Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-10-11 18:04:58 |
Ransomware cost US companies almost $21 billion in downtime in 2020 (lien direct) |
The victims lost an average of nine days to downtime and two-and-a-half months to investigations, an analysis of disclosed attacks shows
|
|
|
|
|
2021-10-07 09:30:16 |
FontOnLake: Previously unknown malware family targeting Linux (lien direct) |
ESET researchers discover a malware family with tools that show signs they're used in targeted attacks
|
Malware
|
|
|
|
2021-10-06 16:51:39 |
Google to turn on 2FA by default for 150 million users, 2 million YouTubers (lien direct) |
Two-factor authentication is a simple way to greatly enhance the security of your account
|
|
Uber
|
|
|
2021-10-06 09:30:56 |
To the moon and hack: Fake SafeMoon app drops malware to spy on you (lien direct) |
Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze
|
Malware
|
|
|
|
2021-10-05 09:30:30 |
UEFI threats moving to the ESP: Introducing ESPecter bootkit (lien direct) |
ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012
|
|
|
|
|
2021-10-01 09:30:58 |
October is Cybersecurity Awareness Month! Why being cyber‑smart matters (lien direct) |
The campaign may last for a month, but we should remember that cybersecurity is a year-round affair
|
|
|
|
|
2021-09-30 16:33:53 |
Hackers could force locked iPhones to make contactless payments (lien direct) |
Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds
|
|
|
|
|
2021-09-29 14:53:22 |
CISA and NSA release guidance for securing VPNs (lien direct) |
What your organization should consider when it comes to choosing a VPN solution and hardening it against attacks
|
|
|
|
|
2021-09-27 15:06:54 |
Google releases emergency fix to plug zero‑day hole in Chrome (lien direct) |
The emergency release comes a mere three days after Google's previous update that plugged another 19 security loopholes
|
|
|
|
|
2021-09-23 15:51:04 |
Bug in macOS Finder allows remote code execution (lien direct) |
While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented
|
|
|
★★★
|
|
2021-09-22 09:30:26 |
Plugging the holes: How to prevent corporate data leaks in the cloud (lien direct) |
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here's what you can do to prevent cloud configuration conundrums.
|
Guideline
|
|
|
|
2021-09-21 15:06:24 |
European police dismantle cybercrime ring with ties to Italian Mafia (lien direct) |
The group used phishing, BEC and other types of attacks to swindle victims out of millions
|
|
|
|
|
2021-09-17 09:30:27 |
Numando: Count once, code twice (lien direct) |
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans.
|
|
|
|
|
2021-09-15 16:00:46 |
Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws (lien direct) |
The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML.
|
|
|
|
|
2021-09-14 15:30:49 |
WhatsApp announces end‑to‑end encrypted backups (lien direct) |
The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks.
|
|
|
|
|
2021-09-14 09:30:58 |
What is a cyberattack surface and how can you reduce it? (lien direct) |
Discover the best ways to mitigate your organization's attack surface, in order to maximize cybersecurity.
|
|
|
|
|
2021-09-13 09:30:02 |
Beware of these 5 common scams you can encounter on Instagram (lien direct) |
From cybercriminal evergreens like phishing to the verification badge scam we look at the most common tactics fraudsters use to trick their victims
|
|
|
|
|
2021-09-10 17:00:14 |
Victims duped out of US$1.8 million by BEC and Romance scam ring (lien direct) |
Elderly men and women were the main targets of the romance scams operated by the fraudsters.
|
|
|
|
|
2021-09-09 20:00:24 |
Howard University suffers cyberattack, suspends online classes in aftermath (lien direct) |
The university suffered a ransomware attack, however there is no evidence so far of data being accessed or stolen.
|
Ransomware
|
|
|
|
2021-09-07 15:57:06 |
ProtonMail forced to log user\'s IP address after an order from Swiss authorities (lien direct) |
Following the incident the company has updated its website and privacy policy to clarify its legal obligations to its userbase
|
|
|
|
|
2021-09-07 12:30:04 |
BladeHawk group: Android espionage against Kurdish ethnic group (lien direct) |
ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020.
|
|
|
|
|
2021-09-03 09:30:37 |
A parent\'s guide to smartphone security (lien direct) |
Smartphones are kids' trusty companions both in- and outside the classroom, and as they return to their desks, we've prepared some handy tips on how to keep their devices secure.
|
|
|
|
|
2021-09-02 16:00:09 |
Twitter introduces new feature to automatically block abusive behavior (lien direct) |
Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users.
|
|
|
|
|
2021-08-31 19:21:07 |
Flaw in the Quebec vaccine passport: analysis (lien direct) |
ESET's cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec's vaccine proof apps VaxiCode and VaxiCode Verif.
