What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-27 07:56:23 | Windows 11 bug causes color rendering issues on HDR displays (lien direct) | Microsoft has confirmed a new issue impacting devices running Windows 11, version 21H2, where apps using Win32 APIs to render colors on some high dynamic range (HDR) displays may not work as expected. [...] | |||
|
2021-12-27 02:56:34 | Shutterfly services disrupted by Conti ransomware attack (lien direct) | Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data. [...] | Ransomware | ||
|
2021-12-26 13:41:42 | Privacy-focused search engine DuckDuckGo grew by 46% in 2021 (lien direct) | The privacy-focused search engine DuckDuckGo continues to grow rapidly, with the company now averaging over 100 million daily search queries and growing by almost 47% in 2021. [...] | |||
|
2021-12-24 16:34:18 | The Week in Ransomware - December 24th 2021 - No rest for the weary (lien direct) | The holiday season is here, but there is no rest for our weary admins as ransomware gangs are still conducting attacks over the Christmas and New Years breaks. [...] | Ransomware | ||
|
2021-12-24 11:26:18 | Rook ransomware is yet another spawn of the leaked Babuk code (lien direct) | A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices. [...] | Ransomware | ||
|
2021-12-24 11:00:32 | Global IT services provider Inetum hit by ransomware attack (lien direct) | Less than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack that had a limited impact on the business and its customers. [...] | Ransomware | ||
|
2021-12-24 10:27:54 | Android banking trojan spreads via fake Google Play Store page (lien direct) | An Android banking trojan targeting Itaú Unibanco, a large financial services provider in Brazil with 55 million customers globally, is using a fake Google Play store to spread to devices. [...] | |||
|
2021-12-24 10:00:00 | Blackmagic fixes critical DaVinci Resolve code execution flaws (lien direct) | Blackmagic Software has recently addressed two security vulnerabilities in the highly popular DaVinci Resolve software that would allow attackers to gain code execution on unpatched systems. [...] | |||
|
2021-12-24 08:11:22 | Dridex Omicron phishing taunts with funeral helpline number (lien direct) | A malware distributor for the Dridex banking malware has been toying with victims and researchers over the last few weeks. The latest example is a phishing campaign that taunts victims with a COVID-19 funeral assistance helpline number. [...] | Malware | ||
|
2021-12-23 17:33:01 | Stealthy BLISTER malware slips in unnoticed on Windows systems (lien direct) | Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables. [...] | Malware | ★★★★ | |
|
2021-12-23 17:09:32 | Apple fixes macOS security flaw behind Gatekeeper bypass (lien direct) | Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. [...] | Vulnerability | ★★★ | |
|
2021-12-23 13:31:49 | Phishing campaign targets CoinSpot cryptoexchange 2FA codes (lien direct) | A new phishing campaign that targets users of the CoinSpot cryptocurrency exchange employs a new theme that revolves around withdrawal confirmations. [...] | |||
|
2021-12-23 12:47:14 | AvosLocker ransomware reboots in Safe Mode to bypass security tools (lien direct) | Recent AvosLocker ransomware attacks are characterized by a focus on disabling endpoint security solutions that stand in the way of threat actors. [...] | Ransomware Threat | ||
|
2021-12-23 10:49:36 | Pro Wrestling Tees discloses data breach after credit cards stolen (lien direct) | Popular wrestling t-shirt site Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. [...] | Data Breach | ||
|
2021-12-23 10:01:23 | VK introduces 2FA and plans to make it mandatory in 2022 (lien direct) | VK, Russia's most popular social media platform with 650 million users, is finally introducing two-factor authentication on all its services and plans to make it mandatory in February 2022 for administrators of large communities. [...] | |||
|
2021-12-22 16:46:05 | Honeypot experiment reveals what hackers want from IoT devices (lien direct) | A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. [...] | |||
|
2021-12-22 15:30:00 | \'Hack DHS\' bug bounty program expands to Log4j security flaws (lien direct) | The Department of Homeland Security (DHS) has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities. [...] | |||
|
2021-12-22 14:51:13 | Rideshare account hacker faces up to 22 years in prison (lien direct) | A man pleaded guilty to fraudulently opening rideshare and delivery service accounts using stolen identity information sold on dark web marketplaces. [...] | Guideline | ★★ | |
|
2021-12-22 14:15:54 | Microsoft Azure App Service flaw exposed customer source code (lien direct) | A security flaw found in Azure App Service, a Microsoft-managed platform for building and hosting web apps, led to the exposure of PHP, Node, Python, Ruby, or Java customer source code deployed on Microsoft's cloud infrastructure. [...] | ★★★★★ | ||
|
2021-12-22 14:00:58 | Opera browser working on clipboard anti-hijacking feature (lien direct) | The Opera browser team is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping. [...] | |||
|
2021-12-22 12:47:28 | Microsoft Teams bug allowing phishing unpatched since March (lien direct) | Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Team's link preview feature reported since March 2021. [...] | |||
|
2021-12-22 12:15:38 | Dridex malware trolls employees with fake job termination emails (lien direct) | A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message. [...] | Malware | ||
|
2021-12-22 10:42:21 | NVIDIA discloses applications impacted by Log4j vulnerability (lien direct) | NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. [...] | Vulnerability | ||
|
2021-12-22 10:23:40 | CISA releases Apache Log4j scanner to find vulnerable apps (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. [...] | |||
|
