Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-14 16:25:04 |
Twitter bug automatically suspends you when tweeting \'Memphis\' (lien direct) |
A bug on Twitter is causing users to become temporarily suspended if they tweet the word 'Memphis,' BleepingComputer has confirmed. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-14 15:42:50 |
New PoC for Microsoft Exchange bugs puts attacks in reach of anyone (lien direct) |
A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-14 09:11:29 |
Windows 10 \'Spring Update\' - The new features and how to download (lien direct) |
Windows 10 21H1, aka the 'Spring Update,' is slated for release within the next two months, and while it does not contain too many new and interesting features, it does get us ready for a more exciting feature update coming this fall. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-13 14:12:21 |
Microsoft Edge to use a four-week release cycle to sync with Chrome (lien direct) |
Major 'Stable' versions of Microsoft Edge will now be released every four weeks to synchronize with the new four-week release cycle announced by Google Chrome. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-13 12:28:50 |
CEO of Sky Global encrypted chat platform indicted by US (lien direct) |
The US Department of Justice has indicted the CEO of encrypted messaging company Sky Global, and an associate for allegedly aiding criminal enterprises avoid detection by law enforcement. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-13 10:15:00 |
15-year-old Linux kernel bugs let attackers gain root privileges (lien direct) |
Three security vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-13 09:15:00 |
Microsoft shares temporary fix for Windows 10 printing crashes (lien direct) |
Microsoft has provided a temporary fix for the Windows 10 blue screen crashes plaguing customers when printing after installing the March 2021 cumulative updates. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 18:51:27 |
The Week in Ransomware - March 12th 2021 - Encrypting Exchange servers (lien direct) |
For the past two weeks, the cybersecurity news has been dominated by stories about the Microsoft Exchange ProxyLogon vulnerabilities. One overriding concern has been when will ransomware actors use the vulnerabilities to compromise and encrypt mail servers. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 16:10:28 |
(Déjà vu) Google fixes second actively exploited Chrome zero-day this month (lien direct) |
Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 14:57:57 |
Scammers promote fake cryptocurrency giveaways via Twitter ads (lien direct) |
Threat actors have started to use 'Promoted' tweets, otherwise known as Twitter ads, to spread cryptocurrency giveaway scams. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 14:30:09 |
Google shares Spectre PoC targeting browser JavaScript engines (lien direct) |
Google has published JavaScript proof-of-concept (PoC) code to demonstrate the practicality of using Spectre exploits targeting web browsers to gain access to information from a browser's memory. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 13:20:18 |
Microsoft Exchange exploits now used by cryptomining malware (lien direct) |
The operators of Lemon_Duck, a cryptomining botnet that targets enterprise networks, are now using Microsoft Exchange ProxyLogon exploits in attacks against unpatched servers. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 11:46:39 |
Researchers hacked Indian govt sites via exposed git and env files (lien direct) |
Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government. The full findings disclosed today shed light on the routes leveraged by the researchers, including finding exposed .git directories and .env files on some of these systems. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 11:14:54 |
New ZHtrap botnet malware deploys honeypots to find more targets (lien direct) |
A new botnet is hunting down and transforming unpatched routers, DVRs, and UPnP network devices it takes over into honeypots that help it find other devices to infect. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 09:50:26 |
Google Chrome now gobbles up 20% less memory on Windows (lien direct) |
Google says that the latest Google Chrome version comes with major memory savings on Windows systems and improves energy consumption and overall responsiveness. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-12 02:45:26 |
OVH data center fire likely caused by faulty UPS power supply (lien direct) |
OVH founder and chairman Octave Klaba has provided a plausible explanation for the fire that burned down OVH data centers in Strasbourg, France. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 19:39:25 |
(Déjà vu) Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits (lien direct) |
A new ransomware called 'DEARCRY' is targeting Microsoft Exchange servers, with one victim stating they were infected via the ProxyLogon vulnerabilities. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 19:39:25 |
New DEARCRY Ransomware is targeting Microsoft Exchange Servers (lien direct) |
A new ransomware called 'DEARCRY' is targeting Microsoft Exchange servers, with one victim stating they were infected via the ProxyLogon vulnerabilities. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 17:14:02 |
7-Zip developer releases the first official Linux version (lien direct) |
An official version of the popular 7-zip archiving program has been released for Linux for the first time. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 14:40:02 |
New Firefox version fixes Linux crashes, Apple Silicon hangs (lien direct) |
Mozilla today started rolling out Firefox 86.0.1 to address a known bug causing the web browser to crash frequently when launched on Linux systems. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 13:45:19 |
(Déjà vu) Smart sex toys come with Bluetooth and remote hijacking weaknesses (lien direct) |
Today, researchers have exposed common weaknesses lurking in the latest smart sex toys that can be exploited by attackers. As more as more adult toy brands enter the market, and COVID-19 situation has led to a rapid increase in sex toy sales, researchers believe a discussion around the security of these devices is vital. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 13:45:19 |
Smart sex toys come with Bluetooth and remote access weaknesses (lien direct) |
