What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-30 09:51:19 | 3 million Italians impacted by UniCredit data breach (lien direct) | Italian global banking and financial services company UniCredit S.p.A. yesterday disclosed a data breach incident involving a file containing roughly 3 million records. The file was generated in 2015, which suggests that customers who created accounts in 2016 and beyond are likely safe. Affected information consisted of customers' names, cities, telephone numbers and emails. Source: […] | Data Breach | ||
|
2019-10-30 09:50:14 | Israeli firm sued by WhatsApp over phone hacking claims (lien direct) | Facebook-owned WhatsApp has filed a lawsuit against Israel’s NSO Group, alleging the firm was behind cyber-attacks that infected devices with malicious software. WhatsApp accuses the company of sending malware to roughly 1,400 mobile phones for the purposes of surveillance. Users affected included journalists, human rights activists, political dissidents, and diplomats. Source: BBC | Malware | ||
|
2019-10-29 13:32:09 | Cybersecurity Horror Stories Don\'t Have to Keep You Up at Night (lien direct) | Companies need to beware of both external cyberattacks and insider threats. Like a classic horror film, both threats come with their own elements of mystery, suspense and fear. Fortunately, it is possible to defend each type of attack vector using a similar cybersecurity strategy for each. More on that later. First, let's set the scene of the current security landscape. | |||
|
2019-10-29 12:45:18 | What Chocolate Peanut Butter Cups Can Teach Us About Phishing (lien direct) | With Halloween fast approaching, it's a great time to discuss some of our favourite things in life: the creation of chocolate peanut butter cups and what these can teach us about phishing. Hard to imagine a time when before the “age of the cup” because there are many that never got to know the delicious […] | |||
|
2019-10-29 09:50:11 | (Déjà vu) Blogger sites hacked to show sextortion scams (lien direct) | Scammers are hacking into WordPress and Blogger sites and using the hacked accounts to create posts stating that the blogger’s computer has been hacked and that they were recorded while using adult web sites. Source: Bleeping Computer | ★★ | ||
|
2019-10-29 09:49:41 | (Déjà vu) Food chain in U.S. alerts customers of payment card incident (lien direct) | U.S. fast-food restaurant chain Krystal disclosed a security incident involving one of is payment processing systems and affecting some of its restaurants between July and September 2019. Krystal was founded back in 1932, currently has 342 locations in the Southern United States and “is the original quick-service restaurant chain in the South” according to a press release […] | ★★★ | ||
|
2019-10-29 09:49:14 | (Déjà vu) Fashion site hacked to steal credit cards (lien direct) | French fashion online store Sixth June is offering shoppers more than the latest in men and women streetwear apparel as the site was infected some time ago with code that steals payment card info at checkout. The infosec community typically refers to this type of scripts as MageCart because they initially targeted sites using the […] | ★★ | ||
|
2019-10-29 09:48:36 | 7.5 million Creative Cloud Adobe users data exposed (lien direct) | An unsecured Elasticsearch database left exposed the account information of about 7.5 million Adobe Creative Cloud users. Comparitech, in association with security researcher Bob Diachenko, found the Adobe database, which could be accessed without a password or any login credentials. The company was notified on October 19 and the database was locked down that day. […] | ★★★★ | ||
|
2019-10-29 09:47:37 | American Cancer Society online stores attacked with skimming malware (lien direct) | One Magecart group decided that helping cancer victims is not enough of a reason to deter them from hitting the American Cancer Society's online store with skimming malware. Sanguine Security found the malware on www.shop.cancer.org/ hiding behind the GoogleTagManager code. The store sells t-shirts emblazoned with the organization's logo. Source: SC Magazine | Malware | ||
|
2019-10-28 09:52:23 | Are You Afraid of the Unintentional Insider Threat? (lien direct) | Malicious insiders exist among us, and sometimes, we hire them. Like a demon in disguise, they trick us into trusting them. Then, they treat themselves to confidential company data. As a trusted employee, it's unnerving to know that something evil might be lurking in the cubicle next to you. What is more spine-chilling is that the insider threat can be anyone… even you! So, read on, and learn how to protect yourself from becoming an unintentional insider threat. | Threat | ||
