allows attackers to breach the entry system and gain access to the building that uses it. Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. | Vulnerability | ||
|
2022-11-14 11:59:07 | War \'Wake-up Call\' Spurs EU to Boost Cyber, Army Mobility (lien direct) | The European Union on Thursday unveiled new proposals to help its armies move faster in times of conflict and to boost cyber security, saying that Russia's war on Ukraine is a wake-up call to bolster Europe's defenses. | |||
|
2022-11-11 14:29:31 | Chinese Spyware Targets Uyghurs Through Apps: Report (lien direct) | Cybersecurity researchers said they have found evidence of Chinese spyware in Uyghur-language apps that can track the location and harvest the data of Uyghurs living in China and abroad. | |||
|
2022-11-11 12:18:29 | Google Pays $70k for Android Lock Screen Bypass (lien direct) | Google recently handed out a $70,000 bug bounty reward for an Android vulnerability leading to lock screen bypass, security researcher David Schutz says. | Vulnerability Guideline | ||
|
2022-11-10 11:30:18 | ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers (lien direct) | Oil and gas flow computers and remote controllers made by Swiss industrial technology firm ABB are affected by a serious vulnerability that could allow hackers to cause disruptions and prevent utilities from billing their customers, according to industrial cybersecurity firm Claroty. | Hack Vulnerability | ||
|
2022-11-09 19:18:30 | Microsoft Patches MotW Zero-Day Exploited for Malware Delivery (lien direct) | Microsoft's latest Patch Tuesday updates address six zero-day vulnerabilities, including one related to the Mark-of-the-Web (MotW) security feature that has been exploited by cybercriminals to deliver malware. | Malware | ||
|
2022-11-09 14:01:34 | Attackers Using IPFS for Distributed, Bulletproof Malware Hosting (lien direct) | The InterPlanetary File System (IPFS), considered one of the building blocks of web3, is increasingly being used to provide hidden bulletproof hosting for malware. “Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks,” say researchers at Cisco Talos. | Malware | ||
|
2022-11-09 11:20:55 | Google Reveals Spyware Vendor\'s Use of Samsung Phone Zero-Day Exploits (lien direct) | Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still had a zero-day status. | |||
|
2022-11-09 01:29:57 | Hackers Leak Australian Health Records on Dark Web (lien direct) | Hackers on Wednesday began leaking sensitive medical records stolen from an Australian health insurer with nearly 10 million customers, including the prime minister, after the firm refused to pay a ransom. | ★★ | ||
|
2022-11-08 12:28:40 | Google Patches High-Severity Privilege Escalation Vulnerabilities in Android (lien direct) | Rolling out this week, Android's November 2022 security updates patch over 40 vulnerabilities, including multiple high-severity escalation of privilege bugs. | ★★ | ||
|
2022-11-08 11:13:43 | Ransomware Gang Threatens to Publish Medibank Customer Information (lien direct) | On Monday, shortly after Australian health insurer Medibank said it will not pay a ransom following a recent cyberattack, the BlogXX/REvil ransomware gang threatened to make stolen Medibank customer information public. | Ransomware | ||
|
2022-11-07 18:14:23 | Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge (lien direct) | The world's largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. | Malware Threat | ||
|
2022-11-07 14:10:41 | SolarWinds Agrees to Pay $26 Million to Settle Shareholder Lawsuit Over Data Breach (lien direct) | Texas-based IT management solutions provider SolarWinds has agreed to pay $26 million to settle a shareholder lawsuit over the data breach disclosed by the company in 2020. | Data Breach | ||
|
2022-11-07 13:38:48 | FBI Warns of Hacktivist DDoS Attacks, But Says Impact Limited (lien direct) | The Federal Bureau of Investigation (FBI) has issued an alert to encourage organizations to proactively implement distributed denial-of-service (DDoS) attack defenses in the wake of hacktivist assaults, but says incidents so far have had little impact. | |||
|
2022-11-07 11:27:43 | Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft (lien direct) | According to Microsoft's 2022 Digital Defense Report, nation-state hacker attacks on critical infrastructure have soared, largely due to Russian cyber operations targeting Ukraine and its allies. | |||
|
2022-11-07 11:10:57 | Medibank Confirms Data Breach Impacts 9.7 Million Customers (lien direct) | Australian health insurer Medibank today confirmed that the data of 9.7 million customers was compromised in a recent cyberattack. The incident was identified on October 12, before threat actors could deploy file-encrypting ransomware, but not before they stole data from the company's systems. | Data Breach Threat | ||
|
