Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-08 08:52:48 |
Microsoft to alert Office 365 users of nation-state hacking activity (lien direct) |
Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-07 13:53:26 |
Ziggy ransomware shuts down and releases victims\' decryption keys (lien direct) |
The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-07 10:40:12 |
New phishing attack uses Morse code to hide malicious URLs (lien direct) |
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-07 09:31:22 |
Fortinet fixes critical vulnerabilities in SSL VPN and web firewall (lien direct) |
Fortinet has fixed multiple severe vulnerabilities impacting its products.
The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-07 04:00:00 |
Removal notice for Signal article (lien direct) |
Due to conflicting information BleepingComputer has received, we have removed our original article. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-07 04:00:00 |
Signal ignores proxy censorship vulnerability, bans researchers (lien direct) |
Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship.
However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-06 15:07:59 |
Mozilla fixes Windows 10 NTFS corruption bug in Firefox (lien direct) |
Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-06 11:49:41 |
The Great Suspender Chrome extension\'s fall from grace (lien direct) |
Google has forcibly uninstalled the immensely popular 'The Great Suspender' extension from Google Chrome and classified it as malware. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-06 09:05:05 |
This Flash Player emulator lets you securely play your old games (lien direct) |
A Flash Player emulator called 'Ruffle' allows you to play your archived Flash games without fear of being attacked as you browse the web. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-05 18:33:40 |
The Week in Ransomware - February 5th 2021 - Data destruction (lien direct) |
This week we saw a few large scale attacks and various ransomware reports indicating ransom payments are falling, while attacks are increasingly destroying data permanently. The good news is a new ransomware decryptor was released, allowing victims to recover files for free. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-05 15:14:46 |
Malicious extension abuses Chrome sync to steal users\' data (lien direct) |
The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-05 12:56:20 |
Windows 10 April updates remove Microsoft Edge Legacy permanently (lien direct) |
Microsoft has announced today that Microsoft Edge Legacy will be permanently removed and replaced with the new Microsoft Edge after installing April's Windows 10 Patch Tuesday security update. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-05 12:34:09 |
SitePoint discloses data breach after stolen info used in attacks (lien direct) |
The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-05 12:07:37 |
Microsoft warns of increasing OAuth Office 365 phishing attacks (lien direct) |
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-05 10:27:18 |
Recent Windows 10 updates cause Visual Studio, WPF app crashes (lien direct) |
Visual Studio is crashing when docking or dragging windows around after installing recently released .NET Framework cumulative update previews for Windows 10 and Windows Server. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-05 03:46:00 |
Eletrobras, Copel energy companies hit by ransomware attacks (lien direct) |
Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-04 15:10:47 |
Google fixes Chrome zero-day actively exploited in the wild (lien direct) |
Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-04 13:41:58 |
Hackers steal StormShield firewall source code in data breach (lien direct) |
Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the companies' support ticket system and steal source code for Stormshield Network Security firewall software. [...] |
Data Breach
Threat
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-04 13:01:30 |
Windows 10 2004 now in broad deployment, available to everyone (lien direct) |
Microsoft has announced that Windows 10, version 2004 has now been added to the broad deployment channel and will be available to everyone via Windows Update. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-04 12:07:46 |
Hacking group also used an IE zero-day against security researchers (lien direct) |
An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-04 10:54:53 |
Plex Media servers actively abused to amplify DDoS attacks (lien direct) |
Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service (DDoS) attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-04 09:17:03 |
Microsoft fixes PowerPoint crashes in Office February updates (lien direct) |
Microsoft released the February 2021 non-security Microsoft Office updates with improvements and fixes for issues and crashes impacting Windows Installer (MSI) editions of Office 2016, Office 2013, and Office 2010 products. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-04 03:21:00 |
(Déjà vu) Ransomware attacks increasingly destroy victims\' data by mistake (lien direct) |
More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-04 03:21:00 |
Rise in ransomware attacks mistakenly causing data destruction (lien direct) |
More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 22:30:08 |
Oxfam Australia investigates data breach after database sold online (lien direct) |
Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database belonging on a hacker forum. [...] |
Data Breach
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 17:55:34 |
New Fonix ransomware decryptor can recover victim\'s files for free (lien direct) |
Kaspersky has released a decryptor for the Fonix Ransomware (XONIF) that allows victims to recover their encrypted files for free. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 15:28:42 |
