What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-11-29 09:18:05 | Dell data breach – Dell forces password reset after the incident (lien direct) | Dell data breach – IT giant Dell disclosed a data breach, the company confirmed it has detected an intrusion in its systems on November 9th 2018. Attackers were trying to exfiltrate customer data (i.e. names, email addresses, and hashed passwords) from the company portal Dell.com, from support.dell.com websites. Wednesday that its online electronics marketplace experienced a […] | Data Breach | ||
|
2018-11-29 06:33:01 | (Déjà vu) AccuDoc Data Breach impacted 2.6 Million Atrium Health patients (lien direct) | Hospital network Atrium Health suffered a data breach, hacked accessed patients’ personal information after compromised the technology solutions provider AccuDoc. Atrium Health offers healthcare and wellness programs in the Southeast of the United States through more than 40 hospitals and 900 care locations. AccuDoc is a company providing technology solutions to the healthcare industry, including Hospital […] | Data Breach | ★★★★★ | |
|
2018-11-28 20:09:00 | FBI along with security firms dismantled 3ve Ad Fraud Operation (lien direct) | FBI along with cybersecurity firms dismantled a sophisticated ad fraud scheme that allowed its operators to earn tens of millions of dollars Law enforcement and private firms such as Google and WhiteOps took down one of the largest and most sophisticated digital ad-fraud campaign, tracked as Dubbed 3ve, that infected over 1.7 million computers to carry out advertising frauds. The […] | |||
|
2018-11-28 14:40:04 | British MP: Facebook was aware about Russian activity at least since 2014 (lien direct) | A British MP claims Facebook was ware about Russian political interference in 2014, long before the events become public. The British MP Damian Collins, head of a parliamentary inquiry into disinformation, revealed that one of the emails seized from US software company Six4Three as part of a US lawsuit, demonstrates that a Facebook engineer had notified the social network giant in October […] | |||
|
2018-11-28 09:56:02 | (Déjà vu) Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again (lien direct) | Cisco has released a new round of security patches to address potentially serious WebExec Webex flaw first addressed one month ago. One month ago, Cisco addressed the CVE-2018-15442 vulnerability, also tracked as WebExec by Counter Hack researchers Ron Bowes and Jeff McJunkin who discovered it. The flaw affects Cisco Webex Meetings Desktop and has been rated as a […] | Hack | ||
|
2018-11-28 06:03:00 | Uber fined nearly $1.2 Million by Dutch and UK Data Protection Authorities over data breach (lien direct) | British and Dutch data protection regulators fined the ride-sharing company Uber with $1,170,892 for the 2016 data breach. British and Dutch data protection regulators have fined Uber with $1,170,892 for the 2016 security breach that exposed personal data of 57 million of its users. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke […] | Data Breach | Uber | |
|
2018-11-27 15:17:01 | Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins (lien direct) | Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The malicious code was introduced in the version 3.3.6, published on September 9 via the Node Package Manager (NPM) repository. The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 […] | |||
|
2018-11-27 12:40:00 | The SLoad Powershell malspam is expanding to Italy (lien direct) | A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “Ramnit banker”. “In the past months CERT-Yoroi observed an emerging attack pattern targeting its […] | Malware Threat | ||
|
2018-11-27 09:12:02 | Experts demonstrate how to exfiltrate data using smart bulbs (lien direct) | Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0. The devices are manufactured by the Chinese company called […] | |||
|
2018-11-27 06:41:02 | UK Parliament seized confidential Facebook docs to investigate its data protection policies. (lien direct) | UK Parliament Seizes seized confidential Facebook documents from the developer of a now-defunct bikini photo searching app to investigate its data protection policies. A British lawmaker obliged a visiting tech executive to share the files ahead of an international hearing that parliament is hosting on Tuesday to gather info into disinformation and “fake news.” Committee Chairman […] | |||
