What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-20 05:28:09 | Google integrates Indian government\'s cloud services into Android (lien direct) | Collab obviously goes deep – accessing DigiLocker requires use of national identity service Google has integrated the Indian government's cloud storage service into Android – a feat that weaves the national ID system and government documents deeply into the search giant's OS.… | ★★ | ||
|
2022-12-15 06:30:14 | Soyuz leak puts a stop to planned ISS spacewalk and work on Nauka module (lien direct) | Королёв, we have a problem … We don't mean to alarm you, but a Russian Soyuz vehicle docked at the International Space Station (ISS) is leaking a "significant" amount of something, resulting in the cancellation of a spacewalk.… | ★ | ||
|
2022-12-15 02:35:09 | Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs (lien direct) | If you get email from 'Samantha Wolf', congrats: you're important enough to make a decent target An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure and medical researchers – according to email security vendor Proofpoint.… | Medical | APT 35 | ★ |
|
2022-12-14 06:57:13 | Citrix patches critical ADC flaw the NSA says is already under attack from China (lien direct) | Yet more pain for the software formerly known as NetScaler The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller (ADC) and Gateway products that the vendor patched today.… | APT 5 | ★★★ | |
|
2022-12-13 23:30:11 | LockBit threatens to leak confidential info stolen from California\'s beancounters (lien direct) | Databases, details of 'sexual proceedings in court' and more apparently pilfered from finance IT LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion.… | ★★ | ||
|
2022-12-13 22:46:56 | Uber staff info leaks after IT supply chain attack (lien direct) | Records swiped from pwned supplier Teqtivity, dumped online Uber, which has suffered a few data thefts in its time, is this week dealing with the fallout from more information being stolen, this time through one of its technology suppliers.… | Uber Uber | ★★ | |
|
2022-12-13 08:32:10 | Researchers smell a cryptomining Chaos RAT targeting Linux systems (lien direct) | Smells like Russian miscreants A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems.… | Malware | ★★★ | |
|
2022-12-12 07:30:13 | IT security teams, business execs still not on same page (lien direct) | Also: Guri the air-gap guru strikes again, while pro-Ukraine hackers set up a proxy network in Russia In brief Let's start with the good news: according to a survey of security and business leaders, executives have become far more aware of the importance of cyber security in the past two years, better aligning security teams and leadership. … | Guideline | ★★ | |
|
2022-12-11 23:06:05 | Japan, Australia, to bolster cyber-defenses, maybe offensive capacity too (lien direct) | FTX Japan payment promise evaporates; VR/AR to boom across APAC; Google wins privacy case Asia In Brief Australia's home affairs and cybersecurity minister Clare O'Neill has given the nation a goal of becoming the world's most cyber secure nation by 2030.… | ★★ | ||
|
2022-12-09 22:00:08 | Legit Android apps poisoned by sticky \'Zombinder\' malware (lien direct) | Sure, go ahead and load APKs instead of using an app store. You won't enjoy the results Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect.… | Malware | ★★★ | |
|
2022-12-08 21:35:09 | REvil-hit Medibank to pull plug on IT, shore up defenses (lien direct) | If safety regulations are written in blood, what are security policies written in? Sweat and cursing? Australian health insurance company Medibank will take all of its IT systems offline and close its branches over the weekend as part of its ongoing efforts to improve security and recover from a massive data security breach in October.… | ★★★ | ||
|
2022-12-07 12:47:17 | Victims of IT scandal in UK postal service will get fresh compensation (lien direct) | Move follows award swallowed up by legal fees The British government has announced a fresh scheme to compensate victims of the Post Office Horizon IT scandal, which saw sub-postmasters wrongfully prosecuted for theft, false accounting and fraud because of errors in a Fujitsu-built finance system.… | ★★★ | ||
|
2022-12-07 07:25:11 | Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank (lien direct) | Where's the Night's Watch when you need them? Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations – including the country's second-largest bank.… | ★★★ | ||
|
2022-12-07 04:29:09 | Amnesty International Canada claims attack by China-backed forces (lien direct) | Threat actors allegedly looking for contacts and monitoring org's future plans The Canadian branch of Amnesty International was the target of an attack it has pinned on a Chinese state-sponsored actor.… | ★ | ||
|
2022-12-06 22:45:06 | Rackspace confirms ransomware attack behind days-long email outage (lien direct) | Hope the name Hackspace doesn't stick Updated Rackspace has admitted a ransomware infection was to blame for the days-long email outage that disrupted services for customers. … | Ransomware | ★★★ | |
|
2022-12-06 15:30:10 | Want to detect Cobalt Strike on the network? Look to process memory (lien direct) | Security analysts have tools to spot hard-to-find threat, Unit 42 says Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit.… | Malware Threat | ★★★ | |
|
2022-12-05 22:30:13 | Google warns stolen Android keys used to sign info-stealing malware (lien direct) | OEMs including Samsung, LG and Mediatek named and shamed Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties.… | Malware | ★★★ | |
|
