What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-22 15:24:21 | SAP SolMan exploit released for max severity pre-auth flaw (lien direct) | Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager (SolMan) component. [...] | ★★★ | ||
|
2021-01-22 14:11:38 | (Déjà vu) Bonobos clothing store suffers a data breach, hacker leaks 70GB database (lien direct) | Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup was downloaded by a threat actor. The corporate systems were not breached by the attacker. [...] | Data Breach Threat | ||
|
2021-01-22 14:11:38 | Bonobos clothing store confirms breach after hacker leaks 70GB database (lien direct) | Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information. [...] | Data Breach | ||
|
2021-01-22 12:47:33 | Intel: Hackers stole unpublished earnings info from corporate site (lien direct) | Intel disclosed on Thursday that unknown threat actors stole an infographic containing info on the company's fourth-quarter and full-year 2020 financial results. [...] | Threat | ||
|
2021-01-22 09:07:12 | Drupal releases fix for critical vulnerability with known exploits (lien direct) | Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild. [...] | Vulnerability | ||
|
2021-01-22 07:54:39 | Windows 10 KB4598298 update fixes crashes and restart issues (lien direct) | Microsoft has released the KB4598298 update for all editions of Windows 10 and Windows Server versions 1809 and 1909, with fixes for unexpected system restart issues, system crashes due to BitLocker, and multiple LSASS issues. [...] | |||
|
2021-01-22 05:05:05 | New Windows 10 update leaks info on upcoming 21H1 feature update (lien direct) | A Windows 10 20H2 cumulative update released to Insiders on the 'Release' channel leaked that the next feature updated will be 21H1. [...] | |||
|
2021-01-22 03:33:00 | MyFreeCams site hacked to steal info of 2 million paying users (lien direct) | A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service. [...] | |||
|
2021-01-21 14:18:26 | (Déjà vu) Windows Remote Desktop servers now used to amplify DDoS attacks (lien direct) | Windows Remote Desktop Protocol (RDP) servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service (DDoS) attacks. [...] | |||
|
2021-01-21 14:18:26 | DDoS booters use Windows Remote Desktop servers to amplify attacks (lien direct) | Windows Remote Desktop Protocol (RDP) servers are being abused as an amplification vector by DDoS-for-hire services (aka booters or stressers) to launch Distributed Denial of Service (DDoS) attacks. [...] | |||
|
2021-01-21 13:05:22 | Microsoft Edge gets a password generator, leaked credentials monitor (lien direct) | Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version. [...] | |||
|
2021-01-21 12:07:06 | UK govt gives malware infected laptops to vulnerable students (lien direct) | Some of the laptops distributed by the UK Department for Education (DfE) to vulnerable students have been found to be infected with malware as reported by the BBC. [...] | Malware | ||
|
2021-01-21 11:22:05 | CHwapi hospital hit by Windows BitLocker encryption cyberattack (lien direct) | The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker. [...] | Threat | ||
|
2021-01-21 10:20:24 | QNAP warns users to secure NAS devices against Dovecat malware (lien direct) | QNAP urges customers to secure their network-attached storage (NAS) devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge. [...] | Malware | ||
|
2021-01-20 15:54:57 | Microsoft shares how SolarWinds hackers evaded detection (lien direct) | Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies. [...] | |||
|
2021-01-20 14:47:18 | VLC Media Player 3.0.12 fixes multiple remote code execution flaws (lien direct) | VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes. [...] | |||
|
2021-01-20 14:25:44 | Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager (lien direct) | Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software. [...] | |||
|
2021-01-20 13:22:33 | Google Chrome now checks for weak passwords, helps fix them (lien direct) | Google has added a new feature to the Chrome web browser that will make it easier for users to check if their stored passwords are weak and easy to guess. [...] | |||
|
2021-01-20 12:17:04 | Hacker leaks full database of 77 million Nitro PDF user records (lien direct) | A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free. [...] | |||
|
2021-01-20 05:05:05 | (Déjà vu) Hacker posts 1.9 million Pixlr user records for free on forum (lien direct) | A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks. [...] | |||
|
2021-01-20 05:05:05 | Hacker posts 1.4 million Pixlr user records for free on forum (lien direct) | A hacker has leaked 1.4 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks. [...] | |||
|
2021-01-20 02:00:00 | List of DNSpooq vulnerability advisories, patches, and updates (lien direct) | Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities. [...] | Vulnerability | ||
|
2021-01-19 16:45:08 | Bugs in Signal, Facebook, Google chat apps let attackers spy on users (lien direct) | Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. [...] | |||
|
2021-01-19 15:46:37 | Google search bug freezes tabs when using a custom date range (lien direct) | A bug in Google Search is causing a browser tab to freeze when searching between a specified range of dates. [...] | |||
|
2021-01-19 15:03:33 | Malwarebytes says SolarWinds hackers accessed its internal emails (lien direct) | Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. [...] | Threat | ||
|
2021-01-19 14:09:38 | SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader (lien direct) | The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. [...] | Tool | Solardwinds | |
