What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-04 13:05:34 | CISA orders federal agencies to patch actively exploited Windows bug (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges. [...] | |||
|
2022-02-04 12:02:49 | US indicts multiple call centers for IRS, Social Security scams (lien direct) | The U.S. Department of Justice has announced the indictment of several India-based call centers and their directors for targeting Americans with Social Security, IRS, and loan phone call scams. [...] | |||
|
2022-02-04 11:01:14 | HHS: Conti ransomware encrypted 80% of Ireland\'s HSE IT systems (lien direct) | A threat brief published by the US Department of Health and Human Services (HHS) on Thursday paints a grim picture of how Ireland's health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year's Conti ransomware attack. [...] | Ransomware Threat | ||
|
2022-02-04 10:43:31 | Argo CD vulnerability leaks sensitive info from Kubernetes apps (lien direct) | A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. [...] | Vulnerability | Uber | |
|
2022-02-04 09:29:04 | Swissport ransomware attack delays flights, disrupts operations (lien direct) | Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. [...] | Ransomware | ||
|
2022-02-04 09:03:26 | News Corp discloses hack from "persistent" nation state cyber attacks (lien direct) | American media and publishing giant News Corp has disclosed today that it was the target of a "persistent" cyberattack. The attack discovered sometime this January, reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists. [...] | Hack | ||
|
2022-02-04 05:09:21 | Wormhole restores stolen $326 million after major crypto bailout (lien direct) | Cryptocurrency platform Wormhole has recovered upwards of $326 million stolen in this week's crypto hack, thanks to a major bailout. [...] | |||
|
2022-02-03 16:44:25 | Zimbra zero-day vulnerability actively exploited to steal emails (lien direct) | A cross-site scripting (XSS) vulnerability in the Zimbra email platform is currently actively exploited in attacks targeting European media and government organizations. [...] | Vulnerability | ||
|
2022-02-03 15:52:36 | Windows Terminal now can automatically launch profiles as Administrator (lien direct) | Microsoft released today a new Windows Terminal version that comes with a long-awaited feature making it possible to launch profiles that will automatically run as Administrator. [...] | |||
|
2022-02-03 14:22:59 | Intuit warns of phishing emails threatening to delete accounts (lien direct) | Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended. [...] | |||
|
2022-02-03 13:53:26 | (Déjà vu) Cisco fixes critical bugs in SMB routers, exploits available (lien direct) | Cisco has released patches for multiple vulnerabilities in the Small Business RV Series router platform that could allow remote attackers to gain complete control over the device, in many cases, without authentication. [...] | |||
|
2022-02-03 13:53:26 | Cisco fixes critical bugs in RV routers, exploit code available (lien direct) | Cisco has released patches for multiple vulnerabilities in the Small Business RV Series router platform that could allow remote attackers to gain complete control over the device, in many cases, without authentication. [...] | |||
|
2022-02-03 12:27:48 | Target open sources scanner for digital credit card skimmers (lien direct) | Target, one of the largest American department store chains and e-commerce retailers, has open sourced 'Merry Maker' - its years-old proprietary scanner for payment card skimming. [...] | |||
|
2022-02-03 11:35:34 | Microsoft blocked billions of brute-force and phishing attacks last year (lien direct) | Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft. [...] | |||
|
2022-02-03 10:38:37 | State hackers\' new malware helped them stay undetected for 250 days (lien direct) | A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies. [...] | Malware | ||
|
2022-02-03 09:42:15 | MFA adoption pushes phishing actors to reverse-proxy solutions (lien direct) | The rising adoption of multi-factor authentication (MFA) for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools. [...] | |||
|
2022-02-02 18:58:24 | (Déjà vu) Wormhole cryptocurrency platform hacked to steal $326 million (lien direct) | Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal approximately $326 million in cryptocurrency. [...] | Vulnerability | ||
|
2022-02-02 18:58:24 | Wormhole platform hacked to steal $326 million in crypto (lien direct) | Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $320 million in cryptocurrency. [...] | Vulnerability | ||
|
2022-02-02 17:00:38 | ESET antivirus bug let attackers gain Windows SYSTEM privileges (lien direct) | Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. [...] | Vulnerability | ||
|
2022-02-02 14:27:40 | GitHub outage impacts Actions, Codespaces, Issues, Pull Requests (lien direct) | GitHub is currently down, affected by a worldwide outage preventing access to the website, issuing commits, cloning projects, or performing pull requests. [...] | |||
|
2022-02-02 14:24:43 | Office 365 boosts email security against MITM, downgrade attacks (lien direct) | Microsoft has added SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers' email communication integrity and security. [...] | |||
|
2022-02-02 13:45:31 | Windows 10 optional updates fix performance problems introduced last month (lien direct) | Optional updates for Windows 10 and Windows 11 released in January have fixed performance problems when playing games, using the operating system, or even opening folders in File Explorer. [...] | |||
|
2022-02-02 12:54:24 | Intel unveils Circuit Breaker bug bounty expansion for elite hackers (lien direct) | Intel says its engineers are partnering with security researchers to hunt for vulnerabilities in firmware, GPUs, hypervisors, chipsets, and other products in a new expansion to its bug bounty program. [...] | |||
|