|
2019-10-25 09:18:34 | Randori exposes weaknesses by acting like a hacker (lien direct) | Randori, a Boston-based startup from a former Carbon Black executive and a former red team consultant, announced its first product today. Called Randori Recon, this service is designed to act with a hacker's mindset to surface all of your company's external weaknesses. Source: Tech Crunch | |||
|
2019-10-25 09:17:18 | Ocala suffered financial loss from “Phishing” scam (lien direct) | OCALA, Fla. - Ocala officials said Thursday that the city had suffered a “net financial loss” as a result of a recent email “spear phishing” scam, the latest in a series of recent cybercrimes against Central Florida municipalities. Source: My News 13 | |||
|
2019-10-25 09:16:46 | (Déjà vu) DDoS attack lasts eight hours (lien direct) | Google Cloud Platform suffered issues around the same time as Amazon Web Services but claims they were not caused by DDoS. A significant distributed denial-of-service (DDoS) attack lasting approximately eight hours affected Amazon Web Services yesterday, knocking its S3 service and other services offline between 10:30 a.m. and 6:30 p.m. PDT. Source: Dark Reading | |||
|
2019-10-25 09:14:59 | Mobile users targeted with malware (lien direct) | Cybercriminals continue to seed app stores with malicious apps, advanced attackers successfully compromise mobile devices, and advertisers continue to track users, new reports show. The ubiquity of mobile devices continues to attract attackers as malicious apps have surged 20% across third-party app stores, advertisers and tracking firms account for nine of 10 API calls for […] | Malware | ||
|
2019-10-24 10:56:35 | Is the Office Dead? (lien direct) | By Stuart Sharp, VP of solution engineering at OneLogin According to predictions from the Office of National Statistics, 50% of the UK workforce is expected to be working remotely by 2020. Many organisations have been preparing for this eventuality for many years, as can be seen from the increased uptake of 'working from home policies'. […] | ★★ | ||
|
2019-10-24 10:16:35 | (Déjà vu) Hacker jailed from planting Keylogger devices on Company systems (lien direct) | A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time. It appears that the individual was after data relating to an “emerging technology” that both targeted companies were developing. Source: Bleeping Computer 60 SHARES […] | ★★★★★ | ||
|
2019-10-24 10:15:50 | (Déjà vu) New malware targeting Discord users (lien direct) | A new malware is targeting Discord users by modifying the Windows Discord client so that it is transformed into a backdoor and an information-stealing Trojan. The Windows Discord client is an Electron application, which means that almost all of its functionality is derived from HTML, CSS, and JavaScript. This allows malware to modify its core files […] | Malware | ||
|
2019-10-24 10:15:11 | Kalispell Regional Healthcare data breach (lien direct) | Kalispell Regional Healthcare (KRH) just reported a cyberattack that took place in late August and exposed patients' health information. The Kalispell, Mont. facility had several employees fall for a phishing email scam, resulting in the attackers gaining the login credentials to KRH's system, the hospital said in a statement. Source: SC Magazine 60 SHARES Share On […] | Data Breach | ||
|
2019-10-24 10:14:24 | Stalker Apps warning by FTC (lien direct) | Agency offers tips on how to detect and eradicate the spyware. The Federal Trade Commission (FTC) today alerted consumers about the risk of mobile spyware that surreptitiously “stalks” smartphone users, snooping on call history, text messages, photos, GPS location, and browsing history. The warning comes the heels of the FTC’s settlement this week with app […] | |||
|
2019-10-23 09:11:11 | (Déjà vu) U.S Superior Court systems have hacked to spread phishing emails (lien direct) | A Texas man was sentenced today to 145 months in federal prison for hacking the Los Angeles Superior Court (LASC) computer system and using its servers to deliver around 2 million malspam emails. 33-year-old Oriyomi Sadiq Aloba “was found guilty of one count of conspiracy to commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud, […] | |||