|
2018-11-26 21:41:00 | Ransomware attack disrupted emergency rooms at Ohio Hospital System (lien direct) | Ransomware attacks continue to threaten the healthcare industry, the last incident in order of time impacted the Ohio Hospital System. The ransomware attack infected computer systems at the East Ohio Regional Hospital and Ohio Valley Medical Center reportedly caused the disruption of the hospitals’ emergency rooms. The malware hit the Ohio Hospital System on Friday, Nov. 23, evening, […] | Ransomware Malware | ||
|
2018-11-26 19:09:01 | When Do You Need to Report a Data Breach? (lien direct) | The way in which you respond to a data breach has a significant impact on how severe its consequences are. Reporting an event is one action that can help. The number of data breaches that were tracked in the U.S. in 2017 totaled 1,579, a nearly 44.7 percent increase from the previous year. Data breaches, […] | Data Breach | ||
|
2018-11-26 18:53:00 | Linux Kernel is affected by two DoS vulnerabilities still unpatched (lien direct) | Linux Kernel is affected by two denial-of-service (DoS) flaws, both vulnerabilities are NULL pointer deference issues Linux Kernel is affected by two denial-of-service (DoS) vulnerabilities, the issues impact Linux kernel 4.19.2 and previous versions. Both flaws are rated as Medium severity and are NULL pointer deference issues that can be exploited by a local attacker to trigger a DoS condition. […] | |||
|
2018-11-26 09:11:02 | Experts found a new powerful modular Linux cryptominer (lien direct) | Security experts from Russian antivirus firm Dr.Web have discovered a new strain of Linux cryptominer tracked as Linux.BtcMine.174. The Linux cryptominer has a multicomponent structure that implements a broad range of features in over 1,000 lines of code. When the Monero Linux cryptominer is first executed it checks whether the server, from which the Trojan will subsequently […] | |||
|
2018-11-26 08:24:03 | Hacker stole $1m from Silicon Valley executive via SIM swap (lien direct) | Nicholas Truglia, a 21-years-old man from New York, has stolen $1 million from Silicon Valley executive via SIM swap, and targeted other indivisuals. Nicholas Truglia, a 21-years-old man from New York, has been accused of stealing $1 million from Silicon Valley executive via SIM swap. He gained access to his phone number and used it impersonate […] | |||
|
2018-11-25 13:48:02 | Very trivial Spotify phishing campaign uncovered by experts (lien direct) | Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. The phishing campaign was discovered earlier November, attackers used convincing emails to trick Spotify users into providing their account credentials. The messages include a […] | |||
|
2018-11-25 11:05:00 | (Déjà vu) Security Affairs newsletter Round 190 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · 6,500+ sites deleted after Dark Web hosting […] | |||
|
2018-11-25 09:53:02 | (Déjà vu) Facebook appeals UK fine in Cambridge Analytica privacy Scandal (lien direct) | Facebook appeals 500,000-pound fine for failing to protect users' personal information in the Cambridge Analytica scandal. Facebook appeals the fine for failing to protect the privacy of the users in the Cambridge Analytica scandal. Political consultancy firm Cambridge Analytica improperly collected data of 87 million Facebook users and misused it. Facebook has been fined £500,000 in the U.K., the maximum fine allowed by […] | |||
|
2018-11-24 15:06:01 | Chat app Knuddels fined €20k under GDPR regulation (lien direct) | The case is making the headlines, the German chat platform Knuddels.de (“Cuddles”) has been fined €20,000 for storing user passwords in plain text. In July hackers breached the systems of the company Knuddels and leaked online its data. In September, an unknown individual notified Knuddels that crooks published user data of roughly 8,000 members on Pastebin and […] | |||
|
2018-11-24 10:23:02 | North Korea-linked group Lazarus targets Latin American banks (lien direct) | According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […] | Malware Medical | APT 38 | |
|
2018-11-24 09:04:05 | US Government is asking allies to ban Huawei equipment (lien direct) | US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures. The United States is highlighting the risks for national security in case of adoption of Huawei […] | |||
|