2022-11-04 12:58:37 | Ransomware Group Threatens to Leak Data Stolen From Car Parts Giant Continental (lien direct) | The notorious LockBit ransomware group is threatening to publish files allegedly stolen from German car parts giant Continental. On its Tor-based leak website, the group says all files - the exact quantity of data or its type is not being specified - will be published on November 4, three hours after the publication of this article. | Ransomware | ||
|
2022-11-03 19:14:10 | Offense Gets the Glory, but Defense Wins the Game (lien direct) | When it comes to cybercriminals, defense evasion remains the top tactic globally. In fact, it was the most employed tactic by malware developers in the past six months – and they're often using system binary proxy execution to do so. Hiding malicious intentions is one of the most important actions for adversaries. Therefore, they are attempting to evade defenses by masking malicious intention and attempting to hide commands using a legitimate certificate. | Malware | ||
|
2022-11-03 10:14:02 | Over 250 US News Websites Deliver Malware via Supply Chain Attack (lien direct) | Hundreds of regional and national news websites in the United States are delivering malware as a result of a supply chain attack involving one of their service providers. | Malware | ||
|
2022-11-02 14:03:34 | Religious Minority Persecuted in Iran Targeted With Sophisticated Android Spyware (lien direct) | Kaspersky is warning of a previously unknown espionage campaign targeting the Persian-speaking religious minority Bahaʼi with Android spyware. As part of the campaign, victims were lured to a VPN application claiming to provide access to Bahaʼi religious resources that are banned in Iran. | |||
|
2022-11-02 11:30:41 | Hackers Stole Source Code, Personal Data From Dropbox Following Phishing Attack (lien direct) | Dropbox revealed on November 1 that it recently suffered a data breach where malicious actors gained access to some source code and personal information belonging to employees and customers. | Data Breach | ||
|
2022-11-01 12:10:08 | Bed Bath & Beyond Investigating Data Breach After Employee Falls for Phishing Attack (lien direct) | Bed Bath & Beyond revealed last week in an SEC filing that it recently suffered a data breach after an employee fell victim to a phishing attack. | Data Breach | ||
|
2022-10-31 16:08:14 | Bearer, Notebook Labs, Protexxa Raise Millions in Seed Funding (lien direct) | Bearer, Notebook Labs, and Protexxa, three cybersecurity startups dealing with data security, web3 identity, and enterprise cyber hygiene, respectively, have announced raising a combined total of over $10 million in seed funding. | |||
|
2022-10-31 13:15:12 | Label Giant Multi-Color Corporation Discloses Data Breach (lien direct) | Label printing giant Multi-Color Corporation (MCC) has started informing employees that their personal information might have been compromised in a recent cyberattack. | Data Breach | ||
|
2022-10-28 14:53:56 | Indianapolis Low-Income Housing Agency Hit by Ransomware (lien direct) | The federal agency that provides low-income housing in Indianapolis is facing a ransomware attack that's delayed its ability to send out rent payments to landlords, a top agency official says. | Ransomware | ||
|
2022-10-28 13:12:07 | Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks (lien direct) | Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions. | Data Breach | ||
|
2022-10-28 10:37:29 | Apple Paid Out $20 Million via Bug Bounty Program (lien direct) | Apple has launched a new security research blog and website, which will also be the new home of the company's bug bounty program. | |||
|
2022-10-28 09:08:13 | Slovak, Polish Parliaments Hit by Cyberattacks (lien direct) | Cyberattacks hit the Slovak and Polish parliaments on Thursday, bringing down the voting system in Slovakia's legislature, parliamentary authorities said. "The attack was multi-directional, including from inside the Russian Federation," the Polish Senate said in a statement. | |||
|
2022-10-27 10:46:52 | Industrial Ransomware Attacks: New Groups Emerge, Manufacturing Pays Highest Ransom (lien direct) | Industrial organizations continue to be a top target for ransomware attacks, and reports published by cybersecurity companies this week reveal some recent trends. | Ransomware | ||
|
2022-10-26 14:33:08 | Drizly Agrees to Tighten Data Security After Alleged Breach (lien direct) | Alcohol delivery app Drizly has agreed to tighten its data security and limit data collection to resolve federal regulators' allegations that its security failures exposed the personal information of some 2.5 million customers. | |||
|
2022-10-26 11:51:05 | Data Breach Victims Sue Rhode Island Transit Agency, Insurer (lien direct) | Two people whose personal information was compromised in a data breach at Rhode Island's public bus service that affected about 22,000 people sued the agency and a health insurer on Tuesday seeking monetary damages and answers. | Data Breach | ||
|
2022-10-26 11:38:41 | Data Breach at Australian Health Insurer Impacts 4 Million Customers; Could Cost $35M (lien direct) | Australian health insurer Medibank on Wednesday confirmed that the personal and health information of all customers has been compromised in a recent data breach. | |||
