Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-08-17 16:44:07 |
Crypto-mining worm steal AWS credentials (lien direct) |
TeamTNT has become the first crypto-minining botnet to include a feature that scans and steal AWS credentials. |
|
|
|
|
2020-08-17 10:53:24 |
Ritz London suspects data breach, fraudsters pose as staff in credit card data scam (lien direct) |
Scammers phoned guests to “confirm” their credit card details for reservations. |
|
|
|
|
2020-08-17 09:21:38 |
Controversial facial recognition tech firm Clearview AI inks deal with ICE (lien direct) |
$224,000 has been spent on Clearview licenses by the US immigration and customs department. |
|
|
|
|
2020-08-17 07:42:13 |
US regulators settle with CenturyLink over anti-competition violations (lien direct) |
CenturyLink allegedly flouted court orders designed to stop anti-competitive behavior linked to the merger with Level 3. |
|
|
|
|
2020-08-14 20:52:00 |
For six months, security researchers have secretly distributed an Emotet vaccine across the world (lien direct) |
Binary Defense researchers have identified a bug in the Emotet malware and have been using it to prevent the malware from making new victims. |
Malware
|
|
|
|
2020-08-14 12:10:13 |
Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities (lien direct) |
XCSSET malware focuses on exploiting Safari and other browsers. |
Malware
|
|
|
|
2020-08-14 11:03:21 |
CactusPete hackers go on European rampage with Bisonal backdoor upgrade (lien direct) |
The APT is attacking banks and military organizations in Eastern Europe. |
|
|
|
|
2020-08-14 10:53:48 |
A simple telephony honeypot received 1.5 million robocalls across 11 months (lien direct) |
Researchers say that most campaigns take place in short-burst storms and that answering a robocall doesn't mean you'll be targeted more often in the future. |
|
|
|
|
2020-08-13 16:18:00 |
FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers (lien direct) |
The FBI and NSA issue joint security alert containing technical details about new Linux malware developed by Russia's military hackers. |
Malware
|
|
|
|
2020-08-13 11:59:05 |
Signal adds message requests to stop spam and protect user privacy (lien direct) |
New feature lets Signal users control who can text or voice call, add them to groups. |
Spam
|
|
|
|
2020-08-13 10:00:06 |
In one click: Amazon Alexa could be exploited for theft of voice history, PII, skill tampering (lien direct) |
Subdomains belonging to the service were found to be harboring CORS errors and vulnerable to XSS attacks. |
|
|
|
|
2020-08-13 07:42:13 |
FireEye\'s bug bounty program goes public (lien direct) |
42 vulnerabilities in FireEye domains have, so far, been resolved. |
|
|
|
|
2020-08-13 07:00:05 |
RedCurl cybercrime group has hacked companies for three years (lien direct) |
New hacker group discovered; believed to operate out of Russia. |
|
|
|
|
2020-08-12 16:13:13 |
ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations (lien direct) |
Academics detail a new attack on 4G encrypted calls. Attack works only when the attacker is on the same base station (mobile tower) as the victim. |
|
|
|
|
2020-08-12 10:17:42 |
Adobe tackles critical code execution vulnerabilities in Acrobat, Reader (lien direct) |
This month's security update fixes a variety of critical and important bugs in the software. |
|
|
|
|
2020-08-11 18:29:32 |
Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days (lien direct) |
Microsoft says attackers have used a Windows zero-day to spoof file signatures and another RCE in the Internet Explorer scripting engine to execute code on users' devices. |
|
|
|
|
2020-08-11 17:04:29 |
(Déjà vu) Threema joins the ranks of E2E chat apps that support encrypted video calls (lien direct) |
Other E2E chat apps that support encrypted video calls include Signal, WhatsApp, Wickr, and Wire. |
|
|
|
|
2020-08-11 17:04:00 |
Threema joins the ranks of E2EE chat apps that support encrypted video calls (lien direct) |
Other E2E chat apps that support encrypted video calls include Signal, WhatsApp, Wickr, and Wire. |
|
|
|
|
2020-08-11 14:54:00 |
Mozilla lays off 250 employees while it refocuses on commercial products (lien direct) |
Mozilla: "Our pre-COVID plan is no longer workable." |
|
|
|
|
2020-08-10 21:16:00 |
Security researcher publishes details and exploit code for a vBulletin zero-day (lien direct) |
Proof-of-concept exploit code available in Bash, Python, and Ruby. |
|
|
|
|
2020-08-10 19:18:35 |
A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks (lien direct) |
At one point, the group ran almost a quarter of all Tor exit nodes. Group still controls 10% of all Tor exit nodes today. |
|
|
|
|
2020-08-10 10:52:54 |
Have I Been Pwned to release code base to the open source community (lien direct) |
Troy Hunt has made the decision following an unsuccessful attempt to have the platform acquired. |
|
|
|
|
2020-08-10 03:04:00 |
FBI says an Iranian hacking group is attacking F5 networking devices (lien direct) |
Sources: Attacks linked to a hacker group known as Fox Kitten (or Parasite), considered Iran's "spear tip" when it comes to cyber-attacks. |
|
|
|
|
2020-08-08 18:04:31 |
China is now blocking all encrypted HTTPS traffic using TLS 1.3 and ESNI (lien direct) |
Block was put in place at the end of July and is enforced via China's Great Firewall internet surveillance technology. |
|
|
|
|
2020-08-08 07:00:08 |
DEF CON: New tool brings back \'domain fronting\' as \'domain hiding\' (lien direct) |