2021-12-22 08:24:22 | Major services including Slack, AWS, Hulu, Imgur facing outages (lien direct) | Major services across the internet are currently facing ongoing networking outages. [...] | |||
|
2021-12-21 17:37:20 | PYSA ransomware behind most double extortion attacks in November (lien direct) | Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal. [...] | Ransomware Tool Threat | ||
|
2021-12-21 17:07:32 | New Dell BIOS updates cause laptops and desktops not to boot (lien direct) | Recently released Dell BIOS updates are reportedly causing serious boot problems on multiple laptops and desktop models. [...] | |||
|
2021-12-21 15:02:41 | 2easy now a significant dark web marketplace for stolen data (lien direct) | A dark web marketplace named '2easy' is becoming a significant player in the sale of stolen data "Logs" harvested from roughly 600,000 devices infected with information-stealing malware. [...] | |||
|
2021-12-21 14:25:26 | 800K WordPress sites still impacted by critical SEO plugin flaw (lien direct) | Two critical and high severity security vulnerabilities in the highly popular "All in One" SEO WordPress plugin exposed over 3 million websites to takeover attacks. [...] | |||
|
2021-12-21 12:51:27 | Threat actors steal $80 million per month with fake giveaways, surveys (lien direct) | Scammers are estimated to have made $80 million per month by impersonating popular brands asking people to participate in fake surveys or giveaways. [...] | |||
|
2021-12-21 12:18:07 | Russian hackers made millions by stealing SEC earning reports (lien direct) | A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions (SEC) system. [...] | |||
|
2021-12-21 12:03:15 | US returns $154 Million in bitcoins stolen by Sony employee (lien direct) | The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack. [...] | |||
|
2021-12-21 10:23:54 | Garrett walk-through metal detectors can be remotely manipulated (lien direct) | Two widely used walk-through metal detectors made by Garrett are vulnerable to many remotely exploitable flaws that could severely impair their functionality, thus rendering security checkpoints deficient. [...] | |||
|
2021-12-21 08:06:10 | Windows 10 21H2 adds ransomware protection to security baseline (lien direct) | Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit. [...] | Ransomware | ||
|
2021-12-20 14:51:43 | Microsoft warns of easy Windows domain takeover via Active Directory bugs (lien direct) | Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. [...] | |||
|
2021-12-20 13:37:26 | Meta sues people behind Facebook and Instagram phishing (lien direct) | Meta (formerly known as Facebook) has filed a federal lawsuit in California court to disrupt phishing attacks targeting Facebook, Messenger, Instagram, and WhatsApp users. [...] | |||
|
2021-12-20 13:06:53 | FBI: State hackers exploiting new Zoho zero-day since October (lien direct) | The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October. [...] | Vulnerability | ||
|
2021-12-20 12:49:11 | UK govt shares 585 million passwords with Have I Been Pwned (lien direct) | The United Kingdom's National Crime Agency has contributed more than 585 million passwords to the Have I Been Pwned service that lets users check if their login information has leaked online. [...] | |||
|
2021-12-20 11:33:11 | Log4j vulnerability now used to install Dridex banking malware (lien direct) | Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. [...] | Malware Vulnerability Threat | ||
|
2021-12-20 10:46:02 | T-Mobile says it blocked 21 billion scam calls this year (lien direct) | T-Mobile says it blocked 21 billion scam, spam, and unwanted robocalls this year through its free Scam Shield robocall and scam protection service, amounting to an average of 1.8 billion scam calls identified or blocked every month. [...] | |||
|
2021-12-20 06:00:00 | Phishing attacks impersonate Pfizer in fake requests for quotation (lien direct) | Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims. [...] | Threat | ||
|
2021-12-19 11:02:01 | New stealthy DarkWatchman malware hides in the Windows Registry (lien direct) | A new malware named 'DarkWatchman' has emerged in the cybercrime underground, and it's a lightweight and highly-capable JavaScript RAT (Remote Access Trojan) paired with a C# keylogger. [...] | Malware | ||
|
2021-12-18 10:36:18 | Western Digital warns customers to update their My Cloud devices (lien direct) | Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support. [...] | |||
|
2021-12-18 05:29:24 | Upgraded to log4j 2.16? Surprise, there\'s a 2.17 fixing DoS (lien direct) | Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes CVE-2021-45105, a DoS vulnerability. [...] | ★★★ | ||
|
2021-12-17 18:37:23 | The Week in Ransomware - December 17th 2021 - Enter Log4j (lien direct) | A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat actors as part of their ransomware attacks. [...] | Ransomware Vulnerability Threat | ||
|
2021-12-17 15:25:06 | TellYouThePass ransomware revived in Linux, Windows Log4j attacks (lien direct) | Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library. [...] | Ransomware Threat | ||
|
2021-12-17 14:06:08 | Credit card info of 1.8 million people stolen from sports gear sites (lien direct) | Four affiliated online sports gear sites have disclosed a cyberattack where threat actors stole credit cards for 1,813,224 customers. [...] | Threat | ||
|
2021-12-17 13:32:30 | CISA urges VMware admins to patch critical flaw in Workspace ONE UEM (lien direct) | CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM console that threat actors could abuse to gain access to sensitive information. [...] | Vulnerability Threat | ||
|
2021-12-17 12:35:43 | (Déjà vu) US orders federal govt agencies to patch critical Log4j bug (lien direct) | US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days. [...] | Vulnerability | ||
|
2021-12-17 12:35:43 | US emergency directive orders govt agencies to patch Log4j bug (lien direct) | US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