|
2022-10-25 21:05:19 | US Charges Ukrainian \'Raccoon Infostealer\' With Cybercrimes (lien direct) | A Ukrainian man has been charged with computer fraud for allegedly infecting millions of computers with malware in a cybercrime operation known as "Raccoon Infostealer," the US Justice Department said Tuesday. | Malware | ||
|
2022-10-25 16:36:44 | FTC Targets Drizly and Its CEO Over Cybersecurity Failures That Led to Data Breach (lien direct) | The Federal Trade Commission (FTC) this week announced an administrative complaint against online alcohol marketplace Drizly and its CEO, James Cory Rellas, over the company's poor data security practices. | Data Breach | ||
|
2022-10-24 12:24:52 | In Israel, Albanian PM to Meet Cyber Chief After Iran Hack (lien direct) | Albanian Prime Minister Edi Rama arrived in Israel on Sunday for an official visit that will include a meeting with Israeli cyber defense officials, the Israeli Foreign Ministry said. | Hack | ||
|
2022-10-23 13:47:46 | Iran\'s Nuclear Agency Says Email Server Hacked (lien direct) | Iran's Atomic Energy Organisation said Sunday an email server of its subsidiary was hacked in a "foreign" attack aimed at drawing "attention" amid protests over the death of Mahsa Amini. | |||
|
2022-10-21 13:32:50 | FBI Warns of Iranian Cyber Firm\'s Hack-and-Leak Operations (lien direct) | The Federal Bureau of Investigation on Thursday issued an alert to warn that Iranian cyber group Emennet Pasargad is targeting organizations to steal their data and leak it online. | |||
|
2022-10-21 10:28:32 | CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a Linux kernel flaw to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address it within three weeks. | Malware Vulnerability | ||
|
2022-10-20 15:00:11 | Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH (lien direct) | An analysis of data collected by Rapid7's RDP and SSH honeypots between September 10, 2021, and September 9, 2022, found tens of millions of connection attempts. The honeypots captured 215,894 unique IP source addresses and 512,002 unique passwords across RDP and SSH honeypots. Almost all the passwords (99.997%) can be found in rockyou2021.txt. | |||
|
2022-10-20 10:29:04 | Australian Health Insurer Medibank Admits Customer Data Stolen in Ransomware Attack (lien direct) | Australian health insurer Medibank has started informing customers that their personal information was potentially compromised during a recent cyberattack. | Ransomware | ||
|
2022-10-18 12:53:05 | Keystone Health Data Breach Impacts 235,000 Patients (lien direct) | Pennsylvania healthcare provider Keystone Health has started informing patients of a data breach potentially impacting their personal information. | Data Breach | ||
|
2022-10-17 15:55:24 | Zimbra Patches Under-Attack Code Execution Bug (lien direct) | Messaging and collaboration software maker Zimbra has rushed out patches to provide cover for a code execution flaw that has already been exploited to plant malware on target machines. | Malware | ||
|
2022-10-17 13:48:44 | Retail Giant Woolworths Discloses Data Breach Impacting 2.2 Million MyDeal Customers (lien direct) | Australian retail giant Woolworths revealed on Friday that a recent data breach has impacted the information of 2.2 million MyDeal customers. Woolworths acquired 80% of the MyDeal online marketplace in September, but says MyDeal systems are completely separate from its own systems, which have not been impacted by the incident. | Data Breach | ||
|
2022-10-14 12:57:47 | New \'Alchimist\' Attack Framework Targets Windows, Linux, macOS (lien direct) | Cisco's Talos security researchers warn of a newly identified attack framework and its associated remote access trojan (RAT) targeting Windows, Linux, and macOS systems. | |||
|
2022-10-13 17:39:38 | Austria\'s Kurz Sets up Cyber Firm With Ex-NSO Chief (lien direct) | Former Austrian chancellor Sebastian Kurz said Thursday he is launching a cybersecurity company with the ex-head of Israel's NSO Group, which makes controversial Pegasus spyware. | |||
|
2022-10-13 14:51:44 | Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Server (lien direct) | A Mirai botnet variant has launched a distributed denial-of-service (DDoS) attack that peaked at 2.5 terabytes per second (Tbps), according to Cloudflare, which described it as the largest attack it has seen in terms of bitrate. | |||
|
2022-10-13 10:39:25 | Google Brings Passkey Support to Android and Chrome (lien direct) | Google on Wednesday announced the introduction of passkey support in Android and Chrome, to protect users from credential leaks and phishing attacks. Meant to replace passwords, passkeys rely on biometric verification for authentication. They can be synced on multiple devices, cannot be reused and, unlike passwords, cannot be leaked. | |||
|
2022-10-12 14:40:56 | Immersive Labs Raises $66 Million for Cyber Workforce Resilience Platform (lien direct) | UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital. |
To see everything:
Our RSS (filtrered)