2018-11-23 19:07:02 | Beware Black Friday & Cyber Monday shoppers: fake products, credit cards scams and other types of fraud (lien direct) | Group-IB security experts are warning about the increasing scammers' activity during the Black Friday and Cyber Monday Sales Group-IB, an international company that specializes in preventing cyber attacks, warns about the increasing scammers' activity during the Black Friday and Cyber Monday Sales. Group-IB experts have discovered more than 400 website-clones of the popular marketplace AliExpress and roughly 200 fake websites […] | |||
|
2018-11-23 15:31:05 | VMware fixed Workstation flaw disclosed at the Tianfu Cup PWN competition (lien direct) | VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered at the Tianfu Cup PWN competition. VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered by Tianwen Tang of Qihoo 360's Vulcan Team at the Tianfu Cup PWN competition. White hat hackers earned more than $1 million for […] | Vulnerability | ||
|
2018-11-23 13:52:01 | New Emotet Thanksgiving campaign differs from previous ones (lien direct) | Researchers from Forcepoint observed a new Emotet Thanksgiving-themed campaign that appears quite different from previous ones. Security researchers from Forcepoint have observed a new Emotet Thanksgiving-themed campaign that appears quite different from previous ones. EMOTET, aka Geodo, is a banking trojan linked to the dreaded Dridex and Feodo (Cridex, Bugat) malware families. In past campaigns, EMOTET was used by crooks […] | Malware | ||
|
2018-11-23 10:38:04 | Exclusive Cybaze ZLab – Yoroi – Hunting Cozy Bear, new campaign, old habits (lien direct) | The experts at Cybaze ZLab – Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka Cozy Bear) The experts at Cybaze ZLab – Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka The Dukes, Cozy Bear, and Cozy Duke). The researchers of Yoroi ZLab, on […] | Malware | APT 29 | |
|
2018-11-23 09:54:01 | 13 fraudulent apps into Google Play have been downloaded 560,000+ times (lien direct) | Malware researcher discovered 13 fraudulent apps into Google Play that have been already downloaded and installed more than 560,000 times. Malware researcher Lukas Stefanko from security firm ESET discovered 13 malicious apps into Google Play that have been already downloaded and installed over half a million times (+560,000). The malicious apps could allow attackers to […] | Malware | ||
|
2018-11-23 08:33:01 | Software company OSIsoft has suffered a data breach (lien direct) | Software company OSIsoft has suffered a data breach, the firm confirmed that all domain accounts have likely been compromised. Software company OSIsoft notified security breach to employees, interns, consultants, and contractors. The company offers real-time data management solutions, its core product is the open enterprise infrastructure, the PI System, that allows connecting sensor-based data, systems, and people. The […] | Data Breach | ||
|
2018-11-22 20:24:02 | Chaining 3 zero-days allowed pen testers to hack Apple macOS computers (lien direct) | Dropbox team disclosed three critical zero-day vulnerabilities in Apple macOS, chaining them it is possible to take over a Mac computer. Dropbox team disclosed three critical zero-day vulnerabilities (CVE-2017-13890, CVE-2018-4176, CVE-2018-4175) affecting the Apple macOS operating system, an attacker could chain them to remotely execute arbitrary code on a targeted Mac computer. The attacker only needs to trick victims […] | Hack | ||
|
2018-11-22 12:15:01 | Flaw allowing identity spoofing affects authentication based on German eID cards (lien direct) | The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. The situation is […] | |||
|
2018-11-22 06:32:01 | Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw (lien direct) | Security experts from Netscout Asert discovered more than ten Mirai bot variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers. These Mirai variants are the first one that doesn’t target Internet of Things devices, the bot was specifically developed to target Linux servers. The Hadoop YARN is vulnerability is a command injection […] | |||
|
2018-11-21 22:26:02 | A flaw in US Postal Service website exposed data on 60 Million Users (lien direct) | US Postal Service has patched a critical bug that allowed anyone who has an account at usps.com to view and modify account details for other users US Postal Service has patched a critical bug that allowed anyone who has an account at usps.com to view and modify account details for other users, some 60 million users were affected. The news was […] | |||
|
2018-11-21 20:22:00 | Facebook increases rewards for its bug bounty program and facilitate bug submission (lien direct) | Facebook updates its bug bounty program, it is increasing the overall rewards for security flaws that could be exploited to take over accounts. Facebook announced an important novelty for its bug bounty, the social media giant is going to pay out as much as $40,000 for vulnerabilities that can be exploited to hack into accounts without […] | Hack | ||
|
2018-11-21 13:38:04 | Amazon UK is notifying a data breach to its customers days before Black Friday (lien direct) | Many readers of the Register shared with the media outlet an email sent from the Amazon UK branch that is notifying them an accidental data leak. The news is disconcerting, Amazon has suffered a data breach a few days before Black Friday Many readers of the Register shared with the media outlet an email sent from […] | Data Breach | ||
|
2018-11-21 12:13:03 | (Déjà vu) Experts found flaws in Dell EMC and VMware Products. Patch them now! (lien direct) | Security experts have found several vulnerabilities affecting Dell EMC Avamar and Integrated Data Protection Appliance products. They also warn that VMware's vSphere Data Protection, which is based on Avamar, is also affected by the issues. Dell EMC released security updates for Dell EMC Avamar Client Manager in Dell EMC Avamar Server and Dell EMC Integrated Data […] | |||
|
2018-11-21 06:23:03 | Sofacy APT group used a new tool in latest attacks, the Cannon (lien direct) | Sofacy APT group (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Experts at Palo Alto Networks spotted a new campaign in late October and early November, spear-phishing messages used Word […] | Tool | APT 28 | |
|
2018-11-20 20:22:04 | Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW (lien direct) | Hackers targeted Drupal web servers chaining some known vulnerabilities, including Drupalgeddon2 and DirtyCOW issues. Security experts at Imperva reported an attack against Drupal Web servers running on Linux-based systems. Hackers exploited the Drupalgeddon2 flaw (CVE-2018-7600) along with other issues. The Drupalgeddon2 could be exploited to take over a website, it affects Drupal versions 6, 7 and 8. The other flaw […] | |||
|
2018-11-20 15:00:01 | Two hackers involved in the TalkTalk hack sentenced to prison (lien direct) | Two men from Tamworth, Staffordshire were sentenced to prison for their roles in the 2015 TalkTalk hack. Two men, Connor Allsopp, 21, and Matthew Hanley, 23, pleaded guilty to charges of hacking. Allsopp has been sentenced to 8 months in jail and Hanley to 12 months. In October 2015, TalkTalk Telecom Group plc publicly disclosed that four […] | Hack Guideline | ||
|
2018-11-20 13:26:01 | Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign (lien direct) | Security researchers at F-Secure have recently uncovered a small spam campaign aimed at delivering spyware to Mac users that use Exodus wallet. Security experts at F-Secure have recently spotted a small spam campaign aimed at Mac users that use Exodus cryptocurrency wallet. The campaign leverages Exodus-themed phishing messages using an attachment named “Exodus-MacOS-1.64.1-update.zip.” The messages were […] | Spam | ||
|
2018-11-20 11:34:02 | TP-Link fixes 2 Remote Code Execution flaws in TL-R600VPN SOHO Router and other issues (lien direct) | TP-Link has addressed several vulnerabilities, including a remote code execution flaw, in its TL-R600VPN small and home office (SOHO) router. TP-Link as fixed four security vulnerabilities in the TL-R600VPN small and home office (SOHO) router that were reported by experts at Cisco Talos. The vulnerabilities are two remote code execution (RCE) flaws(CVE-2018-3950, CVE-2018-3951), a denial-of-service issue (CVE-2018-3948), and a server information disclosure bug (CVE-2018-394). The DOS and server information […] | |||
|
2018-11-20 09:31:03 | Experts analyzed how Iranian OilRIG hackers tested their weaponized documents (lien direct) | Security experts at Palo Alto Networks analyzed the method used by Iran-linked OilRig APT Group to test weaponized docs before use in attacks. Security researchers Palo Alto Networks have analyzed the techniques adopted by Iran-linked APT group OilRig (aka APT34) to test the weaponized documents before use in attacks. The OilRig hacker group is an Iran-linked APT that has been around since at least 2015, since then it targeted mainly […] | APT 34 | ||