2022-02-02 11:49:49 | KP Snacks giant hit by Conti ransomware, deliveries disrupted (lien direct) | KP Snacks, a major producer of popular British snacks has been hit by the Conti ransomware group affecting distribution to leading supermarkets. [...] | Ransomware Guideline | ★★★★ | |
|
2022-02-02 11:29:36 | Microsoft Sentinel adds threat monitoring for GitHub repos (lien direct) | Microsoft says its cloud-native SIEM (Security Information and Event Management) platform now allows to detect potential ransomware activity using the Fusion machine learning model. [...] | Threat | ||
|
2022-02-02 11:02:58 | Business services provider Morley discloses ransomware incident (lien direct) | Morley Companies Inc. disclosed a data breach after suffering a ransomware attack on August 1st, 2021, allowing threat actors to steal data before encrypting files. [...] | Ransomware Data Breach Threat | ||
|
2022-02-02 09:46:34 | SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers (lien direct) | A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. [...] | Malware Tool | ||
|
2022-02-02 06:17:31 | UEFI firmware vulnerabilities affect at least 25 computer vendors (lien direct) | Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. [...] | |||
|
2022-02-01 17:14:31 | FBI warns of fake job postings used to steal money, personal info (lien direct) | Scammers are trying to steal job seekers' money and personal information through phishing campaigns using fake advertisements posted on recruitment platforms. [...] | |||
|
2022-02-01 16:59:18 | Malicious CSV text files used to install BazarBackdoor malware (lien direct) | A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware. [...] | Malware | ||
|
2022-02-01 15:56:21 | Cloudflare launches a paid public bug bounty program (lien direct) | [...] | |||
|
2022-02-01 14:21:47 | Microsoft Defender now detects Android and iOS vulnerabilities (lien direct) | Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform. [...] | Vulnerability Threat | ★★★★ | |
|
2022-02-01 14:00:00 | Cyberspies linked to Memento ransomware use new PowerShell malware (lien direct) | An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell. [...] | Ransomware Malware Conference | APT 35 APT 35 | |
|
2022-02-01 13:41:04 | Powerful new Oski variant \'Mars Stealer\' grabbing 2FAs and crypto (lien direct) | A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. [...] | Malware | ||
|
2022-02-01 08:24:00 | British Council exposed more than 100,000 files with student records (lien direct) | More than 100,000 files with student records belonging to British Council were found exposed online. An unsecured Microsoft Azure blob found on the internet by cybersecurity firm revealed student IDs, names, usernames and email addresses, and other personal information. [...] | |||
|
2022-02-01 07:27:33 | German petrol supply firm Oiltanking paralyzed by cyber attack (lien direct) | Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. [...] | |||
|
2022-02-01 05:27:49 | (Déjà vu) Telco fined €9 million for hiding cyberattack impact to customers (lien direct) | The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures. [...] | |||
|
2022-02-01 05:23:14 | Telco fined €9 million for hiding cyberattack impact from customers (lien direct) | The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures. [...] | |||
|
2022-02-01 02:30:00 | (Déjà vu) MuddyWater hacking group targets Turkey in new campaign (lien direct) | The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions. [...] | |||
|
2022-01-31 18:27:27 | FBI warns of 2022 Beijing Olympics cyberattack, privacy risks (lien direct) | The Federal Bureau of Investigation (FBI) warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. However, evidence of such attacks being planned is yet to be uncovered. [...] | Threat | ||
|
2022-01-31 17:49:42 | Microsoft PowerToys adds Mouse and File Explorer utilities (lien direct) | Microsoft has updated PowerToys with three new utilities, including a new mouse crosshair tool to quickly find the pointer on the screen and two new File Explorer add-ons. [...] | Tool | ||
|
2022-01-31 16:15:12 | Samba bug can let remote attackers execute code as root (lien direct) | Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. [...] | Vulnerability | ||
|
2022-01-31 15:35:52 | 600K WordPress sites impacted by critical plugin RCE vulnerability (lien direct) | Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. [...] | Vulnerability | ||
|
2022-01-31 14:28:48 | QNAP: DeadBolt ransomware exploits a bug patched in December (lien direct) | Taiwan-based network-attached storage (NAS) maker QNAP urges customers to enable firmware auto-updating on their devices to defend against active attacks. [...] | Ransomware | ||
|
2022-01-31 13:18:41 | (Déjà vu) CISA adds 8 vulnerabilities to list of actively exploited bugs (lien direct) | The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new. [...] | |||
|
2022-01-31 12:17:55 | Microsoft Office 365 to add better protection for priority accounts (lien direct) | Microsoft is working on updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization (i.e., accounts of high-profile employees including executive-level managers, the ones most often targeted by attackers). [...] | |||
|
2022-01-31 11:14:28 | Russian \'Gamaredon\' hackers use 8 new malware payloads in attacks (lien direct) | The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities. [...] | Malware | ||
|
2022-01-31 10:40:46 | 277,000 routers exposed to Eternal Silence attacks via UPnP (lien direct) | A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. [...] | Threat | ||
|
2022-01-30 10:12:24 | Researchers use GPU fingerprinting to track users online (lien direct) | A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. [...] | |||
|
2022-01-30 10:00:00 | FTC: Americans lost $770 million from social media fraud surge (lien direct) | Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021. [...] |
To see everything:
Our RSS (filtrered)