|
2021-01-19 13:45:10 | Google Chrome 88 released: RIP Flash Player and FTP support (lien direct) | Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player. [...] | |||
|
2021-01-19 13:10:54 | Interpol: Trading scammers lure love-struck victims via dating apps (lien direct) | The Interpol (International Criminal Police Organisation) warns of fraudsters targeting dating app users and attempting to trick them into investing through fake trading apps. [...] | |||
|
2021-01-19 11:27:26 | DNSpooq bugs let attackers hijack DNS on millions of devices (lien direct) | Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning and remote code execution against millions of affected devices. [...] | |||
|
2021-01-19 07:48:51 | FreakOut malware exploits critical bugs to infect Linux hosts (lien direct) | An active malicious campaign is currently targeting Linux devices running software with critical vulnerabilities that is powering network-attached storage (NAS) devices or for developing web applications and portals. [...] | Malware | ||
|
2021-01-18 14:57:18 | (Déjà vu) IObit forums hacked to spread ransomware to its members (lien direct) | Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. [...] | Ransomware | ||
|
2021-01-18 14:57:18 | IObit forums hacked in widespread DeroHE ransomware attack (lien direct) | Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. [...] | Ransomware | ||
|
2021-01-18 13:30:00 | Microsoft Defender to enable full auto-remediation by default (lien direct) | Microsoft will enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who have opted into public previews starting next month, on February 16, 2021. [...] | Threat | ||
|
2021-01-18 13:23:34 | OpenWRT Forum user data stolen in weekend data breach (lien direct) | The administrators of the OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach. [...] | Data Breach | ||
|
2021-01-18 10:00:06 | FBI warns of vishing attacks stealing corporate accounts (lien direct) | The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees. [...] | |||
|
2021-01-17 15:41:33 | Windows 10X: A closer look at Microsoft\'s new operating system (lien direct) | Windows 10X was originally designed for dual-screen devices, such as the Surface Neo, Lenovo ThinkPad X1 Fold, and Intel prototypes. In 2020, Microsoft said that the plans have changed and the operating system will first debut on single-screen devices in 2021. [...] | |||
|
2021-01-17 15:21:27 | (Déjà vu) Windows 10 bug crashes your PC when you access this location (lien direct) | A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands. [...] | |||
|
2021-01-17 15:21:27 | Windows 10 bug causes a BSOD crash when opening a certain path (lien direct) | A bug in Windows 10 causes the operating system to crash simply by opening a particular path. [...] | |||
|
2021-01-17 11:39:59 | Privacy-focused search engine DuckDuckGo grew by 62% in 2020 (lien direct) | The privacy-focused search engine DuckDuckGo continues to grow rapidly as the company reached 102M daily search queries for the first time in January. [...] | |||
|
2021-01-16 15:46:03 | Pro-Trump \'Enemies of the People\' doxing site is still active (lien direct) | Enemies of the People, the website inciting violence against U.S. officials who refused to support the President's claims to voter fraud, is still active and continues to expose personal details from more individuals. [...] | |||
|
2021-01-16 13:40:48 | (Déjà vu) Stolen credit card shop Joker\'s Stash closes after making a fortune (lien direct) | The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month. [...] | |||
|
2021-01-16 13:40:48 | Massive stolen credit card shop Joker\'s Stash shuts down (lien direct) | The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month. [...] | |||
|
2021-01-15 17:37:47 | The Week in Ransomware - January 15th 2021 - Locking you up (lien direct) | It has been another quiet week for ransomware, though we did have some interesting stories come out this week. [...] | Ransomware | ||
|
2021-01-15 16:20:12 | Google to kill Chrome Sync feature in third-party browsers (lien direct) | Google says that it will block third-party Chromium web browsers from using private Google APIs after discovering that they were integrating them although they're intended to be used only in Chrome. [...] | |||
|
2021-01-15 14:34:59 | Windows Finger command abused by phishing to download malware (lien direct) | Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices. [...] | Malware | ||
|
2021-01-15 13:43:34 | Hackers leaked altered Pfizer data to sabotage trust in vaccines (lien direct) | The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines. [...] | Threat | ||
|
2021-01-15 11:22:56 | Scotland environmental regulator hit by \'ongoing\' ransomware attack (lien direct) | The Scottish Environment Protection Agency confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve. [...] | Ransomware | ||
|
2021-01-15 10:58:36 | Signal down after getting flooded with new users (lien direct) | Signal users are currently experiencing issues around the world, with users unable to send and receive messages. When attempting to send messages via Signal, users are seeing loading screen and error message "502". [...] | |||
|
2021-01-15 09:51:59 | Microsoft warns of incoming Windows Zerologon patch enforcement (lien direct) | Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. [...] | |||
|
2021-01-15 05:05:05 | Undisclosed Apache Velocity XSS vulnerability impacts GOV sites (lien direct) | An undisclosed XSS vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
