What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-05 20:58:00 | Anti-Spam WordPress Plugin Could Expose Website User Data (lien direct) | 'Spam protection, AntiSpam, FireWall by CleanTalk' is installed on more than 100,000 sites -- and could offer up sensitive info to attackers that aren't even logged in. | |||
|
2021-05-05 18:15:39 | Raft of Exim Security Holes Allow Linux Mail Server Takeovers (lien direct) | Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware. | |||
|
2021-05-05 16:03:49 | Peloton\'s Leaky API Spilled Riders\' Private Data (lien direct) | On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child. | |||
|
2021-05-05 13:24:30 | Feds Shut Down Fake COVID-19 Vaccine Phishing Website (lien direct) | 'Freevaccinecovax.org' claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes. | |||
|
2021-05-04 20:58:53 | Global Phishing Attacks Spawn Three New Malware Strains (lien direct) | The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked. | Malware | ||
|
2021-05-04 17:42:30 | Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs (lien direct) | The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others. | |||
|
2021-05-04 16:16:37 | Apple Fixes Zero‑Day Security Bugs Under Active Attack (lien direct) | On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine. | |||
|
2021-05-04 16:07:10 | Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs (lien direct) | The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009. | |||
|
2021-05-04 14:12:52 | Sneakers, Gaming, Nvidia Cards: Retailers Can Stop Shopping Bots (lien direct) | Jason Kent, hacker in residence at Cequence Security, says most retailers are applying 1970s solutions to the modern (and out-of-control) shopping-bot problem, and offers alternative ideas. | |||
|
2021-05-04 13:46:19 | Bait Boost: Phishers Delivering Increasingly Convincing Lures (lien direct) | An intense hunt for corporate account credentials will continue into next quarter, researchers predict. | |||
|
2021-05-03 21:04:49 | Scripps Health Cyberattack Causes Widespread Hospital Outages (lien direct) | The San Diego-based hospital system diverted ambulances to other medical centers after a suspected ransomware attack. | Ransomware | ||
|
2021-05-03 20:56:03 | New Attacks Slaughter All Spectre Defenses (lien direct) | The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It's bound for the dustbin. | |||
|
2021-05-03 18:22:23 | Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool (lien direct) | Researchers warned that unpatched versions of HPE's Edgeline Infrastructure Manager are open to remote authentication-bypass attacks. | Tool | ||
|
2021-05-03 17:51:14 | Deepfake Attacks Are About to Surge, Experts Warn (lien direct) | New deepfake products and services are cropping up across the Dark Web. | |||
|
2021-05-03 15:47:28 | New Buer Malware Downloader Rewritten in E-Z Rust Language (lien direct) | It's coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground. | Malware | ||
|
2021-04-30 19:32:34 | PortDoor Espionage Malware Takes Aim at Russian Defense Sector (lien direct) | The stealthy backdoor is likely being used by Chinese APTs, researchers said. | Malware | ||
|
2021-04-30 19:01:05 | WeSteal: A Cryptocurrency Stealing Tool That Does Just That (lien direct) | The developer of the WeSteal cryptocurrency stealer can't be bothered with fancy talk: they say flat-out that it's “the leading way to make money in 2021”. | Tool Guideline | ||
|
2021-04-30 17:03:51 | Is the SolarWinds Hack Really a Seismic Shift? (lien direct) | Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack's legacy and ramifications for security professionals. | Hack | ||
|
2021-04-30 11:49:34 | Microsoft Warns 25 Critical Vulnerabilities in IoT, Industrial Devices (lien direct) | Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. | Threat | ||
|
2021-04-29 22:44:21 | Babuk Ransomware Gang Mulls Retirement (lien direct) | The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they'll be open-sourcing their data encryption malware for other crooks to use. | Ransomware Malware | ||
|
2021-04-29 20:04:55 | F5 Big-IP Vulnerable to Security-Bypass Bug (lien direct) | The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console. | |||
|
2021-04-29 18:42:59 | Experian API Leaks Most Americans\' Credit Scores (lien direct) | Researchers fear wider exposure, amidst a tepid response from Experian. | |||
|
2021-04-29 17:39:37 | Multi-Gov Task Force Plans to Take Down the Ransomware Economy (lien direct) | A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. | Ransomware | ||
|
2021-04-29 16:17:38 | COVID-19 Results for 25% of Wyoming Accidentally Posted Online (lien direct) | Sorry, we've upchucked your COVID test results and other medical and personal data into public GitHub storage buckets, the Wyoming Department of Health said. | |||
|
2021-04-29 13:58:12 | Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites (lien direct) | The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes. | ★★ | ||
|
2021-04-29 13:00:28 | SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits (lien direct) | There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations' SaaS apps. | |||
|
