Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-07-28 11:03:21 |
Google: Android apps must provide privacy information by April 2022 (lien direct) |
Google has announced today more details regarding their upcoming Google Play 'Safety section' feature that provides users information about the data collected and used by an Android app. [...] |
|
|
|
|
2021-07-28 09:30:06 |
Critical Microsoft Hyper-V bug could haunt orgs for a long time (lien direct) |
Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment. [...] |
Vulnerability
|
|
|
|
2021-07-28 08:31:05 |
FBI reveals top targeted vulnerabilities of the last two years (lien direct) |
A joint security advisory issued today by several cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years. [...] |
|
|
|
|
2021-07-28 06:50:10 |
(Déjà vu) Northern Ireland suspends vaccine passport system after data leak (lien direct) |
Northern Ireland's Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification web service and mobile apps following a data exposure incident. [...] |
|
|
|
|
2021-07-28 06:50:10 |
Northern Ireland\'s COVID certification service suspended after data leak (lien direct) |
Northern Ireland's Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification web service and mobile apps following a data exposure incident. [...] |
|
|
|
|
2021-07-27 17:10:43 |
(Déjà vu) LockBit ransomware now encrypts Windows domains using group policies (lien direct) |
An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. [...] |
Ransomware
|
|
|
|
2021-07-27 17:10:43 |
LockBit ransomware automates Windows domain encryption via group policies (lien direct) |
An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. [...] |
Ransomware
|
|
|
|
2021-07-27 16:06:32 |
UC San Diego Health discloses data breach after phishing attack (lien direct) |
UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts. [...] |
Data Breach
|
|
|
|
2021-07-27 14:01:30 |
New Windows 10 KB5005394 emergency update fixes printing issues (lien direct) |
Microsoft has released a cumulative out-of-band update to fix a known printing issue preventing some printers and scanners from working correctly. [...] |
|
|
|
|
2021-07-27 10:47:08 |
Twitter will soon let you log in with your Google account (lien direct) |
Twitter has started testing a new feature that allows users to sign up for an account using their existing Google account. [...] |
|
|
|
|
2021-07-27 09:31:47 |
Google launches new Bug Hunters vulnerability rewards platform (lien direct) |
Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. [...] |
Vulnerability
|
|
|
|
2021-07-27 08:25:48 |
Microsoft Teams now automatically blocks phishing attempts (lien direct) |
Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks. [...] |
|
|
|
|
2021-07-26 17:21:00 |
Microsoft Defender ATP now secures removable storage, printers (lien direct) |
Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus. [...] |
|
|
|
|
2021-07-26 15:41:30 |
Apple fixes zero-day affecting iPhones and Macs, exploited in the wild (lien direct) |
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. [...] |
Vulnerability
|
|
|
|
2021-07-26 13:02:42 |
(Déjà vu) Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities (lien direct) |
Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet. [...] |
|
|
|
|
2021-07-26 13:02:42 |
Researchers warn of unpatched Kaseya Unitrend backup vulnerabilities (lien direct) |
Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrend service and advise users not to expose the service to the Internet. [...] |
|
|
|
|
2021-07-26 09:24:59 |
No More Ransom saves almost €1 billion in ransomware payments in 5 years (lien direct) |
The No More Ransom project celebrates its fifth anniversary today after helping over six million ransomware victims recover their files and saving them almost €1 billion in ransomware payments. [...] |
Ransomware
|
|
|
|
2021-07-26 08:51:45 |
Signal fixes bug that sent random images to wrong contacts (lien direct) |
Signal has fixed a serious bug in its Android app that, in some cases, sent random unintended pictures to contacts without an obvious explanation. Although the issue was reported in December 2020, given the difficulty of reproducing the bug, it isn't until this month that a fix was pushed out. [...] |
|
|
|
|
2021-07-25 17:48:49 |
A closer look at Windows 11\'s recent changes (lien direct) |
Windows 11 was officially announced last month with a redesigned Start, taskbar and Action Center experience. At the moment, Windows 11 is available to testers in the Dev Channel of the Insider program. [...] |
|
|
|
|
2021-07-25 10:00:00 |
Microsoft 365 drops support for Internet Explorer 11 in August (lien direct) |
Microsoft has reminded customers that Microsoft 365 apps and services will drop support for the legacy Internet Explorer 11 (IE11) web browser next month, on August 17, 2021. [...] |
|
|
|
|
2021-07-24 19:38:49 |
(Déjà vu) Microsoft shares mitigations for new PetitPotam NTLM relay attack (lien direct) |
Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. [...] |
|
|
|
|
2021-07-24 19:38:49 |
Microsoft shares mitigations for new PetitPotam NTML relay attack (lien direct) |
Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. [...] |
|
|
|
|
2021-07-24 16:53:59 |
Microsoft\'s fix for Windows 10 gaming issues is coming soon (lien direct) |
With this release of Windows 10's March 2021 updates and subsequent updates, some users have been experiencing performance issues when playing games. These gaming issues include decreased frame rate, stuttering in certain games, and flickering textures. [...] |
|
|
|
|
2021-07-24 10:00:00 |
Windows 10 July security updates break printing on some systems (lien direct) |
Microsoft says customers may experience printing and scanning issues on devices using smart card (PIV) authentication after installing July 2021 Windows 10 security updates on a domain controller (DC). [...] |
|
|
|
|
2021-07-23 16:54:03 |
New PetitPotam attack allows take over of Windows domains (lien direct) |