After Amazon and Google stopped supporting the censorship-evading domain fronting technique on their clouds in 2018, new Noctilucent toolkit aims to bring it back in a new form as "domain hiding." |
Tool
|
|
|
|
2020-08-07 17:37:00 |
Hackers are defacing Reddit with pro-Trump messages (lien direct) |
BREAKING: Massive hack hits Reddit. |
Hack
|
|
|
|
2020-08-07 16:30:00 |
Bulgarian police arrest hacker Instakilla (lien direct) |
Hacker accused of hacking and extorting companies, selling stolen data online. |
|
|
|
|
2020-08-07 16:00:00 |
Facebook open-sources one of Instagram\'s security tools (lien direct) |
In the first half of 2020, Pysa detected 44% of all security bugs in Instagram's server-side Python code. |
|
|
|
|
2020-08-07 11:02:30 |
Canon suffers ransomware attack, Maze claims responsibility (lien direct) |
Reports based on an internal memo suggest an external security firm has been hired to investigate. |
Ransomware
|
|
|
|
2020-08-07 09:34:46 |
Magecart group uses homoglyph attacks to fool you into visiting malicious websites (lien direct) |
A new campaign is utilizing the Inter kit and favicons to hide skimming activities. |
|
|
|
|
2020-08-06 21:59:12 |
Black Hat: Hackers are using skeleton keys to target chip vendors (lien direct) |
Operation Chimera focuses on the theft of valuable intellectual property and semiconductor designs. |
|
|
|
|
2020-08-06 19:23:28 |
Intel investigating breach after 20GB of internal documents leak online (lien direct) |
EXCLUSIVE: Data was leaked online today by a Swiss security researcher after receiving it from an anonymous hacker. |
|
|
|
|
2020-08-06 18:30:06 |
Black Hat: Entropy - the solution to malvertising and malspam? (lien direct) |
A researcher explores how entropy could be used to flag suspicious images and documents hiding malicious secrets. |
|
|
|
|
2020-08-06 17:31:00 |
Capital One fined $80 million for 2019 hack (lien direct) |
Office of the Comptroller of the Currency imposes mammoth fine for the bank's failure to secure its data in the cloud. |
Hack
|
|
|
|
2020-08-06 11:42:00 |
Firefox gets fix for evil cursor attack (lien direct) |
Tech support scam group found a way to abuse Firefox's previous evil cursor patch to enable new attacks. |
|
|
|
|
2020-08-06 08:45:12 |
(Déjà vu) Smart locks can be opened with nothing more than a MAC address (lien direct) |
Researchers demonstrated how remote attackers can steal UltraLoq digital keys with minimal effort. |
|
|
|
|
2020-08-06 08:45:00 |
Smart locks opened with nothing more than a MAC address (lien direct) |
Researchers demonstrated how remote attackers could steal UltraLoq digital keys with minimal effort. |
|
|
|
|
2020-08-06 04:01:05 |
Black Hat: Hackers can remotely hijack enterprise, healthcare Temi robots (lien direct) |
Temi's interactive assistance robots are remotely exploitable with little more than a phone number. |
|
|
|
|
2020-08-06 00:33:00 |
Google said it took down ten influence operation campaigns in Q2 2020 (lien direct) |
Google said the influence ops were traced back to China, Russia, Iran, and Tunisia. |
|
|
|
|
2020-08-05 21:17:00 |
US offers $10 million reward for hackers meddling in US elections (lien direct) |
This includes attacks against US election officials, election infrastructure, voting machines, but also candidates and their staff. |
|
|
|
|
2020-08-05 20:30:37 |
Black Hat: When penetration testing earns you a felony arrest record (lien direct) |
Coalfire takes us through the story of security professionals arrested at a courthouse while conducting tests on behalf of the state. |
|
|
|
|
2020-08-05 18:30:28 |
Black Hat: How hackers gain root access to SAP enterprise servers through SolMan (lien direct) |
Researchers demonstrated how the SAP Solution Manager could provide a bridge to full server access. |
|
|
|
|
2020-08-05 18:03:08 |
Twitter patches Android app to prevent exploitation of bug that can grant access to DMs (lien direct) |
Actual bug resided in the Android 8 and Android 9 operating systems. Twitter updated its Android app to prevent exploitation. |
|
|
|
|
2020-08-05 17:26:55 |
Black Hat: How your pacemaker could become an insider threat to national security (lien direct) |
Implanted medical devices are an overlooked security challenge that is only going to increase over time. |
Threat
|
|
|
|
2020-08-05 16:52:00 |
New EtherOops attack takes advantage of faulty Ethernet cables (lien direct) |
EtherOops attack can be used to bypass network defenses and attack devices inside closed enterprise networks. |
|
|
|
|
2020-08-05 12:03:38 |
FBI issues warning over Windows 7 end-of-life (lien direct) |
The FBI says companies running Windows 7 systems are now in greater risk of getting hacked due to a lack of security updates. |
|
|
|
|
2020-08-05 02:19:58 |
Cluster of 295 Chrome extensions caught hijacking Google and Bing search results (lien direct) |
The malicious Chrome extensions have been installed by more than 80 million users. |
|
|
|
|
2020-08-04 22:44:00 |
Hacker leaks passwords for 900+ enterprise VPN servers (lien direct) |
EXCLUSIVE: The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs. |
Ransomware
|
|
|
|
2020-08-04 18:02:58 |
Firefox adds protections against redirect tracking (lien direct) |
New protection already active in Firefox 79; will roll out to all Firefox users in the next few weeks. |
|
|
|
|
2020-08-04 16:20:12 |
Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH) (lien direct) |
Kaspersky says Oilrig (APT34) group has been using DoH to silently exfiltrate data from hacked networks. |
|
APT 34
|
|