Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-08-03 15:23:16 |
VMWare Urges Users to Patch Critical Authentication Bypass Bug (lien direct) |
Vulnerability-for which a proof-of-concept is forthcoming-is one of a string of flaws the company fixed that could lead to an attack chain. |
Guideline
|
|
|
|
2022-07-21 12:59:30 |
Hackers for Hire: Adversaries Employ \'Cyber Mercenaries\' (lien direct) |
Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP. |
Guideline
|
|
|
|
2022-07-19 15:33:01 |
Authentication Risks Discovered in Okta Platform (lien direct) |
Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction. |
Guideline
|
|
|
|
2022-07-06 10:33:35 |
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens (lien direct) |
A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web. |
Guideline
|
|
|
|
2022-06-16 11:24:26 |
Ransomware Risk in Healthcare Endangers Patients (lien direct) |
Ryan Witt, Proofpoint's Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care. |
Ransomware
Guideline
|
|
|
|
2022-03-09 16:00:32 |
Most ServiceNow Instances Misconfigured, Exposed (lien direct) |
Customers aren't locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction.
|
Guideline
|
|
|
|
2022-02-18 13:46:04 |
Iranian State Broadcaster Clobbered by \'Clumsy, Buggy\' Code (lien direct) |
Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran's Supreme Leader was a clumsy and unsophisticated wiper attack. |
Guideline
|
|
|
|
2022-02-16 15:59:14 |
Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers (lien direct) |
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS. |
Guideline
|
|
★★
|
|
2022-02-15 18:33:28 |
Chrome Zero-Day Under Active Attack: Patch ASAP (lien direct) |
The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems. |
Guideline
|
|
★★
|
|
2022-02-10 22:13:33 |
Sharp SIM-Swapping Spike Causes $68M in Losses (lien direct) |
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. |
Guideline
|
|
|
|
2022-01-18 15:44:21 |
Critical ManageEngine Desktop Server Bug Opens Orgs to Malware (lien direct) |
Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. |
Malware
Guideline
|
|
|
|
2021-12-22 18:24:07 |
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers (lien direct) |
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. |
Vulnerability
Guideline
|
|
|
|
2021-12-10 17:58:04 |
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack (lien direct) |
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” |
Tool
Vulnerability
Guideline
|
|
|
|
2021-11-30 18:11:16 |
Finland Faces Blizzard of FluBot-Spreading Text Messages (lien direct) |
Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an "exceptional" attack. |
Guideline
|
|
|
|
2021-11-11 18:48:06 |
Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash (lien direct) |
A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector. |
Threat
Guideline
|
|
|
|
2021-11-05 13:03:07 |
Feds Offer $10 Million Bounty on DarkSide Info (lien direct) |
The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group. |
Ransomware
Guideline
|
|
|
|
2021-10-27 19:13:47 |
Adobe\'s Surprise Security Bulletin Dominated by Critical Patches (lien direct) |
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure. |
Guideline
|
|
|
|
2021-10-27 13:04:20 |
(Déjà vu) Cyberattack Cripples Iranian Fuel Distribution Network (lien direct) |
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. |
Guideline
|
|
|
|
2021-10-27 13:04:20 |
Cyber Attack Cripples Iranian Fuel Distribution Network (lien direct) |
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. |
Guideline
|
|
|
|
2021-10-21 19:31:40 |
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool (lien direct) |
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment. |
Ransomware
Tool
Threat
Guideline
|
|
|
|
2021-09-14 13:10:49 |
Romance, BEC Scams Lands Soldier in Jail for 46 Months (lien direct) |
A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans. |
Guideline
|
|
|
|
2021-09-09 14:30:56 |
SideWalk Backdoor Linked to China-Linked Spy Group \'Grayfly\' (lien direct) |
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. |
Malware
Guideline
|
APT 41
|
|
|
2021-09-09 12:58:48 |
Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix (lien direct) |
An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom. |
Vulnerability
Guideline
|
|
|
|
2021-08-26 16:40:38 |
F5 Bug Could Lead to Complete System Takeover (lien direct) |
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. |
Guideline
|
|
|
|
2021-08-25 11:41:31 |
California Man Hacked iCloud Accounts to Steal Nude Photos (lien direct) |
Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials. |
Guideline
|
|
|
|
2021-08-03 20:00:31 |
Ransomware Volumes Hit Record Highs as 2021 Wears On (lien direct) |
The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way. |
Ransomware
Guideline
|
|
|
|
2021-08-02 20:58:54 |
\'PwnedPiper\': Devastating Bugs in >80% of Hospital Pneumatics (lien direct) |
Podcast: Blood samples aren't martinis. You can't shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware. |
Guideline
|
|
|
|
2021-07-30 15:21:41 |
Novel Meteor Wiper Used in Attack that Crippled Iranian Train System (lien direct) |
A July 9th attack disrupted service and taunted Iran's leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints. |
Guideline
|
|
|
|
2021-07-22 17:46:25 |
Industrial Networks Exposed Through Cloud-Based Operational Tech (lien direct) |
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. |
Guideline
|
|
|
|
2021-07-21 13:32:42 |
French Launch NSO Probe After Macron Believed Spyware Target (lien direct) |
Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware. |
Guideline
|
|
|
|
2021-07-13 14:36:47 |
New CISA Director Confirmed, White House Gains Cyber-Director (lien direct) |
Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on. |
Ransomware
Guideline
|
|
|
|
2021-07-09 17:31:26 |
Cisco BPA, WSA Bugs Allow Remote Cyberattacks (lien direct) |
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more. |
Guideline
|
|
|
|
2021-06-30 16:28:48 |
Why MTTR is Bad for SecOps (lien direct) |
Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. |
Guideline
|
|
|
|
2021-06-11 14:23:57 |
Monumental Supply-Chain Attack on Airlines Traced to State Actor (lien direct) |
Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks. |
Guideline
|
APT 41
|
★★★
|
|
2021-06-03 18:20:15 |
Google PPC Ads Used to Deliver Infostealers (lien direct) |
The crooks pay top dollar for Google search results for the popular AnyDesk, Dropbox & Telegram apps that lead to a malicious, infostealer-packed website. |
Guideline
|
|
|
|
2021-05-11 18:38:36 |
Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader (lien direct) |
A patch for Adobe Acrobat, the world's leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution. |
Vulnerability
Guideline
|
|
|
|
2021-05-11 16:08:19 |
Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud (lien direct) |
Aamir Lakhani, researcher at FortiGuard Labs, discusses leading-edge threats related to edge access/browsers/IoT, and the COVID-19 vaccine, as a way of getting into larger organizations. |
Guideline
|
|
|
|
2021-04-30 19:01:05 |
WeSteal: A Cryptocurrency Stealing Tool That Does Just That (lien direct) |
The developer of the WeSteal cryptocurrency stealer can't be bothered with fancy talk: they say flat-out that it's “the leading way to make money in 2021”. |
Tool
Guideline
|
|
|
|
2021-02-26 21:53:26 |
Amazon Dismisses Claims Alexa \'Skills\' Can Bypass Security Vetting Process (lien direct) |
Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks. |
Guideline
|
|
|
|
2021-01-26 22:11:54 |
Nvidia Squashes High-Severity Jetson DoS Flaw (lien direct) |
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products. |
Guideline
|
|
|
|
2021-01-04 20:14:52 |
Leading Game Publishers Hit Hard by Leaked-Credential Epidemic (lien direct) |
Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online. |
Guideline
|
|
|
|
2020-12-02 20:17:34 |
Xerox DocuShare Bugs Allowed Data Leaks (lien direct) |
CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes. |
Guideline
|
|
|
|
2020-11-12 14:10:57 |
2 More Google Chrome Zero-Days Under Active Exploitation (lien direct) |
Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution. |
Guideline
|
|
★★★★★
|
|
2019-03-13 18:29:03 |
Intel Windows 10 Graphics Drivers Riddled With Flaws (lien direct) |
Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code execution. |
Guideline
|
|
|
|
2019-03-04 23:36:00 |
Teen Becomes First to Earn $1M in Bug Bounties with HackerOne (lien direct) |
He is also the all-time top-ranked hacker on HackerOne's leaderboard, out of more than 330,000 hackers competing for the top spot. |
Guideline
|
|
|
|
2019-03-04 11:00:03 |
Visitor Kiosk Access Systems Riddled with Bugs (lien direct) |
Student researchers working with IBM X-Force Red team find security holes in five leading visitor management systems. |
Guideline
|
|
|
|
2019-01-28 16:04:00 |
Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution (lien direct) |
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution. |
Guideline
|
|
★★★★
|
|
2019-01-08 21:09:04 |
Shipping Firms Speared with Targeted \'Whaling\' Attacks (lien direct) |
Bad actors are imitating high-level executives in the shipping industry to launch BEC attacks that could lead to credential theft or worse - system compromise. |
Guideline
|
|
|
|
2018-12-28 15:24:04 |
Hijacking Online Accounts Via Hacked Voicemail Systems (lien direct) |
Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services. |
Hack
Guideline
|
|
|
|
2018-12-11 22:19:04 |
Facebook Fined $11.3M for Privacy Violations (lien direct) |
Italy's regulator found the social giant guilty of misleading consumers as to what it does with their data. |
Guideline
|
|
|