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. [...] |
Threat
|
|
|
|
2021-07-23 16:06:46 |
Fake Windows 11 installers now used to infect you with malware (lien direct) |
Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [...] |
Malware
|
|
|
|
2021-07-23 15:29:55 |
MacOS malware steals Telegram accounts, Google Chrome data (lien direct) |
Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts. [...] |
Malware
|
|
|
|
2021-07-23 14:33:18 |
The Week in Ransomware - July 23rd 2021 - Kaseya decrypted (lien direct) |
This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key. [...] |
Ransomware
Vulnerability
|
|
|
|
2021-07-23 14:18:52 |
Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots (lien direct) |
Apple has rolled out iOS 14.7 earlier this week with security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution. [...] |
Guideline
|
|
|
|
2021-07-23 14:00:44 |
Microsoft backtracks on Windows 11 using dark mode by default (lien direct) |
During the Inspire event, Microsoft announced that it would ship commercial Windows 11 SKUs in dark mode by default to support remote work. A week later, the company is backtracking on this decision. [...] |
|
|
|
|
2021-07-23 11:27:27 |
Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows (lien direct) |
Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes (K8s) clusters. [...] |
Threat
|
Uber
|
|
|
2021-07-23 08:06:55 |
Twitter reveals surprisingly low two-factor auth (2FA) adoption rate (lien direct) |
Twitter has revealed in its latest transparency report that only 2.3% of all active accounts have enabled at least one method of two-factor authentication (2FA) between July and December 2020. [...] |
|
|
|
|
2021-07-23 02:22:27 |
Major news sites serve porn after vid.me domain takeover (lien direct) |
Major news sites including The Washington Post, New York Magazine, and HuffPost, saw their stories now displaying porn videos instead of the once-embedded intended ones. The fiasco happened as prominent websites relied on the now-defunct domain vid.me to embed streaming videos in their articles. [...] |
|
|
|
|
2021-07-22 17:38:43 |
Windows 11 update improves taskbar, Microsoft Store and more (lien direct) |
Microsoft has released a new build 22000.100 to Windows 11 Insiders in the Dev channel of the Windows Insider program. [...] |
|
|
★★★★★
|
|
2021-07-22 13:46:59 |
Kaseya obtains universal decryptor for REvil ransomware victims (lien direct) |
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free. [...] |
Ransomware
|
|
|
|
2021-07-22 12:39:24 |
Akamai DNS global outage takes down major websites, online services (lien direct) |
Akamai is investigating an ongoing outage affecting many major websites and online services including Steam, the PlayStation Network, Newegg, Cloudflare, AWS, Amazon, Google, and Salesforce. [...] |
|
|
|
|
2021-07-22 11:25:39 |
Ransomware gang breached CNA\'s network via fake browser update (lien direct) |
Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached its network, stole data, and deployed ransomware payloads in a ransomware attack that hit its network in March 2021. [...] |
Ransomware
Guideline
|
|
|
|
2021-07-22 09:35:10 |
MITRE updates list of top 25 most dangerous software bugs (lien direct) |
MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years. [...] |
|
|
|
|
2021-07-22 03:47:13 |
Atlassian asks customers to patch critical Jira vulnerability (lien direct) |
Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI. [...] |
Vulnerability
|
|
|
|
2021-07-21 17:17:53 |
TikTok, Snapchat account hijacker arrested for role in Twitter hack (lien direct) |
A fourth suspect has been arrested today for his role in the Twitter hack last year that gave attackers access to the company's internal network exposing high-profile accounts to hijacking. [...] |
Hack
|
|
|
|
2021-07-21 14:42:16 |
CISA warns of stealthy malware found on hacked Pulse Secure devices (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. [...] |
Malware
|
|
|
|
2021-07-21 10:13:53 |
France warns of APT31 cyberspies targeting French organizations (lien direct) |
The French national cyber-security agency today warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 cyberespionage group. [...] |
|
APT 31
|
|
|
2021-07-21 10:00:00 |
Chinese state hackers breached over a dozen US pipeline operators (lien direct) |
Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. [...] |
|
|
|
|
2021-07-21 09:00:00 |
NPM package steals Chrome passwords on Windows via recovery tool (lien direct) |
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access. [...] |
Malware
Tool
|
|
|
|
2021-07-21 08:00:00 |
Google Chrome now comes with up to 50x faster phishing detection (lien direct) |
Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday. [...] |
|
|
|
|
2021-07-21 06:20:41 |
XLoader malware steals logins from macOS and Windows systems (lien direct) |
A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. [...] |
Malware
|
|
|
|
2021-07-21 04:32:04 |
(Déjà vu) Microsoft shares workaround for Windows 10 SeriousSAM vulnerability (lien direct) |
Microsoft has shared a workaround for a Windows 10 zero-day vulnerability dubbed SeriousSAM that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] |
Vulnerability
|
|
|
|
2021-07-21 04:32:04 |
Microsoft shares workarounds for new Windows 10 zero-day bug (lien direct) |
Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] |
Vulnerability
|
|
|
|
2021-07-20 18:19:42 |
Microsoft Teams chat feature rolling out to Windows 11 (lien direct) |
With Windows 11, Microsoft is integrating the Microsoft Teams chatting feature into the Windows Taskbar. Microsoft Teams Chat feature is based on Microsoft Teams desktop client and Microsoft is basically extending Teams capability by bringing the dedicated button right to your taskbar. [...] |
|
|
|
|
2021-07-20 15:03:45 |
DuckDuckGo\'s new email privacy service forwards tracker-free messages (lien direct) |
DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting. [...] |
|
|
|