SonicWall fixes actively exploited SMA 100 zero-day vulnerability (lien direct) |
SonicWall has released a patch for the zero-day vulnerability used in attacks against the SMA 100 series of remote access appliances. [...] |
Vulnerability
|
|
★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 14:12:30 |
Microsoft fixes issue causing Windows 10 apps to forget passwords (lien direct) |
Microsoft has addressed a known issue impacting multiple Windows 10 apps and causing them to forget users' passwords after upgrading devices to certain Windows 10, version 2004 builds. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 12:24:31 |
Cisco fixes critical code execution bugs in SMB VPN routers (lien direct) |
Cisco has addressed multiple pre-auth remote code execution (RCE) vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 11:17:57 |
Microsoft Defender ATP detects Chrome updates as PHP backdoors (lien direct) |
Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 10:54:07 |
Twitter now autoswitches to dark mode based on your OS settings (lien direct) |
If Twitter is suddenly using a dark mode theme, you are not alone. Starting yesterday, Twitter automatically switched to a dark or light theme based on your operating system settings. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 10:08:32 |
(Déjà vu) Windows 10 KB4598291 update fixes device deactivation, freezing issues (lien direct) |
Microsoft has released the KB4598291 release preview cumulative update for all editions of Windows 10 and Windows Server versions 2004 and 20H2, with fixes for device deactivation issues and unresponsiveness while playing games in full-screen. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 10:08:32 |
Windows 10 KB4598291 update fixes device deactivation, responsiveness issues (lien direct) |
Microsoft has released the KB4598291 release preview cumulative update for all editions of Windows 10 and Windows Server versions 2004 and 20H2, with fixes for device deactivation issues and unresponsiveness while playing games in full-screen. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 06:19:32 |
SolarWinds patches critical vulnerabilities in the Orion platform (lien direct) |
Even with the security updates prompted by the recent SolarWinds Orion supply-chain attack, researchers still found some glaring vulnerabilities affecting the platform, one of them allowing code execution with top privileges. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 06:00:39 |
Latest macOS Big Sur also has SUDO root privilege escalation flaw (lien direct) |
Recently discovered Linux SUDO privilege escalation vulnerability, CVE-2021-3156 (aka Baron Samedit) also impacts the latest Apple macOS Big Sur with no patch available yet. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-03 03:03:03 |
Female escort review site data breach affects 470,000 members (lien direct) |
An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 16:39:20 |
US federal payroll agency hacked using SolarWinds software flaw (lien direct) |
The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 14:02:02 |
Babyk Ransomware won\'t hit charities, unless they support LGBT, BLM (lien direct) |
The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 13:46:24 |
(Déjà vu) Microsoft Defender now detects macOS system, app vulnerabilities (lien direct) |
Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 13:46:24 |
Microsoft Defender now helps secure enterprise macOS devices (lien direct) |
Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 12:52:19 |
Trickbot malware now maps victims\' networks using Masscan (lien direct) |
The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim's computer. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 11:00:00 |
Malicious script steals credit card info stolen by other hackers (lien direct) |
A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 10:25:21 |
Apple pulls iCloud 12 for Windows 10 with Keychain sync feature (lien direct) |
Apple has pulled iCloud 12 for Windows 10 from the Microsoft Store for what is believed to be issues with their new Chrome iCloud Keychain password synchronization feature. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 07:09:31 |
New Linux malware steals SSH credentials from supercomputers (lien direct) |
A new backdoor has been targeting supercomputers across the world, often stealing the credentials for secure network connections by using a trojanized version of the OpenSSH software. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-02 03:32:00 |
Netgain ransomware incident impacts local governments (lien direct) |
The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-01 16:15:30 |
Data breach exposes 1.6 million Washington unemployment claims (lien direct) |
Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-01 15:10:57 |
US govt: Number of identity theft reports doubled last year (lien direct) |
The U.S. Federal Trade Commission (FTC) said today that the number of identity theft reports has doubled during 2020 when compared to 2019, reaching a record 1.4 million reports within a single year. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-01 14:15:30 |
Phishing campaign lures US businesses with fake PPP loans (lien direct) |
Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender to prey on US business owners who want to apply for a PPP loan to keep their business going during the COVID-19 crisis. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-01 12:37:18 |
SonicWall SMA 100 zero-day exploit actively used in the wild (lien direct) |
A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-02-01 10:45:03 |
(Déjà vu) Exposed Azure bucket leaked passports, IDs of volleyball reporters (lien direct) |
A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. [...] |
|
|
|