Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-02 15:45:00 |
Google Chrome Vulnerability Lets Sites Quietly Overwrite Clipboard Contents (lien direct) |
The bug was discovered by developer Jeff Johnson, who detailed his findings in a blog post |
Vulnerability
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-02 14:00:00 |
JuiceLedger Hacker Linked to First Phishing Campaign Targeting PyPI Users (lien direct) |
JuiceLedger started poisoning open-source packages as a way to target a wider audience in August |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-02 11:00:00 |
New Ransomware Group BianLian Activity Exploding (lien direct) |
The threat actor using the common Go programming language and a custom toolkit claims twenty victims |
Ransomware
Threat
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-02 09:30:00 |
CISA, NSA and npm Release Software Supply Chain Guidance (lien direct) |
Best practices are designed to help developers bolster security |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-02 09:00:00 |
Government Releases New AI Security Guidance (lien direct) |
New principles set to take on adversarial machine learning |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-02 08:30:00 |
Chile and Montenegro Floored by Ransomware (lien direct) |
Governments reveal system compromise in separate incidents |
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-01 16:30:00 |
Source Code of Over 1800 Android and iOS Apps Gives Access to AWS Credentials (lien direct) |
Roughly 50% of all the apps analyzed were seen using the same AWS tokens found in other apps |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-01 15:45:00 |
Ragnar Locker Ransomware Targets Energy Sector, Cybereason Suggests (lien direct) |
The malware can also check if specific products are installed, particularly security software |
Ransomware
Malware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-01 14:50:00 |
(Déjà vu) Apple Releases Update for iOS 12 to Patch Exploited Vulnerability (lien direct) |
The flaw would allow the processing of maliciously crafted web content and arbitrary code execution |
Vulnerability
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-01 09:50:00 |
Standards Body Publishes Guidelines for IoT Security Testing (lien direct) |
Document will help testers create benchmarks for security products |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-01 09:20:00 |
Detected Cyber-Threats Surge 52% in 1H 2022 (lien direct) |
Trend Micro warns of Linux-based ransomware |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-09-01 08:50:00 |
Microsoft Finds Account Takeover Bug in TikTok (lien direct) |
Vulnerability impacted social media firm's Android app |
Vulnerability
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-31 16:00:00 |
Golang-based Malware Campaign Relies on James Webb Telescope\'s Image (lien direct) |
Initial infection begins with a phishing email containing a Microsoft Office attachment |
Malware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-31 15:15:00 |
Evil Corp and Conti Linked to Cisco Data Breach, eSentire Suggests (lien direct) |
The firm said the tools used to attack Cisco were also deployed to compromise one of its clients |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-31 14:45:00 |
UK Imposes Tough New Cybersecurity Rules for Telecom Providers (lien direct) |
Ofcom will be able to issue fines for non-compliance of up to 10% of turnover |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-31 13:10:00 |
Intel Selects Check Point Quantum IoT Protect for RISC-V Platform (lien direct) |
IoT device manufacturers can now incorporate security at the start of the product life-cycle |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-31 09:40:00 |
Initiative Aims to Encourage Diverse Talent into Cyber (lien direct) |
National Cybersecurity Alliance launches HBCU career program |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-31 09:20:00 |
Ukrainian Police Bust Crypto Fraud Call Centers (lien direct) |
Scammers spoofed legitimate banks' phone numbers |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-31 08:45:00 |
ICO Pursues Traffic Accident Data Thieves (lien direct) |
Data protection regulator begins criminal proceedings |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-30 17:00:00 |
ModernLoader Delivers Stealers, Cryptominers and RATs Via Fake Amazon Gift Cards (lien direct) |
The association between the three apparently unrelated campaigns was made by Cisco Talos |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-30 16:00:00 |
Baker & Taylor\'s Systems Remain Offline a Week After Ransomware Attack (lien direct) |
The company said it will proceed to restore its systems as soon as they are sanitized |
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-30 14:20:00 |
Cryptominer Disguised as Google Translate Targeted 11 Countries (lien direct) |
Created by a Turkish-speaking entity, the malware claimed around 111,000 victims in 11 countries |
Malware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-30 11:00:00 |
Google Launches Major Open Source Bug Bounty Program (lien direct) |
Initiative is part of $10bn commitment to improve cybersecurity |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-30 11:00:00 |
(Déjà vu) New Go-based Ransomware \'Agenda\' Delivers Customized Attacks (lien direct) |
Agenda can reboot systems in safe mode and stop many server-specific processes and services |
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-30 09:30:00 |
FBI: Hackers Are Exploiting DeFi Bugs to Steal Funds (lien direct) |
