What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-02-20 07:44:05 | Cyberattacks cost the United States between $57 billion and $109 billion in 2016 (lien direct) | The report published by the White House Council of Economic Advisers examines the cyberattacks cost that malicious cyber activities cause to the U.S. economy. How much cost cyber attacks to the US? According to a report published by the White House Council of Economic Advisers last week, the cyberattacks cost between $57 billion and $109 billion […] | |||
|
2018-02-19 21:13:00 | SIM Hijacking – T-Mobile customers were victims an info disclosure exploit (lien direct) | Lorenzo Franceschi-Bicchierai published an interesting post on SIM hijacking highlighted the risks for the end users and their exposure to this illegal practice. In 2017, hackers stole some personal information belonging to T-Mobile customers by exploiting a well-known vulnerability. A video tutorial titled ‘T-Mobile Info Disclosure exploit’ showing how to use the flaw was also published […] | |||
|
2018-02-19 19:19:01 | City Union Bank is the last victim of a cyber attack that used SWIFT to transfer funds (lien direct) | The Indian bank Kumbakonam-based City Union Bank announced that cyber criminals compromised its systems and transferred a total of US$1.8 million. During the weekend, the Russian central bank revealed a new attack against the SWIFT system, unknown hackers have stolen 339.5 million roubles (roughly $6 million) from a Russian bank last year. Even if the SWIFT international bank […] | ★★★ | ||
|
2018-02-19 14:58:02 | 90 days have passed, Google discloses unpatched flaw in the Microsoft Edge browser (lien direct) | Google Project Zero disclosed details of an unpatched flaw in the Edge browser because Microsoft failed to address it within a 90-day deadline. White hackers at the Google Project Zero have disclosed details of an unpatched vulnerability in the Edge browser because Microsoft failed to address it within a 90-day deadline according to the Google’s […] | |||
|
2018-02-19 07:24:01 | An APFS Filesystem flaw could lead macOS losing data under certain conditions (lien direct) | The Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS losing data under certain conditions. A few days ago a ‘text bomb‘ bug was reported for Apple iOS and macOS apps, the issue can crash any Apple iPhone, iPad Or Mac. Now the Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS […] | Guideline | ||
|
2018-02-18 19:37:05 | (Déjà vu) JenkinsMiner made $3.4 million in a few months by compromising Jenkins servers (lien direct) | Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers A criminal organization has made $3.4 million by compromising Jenkins servers and installing a Monero cryptocurrency miner dubbed JenkinsMiner. “The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows, and has already secured him over $3 million worth […] | |||
|
2018-02-18 14:29:02 | Germany\'s defense minister: Cyber security is going to be the main focus of this decade. (lien direct) | On Saturday, Germany defense minister Ursula von der Leyen told CNBC that cyber attacks are the greatest challenge threatening global stability. The cybersecurity is a pillar of modern states, the string of recent massive attacks including NotPetya and WannaCry is the demonstration that we are all potential targets. Cyber attacks could hit governments, private companies and citizens in every […] | NotPetya Wannacry | ||
|
2018-02-18 12:03:00 | Security Affairs newsletter Round 150 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Once again thank you! · FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins · Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild · Thousands of websites […] | |||
|
2018-02-18 09:05:01 | COINHOARDER criminal gang made an estimated $50 million with a Bitcoin phishing campaign (lien direct) | Researchers with Cisco Talos have monitored a bitcoin phishing campaign conducted by a criminal gang tracked as Coinhoarder that made an estimated $50 million by exploiting Google AdWords. Researchers with Cisco Talos have monitored a bitcoin phishing campaign for several months with the help of the Ukraine Cyberpolice. The gang, tracked as Coinhoarder, has made an estimated $50 million […] | |||
|
2018-02-17 15:28:01 | Effective Tips for Internet Safety for Kids You Must Read (lien direct) | Online safety for your kids is very important. However, that doesn’t necessarily mean that it needs to be hard work. The key thing is to learn how to get parental controls set up properly so that you won’t have to worry as much about online safety when your kids start to use the internet for […] | |||
|
