Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-12-03 11:00:05 |
Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain (lien direct) |
Targets include EU directorates, companies making vaccine shipping containers, a website development firm linked to vaccine supply chains. |
|
|
|
|
2020-12-03 11:00:04 |
8% of all Google Play apps vulnerable to old security bug (lien direct) |
Devs have not updated a crucial library inside their apps, leaving users exposed to dangerous attacks. Some of the vulnerable apps include Microsoft's Edge browser, Grindr, OKCupid, and Cisco Teams. |
|
|
|
|
2020-12-03 11:00:03 |
New TrickBot version can tamper with UEFI/BIOS firmware (lien direct) |
New TrickBot feature scares security researchers. |
|
|
|
|
2020-12-03 11:00:00 |
This phishing group is targeting COVID-19 vaccine supply chains (lien direct) |
Clues indicate state-sponsored hackers may be to blame. |
|
|
|
|
2020-12-03 10:49:47 |
Compounder Finance DeFi project allegedly pulls the rug from under investors, $11 million stolen (lien direct) |
One investor is offering a $100,000 bounty leading to the unmasking of the thief, or thieves, involved. |
Guideline
|
|
|
|
2020-12-02 14:00:02 |
Open source software security vulnerabilities exist for over four years before detection (lien direct) |
GitHub research suggests there is a need to reduce the time between bug detection and fixes. |
|
|
|
|
2020-12-02 11:52:18 |
Absa bank embroiled in data leak, rogue employee accused of theft (lien direct) |
Personal information belonging to banking customers was compromised. |
|
|
|
|
2020-12-02 09:30:05 |
Ivanti announces double acquisition of MobileIron, Pulse Secure in zero-trust security push (lien direct) |
Ivanti says the deals strengthen the company in the mobile zero-trust security space. |
|
|
|
|
2020-12-01 19:00:00 |
Malicious npm packages caught installing remote access trojans (lien direct) |
JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware. |
|
|
|
|
2020-12-01 17:55:51 |
FBI warns of email forwarding rules being abused in recent hacks (lien direct) |
FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators." |
|
|
|
|
2020-12-01 15:53:43 |
Microsoft removes 18 malicious Edge extensions for injecting ads into web pages (lien direct) |
Some extensions mimicked official apps while others copied popular Chrome extensions. |
|
|
|
|
2020-12-01 09:54:40 |
\'Hacker_R_US\' gets eight years in prison for bomb threats and DDoS extortion (lien direct) |
'Hacker_R_US' was one of the two members of the Apophis Squad hacker group. |
|
|
|
|
2020-12-01 09:00:03 |
2020\'s worst cryptocurrency breaches, thefts, and exit scams (lien direct) |
Cryptocurrency exchanges have felt the impact of everything from vulnerability exploit to social engineering scams over this year. |
Vulnerability
|
|
|
|
2020-12-01 06:00:03 |
The biggest hacks, data breaches of 2020 (lien direct) |
A pandemic is no reason for hackers to hold off cyberattacks against everything from government bodies to healthcare providers. |
|
|
|
|
2020-12-01 02:34:00 |
Microsoft links Vietnamese state hackers to crypto-mining malware campaign (lien direct) |
Vietnamese state hackers imitate Chinese groups and start making money on the side while spying for their government. |
Malware
|
|
|
|
2020-11-30 21:20:13 |
Docker malware is now common, so devs need to take Docker security seriously (lien direct) |
Three years after the first malware attacks targeting Docker, developers are still misconfiguring and exposing their Docker servers online. |
Malware
|
|
|
|
2020-11-30 13:36:00 |
Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up (lien direct) |
If Cloudflare, AWS, or GoDaddy go down, around 40% of the Alexa Top 100,000 websites will also go down with DNS resolution problems. |
|
|
|
|
2020-11-30 10:00:03 |
This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins (lien direct) |
The research highlights the potential dangers of new 'biohacking' techniques. |
|
|
|
|
2020-11-27 14:09:25 |
A hacker is selling access to the email accounts of hundreds of C-level executives (lien direct) |
Access is sold for $100 to $1500 per account, depending on the company size and exec role. |
|
|
|
|
2020-11-27 10:07:06 |
Networking equipment vendor Belden discloses data breach (lien direct) |
Belden says hackers accessed a limited number of company's file servers. |
Data Breach
|
|
|
|
2020-11-26 21:22:59 |
Personal data of 16 million Brazilian COVID-19 patients exposed online (lien direct) |
Among those affected by the leak are Brazil President Jair Bolsonaro, seven ministers, and 17 provincial governors. |
|
|
|
|
2020-11-26 09:31:21 |
Sophos notifies customers of data exposure after database misconfiguration (lien direct) |
Exclusive: Company says that only a small subset of customers were impacted. |
|
|
|
|
2020-11-25 23:34:00 |
Xbox bug could have allowed hackers to link gamer tags with players\' emails (lien direct) |
The bug could have been exploited by playing around in a browser's developer console and editing a cookie field. |
|
|
|
|
2020-11-25 20:46:28 |
Security researcher accidentally discovers Windows 7 and Windows Server 2008 zero-day (lien direct) |
The vulnerability was discovered while the security researcher was working on a Windows security tool. |
Vulnerability
|
|
|
|
2020-11-25 17:08:25 |
Three members of TMT cybercrime group arrested in Nigeria (lien direct) |
The TMT group has infected more than 50,000 organizations around the world with malware. |