Users of decentralized finance platforms at risk |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-30 08:45:00 |
UK Spies Fund New Course for Female Coders (lien direct) |
GCHQ wants to improve diversity for better results |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-29 14:00:00 |
Global Ransomware Damages to Exceed $30bn by 2023 (lien direct) |
Six hundred malicious email campaigns made their way across the internet in the first half of 2022 |
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-29 13:15:00 |
US Cyber Command and NSA Partner On Defence Efforts For Midterms Elections (lien direct) |
The group's main goal is to monitor foreign adversaries who may interfere with elections |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 16:00:00 |
Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel (lien direct) |
It is the first campaign in which the hacker group exploits SysAid apps as a vector for initial access |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 15:00:00 |
TeamTNT Targeted Cloud Instances and Containerized Environments For Two Years (lien direct) |
The hacking group most likely originates from Germany |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 14:00:00 |
0ktapus Phishing Campaign Targets Okta Identity Credentials (lien direct) |
Despite using low-skill methods, the campaign compromised a large number of well-known companies |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 09:40:00 |
Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement (lien direct) |
California's data protection law bares its teeth |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 09:00:00 |
Block Faces Class Action Suit After 2021 Breach (lien direct) |
Plaintiffs argue firm's security posture was ineffective |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-26 08:30:00 |
LastPass Hackers Stole Source Code (lien direct) |
Password management firm reveals incident in early August |
|
LastPass
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 15:30:00 |
Microsoft Attributes New Post-Compromise Capability to Nobelium (lien direct) |
MagicWeb improves on FoggyWeb by facilitating covert access directly via a malicious DLL |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 14:45:00 |
Talos Renews Cybersecurity Support For Ukraine on Independence Day (lien direct) |
Cisco and Talos both have resources available to organizations in Ukraine in need of assistance |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 13:00:00 |
CISA Releases Guidelines to Aid Companies Transition to Post-quantum Cryptography (lien direct) |
The guide provides overview of potential impacts of quantum computing on National Critical Functions |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 09:45:00 |
US Firm Pays $16m to Settle Healthcare Fraud Claims (lien direct) |
Essilor International resolves False Claims Act allegations |
|
|
★★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 09:20:00 |
Workplace Stress Worse than Cyber-Attack Fears for Security Pros (lien direct) |
CIISec study finds few have adopted industry best practices |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-25 09:00:00 |
Scammers Create \'AI Hologram\' of C-Suite Crypto Exec (lien direct) |
Online fraudsters appear to be upping their game |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 17:30:00 |
Plex Suffers Data Breach, Warns Users to Reset Passwords (lien direct) |
The company said it discovered suspicious activity on one of its databases on Tuesday |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 16:45:00 |
War in Ukraine Has Pushed Two-Thirds of Businesses to Change Cyber Strategy (lien direct) |
The use of machine identity tools is growing in state-sponsored cyber-attacks |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 16:00:00 |
VMware Fixes Privilege Escalation Vulnerabilities in VMware Tools (lien direct) |
The flaw reportedly impacted the software on both Windows and Linux systems |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 14:30:00 |
IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals (lien direct) |
The research also found that vendor self-disclosures increased by 69% |
Vulnerability
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 13:50:00 |
Facebook Bug Causes Users\' Feeds to Be Spammed (lien direct) |
Users' feeds were spammed with posts from strangers on the pages of celebrities |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 10:00:00 |
Ransomware Surges to 1.2 Million Attacks Per Month (lien direct) |
French hospital is the latest to be hit |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 09:00:00 |
US Healthcare Sector Breaches 342m+ Records Since 2009 (lien direct) |
Biggest year so far was 2020 |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-24 07:00:00 |
NCSC Shares Guidance to Help Secure Large Construction Projects (lien direct) |
The guide includes input from firms with experience in joint ventures, including major infrastructure contracts such as HS2 and Crossrail |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 17:30:00 |
Ex-Security Chief Accuses Twitter of Cybersecurity Negligence (lien direct) |
Peiter Zatko admitted that he “reasonably feared Twitter could suffer an Equifax-level hack” |
|
Equifax
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-08-23 16:30:00 |
CISA Adds Palo Alto Networks\' PAN-OS Vulnerability to Catalog (lien direct) |
The flaw would allow a network-based unauthenticated threat actor to perform DoS attacks |
Vulnerability
Threat
|
|
|