|
2018-11-19 19:19:00 | Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits (lien direct) | Hackers earned more than $1 million for zero-day exploits disclosed at the Tianfu Cup PWN hacking contest that took place on November 16-17 in Chengdu. Hackers earned more than $1 million for zero-day exploits disclosed at the Tianfu Cup PWN competition that took place on November 16-17 in Chengdu during the Tianfu Cup conference. According to organizers, hackers […] | |||
|
2018-11-19 13:27:04 | Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29 (lien direct) | Malware researchers from Cybaze ZLab – Yoroi team have detected a new strain of malware that appears to be associated with a new wave of attacks carries out by Russia linked APT29 group. The researchers of Yoroi ZLab, on 16 November, accessed to a new APT29's dangerous malware which seems to be involved in the recent […] | Malware | APT 29 | |
|
2018-11-19 09:27:01 | Israel aims at hardening aviation industry assets from cyberattack (lien direct) | The defense and aviation industries are particularly exposed to cyber attacks and are adopting new countermeasures to harden their infrastructure and aircraft. Crook and nation-state actors continue to target defense and aviation industries and in some case, the increasing level of sophistication of the attacks is creating great concerns. The Israeli government is moving to harden aviation assets from […] | |||
|
2018-11-19 07:45:01 | CarsBlues Bluetooth attack Affects tens of millions of vehicles (lien direct) | The CarsBlues attack leverages security flaws in the infotainment systems installed in several types of vehicles via Bluetooth to access user PII. A new Bluetooth hack, dubbed CarsBlues, potentially affects millions of vehicles, Privacy4Cars warns. The CarsBlues attack leverages security flaws in the infotainment systems installed in several types of vehicles via Bluetooth, it affects users […] | |||
|
2018-11-18 17:32:04 | Instagram glitch exposed some user passwords (lien direct) | Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch. According to a company spokesperson, the bug was “discovered internally and affected a very small number of people.” The news […] | |||
|
2018-11-18 13:20:00 | 6,500+ sites deleted after Dark Web hosting provider Daniel\'s Hosting hack (lien direct) | On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider, and deleted 6,500+ sites. On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider. The news was confirmed by Daniel Winzen, the software developer behind the hosting service. Daniel’s Hosting became the largest Dark Web hosting provider earlier […] | Hack | ||
|
2018-11-18 09:35:00 | Suspected APT29 hackers behind attacks on US gov agencies, think tanks, and businesses (lien direct) | Last week, security experts reported alleged APT29 hackers impersonating a State Department official in attacks aimed at U.S. government agencies, businesses and think tanks. Cyber security experts are warning of new attacks against U.S. government agencies, think tanks, and businesses. Threat actors carried out spear phishing attacks impersonating a State Department official to attempt compromising targets, […] | Threat | APT 29 | |
|
2018-11-18 08:34:05 | (Déjà vu) Security Affairs newsletter Round 189 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in […] | |||
|
2018-11-18 08:15:01 | Hacking Gmail\'s UX with from fields for phishing attacks (lien direct) | A glitch in Gmail could be exploited by hackers to carry out phishing attacks, the issue is related the way Gmail automatically files messages into Sent folder A bug in Gmail could be exploited by attackers to carry out phishing attacks, the flaw ties the way Gmail automatically files messages into the “Sent” folder. The bug […] | |||
|
2018-11-17 18:54:03 | Million password resets and 2FA codes exposed in unsecured Vovox DB (lien direct) | Million of password resets and two-factor authentication codes exposed in unsecured Vovox DB. Sébastien Kaul, a security researcher based in Berlin, has discovered a poorly secured database owned by communication firm Vovox that contained left names, phone numbers, tens of millions of SMS messages, temporary passwords, two-factor codes, shipping alerts, and other information belonging to customers of companies […] |
To see everything:
Our RSS (filtrered)