|
2019-10-23 09:10:42 | UK cyber-centre targets card payment fraud (lien direct) | Britain’s cyber-defence centre has thwarted more than one million cases of suspected payment card fraud in the last year, its annual review reveals. The National Cyber Security Centre (NCSC) said a dedicated anti-fraud effort stopped the cards being abused. It said it had stopped more than 1,800 cyber-attacks aimed at UK citizens and businesses in […] | |||
|
2019-10-23 09:10:10 | (Déjà vu) Scammers arrested in Spain who were behind €10 Million BEC Fraud (lien direct) | Three people, part of a Business Email Compromise (BEC) scammer group that stole roughly €10.7 million ($11,900,000) from 12 companies, were arrested in Spain by the Guardia Civil as part of Operation Lavanco. BEC (otherwise known as Email Account Compromise, CEO fraud, or CEO impersonation) fraud schemes are scams that allow crooks to trick a company’s employees to wire out funds to […] | |||
|
2019-10-23 09:09:06 | Japanese hotel chain apologises as hackers watched guests through bedside robots (lien direct) | Japanese hotel chain HIS Group has apologised for ignoring warnings that its in-room robots were hackable to allow pervs to remotely view video footage from the devices. The Henn na Hotel is staffed by robots: guests can be checked in by humanoid or dinosaur reception bots before proceeding to their room. Source: The Register 60 […] | |||
|
2019-10-22 13:39:21 | OneLogin Partners with Prianto (lien direct) | OneLogin, an industry leading provider of Unified Access Management (UAM), has partnered with Prianto UK to facilitate the distribution of its services in the UK. This collaboration will enable Prianto and OneLogin to fulfill their joint commitment of providing a secure, seamless experience for end-users and administrators alike. This collaboration brings together a company specialising […] | Guideline | ||
|
2019-10-22 10:50:44 | Anatomy of an Advanced Persistent Threat (lien direct) | By Tarik Saleh, Senior Security Engineer at DomainTools Advanced Persistent Threats are long term patterns of network exploitation that go undetected for extended periods of time and are usually aimed at high profile targets such as governments, higher education institutions, political activists, and companies. They are often motivated by economic, political, and financial reasons, and […] | Threat | ||
|
2019-10-22 09:13:46 | Data exposed by leaker Autoclerk on travelers information including military and government personnel (lien direct) | A leak at Autoclerk, a reservations management system recently acquired by the Western Hotel & Resorts Group, exposed personal and travel information on hotel guests, including members of the U.S. government, military and Department of Homeland Security. “Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements […] | |||
|
2019-10-22 09:13:04 | Researchers managed to turn Google Home and Alexa into Credential thieves (lien direct) | Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing. “Alexa, steal my passwords.” It’s not a phrase a user is likely to utter, but security researchers in Germany have shown that it’s possible for malicious apps - Alexa “skills” and Google Home […] | |||
|
2019-10-22 09:12:26 | (Déjà vu) Chinese hackers use malware to backdoor Microsoft SQL servers (lien direct) | New malware created by Chinese-backed Winnti Group has been discovered by researchers at ESET while being used to gain persistence on Microsoft SQL Server (MSSQL) systems. The new malicious tool dubbed skip-2.0 can be used by the attackers to backdoor MSSQL Server 11 and 12 servers, enabling them to connect to any account on the server using a so-called “magic password” and […] | Malware Tool | ||
|
2019-10-22 09:11:27 | Innocent man lost £4,000 from a call centre scam (lien direct) | When Doug Varey clicked on a pop-up ad offering computer security protection for 12 years for £556, he signed up. “I had no reason to suspect it wasn’t genuine,” he says. That was a mistake. Mr Varey was a victim of a common online scam known as computer software service fraud, which ended up costing […] | |||
|
2019-10-22 09:10:48 | NordVPN announces that it was hacked (lien direct) | NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. Source: Tech Crunch 60 […] | |||
|