2022-12-02 23:10:59 | Medibank prognosis gets worse after more stolen data leaked (lien direct) | Plus Australia launches an investigation into insurer's data privacy practices Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web. … | Data Breach | ★★ | |
|
2022-12-02 21:30:07 | Google says Android runs better when covered in Rust (lien direct) | Banishing memory safety bugs cuts critical vulnerabilities Google has been integrating code written in the Rust programming language into its Android operating system since 2019 and its efforts have paid off in the form of fewer vulnerabilities.… | ★★★ | ||
|
2022-12-02 09:30:51 | Mozilla, Microsoft drop TrustCor as root certificate authority (lien direct) | 'There is no evidence to suggest that TrustCor violated conduct, policy, or procedure' says biz Mozilla and Microsoft have taken action against a certificate authority accused of having close ties to a US military contractor that allegedly paid software developers to embed data-harvesting malware in mobile apps.… | Malware | ★★★★★ | |
|
2022-12-01 20:30:10 | Google warns about commercial Heliconia spyware hitting Chrome, Firefox and and Microsoft Defender (lien direct) | Meanwhile NSO faces new lawsuit over Pegasus flying onto journalists' phones Google's Threat Analysis Group (TAG) said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software.… | Threat | ★★★ | |
|
2022-11-29 20:00:12 | Criminals use trending TikTok challenge to make data-stealing malware invisible (lien direct) | PSA: Don't download unknown apps even if they promise naked people Malware-slinging miscreants are taking advantage of a trending TikTok challenge - and viewers' dirty minds - to spread data-stealing malware via a phony app that's had more than one million views so far.… | Malware | ★★ | |
|
2022-11-29 19:15:14 | Android users in 12 US states cleared to sue Google Play (lien direct) | Millions of people who bought apps since 2016 eligible for payout A California judge has cleared the way for a potentially massive class-action lawsuit against Google, which stands accused - again - of anticompetitive practices surrounding its Play store.… | ★★★ | ||
|
2022-11-29 17:45:15 | Lockheed Martin\'s Army cyber training platform goes civilian (lien direct) | Army civilian employees, that is, but aerospace biz says it could be used in the private sector, too Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities.… | ★★★★ | ||
|
2022-11-29 08:30:15 | Sandworm gang launches Monster ransomware attacks on Ukraine (lien direct) | The RansomBoggs campaign is the Russia-linked group's latest assault on the smaller country The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.… | Ransomware | ★★ | |
|
2022-11-22 23:30:09 | DraftKings gamblers lose $300,000 to credential stuffing attack (lien direct) | Users of the sports betting site rolled the dice on reusing passwords and lost A credential stuffing attack over the weekend that affected sports betting biz DraftKings resulted in as much as $300,000 being stolen from customer accounts.… | ★★★ | ||
|
2022-11-22 15:16:09 | Software company wins $154k for US Navy\'s licensing breach (lien direct) | Court lands on less than the millions asked for after sailors made copies of 3D modeling suite 'hundreds of thousands' of times In 2016, The Register highlighted the irony of the US Navy being accused of being pirates after it was sued for making "hundreds of thousands" of copies of 3D modeling software without purchasing licenses.… | ★★★ | ||
|
2022-11-22 11:32:13 | Watchdog warns UK health data platform could damage patients\' trust (lien direct) | 'This store of confidential data is a national treasure that must never be compromised or treated carelessly' As the UK government plans to launch the procurement for a national patient data store, the legal guardian of NHS data has issued a coded warning concerning trust and transparency in health data usage.… | ★★ | ||
|
2022-11-22 01:45:08 | Azure extends DDoS attack protection down to small business users, for a fee (lien direct) | Microsoft moves IP Protection into public preview An new Azure service aimed at protecting smaller businesses from the growing threat of distributed denial-of-service (DDoS) attacks is now in public preview, according to Microsoft.… | Threat | ★★ | |
|
2022-11-20 09:01:27 | Google looking outside the usual channels to fix security skills gap (lien direct) | 'If your input continues to be monoculture, you can expect the same outcomes' Cybersecurity moves fast. New and bigger threats emerge all the time across an ever-expanding attack surface and there's not enough people to fill vacant jobs.… | |||
|
2022-11-20 09:00:12 | Serendipitous discovery nets security researcher $70k bounty (lien direct) | Also, a phishing gang goes Royal, while another employee at Snowden's old haunt gets caught nabbing data In brief A security researcher whose Google Pixel battery died while sending a text is probably thankful for the interruption - powering it back up led to a discovery that netted him a $70,000 bounty from Google for a lock screen bypass bug.… | |||
|
2022-11-17 20:13:34 | Koch-funded group sues US state agency for installing \'spyware\' on 1m Android devices (lien direct) | Class-action lawsuit seeks $1 in nominal damages The Massachusetts Department of Public Health conspired with Google to secretly install a COVID-19 tracing app onto more than 1 million Android users' devices without their knowledge and without obtaining warrants, according to a class-action lawsuit filed this week by the New Civil Liberties Alliance.… | |||
|