|
|
|
|
|
2021-08-31 19:11:41 |
Faille dans la preuve vaccinale Québécoise : analyse (lien direct) |
Les chercheurs d'ESET expliquent les détails d'une faille découverte dans VaxiCode Vérif, l'application mobile permettant la vérification des preuves vaccinales québécoise
|
|
|
|
|
2021-08-31 18:00:10 |
Don\'t use single‑factor authentication, warns CISA (lien direct) |
The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods
|
|
|
|
|
2021-08-31 09:30:50 |
Vaccine passports: Is your personal data in safe hands? (lien direct) |
Vaccination passports may facilitate the return to normalcy, but there are also concerns about what kinds of personal data they collect and how well they protect it. Here's what you should know.
|
|
|
|
|
2021-08-27 09:30:28 |
Beyond the pandemic: Why are data breach costs at an all‑time high? (lien direct) |
It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges.
|
Data Breach
|
|
|
|
2021-08-26 15:54:46 |
Man impersonates Apple support, steals 620,000 photos from iCloud accounts (lien direct) |
The man was after sexually explicit photos and videos that he would then share online or store in his own collection
|
|
|
|
|
2021-08-24 19:59:58 |
(Déjà vu) Microsoft Power Apps misconfiguration exposes millions of records (lien direct) |
The caches of data that were publicly accessible included names, email addresses and social security numbers
|
|
|
|
|
2021-08-24 17:59:01 |
The SideWalk may be as dangerous as the CROSSWALK (lien direct) |
Meet SparklingGoblin, a member of the Winnti family
|
|
APT 41
|
|
|
2021-08-20 14:25:49 |
Hackers swipe almost $100 million from major cryptocurrency exchange (lien direct) |
Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage
|
|
|
|
|
2021-08-19 09:30:03 |
Are you, the customer, the one paying the ransomware demand? (lien direct) |
Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers' demands
|
Ransomware
|
|
|
|
2021-08-18 15:30:15 |
Health authorities in 40 countries targeted by COVID‑19 vaccine scammers (lien direct) |
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns
|
|
|
|
|
2021-08-17 15:50:15 |
Nearly 2 million records from terrorist watchlist exposed online (lien direct) |
The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication
|
|
|
|
|
2021-08-17 09:30:54 |
Dumpster diving is a filthy business (lien direct) |
One man's trash is another man's treasure – here's why you should think twice about what you toss in the recycling bin
|
|
|
|
|
2021-08-12 09:30:19 |
Examining threats to device security in the hybrid workplace (lien direct) |
As employees split their time between office and off-site work, there's a greater potential for company devices and data to fall into the wrong hands
|
|
|
|
|
2021-08-11 09:30:07 |
IISerpent: Malware‑driven SEO fraud as a service (lien direct) |
The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites
|
|
|
|
|
2021-08-10 17:00:21 |
Deepfakes – the bot made me do it (lien direct) |
As fraud involving highly believable synthetic media soars, what can you do to avoid getting scammed?
|
|
|
|
|
2021-08-10 09:30:16 |
Ransomware runs rampant, so how can you combat this threat? (lien direct) |
A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim
|
Ransomware
|
|
|
|
2021-08-09 16:30:25 |
DEF CON 29: Satellite hacking 101 (lien direct) |
How peering into the innards of a future satellite can make cybersecurity in space more palatable
|
|
|
|
|
2021-08-09 09:30:46 |
IISpy: A complex server‑side backdoor with anti‑forensic features (lien direct) |
The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers
|
|
|
|
|
2021-08-06 17:00:38 |
Black Hat 2021: Lessons from a lawyer (lien direct) |
Why companies and their security teams need to engage with a lawyer before an incident occurs
|
|
|
★★★★
|
|
2021-08-06 16:00:45 |
Black Hat 2021: Wanted posters for ransomware slingers (lien direct) |
Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge?
|
Ransomware
|
|
★★★★★
|
|
2021-08-06 13:00:23 |
IIStealer: A server‑side threat to e‑commerce transactions (lien direct) |
The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information
|
Threat
|
|
★★★★
|
|
2021-08-06 12:59:27 |
Anatomy of native IIS malware (lien direct) |
ESET researchers publish a white paper putting IIS web server threats under the microscope
|
Malware
|
|
|
|
2021-08-05 15:00:58 |
Is your personal information being abused? (lien direct) |
Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls.
|
|
|
|
|
2021-08-05 09:30:35 |
Why cloud security is the key to unlocking value from hybrid working (lien direct) |
How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats?
|
|
|
|
|
2021-08-04 15:00:59 |
Black Hat 2021 – non‑virtual edition (lien direct) |
How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?
|
|
|
|
|
2021-08-02 09:30:34 |
On course for a good hacking (lien direct) |
A story of how easily hackers could hit a hole-in-one with the computer network of a premier golf club in the UK.
|
|
|
|