2018-02-17 13:37:00 | Prosecutor Robert Mueller indicted 13 Russians for a massive operation aimed to influence Presidential election (lien direct) | The special prosecutor Robert Mueller has accused thirteen Russian nationals of tampering with the 2016 presidential election and charged them with conspiring against the United States. Thirteen Russian nationals and three Russian entities have been indicted for a massive operation aimed to influence the 2016 Presidential election. The special prosecutor Robert Mueller has accused the defendants of tampering with the […] | |||
|
2018-02-17 08:36:00 | Researchers spotted a new malware in the wild, the Saturn Ransomware (lien direct) | Researchers at the MalwareHunterTeam spotted a new strain of ransomware called Saturn Ransomware, the name derives from the .saturn extension it appends to the name of the encrypted files. Currently, the malware requests victims of $300 USD payment that doubles after 7 days. Once infected a system, the Saturn Ransomware checks if it is running in a […] | |||
|
2018-02-17 06:31:02 | Unknown hackers stole $6 million from a Russian bank via SWIFT system last year (lien direct) | A new attack against the SWIFT system made the headlines again, unknown hackers have stolen 339.5 million roubles (roughly $6 million) from a Russian bank last year. The news of the attack against the international payments messaging system was reported on Friday by the Russian central bank, this is the last incident of a long string […] | |||
|
2018-02-16 19:19:03 | 119,000 Scanned IDs of FedEx-owned company Bongo International\'s customers exposed online (lien direct) | Researchers discovered an Amazon S3 bucket contains personal information and scans of IDs of some 119,000 US and international citizens. It has happened again, researchers discovered another unsecured Amazon S3 bucket holding a huge trove of data that was exposed online. The Amazon S3 bucket contains personal information and scans of IDs of some 119,000 […] | FedEx | ||
|
2018-02-16 12:09:05 | OpenSSL alpha adds TLS 1.3 support in the alpha version of OpenSSL 1.1.1 (lien direct) | OpenSSL adds TLS 1.3 (Transport Layer Security) supports in the alpha version of OpenSSL 1.1.1 that was announced this week. OpenSSL adds TLS 1.3 supports in the alpha version of OpenSSL 1.1.1 that was announced this week. TLS protocol was designed to allow client/server applications to communicate over the Internet in a secure way preventing message forgery, eavesdropping, […] | |||
|
2018-02-16 08:42:00 | A new text bomb threatens Apple devices, a single character can crash any apple iPhone, iPad Or Mac (lien direct) | Researchers discovered a new dangerous text bomb that crashes Apple devices, only a single character of the Indian Telugu language could create the chaos. A new ‘text bomb’ threatens Apple devices, just a single character of the Indian alphabet (precisely the Telugu language, a Dravidian language spoken in India by about 70 million people) can crash your device […] | |||
|
2018-02-16 07:08:04 | DELL EMC addressed two critical flaws in VMAX enterprise storage systems (lien direct) | Dell EMC addressed two critical vulnerabilities that affect the management interfaces for its VMAX enterprise storage systems. The Dell EMC's VMAX Virtual Appliance (vApp) Manager is an essential component of a wide range of the enterprise storage systems. The first flaw tracked as CVE-2018-1215 is an arbitrary file upload vulnerability that could be exploited by a […] | |||
|
2018-02-15 19:13:00 | UK Foreign Office Minister blames Russia for NotPetya massive ransomware attack (lien direct) | The United Kingdon’s Foreign and Commonwealth Office formally accuses the Russian cyber army of launching the massive NotPetya ransomware attack. The UK Government formally accuses the Russian cyber army of launching the massive NotPetya ransomware attack. The United Kingdon’s Foreign and Commonwealth Office “attributed the NotPetya cyber-attack to the Russian Government.” According to the UK, […] | NotPetya | ||
|
2018-02-15 15:14:02 | SAP Security Notes – February 2018 addresses tens of flaws including High Risk issues (lien direct) | SAP Security Notes – February 2018: SAP Security Notes February 2018 addressed several vulnerabilities including High-Risk flaws. SAP has released February 2018 Patches that addressed some high-risk vulnerabilities in its software, a total of 26 Security Notes (5 high-, 19 medium- and 2 low-risk). Once again, the missing authorization check is the most common vulnerability type this month. The […] | |||
|
2018-02-11 22:46:54 | Thousands of websites worldwide hijacked by cryptocurrency mining code due Browsealoud plugin hack (lien direct) | >Thousands of websites worldwide hijacked by a cryptocurrency mining code due to the hack of the popular Browsealoud plugin. A massive attack hit thousands of websites around the world, crooks deployed Coinhive scripts forcing them to secretly mine cryptocurrencies on visitors’ browsers. The list of compromised websites (4275) includes the UK’s NHS, Information Commissioner’s Office (ICO) (ico.org.uk), the UK’s […] | ★★★ | ||
|
2018-02-10 15:52:29 | Online Auction Safety Tips for Buyers and Sellers (lien direct) | >Buying or selling goods through online auctions is more popular than ever. Which are the best practices to follow for buyers and sellers for an online auction? Buying or selling goods through online auctions is more popular than ever. Today, there are a number of different auctions sites available where sellers can post new and […] | ★★★ | ||
|
2018-02-10 10:14:20 | Lenovo patches critical flaws that affect Broadcom\'s chipsets in dozens of Lenovo ThinkPad (lien direct) | >According to a security advisory issued by Lenovo, two critical vulnerabilities in Broadcom chipsets affects at least 25 models of Lenovo ThinkPad. The affected models are ThinkPad 10,  ThinkPad L460, ThinkPad P50s, ThinkPad T460, ThinkPad T460p, ThinkPad T460s, ThinkPad T560, ThinkPad X260 and ThinkPad Yoga 260. One of the flaws was discovered in June by Google that publicly disclosed […] | ★★★★★ | ||
|
2018-02-09 20:23:29 | fail0verflow hackers found an unpatchable flaw in Nintendo Switch bootROM and runs Linux OS (lien direct) | >The group of hackers known as ‘fail0verflow’ has discovered a vulnerability in the gaming console Nintendo Switch that could be exploited to install a Linux distro. The hackers announced their discovery in a post on Twitter, the published an image of a console running the Debian Linux distro after the hack. ðŸ§ðŸ§ðŸ§ðŸ§ #switch pic.twitter.com/4iTjTk9D59 — fail0verflow (@fail0verflow) […] | ★★★ | ||
|
2018-02-09 15:04:26 | A Flaw in Hotspot Shield VPN From AnchorFree Can Expose Users Locations (lien direct) | >Security expert Paulos Yibelo has discovered a vulnerability in Hotspot Shield VPN from AnchorFree that can expose locations of the users. Paulos Yibelo, a security researcher, has discovered a vulnerability that can expose users and locations around the globe compromising their anonymity and privacy. The company has about 500 million users globally. VPN services providers […] | |||
|
2018-02-09 13:39:41 | UDPOS PoS malware exfiltrates credit card data DNS queries (lien direct) | >A new PoS malware dubbed UDPoS appeared in the threat landscape and implements a novel and hard to detect technique to steal credit card data from infected systems. The UDPoS malware was spotted by researchers from ForcePoint Labs, it relies upon User Datagram Protocol (UDP) DNS traffic for data exfiltration instead of HTTP that is the protocol used by […] | |||
|
2018-02-09 11:31:12 | Researcher found multiple vulnerabilities in NETGEAR Routers, update them now! (lien direct) | >Security researchers Martin Rakhmanov from Trustwave conducted a one-year-study on the firmware running on Netgear routers and discovered vulnerabilities in a couple of dozen models. Netgear has just released many security updates that address vulnerabilities in a couple of dozen models. The vulnerabilities have been reported by security researchers Martin Rakhmanov from Trustwave, which conducted a […] | |||
|
2018-02-09 09:48:01 | The source code of the Apple iOS iBoot Bootloader leaked online (lien direct) | >The source code for Apple iOS iBoot secure bootloader has been leaked to GitHub, now we will try to understand why this component is so important for the iOS architecture. The iBoot is the component loaded in the early stages of the boot sequence and it is tasked with loading the kernel, it is stored in […] | |||
|
2018-02-09 07:41:20 | Swisscom data breach Hits 800,000 Customers, 10% of Swiss population (lien direct) | >Swisscom data breach – Telco company Swisscom confirmed it has suffered a data breach that affected roughly 800,000 of its customers, roughly 10% of the Swiss population. Swiss telco company Swisscom confirmed it has suffered a data breach that affected roughly 800,000 of its customers, roughly 10% of the Swiss population. According to Swisscom, unauthorized parties gained access to data in […] | |||
|
2018-02-08 21:17:33 | US authorities dismantled the global cyber theft ring known as Infraud Organization (lien direct) | >The US authorities have dismantled a global cybercrime organization tracked Infraud Organization involved in stealing and selling credit card and personal identity data. The US authorities have taken down a global cybercrime organization, the Justice Department announced indictments for 36 people charged with being part of a crime ring specialized in stealing and selling credit […] | |||
|
2018-02-08 11:33:09 | Joomla 3.8.4 release addresses three XSS and SQL Injection vulnerabilities (lien direct) | >Joomla development team has released the Joomla 3.8.4 that addresses many issues, including an SQL injection bug and three cross-site scripting (XSS) flaws. Joomla development team has released the Joomla 3.8.4 that addresses a large number of issues, including an SQL injection bug and three cross-site scripting (XSS) vulnerabilities. The latest release also includes several improvements. The XSS and SQL injection vulnerabilities have been classified […] | |||
|
2018-02-08 08:24:43 | Intel releases new Spectre security updates, currently only for Skylake chips (lien direct) | >Intel is releasing new firmware updates that should address Spectre vulnerabilities CVE-2017-5715 for Skylake processors. Intel is releasing new firmware updates limited to Skylake processors to address Spectre vulnerabilities, patches for other platforms are expected very soon. The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited […] | ★★ | ||
|
2018-02-08 00:26:34 | For the second time CISCO issues security patch to fix a critical vulnerability in CISCO ASA (lien direct) | >Cisco has rolled out new security patches for a critical vulnerability, tracked as CVE-2018-0101, in its CISCO ASA (Adaptive Security Appliance) software. At the end of January, the company released security updates the same flaw in Cisco ASA software. The vulnerability could be exploited by a remote and unauthenticated attacker to execute arbitrary code or trigger […] | |||
|
2018-02-07 15:00:19 | Automated Hacking Tool Autosploit Cause Concerns Over Mass Exploitation (lien direct) | >The Autosploit hacking tool was developed aiming to automate the compromising of remote hosts both by collecting automatically targets as well as by using Shodan.io API. Users can define its platform search queries like Apache, IIS and so forth to gather targets to be attacked. After gathering the targets, the tool uses Metasploit modules of its […] | |||
|
2018-02-07 13:49:10 | 9 Tips to Prevent WordPress Hacks in this Dangerous Digital World (lien direct) | >WordPress hacks are increasingly common. Whether it's for malicious reasons, to harm a site or to just insert backlinks, WordPress can be very vulnerable if not cared for and updated regularly. How to Prevent hacks? So, how do you prevent these security blips – this post aims to show how. Backup Regular data backup can […] | ★★★★★ | ||
|
2018-02-07 12:03:25 | Hackers can remotely access adult sex toys compromising at least 50.000 users (lien direct) | >Researchers discovered that sex toys from German company Amor Gummiwaren GmbH and its cloud platform are affected by critical security flaws. As a result for Master Thesis by Werner Schober in cooperation with SEC Consult and the University of Applied Sciences St. Pölten, it was discovered that sex toys from German company Amor Gummiwaren GmbH […] | |||
|
2018-02-07 07:57:05 | Adobe rolled out an emergency patch that fixed CVE-2018-4878 flaw exploited by North Korea (lien direct) | >Adobe rolled out an emergency patch that fixed two critical remote execution vulnerabilities, including the CVE-2018-4878 flaw exploited by North Korea. Adobe has rolled out an emergency patch to address two Flash player vulnerabilities after North Korea’s APT group was spotted exploiting one of them in targeted attacks. Last week, South Korea's Internet & Security […] | |||
|
2018-02-07 07:25:03 | Researchers ported the NSA  EternalSynergy, EternalRomance, and EternalChampion to Metasploit (lien direct) | >Security researcher Sean Dillon ported three NSA-linked exploits, EternalSynergy, EternalRomance, and EternalChampion, to the Metasploit platform. The security researcher at RiskSense Sean Dillon (@zerosum0x0) ported the Rapid7 Metasploit three hacking tools supposedly stolen from the NSA-linked Equation Group. The researcher modified the exploits to use them also against latest windows versions and merged them into the Metasploit […] | |||
|
2018-02-06 14:15:15 | Crime ring linked to Luminosity RAT dismantled by an international law enforcement operation (lien direct) | >The Europol's European Cybercrime Centre along with the UK NSA disclosed the details of an international law enforcement operation that dismantled a crime ring linked to Luminosity RAT. The Europol's European Cybercrime Centre (EC3) along with the UK National Crime Agency (NCA) disclosed the details of an international law enforcement operation that targeted the criminal ecosystem around the Luminosity … … Continue reading → | |||
|
2018-02-06 07:51:22 | Abusing X.509 Digital Certificates to establish a covert data exchange channel (lien direct) | >Researcher at Fidelis Cybersecurity devised a new technique that abuses X.509 Digital Certificates to establish a covert data exchange channel Last year, during the Bsides conference in July 2017, the security researcher at Fidelis Cybersecurity Jason Reaves demonstrated how to covertly exchange data using X.509 digital certificates, now the same expert published the proof-of-concept code. The X.509  is […] | |||
|
2018-02-06 07:24:39 | Popular British hacktivist Lauri Love will not be extradited to US, UK Court Ruled (lien direct) | >The popular British hacker Lauri Love (33) will not be extradited to stand trial in the US, the High Court of England and Wales ruled. Lauri Love was accused of hacking into United States government websites, will not be extradited to stand trial in the U.S., the High Court of England and Wales ruled today. The […] | |||
|
2018-02-06 05:35:45 | ADB.Miner, the Android mining botnet that targets devices with ADB interface open (lien direct) | >Security researchers at Qihoo 360’s Netlab have spotted a new Android mining botnet that targets devices with ADB interface open. Security researchers at Qihoo 360’s Netlab have spotted a new Android mining botnet over the weekend. The malicious code ADB.Miner targets Android devices by scanning for open ADB debugging interface (port 5555) and infects them with a Monero […] | |||
|
2018-02-05 18:44:32 | Cisco and FireEye Pointing Finger at North Korea Hacking Group For Adobe Flash 0-Day In The Wild (lien direct) | >According to security researchers at Cisco and FireEye a North Korea Hacking Group is behind the attacks that exploited the recently discovered Adobe Flash 0-Day vulnerability. There have been over 1,000 Adobe Flash vulnerabilities since it was released. Designed to make website development easier and providing additional features not supported by standard web browsers, it also adds […] | |||
|
2018-02-05 14:58:29 | Almost all WordPress websites could be taken down due to unpatched CVE-2018-6389 DoS flaw (lien direct) | >The Israeli security researcher Barak Tawily a vulnerability tracked as CVE-2018-6389 that could be exploited to trigger DoS condition of WordPress websites. The expert explained that the CVE-2018-6389 flaw is an application-level DoS issued that affects the WordPress CMS and that could be exploited by an attacker even without a massive amount of malicious traffic. “In this […] | |||
|
2018-02-05 12:09:05 | Hacking Amazon Key – Hacker shows how to access a locked door after the delivery (lien direct) | >Other problems for the Amazon Key technology, a hacker posted a video on Twitter to show how to access a locked door after a delivery worker's one-time code has been used. Earlier in November, Amazon announced for its Prime members the Amazon Key, a program that would allow a delivery person to enter your home under […] | |||
|
2018-02-05 11:40:48 | Cybersecurity week Round-Up (2018, Week 5) (lien direct) | >Cybersecurity week Round-Up (2018, Week 5) -Let’s try to summarize the most important event occurred last week in 3 minutes. The week began with massive cyber attacks against three Dutch banks and the National Tax Agency. Experts speculate the involvement of Russia because the attacks started after the revelation of the hack of the APT […] | |||
|
2018-02-05 07:35:18 | Leaked memo suggest NSA and US Army compromised Tor, I2P, VPNs and want to unmask Monero users (lien direct) | >The image of a memo leaked online suggests US Army and NSA are able to unmask Tor, I2P, VPNs users and they are working to track Monero, US Army and NSA are able to unmask Tor, I2P, VPNs users and they are working to track Monero, this is the truth revealed by a photo alleged leaked […] | ★★★ | ||
|
2018-02-04 16:33:26 | GandCrab, a new ransomware-as-a-service emerges from Russian crime underground (lien direct) | >Experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service dubbed GandCrab. advertised in Russian hacking community on the dark web. Experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service in the dark web dubbed GandCrab. The GandCrab was advertised in Russian hacking community, researchers noticed that authors leverage the RIG and GrandSoft exploit kits to distribute the malware. “Over […] | ★★ | ||
|
2018-02-04 11:38:46 | Security Affairs newsletter Round 148 – News of the week (lien direct) | >A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Once again thank you! ·Â Â Â Â Â Attackers behind Cloudflare_solutions Keylogger are back, 2000 WordPress sites already infected ·Â Â Â Â Â Download URLs for two packages of the phpBB forum software were compromised ·Â Â Â Â Â Iran-linked APT OilRig target IIS Web Servers […] | APT 34 | ||
|
2018-02-04 10:01:42 | UK Government Advices Industry Sectors To Comply With Guidance Or Pay $17 Million Fine (lien direct) | >Aiming to tackle threats from rogue nations and hackers The UK Government urges to boost security measures of services in critical sectors. On November 2016 United Kingdom published the National Cyber Security Strategy to address cyber threats from rogue nations like Iran, Russia, China, terrorists, states sponsored hackers and cyber menaces like ransomware against the […] | |||
|
2018-02-04 08:59:11 | More than 1 million worth of ETH stolen from Bee Token ICO Participants with phishing emails (lien direct) | >Participants to the Bee Token ICO were robbed for 100s of ETH, scammers sent out a phishing email stating that the ICO was now open, followed by an Ethereum address they controlled. Another day, another incident involving cryptocurrencies, hundreds of users fell victims to email scams in the last days. The victims were tricked by […] |
To see everything:
Our RSS (filtrered)
