Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-03-30 11:42:24 |
La vulnérabilité du cloud Microsoft a conduit à un détournement de recherche Bing, à l'exposition des données Office 365 [Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data] (lien direct) |
> Une erreur de configuration Azure Active Directory (AAD) menant à Bing.com a obtenu les chercheurs WIZ a gagné une récompense de prime de bogue de 40 000 $.
>An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward.
|
Vulnerability
Cloud
|
|
★★★★
|
|
2023-03-30 11:05:12 |
3CX confirme l'attaque de la chaîne d'approvisionnement alors que les chercheurs découvrent le composant Mac [3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component] (lien direct) |
> 3CX confirme enquêter sur une violation de sécurité, car la communauté de la cybersécurité partage plus d'informations sur ce qui semble être une attaque sophistiquée en chaîne d'approvisionnement.
>3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack.
|
Vulnerability
|
|
★★★
|
|
2023-03-29 20:20:28 |
Attaque de la chaîne d'approvisionnement des chasseurs malwares frappant l'application de bureau 3CX [Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App] (lien direct) |
> L'équipe de renseignement sur la menace Crowdsstrike met en garde contre l'activité malveillante inattendue d'une version légitime et signée du 3CXDESKTOPAPP.
>CrowdStrike threat intelligence team warns about unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp.
|
Malware
Threat
|
|
★★
|
|
2023-03-29 12:44:33 |
Une nouvelle attaque Wi-Fi permet une interception du trafic, un pontage de sécurité [New Wi-Fi Attack Allows Traffic Interception, Security Bypass] (lien direct) |
> Un groupe de chercheurs universitaires a conçu une attaque qui peut intercepter le trafic Wi-Fi à la couche MAC, contournant l'isolement des clients.
>A group of academic researchers devised an attack that can intercept Wi-Fi traffic at the MAC layer, bypassing client isolation.
|
|
|
★★
|
|
2023-03-29 12:00:00 |
Google relie plus d'exploits iOS iOS, Android Zero-Day aux fournisseurs de logiciels espions [Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors] (lien direct) |
> Google a lié plusieurs vulnérabilités zéro jour utilisées l'année dernière pour cibler les appareils Android et iOS aux fournisseurs de logiciels spymétriques commerciaux.
>Google has linked several zero-day vulnerabilities used last year to target Android and iOS devices to commercial spyware vendors.
|
|
|
★★
|
|
2023-03-28 21:57:06 |
Mandiant attrape un autre groupe de pirates gouvernementaux nord-coréens [Mandiant Catches Another North Korean Gov Hacker Group] (lien direct) |
> Mandiant Flags APT43 comme un «cyber opérateur modérément sophistiqué qui soutient les intérêts du régime nord-coréen». "
>Mandiant flags APT43 as a “moderately-sophisticated cyber operator that supports the interests of the North Korean regime."
|
|
APT 43
|
★★
|
|
2023-03-28 18:34:14 |
Vidéo: Comment construire la résilience contre les cyber-menaces émergentes [Video: How to Build Resilience Against Emerging Cyber Threats] (lien direct) |
> Profitez de cette session pendant que nous parcourons trois cas d'utilisation récents où une nouvelle menace a pris des organisations hors garde.
>Enjoy this session as we walk through three recent use cases where a new threat caught organizations off-guard.
|
Threat
|
|
★★
|
|
2023-03-28 12:59:20 |
La violation des données de ChatGpt confirmée comme la société de sécurité met en garde contre l'exploitation des composants vulnérables [ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation] (lien direct) |
> OpenAI a confirmé une violation de données de ChatGPT le même jour qu'une entreprise de sécurité a déclaré avoir vu l'utilisation d'un composant affecté par une vulnérabilité activement exploitée.
>OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an actively exploited vulnerability.
|
Data Breach
|
ChatGPT
ChatGPT
|
★★★
|
|
2023-03-28 10:45:45 |
14 millions d'enregistrements volés en violation de données à la latitude financière des services [14 Million Records Stolen in Data Breach at Latitude Financial Services] (lien direct) |
> Le fournisseur de services financiers australiens Latitude indique qu'environ 14 millions de dossiers utilisateurs ont été volés dans une cyberattaque récente.