2019-10-21 09:38:46 | Alexa and Google home are eavesdropping on users again without their knowledge (lien direct) | Hackers can abuse Amazon Alexa and Google Home smart assistants to eavesdrop on user conversations without users’ knowledge, or trick users into handing over sensitive information. The attacks aren’t technically new. Security researchers have previously found similar phishing and eavesdropping vectors impacting Amazon Alexa in April 2018; Alexa and Google Home devices in May 2018; and again […] | |||
|
2019-10-21 09:38:07 | Facebook employees are hacking other teams to see what others are building (lien direct) | Jane Manchun Wong has an incessant need to know every single feature of every single app on her smartphone. Wong, a 25-year-old software engineer in Hong Kong, checks every new line of code any time one of her Android smartphone's apps get an update. She locates new code, reverse-engineers it and finds new features before […] | |||
|
2019-10-21 09:37:35 | Thousands of records hacked by students (lien direct) | The high school students say they just wanted to win a water-gun fight. But officials in their Pennsylvania school district say they took a senior-year tradition way too far, hacking into test scores and personal information of the district's more than 12,000 students while trying to get the home addresses they say they wanted for […] | |||
|
2019-10-21 09:37:04 | Russian group disguised as Iranian cyber spies (lien direct) | Suspected Russia-linked hackers have attacked dozens of countries, including Britain, disguised as Iranian cyber spies, UK and US intelligence agencies have revealed. They have accused the Turla group – allegedly based in Russia – of letting an Iranian hacking outfit take the blame for a spate of cyber espionage after gaining access to its cyber […] | |||
|
2019-10-21 09:35:39 | San Bernardino school district hit by ransomware attack (lien direct) | Hackers infected servers used by the San Bernardino City Unified School District with ransomware, locking faculty and staff out of their e-mails over the weekend and forcing classes to proceed without Wi-Fi and other tech-based tools beginning Monday, Oct. 21. The district's information technology staff alerted administrators and law enforcement to the attack early Saturday, […] | Ransomware | ||
|
2019-10-18 12:22:30 | I think therefore IAM (lien direct) | “I think therefore I am.” – René Descartes This isn't just a pompous philosophical proposition of autonomy, instead it is a timely piece of advice for ensuring corporate cybersecurity. Descartes really was ahead of his time! Identity and access management (IAM) plays an important part in securing your IT infrastructure by mitigating risk from both […] | |||
|
2019-10-18 12:09:59 | The Rise of Inside Out Security Threats (lien direct) | At the 2019 RSA Conference, a survey of 650 IT professionals revealed that 75% feel vulnerable to insider threat. This information from industry experts proves that there is dichotomy in the perception of cyberthreat across the media and IT professionals. This marks a significant shift from the frequent headlines warning of external cyberattacks that frequently […] | |||
|
2019-10-18 10:13:01 | (Déjà vu) Russian hackers noticed after being undetected for years (lien direct) | Cyber-espionage operations from Cozy Bear, a threat actor believed to work for the Russian government, continued undetected for the past years by using malware families previously unknown to security researchers. Relying on stealthy communication techniques between infected systems and the command and control (C2) servers, the group managed to keep their activity under the radar […] | Malware Threat | APT 29 | |
|
2019-10-18 10:12:46 | Telstra fooled in $500 gift card phishing scam (lien direct) | Telstra's brand is being employed by scammers in order to launch an email phishing campaign aimed at harvesting confidential details from victims. Spotted on 15 October by email filtering provider MailGuard, the phishing scam purports to be from Telstra and appears to be a notification from the telco. Source: Arnet 60 SHARES Share On Facebook […] | |||
|
2019-10-18 10:12:31 | (Déjà vu) Phishing attack targets stripe users that steal banking information (lien direct) | A phishing campaign using fake invalid account Stripe support alerts as lures has been spotted while attempting to harvest customers’ bank account info and user credentials using booby-trapped Stripe customer login pages. Stripe is one of the top online payment processors, a company that provides the payment logistics internet businesses need to accept payments over the […] | |||
