Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-02-04 15:59:01 |
Critical Cisco Flaws Open VPN Routers Up to RCE Attacks (lien direct) |
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses. |
|
|
|
|
2021-02-04 15:58:45 |
Microsoft Office 365 Attacks Sparked from Google Firebase (lien direct) |
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials. |
|
|
|
|
2021-02-04 12:52:35 |
Clearview Facial-Recognition Technology Ruled Illegal in Canada (lien direct) |
The company's controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges. |
|
|
|
|
2021-02-03 21:37:41 |
Emotet\'s Takedown: Have We Seen the Last of the Malware? (lien direct) |
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware. |
|
|
|
|
2021-02-03 21:22:49 |
Second SolarWinds Attack Group Breaks into USDA Payroll - Report (lien direct) |
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware. |
|
|
|
|
2021-02-03 20:50:54 |
New Malware Hijacks Kubernetes Clusters to Mine Monero (lien direct) |
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.' |
Malware
|
Uber
|
|
|
2021-02-03 15:40:01 |
Five Critical Android Bugs Patched, Part of Feb. Security Bulletin (lien direct) |
February's security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8. |
|
|
|
|
2021-02-03 11:00:21 |
SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover (lien direct) |
The by-now infamous company has issued patches for three security vulnerabilities in total. |
|
|
|
|
2021-02-02 21:38:50 |
TrickBot Continues Resurgence with Port-Scanning Module (lien direct) |
The infamous malware has incorporated the legitimate Masscan tool, which looks for open TCP/IP ports with lightning-fast results. |
Malware
|
|
|
|
2021-02-02 18:17:18 |
Crypto Crook Hired Steven Seagal to Promote Scam, Now Faces Charges (lien direct) |
Feds charged California-based private detective for stealing $11M from investors, with help from actor Steven Seagal. |
|
|
|
|
2021-02-02 17:37:56 |
Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins (lien direct) |
The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-performance computing clusters. |
Malware
|
|
|
|
2021-02-02 17:31:10 |
Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise (lien direct) |
An e-commerce credit-card skimmer is being used by a second skimmer to steal payment data - and both are on Costway's website. |
|
|
|
|
2021-02-02 15:15:44 |
Agent Tesla Trojan \'Kneecaps\' Microsoft\'s Anti-Malware Interface (lien direct) |
A new version of the Agent Tesla RAT can 'kneecap' endpoint protection software supported by Microsoft ASMI. |
|
|
|
|
2021-02-02 14:00:11 |
Identity Theft Spikes Due to COVID-19 Relief (lien direct) |
Cases reported to the FTC doubled last year as cybercriminals took advantage of increased filing for government relief benefits due to the pandemic. |
|
|
|
|
2021-02-01 21:47:19 |
Wind River Security Incident Affects SSNs, Passport Numbers (lien direct) |
Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network. |
|
|
|
|
2021-02-01 21:18:09 |
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers (lien direct) |
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign. |
|
|
|
|
2021-02-01 21:12:13 |
SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat (lien direct) |
Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks. |
Hack
|
|
|
|
2021-02-01 16:59:19 |
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code (lien direct) |
The flaw in the free-source library could have been ported to multiple applications. |
|
|
|
|
2021-02-01 16:50:24 |
Alleged Gaming Software Supply-Chain Attack Installs Spyware (lien direct) |
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices. |
Malware
|
|
|
|
2021-01-29 21:56:50 |
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites (lien direct) |
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites. |
|
|
|
|
2021-01-29 21:54:24 |
Microsoft 365 Becomes Haven for BEC Innovation (lien direct) |
Two new phishing tactics use the platform's automated responses to evade email filters. |
|
|
|
|
2021-01-29 18:01:38 |
Industrial Gear at Risk from Fuji Code-Execution Bugs (lien direct) |
Fuji Electric's Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more. |
|
|
|
|
2021-01-29 16:52:30 |
Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System (lien direct) |
Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits. |
|
|
|
|
2021-01-29 13:29:10 |
Lazarus Affiliate \'ZINC\' Blamed for Campaign Against Security Researcher (lien direct) |
New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with 'Comebacker' malware. |
|
APT 38
|
|
|
2021-01-28 20:06:57 |
Rocke Group\'s Malware Now Has Worm Capabilities (lien direct) |