>Australian financial services provider Latitude says roughly 14 million user records were stolen in a recent cyberattack.
|
Data Breach
|
|
★★
|
|
2023-03-27 19:02:44 |
Nous pour adopter de nouvelles restrictions sur l'utilisation de logiciels espions commerciaux [US to Adopt New Restrictions on Using Commercial Spyware] (lien direct) |
> L'ordre exécutif exigera le chef de toute agence américaine utilisant des programmes de logiciels espioniques commerciaux pour certifier que le programme ne pose pas de contre-espionnage significatif ou autre risque de sécurité.
>Executive order will require the head of any U.S. agency using commercial spyware programs to certify that the program doesn\'t pose a significant counterintelligence or other security risk.
|
|
|
★★
|
|
2023-03-27 16:30:31 |
Goanywhere Attack Zero-Day frappe les orgs majeurs [GoAnywhere Zero-Day Attack Hits Major Orgs] (lien direct) |
> Plusieurs grandes organisations confirment l'impact des derniers exploits zéro-jours qui frappent le logiciel Goanywhere de Fortra \\.
>Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra\'s GoAnywhere software.
|
|
|
★★
|
|
2023-03-23 16:01:00 |
Intel possède une réduction de surface d'attaque avec une nouvelle plate-forme VPRO de base de 13e génération [Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform] (lien direct) |
> Intel partage des informations sur les améliorations de sécurité apportées par sa nouvelle plateforme VPRO propulsée par les processeurs de base de 13e génération.
>Intel shares information on the security improvements brought by its new vPro platform powered by 13th Gen Core processors.
|
General Information
|
|
★★
|
|
2023-03-23 12:02:12 |
\\ 'Nexus \\' Android Trojan cible 450 applications financières [\\'Nexus\\' Android Trojan Targets 450 Financial Applications] (lien direct) |
Promu comme un maas, le Trojan Android Nexus cible 450 applications financières pour la prise de contrôle du compte.
Promoted as a MaaS, the Nexus Android trojan targets 450 financial applications for account takeover.
|
Mobile
|
|
★★
|
|
2023-03-23 09:24:48 |
Dole dit que les informations des employés sont compromises dans l'attaque des ransomwares [Dole Says Employee Information Compromised in Ransomware Attack] (lien direct) |
> Dole a admis dans un dossier de la SEC que son enquête sur la récente attaque de ransomware a révélé que les pirates avaient accédé aux informations des employés.
>Dole has admitted in an SEC filing that its investigation into the recent ransomware attack found that the hackers had accessed employee information.
|
Ransomware
General Information
|
|
★★★
|
|
2023-03-22 13:00:00 |
Tendances des logiciels malveillants: ce qui est l'ancien est encore nouveau [Malware Trends: What\\'s Old is Still New] (lien direct) |
> Beaucoup des cybercriminels les plus réussis sont astucieux;Ils veulent un bon retour sur investissement, mais ils ne veulent pas avoir à réinventer la roue pour l'obtenir.
>Many of the most successful cybercriminals are shrewd; they want good ROI, but they don\'t want to have to reinvent the wheel to get it.
|
Malware
General Information
|
|
★★
|
|
2023-03-22 11:25:44 |
L'Espagne a besoin de plus de transparence sur Pegasus: les législateurs de l'UE [Spain Needs More Transparency Over Pegasus: EU Lawmakers] (lien direct) |
> L'Espagne a besoin de plus de transparence sur le scandale de piratage des logiciels espions de Pegasus, a déclaré un comité du Parlement européen.
>Spain needs more transparency over the Pegasus spyware hacking scandal, a European Parliament committee said.
|
|
|
★★
|
|
2023-03-22 01:06:10 |
Google suspend l'application d'achat chinois au milieu des problèmes de sécurité [Google Suspends Chinese Shopping App Amid Security Concerns] (lien direct) |
> Google a suspendu l'application de shopping chinoise Pinduoduo sur son App Store après la découverte des logiciels malveillants dans les versions de l'application à partir d'autres sources.