2021-04-29 11:51:17 | DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down (lien direct) | Information stolen in April 10 ransomware attack was posted on a dark web portal and includes private documents not published as part of public records. | Ransomware | ||
|
2021-04-28 19:00:55 | Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks (lien direct) | SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. | Ransomware | ||
|
2021-04-28 17:48:16 | Google Chrome V8 Bug Allows Remote Code-Execution (lien direct) | The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities. | |||
|
2021-04-28 14:02:55 | Chase Bank Phish Swims Past Exchange Email Protections (lien direct) | Two phishing attacks elude Exchange security protections and spoof real-life account scenarios in an attempt to fool victims. | |||
|
2021-04-27 20:46:37 | Nintendo Sues Video-Game Pirates (lien direct) | Nintendo is questing after its third successful lawsuit against circumvention-device sellers, this time against Team Xecuter. | |||
|
2021-04-27 19:43:51 | Linux Kernel Bug Opens Door to Wider Cyberattacks (lien direct) | The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices. | |||
|
2021-04-27 16:49:26 | Smishing: Why Text-Based Phishing Should Be on Every CISO\'s Radar (lien direct) | Phil Richards, Chief Security Officer at Ivanti, discusses dramatic growth in smishing and what to do about it. | |||
|
2021-04-27 15:35:17 | Babuk Ransomware Gang Targets Washington DC Police (lien direct) | The RaaS developers thumbed their noses at police, saying “We find 0 day before you.” | Ransomware | ||
|
2021-04-27 11:45:01 | Apple Patches Zero-Day MacOS Bug That Can Bypass Anti-Malware Defenses (lien direct) | A variant of Mac No. 1 threat Shlayer since January already has been exploiting the vulnerability, which allows payloads to go unchecked through key OS security features. | Threat | ||
|
2021-04-26 20:28:20 | Flubot Spyware Spreading Through Android Devices (lien direct) | The malware is spreading rapidly through 'missed package delivery' SMS texts, prompting urgent scam warnings from mobile carriers. | Malware | ||
|
2021-04-26 18:12:03 | Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software (lien direct) | The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks. | |||
|
2021-04-23 19:44:18 | Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware (lien direct) | Judas and the Black Messiah may be a favorite for Best Picture at the 93rd Academy Awards on Sunday, but it's a fave for cybercriminals too. | Malware | ||
|
2021-04-23 17:15:23 | Prometei Botnet Could Fire Up APT-Style Attacks (lien direct) | The malware is for now using exploits for the Microsoft Exchange "ProxyLogon" security bugs to install Monero-mining malware on targets. | Malware | ||
|
2021-04-23 17:13:00 | 5 Fundamental But Effective IoT Device Security Controls (lien direct) | Matt Dunn, the associate managing director for cyber-risk at Kroll, discusses how to keep networks safe from insecure IoT devices. | |||
|
2021-04-23 13:00:12 | REvil\'s Big Apple Ransomware Gambit Looks to Pay Off (lien direct) | The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom by May 1 as demanded. | Ransomware | ||
|
2021-04-22 19:33:45 | Mount Locker Ransomware Aggressively Changes Up Tactics (lien direct) | The ransomware is upping its danger quotient with new features while signaling a rebranding to "AstroLocker." | Ransomware | ||
|
2021-04-22 19:06:45 | Spotlight on Cybercriminal Supply Chains (lien direct) | In this Threatpost podcast Fortinet's top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth. | |||
|
2021-04-22 13:17:56 | Telegram Platform Abused in \'ToxicEye\' Malware Campaigns (lien direct) | Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims' machines, new research has found. | Malware Threat | ||
|
2021-04-22 13:00:14 | It\'s Easy to Become a Cyberattack Target, but a VPN Can Help (lien direct) | You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list. | |||
|
2021-04-21 20:49:29 | 4 Innovative Ways Cyberattackers Hunt for Security Bugs (lien direct) | David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved "fixme" flags in developer support groups. | |||
|
2021-04-21 19:39:45 | QR Codes Offer Easy Cyberattack Avenues as Usage Spikes (lien direct) | Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan. | |||
|
2021-04-21 15:35:37 | Pulse Secure Critical Zero-Day Security Bug Under Active Exploit (lien direct) | CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs. | |||
|
2021-04-21 13:00:03 | Swiss Army Knife for Information Security: What Is Comprehensive Protection? (lien direct) | A vendor develops the series logically so that the tools do not just cover individual needs, but complement each other. For example, the concept of SearchInform is to ensure control of threats at all levels of the information network: from hardware and software to file systems and databases, from user actions on a PC to their activity on the Internet. | |||
|
2021-04-21 12:00:41 | Novel Email-Based Campaign Targets Bloomberg Clients with RATs (lien direct) | Attacks dubbed 'Fajan' by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact. | Threat |
To see everything:
Our RSS (filtrered)
