Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-02-18 17:59:13 |
Exploit Details Emerge for Unpatched Microsoft Bug (lien direct) |
A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes. |
|
|
|
|
2021-02-18 16:34:57 |
Mac Malware Targets Apple\'s In-House M1 Processor (lien direct) |
A malicious adware-distributing application specifically targets Apple's new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices. |
Malware
|
|
|
|
2021-02-18 14:01:54 |
SDK Bug Lets Attackers Spy on User\'s Video Calls Across Dating, Healthcare Apps (lien direct) |
Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered. |
|
|
|
|
2021-02-17 22:02:23 |
Stolen Jones Day Law Firm Files Posted on Dark Web (lien direct) |
Jones Day, which represented Trump, said the breach is part of the Accellion attack from December. |
|
|
|
|
2021-02-17 21:39:10 |
Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign (lien direct) |
The WatchDog malware has flown under the radar for two years in what researchers call one of the 'largest' Monero cryptojacking attacks ever. |
Malware
|
|
|
|
2021-02-17 19:57:26 |
Ninja Forms WordPress Plugin Bug Opens Websites to Hacks (lien direct) |
The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking. |
|
|
|
|
2021-02-17 18:20:28 |
(Déjà vu) U.S. Accuses North Korean Hackers of Stealing Millions (lien direct) |
The feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea. |
Medical
|
APT 38
APT 28
|
|
|
2021-02-17 16:31:40 |
Masslogger Swipes Microsoft Outlook, Google Chrome Credentials (lien direct) |
A new version of the Masslogger trojan has been targeting Windows users - now using a compiled HTML (CHM) file format to start the infection chain. |
|
|
|
|
2021-02-17 15:30:37 |
Details Tied to Safari Browser-based \'ScamClub\' Campaign Revealed (lien direct) |
Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups. |
|
|
|
|
2021-02-16 22:00:57 |
Complaint Blasts TikTok\'s \'Misleading\' Privacy Policies (lien direct) |
TikTok is again in hot water for how the popular video-sharing app collects and shares data - particularly from its underage userbase. |
|
|
|
|
2021-02-16 21:47:30 |
Let\'s Encrypt Gears Up to Replace 200M Certificates a Day (lien direct) |
The open CA prepares for 'worst scenarios' with new fiber, servers, cryptographic signing and more. |
|
|
|
|
2021-02-16 21:27:06 |
DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence (lien direct) |
The volume of attacks fell 31 percent in the last part of 2020, as Bitcoin values skyrocketed. But there were still several notable trends, such as a rise in Linux botnets. |
|
|
|
|
2021-02-16 16:50:35 |
Misconfigured Baby Monitors Allow Unauthorized Viewing (lien direct) |
Hundreds of thousands of individuals are potentially affected by this vulnerability. |
|
|
|
|
2021-02-16 16:47:36 |
Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches (lien direct) |
Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates. |
|
|
|
|
2021-02-16 14:08:04 |
Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware (lien direct) |
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed. |
Malware
|
|
|
|
2021-02-15 20:50:58 |
Cybercrooks Rake in $304M in Romance Scams (lien direct) |
The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic. |
|
|
|
|
2021-02-12 21:01:25 |
mHealth Apps Expose Millions to Cyberattacks (lien direct) |
Researcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable APIs. |
|
|
|
|
2021-02-12 20:17:10 |
Yandex Data Breach Exposes 4K+ Email Accounts (lien direct) |
In a security notice, Yandex said an employee had been providing unauthorized access to users' email accounts “for personal gain.” |
Data Breach
|
|
|
|
2021-02-12 19:03:01 |
\'Annoyingly Believable\' Tax Scam Targets Mobile Users (lien direct) |
A well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds. |
|
|
|
|
2021-02-12 17:05:10 |
Singtel Suffers Zero-Day Cyberattack, Damage Unknown (lien direct) |
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform. |
|
|
|
|
2021-02-12 15:34:06 |
Florida Water Plant Hack: Leaked Credentials Found in Breach Database (lien direct) |
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack. |
|
|
|
|
2021-02-11 21:32:47 |
Pre-Valentine\'s Day Malware Attack Mimics Flower, Lingerie Stores (lien direct) |
Emails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware. |
Malware
|
|
|
|
2021-02-11 16:03:00 |
Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims (lien direct) |
The attackers ported victims' cell phone lines and then defeated 2FA to access accounts and apps. |
|
|
|
|
2021-02-11 15:52:38 |
How Email Attacks are Evolving in 2021 (lien direct) |
The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics. |
|
|
|
|
2021-02-11 15:03:54 |
Various Malware Lurking in Discord App to Target Gamers (lien direct) |
Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers. |
Spam
Malware
|
|
|
|
2021-02-11 12:00:22 |