2022-11-17 08:30:10 | Notorious Emotet botnet returns after a few months off (lien direct) | And it's been sending out hundreds of thousands of malicious emails a day The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper.… | Malware | ||
|
2022-11-16 23:30:13 | Iranian cyberspies exploited Log4j to break into a US govt network (lien direct) | It's the gift to cybercriminals that keeps on giving Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA.… | |||
|
2022-11-16 19:30:07 | WASP malware puts a sting in Python developers (lien direct) | Info-stealing trojan is hidden in malicious PyPI packages on GitHub WASP malware is using steganography and polymorphism to evade detection with malicious Python packages designed to steal credentials, personal information, and cryptocurrency.… | Malware | ||
|
2022-11-14 01:15:18 | Australia to \'stand up and punch back\' against cyber crims (lien direct) | Creates 100-strong squad comprising cops and spooks with remit to disrupt ransomware ops Australia's government has declared the nation is planning to go on the offensive against international cyber crooks following recent high-profile attacks on local health insurer Medibank and telco Optus.… | Ransomware | ||
|
2022-11-11 20:06:11 | World Cup apps pose a data security and privacy nightmare (lien direct) | Unless you're fine with Qatar snoops remotely accessing your phone With mandated spyware downloads to tens of thousands of surveillance cameras equipped with facial-recognition technology, the World Cup in Qatar next month is looking more like a data security and privacy nightmare than a celebration of the beautiful game.… | |||
|
2022-11-11 07:34:10 | Europe calls for joint cyber defense to ward off Russia (lien direct) | EC veep: 'Cyber is the new domain in warfare' The European Commission on Thursday proposed a cyber defense policy in response to Europe's "deteriorating security environment" since Russia illegally invaded Ukraine earlier this year.… | |||
|
2022-11-10 04:46:41 | Windows breaks under upgraded IceXLoader malware (lien direct) | We're the malware of Nim! A malware loader deemed in June to be a "work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs.… | Malware | ||
|
2022-11-08 20:30:09 | Swiss Re wants government bail out as cybercrime insurance costs spike (lien direct) | Giant forecasts premiums rising to $23b by 2025 As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap.… | |||
|
2022-11-07 15:30:08 | Oh, look: More malware in the Google Play store (lien direct) | Also, US media hit with JavaScript supply chain attack, while half of govt employees use out-of-date mobile OSes in brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times. … | Malware | ★★★★★ | |
|
2022-11-07 11:32:10 | Japan officially joins NATO\'s cyber defense center (lien direct) | Reports also say it's joined forces with US to make chips, to the tune of $2.4 billion Japan's Ministry of Defence (JMOD) announced on Friday that it has formally joined NATO's Cooperative Cyber Defense Centre of Excellence (CCDCOE).… | |||
|
2022-11-07 07:56:05 | China is likely stockpiling and deploying vulnerabilities, says Microsoft (lien direct) | Increase in espionage and cyberattacks since law requiring vulnerabilities first be reported to Beijing Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities.… | |||
|
2022-11-07 01:45:10 | Breached health insurer won\'t pay ransom to protect customers, warns of more attacks (lien direct) | Australia's Medibank uses a government-approved Band-Aid to cover a gaping 10-milion-record wound Australian health insurer Medibank – which spent October discovering a security incident was worse than it first thought – has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers.… | |||
|
2022-11-03 18:00:08 | Kyndryl loses $281m in the quarter as modernization agenda continues (lien direct) | How to turn a classic infrastructure biz into something fit for the cloud era Shapeshifting infrastructure services biz Kyndryl can't plug its revenue leak but cutting costs did cut losses in half.… | |||
|
2022-11-03 08:29:13 | Royal Mail customer data leak shutters online Click and Drop (lien direct) | Customers complain of exposed order info, multiple charges - but still no postage A technical SNAFU shut down the UK's Royal Mail Click and Drop website on Tuesday after a security "issue" allowed some customers to see others' order information. … | |||
|
2022-11-02 20:45:13 | US Treasury thwarts DDoS attack from Russian Killnet group (lien direct) | Yet another pathetic 'stunt' from pro-Kremlin criminals The US Treasury Department has thwarted a distributed denial of service (DDoS) attack that officials attributed to Russian hacktivist group Killnet.… | |||
|
2022-11-02 07:29:05 | Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup (lien direct) | Deal could 'upend the entire cyber-insurance ecosystem and make it almost impossible to get meaningful cyber coverage' Mondelez International has settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover the snack giant's $100-million-plus cleanup bill following the 2017 NotPetya outbreak.… | NotPetya NotPetya | ||
|
2022-11-01 23:52:06 | Dropbox admits 130 of its private GitHub repos were copied after phishing attack (lien direct) | Personal info and data safe, stolen code not critical, apparently Dropbox has said it was successfully phished, resulting in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials.… | |||
|
2022-11-01 21:39:28 | OpenSSL downgrades horror bug after week of panic, hype (lien direct) | Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited OpenSSL today issued a fix for a critical-turned-high-severity vulnerability that project maintainers warned about last week. … | Hack Vulnerability |
To see everything:
