What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-01-16 13:57:05 | I swiped right, Viewing sensitive data cached in your Safari browser. (lien direct) | By using multi-gesture trackpad along with Safari browser in MacBook Pro, one can view sensitive data which is cached in your Safari browser. (Note: This is not a back button browsing vulnerability) I figured out this issue while playing around with Safari browser, looks like the most recent activity of any authenticated or un-authenticated website is stored in […] | |||
|
2019-01-16 13:16:05 | Multiple Fortnite flaws allowed experts to takeover players\' accounts (lien direct) | Security researchers at Check Point have discovered several flaws in the popular game Fortnite that could be exploited to takeover gamers’account. Security experts at Check Point discovered several issues in the popular online battle game Fortnite. One of the flaws is an OAuth account takeover vulnerability that could have allowed a remote attacker to takeover […] | Vulnerability | ||
|
2019-01-16 08:59:01 | Experts link attack on Chilean interbank network Redbanc NK Lazarus APT (lien direct) | Researchers from Flashpoint linked the recently disclosed attack on Chilean interbank network Redbanc to the North Korean APT group Lazarus. Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware […] | Malware | APT 38 | |
|
2019-01-15 15:27:00 | A flaw in vCard processing could allow hackers to compromise a Win PC (lien direct) | A security expert discovered a zero-day flaw in the processing of VCard files that could be exploited by a remote attacker to compromise a Windows PC The security expert John Page (@hyp3rlinx), discovered a zero-day vulnerability in the processing of VCard files that could be exploited by a remote attacker, under certain conditions, to hack Windows […] | Hack Vulnerability | ||
|
2019-01-15 12:14:03 | Too many issues in Pentagon networks expose it to cybersecurity risks (lien direct) | A new security assessment conducted by the Defense Department Inspector General revealed that the Pentagon is still exposed to many cyber risks, The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there are 266 issue, some of them are ten-years-old cybersecurity‑related recommendations still unresolved in the Pentagon infrastructure. This means that […] | |||
|
2019-01-15 06:50:00 | Mozilla will disable Adobe Flash by default starting from Firefox 69 (lien direct) | Starting from Firefox 69, Mozilla will disable Adobe Flash by default, a process that aims to completely remove the support for the popular plugin. Mozilla announced that the Firefox 69 will no longer support Adobe Flash due to a large number of serious flaws exploited by hackers in attacks across the years. The decision was […] | |||
|
2019-01-14 23:13:04 | German Watchdog will request Facebook changes (lien direct) | German watchdog is going to ask Facebook changes to protect privacy and personal information of its users. The news was first reported by the German newspaper Bild am Sonntag, German regulators are going to request Facebook changes in its platforms aimed at protecting privacy and personal data of its users. The German watchdog want to […] | |||
|
2019-01-14 17:31:02 | Unsecured MongoDB archive exposed 202 Million private resumes (lien direct) | Security expert discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. Security expert Bob Diachenko discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. The huge trove of data belongs to job seekers in China, its records include personal […] | |||
|
2019-01-14 10:03:01 | Zurich refuses to pay Mondelez for NotPetya damages because it\'s \'an act of war\' (lien direct) | Zurich American Insurance Company is refusing to refund its client because consider the attack as “an act of war” that is not covered by its policy. The US food giant Mondelez is suing Zurich for $100 Million after the insurance company rejected its claim to restore normal operations following the massive NotPetya ransomware attack. On […] | Ransomware | NotPetya | |
|
2019-01-14 08:37:02 | Computers at the City Hall of Del Rio were infected by ransomware (lien direct) | The City Hall of Del Rio, a city in and the county seat of Val Verde County, Texas, was hit by a ransomware attack, operations were suspended. Last week, the City Hall of Del Rio, a city in and the county seat of Val Verde County, Texas, was hit by a ransomware attack. On Thursday, tens of computers at […] | Ransomware | ||
|
2019-01-14 05:43:03 | Which is the link between Ryuk ransomware and TrickBot? (lien direct) | FireEye and CrowdStrike discovered that threat actors behind the Ryuk ransomware are working with another cybercrime gang to gain access to target networks. In August 2018, security experts from Check Point uncovered a ransomware-based campaign aimed at organizations around the world conducted by North Korea-linked threat actor. This is the first time that a security firm […] | Ransomware Threat | ||
|
2019-01-13 15:43:01 | (Déjà vu) Security Affairs newsletter Round 196 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! Blur data leak potentially exposed data of 2.4 […] | ★★★★ | ||
|
2019-01-13 14:42:05 | TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal (lien direct) | Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. The ServHelper is a backdoor, experts analyzed two variants of it, while […] | Malware | ||
|
2019-01-12 22:14:05 | Hacktivist Martin Gottesfeld 10 years in prison for hospital cyberattack (lien direct) | The American hacktivist Martin Gottesfeld (34) has been sentenced to 10 years in prison for carrying out DDoS attacks against two healthcare organizations in the US in 2014. The alleged Anonymous member, Martin Gottesfeld, was accused of launching DDoS attacks against the two US healthcare organizations in 2014, the Boston Children's Hospital and the Wayside […] | |||
|
2019-01-12 14:04:03 | Rapid7 announced the release of Metasploit 5.0 (lien direct) | Rapid7 announced the release of Metasploit 5.0, the latest version of the popular penetration testing framework that promises to be very easy to use. Rapid7 announced the release of Metasploit 5.0, the new version includes several new important features and, the company believes it will easier to use and more powerful. Most important changes introduced […] | |||
|
2019-01-12 10:26:02 | (Déjà vu) Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections (lien direct) | Z-WASP attack: Phishers are using a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients. Microsoft recently fixed a vulnerability in Office 365 that was exploited by attackers to bypass existing phishing protections and deliver malicious messages to victims' inboxes. The vulnerability ties with the […] | Vulnerability | ||
|
2019-01-11 22:55:00 | British hacker sentenced to jail for attack on Liberian Telecoms firms (lien direct) | The British hacker Daniel Kaye has been sentenced to 32 months in prison for the cyberattack on Liberian telecom firms. The British hacker Daniel Kaye (29) has been sentenced to 32 months in prison for the 2016 attack that took down telecommunications services in Liberia. Kaye pleaded guilty in December to two charges under the Computer Misuse […] | Guideline | ||
|
2019-01-11 14:59:03 | Victims of Pylocky ransomware can decrypt their files for free (lien direct) | Victims of the PyLocky Ransomware can use a tool released by security researcher Mike Bautista at Cisco Talos group to decrypt their files for free. I have good and bad news for the victims of the PyLocky Ransomware. The good news is that security researcher Mike Bautista at Cisco Talos group released a decryption tool […] | Ransomware Tool | ||
|
2019-01-11 12:54:01 | The \'AVE_MARIA\' Malware (lien direct) | Ave Maria Malware – Phishing attempts spreading in the last days of the past year against an Italian organization operating in the Oil&Gas sector The Cybaze-Yoroi ZLab researchers analyzed phishing attempts spreading in the last days of the past year against an Italian organization operating in the Oil&Gas sector. The malicious emails try to impersonate […] | Malware | ||
|
2019-01-11 06:18:00 | Reddit locked Down accounts due to alleged security breach (lien direct) | The social media platform Reddit has notified users that some of them have been locked out of their accounts after detecting suspicious activity. Reddit locked down a large number of user accounts after due to a security concern after detecting suspicious activity on them. “If you are here because you've been locked out of your […] | |||
|
2019-01-10 20:55:04 | CISCO addresses DoS bugs in CISCO ESA products (lien direct) | Cisco addressed two DoS vulnerabilities in CISCO ESA products that can be exploited by remote unauthenticated attacker. Cisco fixed two denial-of-service (DoS) flaws in Email Security Appliance (ESA) products that can be exploited by a remote unauthenticated attacker. The first flaw tracked as CVE-2018-15453 has been rated as “critical,” it is a memory corruption bug caused […] | |||
|
2019-01-10 14:48:04 | Alleged Iran-linked APT groups behind global DNS Hijacking campaign (lien direct) | Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. Security experts at FireEye uncovered a DNS hijacking campaign that is targeting government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe. According […] | |||
|
2019-01-10 11:51:02 | Three security bugs found in the popular Linux suite systemd (lien direct) | Experts disclosed three flaws in the systemd, a software suite that provides fundamental building blocks for Linux operating systems. Security firm Qualys has disclosed three flaws (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 ) in a component of systemd, a software suite that provides fundamental building blocks for a Linux operating system used in most major Linux distributions. […] | |||
|
2019-01-10 09:29:04 | Ironic turn … Kaspersky Labs helped NSA to catch alleged data thief (lien direct) | Kaspersky was a long accused to support Russian intelligence, in an ironic turn, source now revealed it helped to catch alleged NSA data thief Kaspersky was a long accused to support Russian intelligence in cyber espionage activities and for this reason, its products have been banned by the US Government and EU Parliament. The company […] | |||
|
2019-01-09 22:06:01 | First Google security patches for Android in 2019 fix a critical flaw (lien direct) | Google released its security patches for Android in 2019 that addressed tens of vulnerabilities in the popular mobile OS. Google released the first batch of security patches for Android in 2019 that addressed tens of flaws, the most severe of them is the CVE-2018-9583 issue. The CVE-2018-9583 flaw is a critical remote code execution vulnerability affecting […] | Vulnerability | ||
|
2019-01-09 13:41:05 | State attorneys general announced a $1.5 million settlement with Neiman Marcus (lien direct) | Tens of state attorneys general announced a $1.5 million settlement with The Neiman Marcus Group over a 2013 data breach. Tens of attorneys general announced this week a $1.5 million settlement with The Neiman Marcus Group LLC over a data breach suffered by the company in 2013 and disclosed earlier 2014. 43 states and the […] | Data Breach | ||
|
2019-01-09 09:08:04 | Microsoft January 2019 Patch Tuesday updates fix 7 critical vulnerabilities (lien direct) | Microsoft has released the January 2019 Patch Tuesday updates that address 51 vulnerabilities in Windows OSs and other products. Microsoft has released Microsoft January 2019 Patch Tuesday that solve 51 vulnerabilities in Windows operating system and in the following solutions: Adobe Flash Player Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web […] | |||
|
2019-01-09 06:15:05 | Adobe addresses \'Important\' Flaws in Connect, Digital Editions (lien direct) | Adobe's Patch Tuesday security updates for January 2019 fix two flaws rated as “important” in the Connect and Digital Editions products. Adobe's Patch Tuesday security updates for January 2019 fix two “important” vulnerabilities in the Connect and Digital Editions ebook reader products. The first flaw, tracked as CVE-2018-19718, is a session token exposure issue that […] | |||
|
2019-01-08 22:26:02 | German youngster behind massive data leak of German politicians data (lien direct) | A 20-year-old hacker was arrested for the recent massive data leak that impacted hundreds of German politicians. According to the authorities, the man had already confessed. The German authorities have identified a 20-year-old hacker that stole and leaked personal data belonging to hundreds of German politicians. According to the authorities, the youngster, who lives with […] | |||
|
2019-01-08 15:00:04 | Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack (lien direct) | The cryptocurrency exchange Coinbase suspended the trading of Ethereum Classic (ETC) after double-spend attacks worth $1.1 Million The cryptocurrency exchange Coinbase has suspended the trading of Ethereum Classic (ETC) after double-spend attacks that consist in spending digital coins twice.Ethereum Classic (ETC) is the original unforked Ethereum blockchain, the attacks resulted in the loss of $1.1 million […] | |||
|
2019-01-08 11:38:05 | Zerodium offers $2 Million for remote iOS jailbreaks, and much more (lien direct) | The zero-day broker Zerodium offers $2 million for remote iOS jailbreaks and $1 million for chat app exploits. Zerodium announced it is going to pay up to $2 million for remote iOS jailbreaks that don’t need any user interaction, Previous offers of the company for this kind of exploits was $1.5 million. The company also doubled the […] | |||
|
2019-01-08 09:10:00 | Nine 2019 Cybersecurity Predictions (lien direct) | Wondering about the state of global cybersecurity in 2019? Wonder no more with these nine cybersecurity predictions for where the new year will take us - and what it means for our digital properties, online lives and livelihoods. 1. Everybody Will Have to Choose Their Partners and Equipment More Carefully The Internet of Things is […] | |||
|
2019-01-08 06:14:03 | Tens of thousands of hot tubs are exposed to hack (lien direct) | Experts from security firm Pen Test Partners reported that tens of thousands of hot tubs are currently vulnerable to cyber attacks. Security experts at Pen Test Partners have discovered thousands of connected hot tubs vulnerable to remote cyber attacks. The hot tubs could be remotely controlled by an app, dubbed Balboa Water App, that lack […] | Hack | ||
|
2019-01-07 21:48:04 | Hackers have stolen customer data from Titan Manufacturing and Distributing company for nearly one year (lien direct) | Cyber criminals have stolen customer data from the Titan Manufacturing and Distributing company for nearly one year using a malware. Hackers hit the Titan Manufacturing and Distributing company and compromised its computer system to steal customer payment card data for an entire year. Attackers breached into the computer system at Titan Manufacturing and Distributing company to steal […] | |||
|
2019-01-07 13:56:00 | Australian Early Warning Network hacked and used to send fake alerts (lien direct) | A hacker obtained an unauthorized access to the Australian Early Warning Network over the weekend and abused it to send out an alert via SMS A hacker breached the Australian Early Warning Network over the weekend and abused it to send out an alert via SMS, landline, and email to the subscribers of the Aeeris firm […] | |||
|
2019-01-07 11:04:02 | ReiKey app for macOS can detect Mac Keyloggers using event taps (lien direct) | ReiKey is a free tool that allows to scan and detect keylogger that install persistent keyboard “event taps” to intercept your keystrokes. Good news for macOS users, a new open source tool dubbed ReiKey allows them to detect Mac Keyloggers. The ReiKey app monitor systems for applications that analyzed keyboard ‘event taps‘ to monitor and […] | Tool | ||
|
2019-01-07 08:00:04 | NSA will reveal its GHIDRA Reverse Engineering tool at RSA Conference (lien direct) | The National Security Agency (NSA) will release at the next RSA Conference a free reverse engineering framework called GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux). The framework was first mentioned in the CIA Vault 7 dump that was leaked in 2017. WikiLeaks obtained thousands of files allegedly […] | Tool | ||
|
2019-01-06 16:53:05 | Dark Overlord hacking crew publishes first batch of confidential 9/11 files (lien direct) | The Dark Overlord published the first batch of decryption keys for 650 confidential documents related to the 9/11 terrorist attacks. The Dark Overlord hacking group claims to have stolen a huge trove of documents from the British insurance company Hiscox, Hackers stole “hundreds of thousands of documents,” including tens of thousands files related to the […] | |||
|
2019-01-06 14:07:05 | (Déjà vu) Security Affairs newsletter Round 195 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! Facebook tracks non-users via Android Apps Hackers bypassed […] | |||
|
2019-01-06 09:05:00 | Blur data leak potentially exposed data of 2.4 Million users (lien direct) | A misconfigured AWS S3 bucket is the root cause of a data leak that impacted 2.4 million Blur users, reported the online privacy firm Abine. Blur is a popular password manager developed by the online privacy firm Abine, it also implements private browsing features and masked email. The application was developed to secure the personal […] | |||
|
2019-01-05 15:16:04 | Did Aurora Ransomware infect you? You can decrypt file for free (lien direct) | Victims of the Aurora Ransomware could use a decryptor tool developed by the popular malware researcher Michael Gillespie to decrypt their data for free. Good news for the victims of the Aurora Ransomware, there are many variants of this Windows malware but most of the victims have been infected by the version that appends the […] | Ransomware Malware Tool | ||
|
2019-01-05 10:23:02 | High Severity DoS bug affects Several Yokogawa products (lien direct) | A serious DoS flaw affects several industrial automation products manufactured by the Yokogawa Electric. The DoS vulnerability in several Yokogawa Electric products affects the Open Communication Driver for Vnet/IP, a real-time plant network system for process automation. The flaw, tracked as CVE-2018-16196, could be exploited by an attacker to stop communication function of Vnet/IP Open Communication […] | Vulnerability | ||
|
2019-01-04 20:55:05 | Flaw in Skype for Android exposes photos and contacts (lien direct) | A security expert found a flaw in Skype for Android that could be exploited by an unauthenticated attacker to view photos and contacts, and even open links in the browser. Security expert Florian Kunushevci (19) discovered a vulnerability that allows an unauthenticated local attacker to view photos and contacts, and also to open links in […] | Vulnerability | ||
|
2019-01-04 15:23:04 | New NRSMiner cryptominer NSA-Linked EternalBlue Exploit (lien direct) | A new variant of the NRSMiner is infecting users in the southern region of Asia, most of the victims are in Vietnam (54%), Iran (16%) and Malaysia (12%). The new version leverages the EternalBlue exploit to spread, experts observed that the threat also updates existing NRSMiner installs. ETERNALBLUE is an NSA exploit that made the headlines […] | Threat | ||
|
2019-01-04 12:45:01 | Hackers leak data on hundreds of German Politicians, including Chancellor Merkel (lien direct) | German politicians were impacted by a massive data leak that exposed their personal data online, German Chancellor Angela Merkel was affected too. Data belonging to hundreds of German politicians, including Chancellor Angela Merkel, were exposed online due to a massive leak that is the biggest data dump of its kind in the country. According to […] | |||
|
2019-01-04 10:21:05 | (Déjà vu) Town of Salem RP Game hacked, more than 7.6M Players affected (lien direct) | BlankMediaGames disclosed a data breach that affects millions of players of the popular role-playing game Town of Salem. The BlankMediaGames suffered a data breach that impacted more than 7.6 million players of the browser-based role-playing game Town of Salem Exposed data includes usernames, emails, passwords, IP addresses, game and forum activity. The bad news for […] | Data Breach | ||
|
2019-01-03 22:48:02 | Adobe addressed two critical flaws in Adobe Acrobat, Reader (lien direct) | The first Adobe security updates for 2019 addresses two critical vulnerabilities in the Acrobat and Reader products. Adobe addressed two critical vulnerabilities in the Acrobat and Reader products, a use-after-free issue and a security bypass flaw. The flaws affect the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017 and Acrobat Reader DC 2017 for Windows […] | |||
|
2019-01-03 19:07:00 | Hackers defaced Dublin Luas website and demand ransom (lien direct) | The website of the tram system in Dublin, the Luas, was hacked on Thursday, attackers claim to have the access to information stored on the organization's systems. Attackers defaced the website of the Luas, the home page displayed a message demanding the payment of 1 bitcoin. The hackers asked the payment within 5 days threatening to “publish all data and send emails […] | |||
|
2019-01-03 15:26:02 | After 3 years, Google partially fixes a bug in Android Google Chrome (lien direct) | Three years after its disclosure, Google has patched an information disclosure flaw in the Android version of the popular Chrome web browser. The issue exposes devices information, including device model and firmware version, an attacker could exploit this info to remotely identify unpatched devices and target them. The flaw ties the way the Android version […] | |||
|
2019-01-03 08:00:04 | (Déjà vu) New unCaptcha automated system bypasses Google reCAPTCHA once again (lien direct) | The unCaptcha automated system can once again bypass Google's reCAPTCHA challenges, despite major updates to the security service. It has happened again, the unCaptcha automated system is able to bypass the Google reCAPTCHA mechanism even if it was improved over the years. The unCaptcha system was created in 2017 to bypass the reCAPTCHA mechanism used to protect websites […] |
To see everything:
Our RSS (filtrered)