Today, researchers have exposed common weaknesses lurking in the latest smart sex toys that can be exploited by attackers. As more as more adult toy brands enter the market, and COVID-19 situation has led to a rapid increase in sex toy sales, researchers believe a discussion around the security of these devices is vital. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 13:12:54 |
Molson Coors brewing operations disrupted by cyberattack (lien direct) |
The Molson Coors Beverage Company has suffered a cyberattack that is causing significant disruption to business operations. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 11:14:53 |
CISA: No federal civilian agency hacked in Exchange attacks, so far (lien direct) |
CISA officials said that, so far, there is no evidence of US federal civilian agencies compromised during ongoing attacks targeting Microsoft Exchange servers. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 08:46:18 |
Chinese state hackers target Linux systems with new malware (lien direct) |
Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-11 05:18:30 |
Microsoft confirms Windows 10 crash issue due to March updates (lien direct) |
Microsoft has confirmed that Windows 10 devices might crash with a Blue Screen of Death (BSOD) when printing under certain conditions after applying the March KB5000802 cumulative update. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 15:49:33 |
Linux Foundation unveils Sigstore - a Let\'s Encrypt for code signing (lien direct) |
The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free 'sigstore' service that lets developers code-sign and verify open source software to prevent supply-chain attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 14:03:06 |
Europol \'unlocks\' encrypted Sky ECC chat service to make arrests (lien direct) |
European law enforcement authorities have made a large number of arrests after a joint operation involving the monitoring of organized crime communication channels over the Sky ECC encrypted chat. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 12:50:24 |
Windows 10 crashes when printing due to Microsoft March updates (lien direct) |
Microsoft has pulled the Windows 10 10 KB5000802 and KB5000808 cumulative updates afters users began reporting Blue Screen of Death crashes when printing to network printers. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 12:04:10 |
(Déjà vu) F5 urges customers to patch critical BIG-IP pre-auth RCE bug (lien direct) |
F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ software. [...] |
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 12:04:10 |
F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs (lien direct) |
F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ software. [...] |
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 10:57:36 |
Norway parliament data stolen in Microsoft Exchange attack (lien direct) |
Norway's parliament, the Storting, has suffered another cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 09:42:20 |
More hacking groups join Microsoft Exchange attack frenzy (lien direct) |
More state-sponsored hacking groups have joined the ongoing attacks targeting tens of thousands of on-premises Exchange servers impacted by severe vulnerabilities tracked as ProxyLogon. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 08:35:58 |
Ryuk ransomware hits 700 Spanish government labor agency offices (lien direct) |
The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-10 03:08:14 |
OVH data center burns down knocking major sites offline (lien direct) |
In a major unprecedented incident, data centers of OVH located in Strasbourg, France have been destroyed by fire. Customers are being advised by the company to enact their disaster recovery plans after the fire has rendered multiple data centers unserviceable, impacting websites around the world. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 19:25:59 |
Microsoft Edge Legacy will now prompt you to install Chromium Edge (lien direct) |
Microsoft Edge Legacy has officially reached the end of life today, and starting tomorrow, the web browser will begin displaying notifications telling users to switch to the new Chromium-based Microsoft Edge. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 19:05:30 |
iPhone Call Recorder bug gave acess to other people\'s conversations (lien direct) |
An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 17:25:19 |
Hackers access surveillance cameras at Tesla, Cloudflare, banks, more (lien direct) |
Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 15:20:34 |
US seizes more domains used in COVID-19 vaccine phishing attacks (lien direct) |
The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 13:30:08 |
Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days (lien direct) |
Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 13:27:25 |
(Déjà vu) Windows 10 Cumulative Updates KB5000808 & KB5000802 released (lien direct) |
As part of the March Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 13:05:44 |
Microsoft shares detection, mitigation advice for Azure LoLBins (lien direct) |
Azure LoLBins can be used by attackers to bypass network defenses, deploy cryptominers, elevate privileges, and disable real-time protection on a targeted device. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 12:14:37 |
Wordpress plans to drop support for Internet Explorer 11 (lien direct) |
The most well-known and popular blogging platform, WordPress, is considering dropping support for Internet Explorer 11 as the browser's usage dips below 1%. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 11:27:27 |
Adobe fixes critical Creative Cloud, Adobe Connect vulnerabilities (lien direct) |
Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 10:37:08 |
z0Miner botnet hunts for unpatched ElasticSearch, Jenkins servers (lien direct) |
A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 10:07:00 |
GandCrab ransomware affiliate arrested for phishing attacks (lien direct) |
A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 09:36:45 |
Security bug hunters focus on misconfigured services, earn big rewards (lien direct) |
An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 08:01:31 |
Microsoft releases ProxyLogon updates for unsupported Exchange Servers (lien direct) |
Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 04:16:56 |
(Déjà vu) GitHub fixes bug causing users to log into other accounts (lien direct) |
Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-03-09 04:16:56 |
GitHub bug caused users to login to other user accounts (lien direct) |
Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party. [...] |
|
|
|