Military, Nuclear Entities Under Target By Novel Android Malware (lien direct) |
The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation. |
Malware
|
|
|
|
2021-02-10 21:32:28 |
SAP Commerce Critical Security Bug Allows RCE (lien direct) |
The critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses. |
|
|
★★★★
|
|
2021-02-10 21:20:19 |
Hacker Sets Alleged Auction for Witcher 3 Source Code (lien direct) |
The ransomware gang behind the hack of CD Projekt Red may be asking for $1 million opening bids for the company's valuable data. |
Ransomware
Hack
|
|
|
|
2021-02-10 19:07:08 |
Hybrid, Older Users Most-Targeted by Gmail Attackers (lien direct) |
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn't a big factor. |
|
|
|
|
2021-02-10 15:16:15 |
Intel Squashes High-Severity Graphics Driver Flaws (lien direct) |
Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems. |
|
|
|
|
2021-02-10 14:00:28 |
The time for Insider Risk Management is now: Code42 2021 Data Exposure Report Reveals a Perfect Storm (lien direct) |
The Code42 2021 Data Exposure Report highlights the need to adopt a new approach to data security and invest in modern Insider Risk technology. |
|
|
|
|
2021-02-10 13:49:32 |
Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple (lien direct) |
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. |
Hack
|
|
|
|
2021-02-09 22:33:08 |
Actively Exploited Windows Kernel EoP Bug Allows Takeover (lien direct) |
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday -- including 11 critical and six publicly known. And, it continued to address the Zerologon bug. |
|
|
|
|
2021-02-09 22:31:16 |
Google Play Boots Barcode Scanner App After Ad Explosion (lien direct) |
A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones. |
|
|
|
|
2021-02-09 19:40:47 |
Attackers Exploit Critical Adobe Flaw to Target Windows Users (lien direct) |
A critical vulnerability in Adobe Reader has been exploited in "limited attacks." |
Vulnerability
|
|
|
|
2021-02-09 15:47:03 |
Android Devices Hunted by LodaRAT Windows Malware (lien direct) |
The LodaRAT - known for targeting Windows devices - has been discovered also targeting Android devices in a new espionage campaign. |
Malware
|
|
|
|
2021-02-09 15:33:11 |
Cyberpunk 2077 Publisher Hit with Hack, Threats and Ransomware (lien direct) |
CD Projekt Red was hit with a cyberattack, and the attackers are threatening to release source code for Witcher 3, corporate documents and more. |
Ransomware
|
|
|
|
2021-02-09 12:54:39 |
Hacker Tries to Poison Water Supply of Florida Town (lien direct) |
A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated. |
Threat
|
|
|
|
2021-02-08 21:12:01 |
Billions of Passwords Offered for $2 in Cyber-Underground (lien direct) |
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection. |
|
|
|
|
2021-02-08 21:11:57 |
Critical WordPress Plugin Flaw Allows Site Takeover (lien direct) |
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws. |
|
|
|
|
2021-02-08 21:06:39 |
Ransomware Demands Spike 320%, Payments Rise (lien direct) |
Remote work continues to fueling a spike in phishing and cyberattacks, particularly in the U.S. |
|
|
|
|
2021-02-08 17:24:31 |
Fake Forcepoint Google Chrome Extension Hacks Windows Users (lien direct) |
In a unique attack, cybercriminals locally install an extension to manipulate data in internal web applications that the victims have access to. |
|
|
|
|
2021-02-08 16:39:52 |
WestRock Ransomware Attack Hinders Packaging Production (lien direct) |
The ransomware attack, affecting OT systems, resulted in some of WestRock's facilities lagging in production levels. |
Ransomware
|
|
|
|
2021-02-05 22:21:56 |
Industrial Networks See Sharp Uptick in Hackable Security Holes (lien direct) |
Claroty reports that adversaries, CISOs and researchers have all turned their attention to finding critical security bugs in ICS networks. |
|
|
|
|
2021-02-05 22:20:20 |
Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites (lien direct) |
An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users. |
|
|
|
|
2021-02-05 15:47:55 |
Google Chrome Zero-Day Afflicts Windows, Mac Users (lien direct) |
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers. |
Vulnerability
|
|
|
|
2021-02-05 15:17:53 |
Ransomware Attacks Hit Major Utilities (lien direct) |
Eletrobras, the largest power company in Latin America, faces a temporary suspension of some operations. |
|
|
|
|
2021-02-04 21:47:10 |
Android Devices Prone to Botnet\'s DDoS Onslaught (lien direct) |
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity. |
|
|
|
|
2021-02-04 19:31:33 |
Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months (lien direct) |
As many as 100,000 of the music streaming service's customers could face account takeover. |
|
|
|
|
2021-02-04 19:26:36 |
Nespresso Smart Cards Brewed with Weak Security (lien direct) |
A researcher hacked Nespresso Pro smart cards to dispense free, unlimited coffee. |
|
|
|