Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-30 09:30:00 |
New "Icefall" Bugs Include Critical DoS Flaw (lien direct) |
Millions of OT devices may be affected |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-29 18:12:00 |
Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA (lien direct) |
The bug allows unauthenticated attackers with network access to compromise Oracle Access Manager |
Vulnerability
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-29 17:00:00 |
PII May Have Been Stolen in Virginia County Ransomware Attack (lien direct) |
A W-2 form was reportedly published on a dark web forum with stolen, sensitive data |
Ransomware
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-29 16:00:00 |
US Census Bureau Head Fends Off Critics of \'Differential Privacy\' Tool (lien direct) |
Santos defended differential privacy against prominent researchers |
Tool
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-29 10:45:00 |
Police Shutter 13,000 Sites in Piracy Crackdown (lien direct) |
Fourteen detained as part of Europol operation |
Legislation
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-29 10:30:00 |
Ireland\'s DPC Fines Meta €265m Following Large-Scale Data Leak (lien direct) |
The fine followed an inquiry into data processing by Meta in response to a major data breach |
Legislation
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-29 09:30:00 |
Web App and API Attacks Surge 257% in Financial Services (lien direct) |
Data and credentials at risk in the vertical |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-28 18:00:00 |
Elon Musk Unveils End-to-End Encrypted DMs For Twitter 2.0 (lien direct) |
The E2EE feature was first spotted by mobile researcher Jane Manchun Wong earlier this month |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-28 17:00:00 |
Phishing Campaign Impersonating UAE Ministry of Human Resources Grows (lien direct) |
New cluster of phishing domains registered using similar naming schemes discovered |
|
|
★★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-28 16:00:00 |
Millions of Twitter Accounts Potentially Compromised (lien direct) |
The breach affected any account with the "Let others find you by your phone" option enabled |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-28 14:15:00 |
Orange Cyberdefense Unveils Its Security Navigator With OT Hacking Demos (lien direct) |
The cybersecurity arm of Orange Business Services (OBS) organized a launch event at its Lyon campus, in France, for its latest annual threat report |
Threat
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-28 10:45:00 |
Belgian Police Under Fire After Major Ransomware Leak (lien direct) |
Crime reports dating back 15 years are made public |
Ransomware
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-28 10:10:00 |
Russian Sandworm Hackers Linked to New Ransomware Blitz (lien direct) |
Ukrainian targets are on the receiving end of RansomBoggs variant |
Ransomware
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-28 09:30:00 |
African Police Bust $800K Fraud Schemes (lien direct) |
International operation lasted four months |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-25 18:00:00 |
ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution (lien direct) |
Threat actors could exploit the flaw to take complete control of the ConnectWise platform |
Vulnerability
Threat
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-25 17:15:00 |
Google Releases Chrome Patch to Fix New Zero-Day Vulnerability (lien direct) |
The high-severity vulnerability refers to a heap buffer overflow in the GPU component |
Vulnerability
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-25 16:15:00 |
Remote Code Execution Vulnerability Found in Windows Internet Key Exchange (lien direct) |
The discovered vulnerabilities could have been exploited to target almost 1000 systems |
Vulnerability
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-25 10:00:00 |
Experts Find 1600+ Malicious Docker Hub Images (lien direct) |
Shared repository is also a hidden source of malware |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-24 16:00:00 |
Bahamut Spyware Group Compromises Android Devices Via Fake VPN Apps (lien direct) |
The app used as part of the campaign was a trojanized version of SoftVPN or OpenVPN |
Mobile
|
Bahamut
Bahamut
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-24 15:00:00 |
SharkBot Malware Found in Android File Manager Apps With Thousands of Downloads (lien direct) |
The apps are no longer available on the Play Store, but can be found in third-party stores |
Malware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-24 13:30:00 |
Sonder confirms data breach, documents and other PII potentially compromised (lien direct) |
The company reportedly learned of unauthorized access to one of its systems on November 14 |
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-24 10:45:00 |
Cyber Essentials Scheme Set for April 2023 Update (lien direct) |
UK best practice security framework to offer new guidance |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-24 10:10:00 |
UK Cops Lead Action Against Fraud Site that Made £100m+ (lien direct) |
Over 100 admins and users of iSpoof site arrested |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-24 09:30:00 |
Russian DDoS Briefly Downs European Parliament Site (lien direct) |
Parliament had declared Russia a state-sponsor of terrorism |
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-23 18:45:00 |
Panaseer Launches Guidance on Security Controls Ahead of EU\'s New Legislation (lien direct) |