The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics. |
Malware
|
APT 32
|
|
|
2021-01-28 18:01:24 |
Utah Ponders Making Online \'Catfishing\' a Crime (lien direct) |
Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow. |
|
|
|
|
2021-01-28 16:46:01 |
LogoKit Simplifies Office 365, SharePoint \'Login\' Phishing Pages (lien direct) |
A phishing kit has been found running on at least 700 domains - and mimicking services via false SharePoint, OneDrive and Office 365 login portals. |
|
|
|
|
2021-01-28 15:52:29 |
Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball (lien direct) |
A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. |
Hack
|
|
|
|
2021-01-27 21:43:22 |
TeamTNT Cloaks Malware With Open-Source Tool (lien direct) |
The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs. |
Malware
Tool
|
|
|
|
2021-01-27 21:08:48 |
NetWalker Ransomware Suspect Charged: Tor Site Seized (lien direct) |
The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector. |
Ransomware
|
|
|
|
2021-01-27 20:32:55 |
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming (lien direct) |
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet. |
|
|
|
|
2021-01-27 19:16:41 |
Sudo Bug Gives Root Access to Mass Numbers of Linux Systems (lien direct) |
Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo. |
|
|
|
|
2021-01-27 18:05:51 |
ADT Security Camera Flaw Opened Homes, Stores to Eavesdropping (lien direct) |
Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more. |
|
|
|
|
2021-01-27 18:04:49 |
Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline (lien direct) |
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while tales have emerged on Twitter that NetWalker's Dark Web leaks site is offline. |
|
|
|
|
2021-01-27 12:21:28 |
Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update (lien direct) |
An anonymous researcher identified bugs in the software's kernel and WebKit browser engine that are likely part of an exploit chain. |
|
|
|
|
2021-01-26 22:11:54 |
Nvidia Squashes High-Severity Jetson DoS Flaw (lien direct) |
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products. |
Guideline
|
|
|
|
2021-01-26 21:24:34 |
DanaBot Malware Roars Back into Relevancy (lien direct) |
Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months. |
Malware
|
|
|
|
2021-01-26 19:35:44 |
23M Gamer Records Exposed in VIPGames Leak (lien direct) |
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds. |
|
|
|
|
2021-01-26 17:24:00 |
Criminal, Domestic Violence Case Info Exposed in Cook County Leak (lien direct) |
Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records. |
|
|
|
|
2021-01-26 17:15:33 |
Nefilim Ransomware Gang Hits Jackpot with Ghost Account (lien direct) |
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed. |
Ransomware
|
|
|
|
2021-01-26 14:49:03 |
North Korea Targets Security Researchers in Elaborate 0-Day Campaign (lien direct) |
Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor. |
|
|
|
|
2021-01-26 11:00:07 |
TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks (lien direct) |
A security flaw in TikTok could have allowed attackers to query query the platform's database – potentially opening up for privacy violations. |
|
|
|
|
2021-01-25 21:51:13 |
Breaking Down Joe Biden\'s $10B Cybersecurity \'Down Payment\' (lien direct) |
Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in. |
|
|
|
|
2021-01-25 21:16:11 |
Outgoing FCC Chair Issues Final Security Salvo Against China (lien direct) |
Ajit Pai says Chinese telecom companies 'biggest national security threat' for regulators in exit interview. |
|
|
|
|
2021-01-25 21:08:02 |
2.28M MeetMindful Daters Compromised in Data Breach (lien direct) |
The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download. |
Data Breach
|
|
|
|
2021-01-25 17:53:51 |
Cisco DNA Center Bug Opens Enterprises to Remote Attack (lien direct) |
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks. |
Vulnerability
|
|
|
|
2021-01-25 17:04:19 |
SonicWall Breach Stems from \'Probable\' Zero-Days (lien direct) |
The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series. |
|
|
|
|
2021-01-22 21:57:10 |
Microsoft Edge, Google Chrome Roll Out Password Protection Tools (lien direct) |
The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords. |
|
|
|
|
2021-01-22 21:55:34 |
Amazon Kindle RCE Attack Starts with an Email (lien direct) |
The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims. |
|
|
|
|
2021-01-22 18:35:24 |
Discord-Stealing Malware Invades npm Packages (lien direct) |
The CursedGrabber malware has infiltrated the open-source software code repository. |
Malware
|
|
|