|
2019-10-18 10:12:16 | (Déjà vu) Malicious fake WordPress plugins are mining for cryptocurrency (lien direct) | Malicious plugins for WordPress websites are being used not just to maintain access on the compromised server but also to mine for cryptocurrency. Researchers at website security company Sucuri noticed the number of malicious plugins increase over the past months. The components are clones of legitimate software, altered for nefarious purposes. Source: Bleeping Computer 60 […] | |||
|
2019-10-18 10:11:34 | Amazon Echo and Kindle devices are prone to KRACK attacks (lien direct) | Amazon Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. Source: SC Magazine 60 SHARES Share On Facebook Tweet Follow us Share Share Share Share Share | |||
|
2019-10-18 09:53:42 | Lookout! Total App Defence is Here (lien direct) | Satendar Bhatia, the SVP of Embedded Software Sales at Lookout, announced yet another successful year for Lookout App Defence as they continue to break “into new markets, and acquired new customers globally”. Powered by the largest dataset of mobile code in existence, the Lookout Security Cloud provides an assessment of the entire spectrum of mobile […] | ★★★ | ||
|
2019-10-17 15:21:24 | Corelight Raises $50 Million in Series C Funding Led by Insight Partners and Accel (lien direct) | Corelight was founded by Dr. Vern Paxson (a Professor of Computer Science at UC Berkeley and Chief Scientist at Corelight), Robin Sommer (CTO) and Seth Hall (Chief Evangelist) to deliver network visibility solutions for cybersecurity built on an open source framework called Zeek (formerly Bro). Paxson began developing Zeek in 1995 when he was working […] | |||
|
2019-10-17 09:28:58 | Streaming devices are tracking viewing habits (lien direct) | Steadily, we are adopting more and more technology into our households. Our homes are becoming more interconnected, with IoT (Internet of Things) devices becoming regular parts of our lives. One of the devices that is the centerpiece of most households is the television set – and with it often come internet-connected streaming services. So, what […] | ★★★★★ | ||
|
2019-10-17 09:28:31 | Librarian retools phishing emails to steal student credentials (lien direct) | Silent Librarian cyberattackers are switching up tactics in a phishing scheme bent on stealing student credentials. Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid […] | Threat | ★★★ | |
|
2019-10-17 09:28:06 | (Déjà vu) 30,000 Sextortion email sent per hour due to malware attack on your PC (lien direct) | Sextortion emails stating that your computer was hacked and video was created of you on porn sites have become so common that many ignore them and treat them simply as another spam. That does not mean, though, that they are not profitable as a new report shows that the attackers are generating a decent revenue […] | Malware | ||
|
2019-10-17 09:27:37 | (Déjà vu) WAV Audio Files hides cryptominers by hackers (lien direct) | Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and Monero cryptominers on their targets’ systems as BlackBerry Cylance threat researchers discovered. While various other malware peddlers were previously observed injecting payloads in JPEG or PNG image files with the help of steganography, a well-known technique used to evade anti-malware detection, this is […] | Malware Threat | ||
|
2019-10-17 09:27:11 | 2,000 Docker Hosts Infected by Cryptojacking Worm (lien direct) | Basic and ‘inept’ worm managed to compromise Docker hosts by exploiting misconfigurations. Some 2,000 Docker hosts have been attacked and infected by a relatively basic worm that exploits misconfigured permissions to download and run cryptojacking software as malicious containers. Source: Dark Reading 60 SHARES Share On Facebook Tweet Follow us Share Share Share Share Share | |||
|
2019-10-16 13:06:18 | Big wins at OneLogin Connect 19 London (lien direct) | OneLogin has announced the winners of several awards at its annual user conference, Connect19 London. Winners were selected from OneLogin's customer base of over 2,500 businesses, that were evaluated based on quantitative metrics, individual usage and companywide adoption of a “security-first” mindset. Businesses were nominated across four categories: Most Collaborative, Best Cloud Growth, Most Creative […] |
To see everything:
Our RSS (filtrered)