The cybersecurity monitoring firm offers 18 recommendations on security controls to help organizations anticipate tougher cybersecurity regulations |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-23 18:00:00 |
CISA Updates Guidelines to Increase Resilience of Infrastructure Planning (lien direct) |
They expand the framework's scope by adding new resources and tools to support SLTT partners |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-23 17:00:00 |
Meta Removes Pro-US Accounts in Middle East and Central Asia (lien direct) |
The operation relied on many internet services, including Telegram, Twitter, YouTube and others |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-23 16:00:00 |
Qakbot Infections Linked to Black Basta Ransomware Campaign (lien direct) |
Threat actors obtained admin access in two hours and then deployed ransomware in under 12 hours |
Ransomware
Threat
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-23 10:30:00 |
Yanluowang Ransomware\'s Russian Links Laid Bare (lien direct) |
Another dump of chat records provides insight into threat group |
Threat
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-23 10:00:00 |
UK Privacy Tsar Defends Controversial Enforcement Strategy (lien direct) |
Information commissioner wants to avoid "money-go-round" of government fines |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-23 09:30:00 |
Dozens of Russian Groups Steal 50 Million User Passwords (lien direct) |
Info-stealing malware infected nearly one million devices in 2022 |
Malware
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-22 18:00:00 |
Ducktail Hacker Group Evolves, Targets Facebook Business Accounts (lien direct) |
Activity observed since early September featured new avenues to spear-phish targets |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-22 17:00:00 |
US Takes Down Domains Used in \'Pig Butchering\' Cryptocurrency Scheme (lien direct) |
The US Attorney's Office for the Eastern District of Virginia made the announcement on Monday |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-22 16:00:00 |
Firms Spend $1197 Per Employee Yearly to Address Cyber-Attacks (lien direct) |
The data excludes compliance fines, ransomware costs and losses from non-operational processes |
Ransomware
|
|
★★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-22 10:45:00 |
Estonian Duo Arrested for Masterminding $575m Ponzi Scheme (lien direct) |
US authorities unseal 18-count indictment |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-22 10:00:00 |
Experts Warn Threat Actors May Abuse Red Team Tool Nighthawk (lien direct) |
C2 framework could be the next Cobalt Strike, says Proofpoint |
Tool
Threat
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-22 09:30:00 |
Credential Stuffers Steal $300K from DraftKings Customers (lien direct) |
Complaints about poor customer service flood Twitter |
|
|
★★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-21 18:00:00 |
Google Wins Legal Battle Against Glupteba Botnet (lien direct) |
The tech giant said the court's ruling against the botnet operators set a crucial legal precedent |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-21 17:00:00 |
Thousands of Algolia API Keys Could Expose Users\' Data (lien direct) |
The majority were from shopping, education, lifestyle, business and medical firms |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-21 16:00:00 |
Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors (lien direct) |
It leverages extortion without encryption and has cost victims hundreds of thousands of dollars |
Threat
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-21 11:00:00 |
Private Equity Exposed by Cyber-Hygiene Shortcomings (lien direct) |
Fifth of portfolio companies feature "zero tolerance findings" |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-21 10:00:00 |
New AXLocker Ransomware Steals Victims\' Discord Tokens (lien direct) |
Researchers also discover two additional new variants |
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-21 09:30:00 |
Ten Charged in $11m Healthcare BEC Plots (lien direct) |
Several of the men diverted funds intended for hospitals |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-18 16:30:00 |
CISA, NSA, ODNI Publish Software Supply Chain Guidelines For Customers (lien direct) |
The come after the August release of guidance for developers and the October one for suppliers |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-18 15:45:00 |
Shoppers Warned Stay Alert this Black Friday as Hackers Renew Efforts (lien direct) |
Cyber-criminals are exploiting the busy period during both purchase and delivery stages |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-18 15:00:00 |
Instagram Credential Phishing Attacks Bypass Microsoft Email Security (lien direct) |
The attack bypassed both SPF and DMARC email authentication checks |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-18 14:15:00 |
Emerging Threat Actor DEV-0569 Expands Its Toolkit to Deliver Royal Ransomware (lien direct) |
As well as malvertising and phishing links, the new threat actor is now also using contact forms to deliver its payloads, found Microsoft |
Ransomware
Threat
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-18 10:30:00 |
Netflix Phishing Emails Surge 78% (lien direct) |
Social engineers are using Unicode techniques to bypass filters |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-18 10:00:00 |
Russian Duo Indicted Over E-Book Piracy (lien direct) |
St Petersburg couple were arrested in Argentina |
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-11-18 09:30:00 |
Hive Ransomware Has Made $100m to Date (lien direct) |
CISA notice warns of 1300 victims and counting |
Ransomware
|
|
|