|
|
|
|
2020-11-25 10:55:21 |
YouTube suspends OANN for allegedly peddling fake COVID-19 cures (lien direct) |
If the outlet wants to monetize videos in the future, it must reapply to YouTube's member program. |
|
|
|
|
2020-11-25 10:07:21 |
Home Depot agrees to $17.5 million settlement over 2014 data breach (lien direct) |
The US retailer's point-of-sale systems were infected with malware. |
Data Breach
|
|
|
|
2020-11-24 20:44:00 |
2FA bypass discovered in web hosting software cPanel (lien direct) |
More than 70 million sites are managed via cPanel software, according to the company. |
|
|
|
|
2020-11-24 15:00:04 |
Stantinko\'s Linux malware now poses as an Apache web server (lien direct) |
Eight-year-old Stantinko botnet updates its Linux malware. |
Malware
|
|
|
|
2020-11-24 13:18:14 |
Spotify launches \'rolling reset\' on customer accounts, passwords linked to data leak (lien direct) |
A third-party server containing Spotify credentials was uncovered by researchers. |
|
|
|
|
2020-11-24 12:22:43 |
Baidu\'s Android apps caught collecting sensitive user details (lien direct) |
Data collection issue identified in Baidu Maps and Baidu Search Box apps, both removed from the Play Store in October 2020. |
|
|
|
|
2020-11-24 11:00:00 |
New WAPDropper malware abuses Android devices for WAP fraud (lien direct) |
New WAPDropper malware signs up Android users to premium services provided by telecoms in Thailand and Malaysia. |
Malware
|
|
|
|
2020-11-24 10:29:05 |
SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire (lien direct) |
The agency claims that business deals were made up to lure investors into funding the startup. |
|
|
|
|
2020-11-24 10:27:00 |
Hacker leaks the user data of event management app Peatix (lien direct) |
More than 4.2 million user accounts have been made available for download online earlier this month. |
|
|
|
|
2020-11-23 17:37:13 |
Tesla Model X hacked and stolen in minutes using new key fob hack (lien direct) |
Tesla is rolling out over-the-air software updates this week to prevent the attack from hijacking owner key fobs. |
Hack
|
|
|
|
2020-11-23 15:10:12 |
Malware creates scam online stores on top of hacked WordPress sites (lien direct) |
The malware gang also poisoned the victims' XML sitemaps with thousands of scammy entries, lowering the sites' SERP ranking. |
Malware
|
|
|
|
2020-11-23 13:35:05 |
GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave (lien direct) |
The domain registrar has confirmed that employees became embroiled in wider attacks. |
|
|
|
|
2020-11-23 12:28:00 |
TikTok patches reflected XSS bug, one-click account takeover exploit (lien direct) |
The vulnerabilities impacted the video platform's website. |
|
|
|
|
2020-11-21 20:25:18 |
(Déjà vu) Manchester United football club discloses security breach (lien direct) |
Football club said it's not "currently aware of any breach of personal data associated with our fans or customers." |
|
|
|
|
2020-11-21 08:00:03 |
Botnets have been silently mass-scanning the internet for unsecured ENV files (lien direct) |
Threat actors are looking for API tokens, passwords, and database logins usually stored in ENV files. |
Threat
|
|
|
|
2020-11-20 17:55:35 |
Drupal sites vulnerable to double-extension attacks (lien direct) |
The 90s called. They want their vulnerability back. |
Vulnerability
|
|
|
|
2020-11-20 14:19:03 |
Two Romanians arrested for running three malware services (lien direct) |
The two ran two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan. |
Malware
|
|
|
|
2020-11-20 05:45:03 |
The malware that usually installs ransomware and you need to remove right away (lien direct) |
If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems. |
Ransomware
Malware
|
|
|
|
2020-11-19 19:55:00 |
Facebook Messenger bug could have allowed hackers to spy on users (lien direct) |
The now-patched Messenger bug could have allowed callers to connect audio calls without the callee's knowledge or approval. |
|
|
|
|
2020-11-19 15:59:00 |
LidarPhone attack converts smart vacuums into microphones (lien direct) |
LidarPhone attack works by converting a smart vacuum's LiDAR navigational component into a laser microphone. |
|
|
|
|
2020-11-19 09:27:48 |
New Grelos skimmer variant reveals overlap in Magecart group activities, malware infrastructure (lien direct) |
The discovery of a new skimmer variant reveals the difficulties associated with tracking separate Magecart campaigns. |
Malware
|
|
|
|
2020-11-19 09:00:03 |
Fearing drama, Mozilla opens public consultation before worldwide Firefox DoH rollout (lien direct) |
Mozilla wants to enable DNS-over-HTTPS (DoH) in Firefox for all users worldwide, but wants to hear from ISPs, governments, and companies beforehand. |
|
|
|
|
2020-11-18 19:08:52 |
Starting next year, Chrome extensions will show what data they collect from users (lien direct) |
Google will add a "Privacy practices" section on each Chrome extension's Web Store page listing what data they collect from users and what the developer plans to do with it. |
|
|
|
|
2020-11-18 17:00:04 |
Cisco Webex bugs allow attackers to join meetings as ghost users (lien direct) |
Attackers can join Webex meetings as ghost users, and even remain inside rooms after getting kicked. |
|
|
|
|
2020-11-18 16:17:33 |
Liquid crypto-exchange says hacker accessed internal network, stole user data (lien direct) |
Liquid admins said the intrusion was detected before any funds were stolen. |
|
|
|