>Google has suspended the Chinese shopping app Pinduoduo on its app store after malware was discovered in versions of the app from other sources.
|
Malware
|
|
★★★
|
|
2023-03-21 15:41:35 |
Zoom a versé 3,9 millions de dollars en primes de bug en 2022 [Zoom Paid Out $3.9 Million in Bug Bounties in 2022] (lien direct) |
> Zoom dit qu'il a versé 3,9 millions de dollars en récompenses de primes de bogues en 2022, avec un total de plus de 7 millions de dollars attribués aux chercheurs depuis 2019.
>Zoom says it paid out $3.9 million in bug bounty rewards in 2022, with a total of over $7 million awarded to researchers since 2019.
|
|
|
★★
|
|
2023-03-21 10:52:34 |
Packages NuGet malveillants utilisés pour cibler les développeurs .NET [Malicious NuGet Packages Used to Target .NET Developers] (lien direct) |
> Les développeurs de logiciels ont été ciblés dans une nouvelle attaque via des packages malveillants dans le référentiel NuGet.
>Software developers have been targeted in a new attack via malicious packages in the NuGet repository.
|
|
|
★★
|
|
2023-03-21 01:50:05 |
Ferrari Says Ransomware Attack Exposed Customer Data (lien direct) |
> Ferrari a déclaré qu'une attaque de ransomware était responsable d'une violation de données qui a exposé les détails du client, mais n'a pas eu d'impact sur les opérations de l'entreprise.
>Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations.
|
Ransomware
Data Breach
|
|
★★
|
|
2023-03-20 14:35:48 |
Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes (lien direct) |
>Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars' worth of crypto-coins.
|
Hack
|
|
★★
|
|
2023-03-20 11:53:33 |
Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm (lien direct) |
>Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra's GoAnywhere solution.
|
Ransomware
Data Breach
Vulnerability
|
|
★★
|
|
2023-03-20 10:42:12 |
NBA Notifying Individuals of Data Breach at Mailing Services Provider (lien direct) |
>NBA is notifying individuals that their information was stolen in a data breach at a third-party mailing services provider.
|
Data Breach
|
|
★★
|
|
2023-03-20 10:28:01 |
(Déjà vu) Adobe Acrobat Sign Abused to Distribute Malware (lien direct) |
>Cybercriminals are abusing the Adobe Acrobat Sign service in a campaign distributing the RedLine information stealer malware.
|
Malware
|
|
★★
|
|
2023-03-17 15:05:58 |
Latitude Financial Services Data Breach Impacts 300,000 Customers (lien direct) |
Latitude Financial Services says the personal information of 300,000 customers was stolen in a cyberattack.
|
Data Breach
|
|
★★
|
|
2023-03-16 16:08:10 |
Meta Develops New Kill Chain Thesis (lien direct) |
>Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of models.
|
|
|
★
|
|
2023-03-16 13:46:09 |
Webinar Today: How to Build Resilience Against Emerging Cyber Threats (lien direct) |
>Join us for this webinar as we walk through three recent use cases where a new threat caught organizations off-guard.
|
Threat
|
|
★★
|
|
2023-03-16 12:53:04 |
Make Your Picks: Cyber Madness Bracket Challenge Starts Today (lien direct) |
>SecurityWeek's Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America's top sporting events.
|
|
|
★★
|
|
2023-03-16 12:31:59 |
Data Breach at Independent Living Systems Impacts 4 Million Individuals (lien direct) |
>Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals.
|
Data Breach
|
|
★★
|
|
2023-03-15 10:59:00 |
Hawaii Health Department Says Death Records Compromised in Recent Data Breach (lien direct) |
The Hawaii DOH says roughly 3,400 death records were accessed via the compromised account of a former employee.
|
Data Breach
|
|
★★
|
|
2023-03-15 09:41:52 |
Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit (lien direct) |
>Cybersecurity firm Rubrik has confirmed being hit by the GoAnywhere zero-day exploit after the Cl0p ransomware group named the company on its leak website.
|
Ransomware
|
|
★★
|
|
2023-03-14 12:23:00 |
Ring Denies Falling Victim to Ransomware Attack (lien direct) |
>Ring says it has no indications it has fallen victim to a ransomware attack after cybergang threatens to publish supposedly stolen data.
|
Ransomware
|
|
★★★
|
|
2023-03-14 11:24:28 |
Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach (lien direct) |
Fortinet says recently patched FortiOS vulnerability was exploited in sophisticated attacks targeting government entities.
|
Vulnerability
|
|
★★★
|
|
2023-03-13 14:32:01 |
CISA Warns of Plex Vulnerability Linked to LastPass Hack (lien direct) |
>CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog.
|
Hack
Vulnerability
|
LastPass
LastPass
|
★★★
|
|
2023-03-13 14:15:11 |
Euler Loses Nearly $200 Million to Flash Loan Attack (lien direct) |
>London, UK based De-Fi platform company Euler has lost a reported $196 million to a flash loan attack.
|
|
|
★★
|
|
2023-03-13 11:16:54 |
Zoll Medical Data Breach Impacts 1 Million Individuals (lien direct) |
>Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year.
|
Data Breach
Medical
|
|
★★
|
|
2023-03-10 17:02:50 |
Blackbaud Fined $3M For \'Misleading Disclosures\' About 2020 Ransomware Attack (lien direct) |
>Blackbaud has been slapped with a $3 million civil penalty by the SEC for "making misleading disclosures" about a 2020 ransomware attack that impacted more than 13,000 customers.
|
Ransomware
Guideline
|
|
★★
|
|
2023-03-10 16:12:15 |
Cyber Madness Bracket Challenge – Register to Play (lien direct) |
>SecurityWeek's Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America's top sporting events.
|
|
|
★★
|
|
2023-03-10 13:39:39 |
Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor (lien direct) |
AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.
|
Data Breach
|
|
★★
|
|
2023-03-10 09:30:00 |
Acronis Clarifies Hack Impact Following Data Leak (lien direct) |
>Acronis said a single customer's account was compromised after a hacker leaked gigabytes of information on a cybercrime forum.
|
Hack
|
|
★★
|
|
2023-03-09 17:59:30 |
Custom Chinese Malware Found on SonicWall Appliance (lien direct) |
>Malware deployed by Chinese hackers on a SonicWall SMA appliance includes credential theft, shell access, and persistence functionality.
|
Malware
|
|
★★
|
|
2023-03-09 14:45:12 |
Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks (lien direct) |
>Cisco has released patches for a high-severity DoS vulnerability in IOS XR software for several enterprise-grade routers.
|
Vulnerability
|
|
★★★
|
|
2023-03-09 10:39:57 |
Congress Members Warned of Significant Health Data Breach (lien direct) |
>House and Senate members informed that hackers may have gained access to their sensitive personal data in DC Health Link breach.
|
Data Breach
|
|
★★
|
|
2023-03-08 13:47:29 |
\'Sys01 Stealer\' Malware Targeting Government Employees (lien direct) |
The Sys01 Stealer has been observed targeting the Facebook accounts of critical government infrastructure employees.
|
Malware
|
|
★★
|
|
2023-03-07 13:54:07 |
Acer Confirms Breach After Hacker Offers to Sell Stolen Data (lien direct) |
>Acer said one of its document servers was hacked after a hacker claimed to have stolen 160 Gb of data from the company.
|
|
|
★★★
|
|
2023-03-07 12:00:00 |
Talking Cyberinsurance With Munich Re (lien direct) |
>SecurityWeek spoke to Chris Storer, head of the cyber center of excellence at reinsurance giant Munich Re, for the cyber insurers' view of cyberinsurance.
|
|
|
★★
|
|
2023-03-07 11:53:23 |
Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia (lien direct) |
>Kaspersky has seen a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228.
|
Vulnerability
|
|
★★
|
|
2023-03-07 10:23:42 |
Android\'s March 2023 Updates Patch Over 50 Vulnerabilities (lien direct) |
Google has released patches for more than 50 vulnerabilities as part of the March 2023 security updates for the Android platform.
|
|
|
★★
|
|
2023-03-06 18:59:21 |
Cyberattack Hits Major Hospital in Spanish City of Barcelona (lien direct) |
>A ransomware attack on one of Barcelona' s main hospitals has crippled the center's computer system and forced the cancellation of non-urgent operations and patient checkups.
|
Ransomware
|
|
★★
|
|
2023-03-06 14:36:51 |
New ATM Malware \'FiXS\' Emerges (lien direct) |
Metabase Q documents FiXS, a new malware family targeting ATMs in Latin America.
|
Malware
|
|
★★★
|