Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-03-16 10:12:27 |
Slack fixes vulnerability exploitable for session hijacking, account takeovers (lien direct) |
Slack's team jumped on the critical bug and patched the flaw within a matter of hours. |
Vulnerability
|
|
|
|
2020-03-16 06:00:07 |
WordPress to add auto-update feature for themes and plugins (lien direct) |
Auto-update feature is only available for the WordPress CMS core now. To be expanded for themes and plugins. |
|
|
|
|
2020-03-15 23:43:00 |
Microsoft Bing team launches COVID-19 tracker (lien direct) |
Microsoft's COVID-19 tracker is located at bing.com/covid. |
|
|
|
|
2020-03-14 08:00:06 |
Browser vendor leaks data via open server (lien direct) |
Blisk browser devs left an Elasticsearch server exposed online without a password. |
|
|
|
|
2020-03-13 17:36:47 |
Czech hospital hit by cyber-attack while in the midst of a COVID-19 outbreak (lien direct) |
One of the Czech Republic's biggest COVID-19 testing laboratories hit by mysterious cyber-attack. |
|
|
|
|
2020-03-13 13:37:00 |
Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn\'t (lien direct) |
Tor team says it's working on a fix, but has no timeline. |
|
|
|
|
2020-03-13 11:07:33 |
Europol takes down SIM-swap hacking rings responsible for theft of millions of euros (lien direct) |
Arrests have been made across Europe in an effort to stamp out gangs specializing in SIM-swapping attacks. |
|
|
|
|
2020-03-13 02:00:00 |
State-sponsored hackers are now using coronavirus lures to infect their targets (lien direct) |
Chinese, North Korean, and Russian government cyberspies caught using COVID-19-themed emails to infect victims with malware. |
|
|
|
|
2020-03-12 18:31:08 |
Microsoft discontinues RDCMan app following security bug (lien direct) |
Microsoft recommends using the Windows in-box remote desktop client (MSTSC) instead. |
|
|
|
|
2020-03-12 16:06:00 |
Microsoft patches SMBv3 wormable bug that leaked earlier this week (lien direct) |
Fix for CVE-2020-0796 is now rolling out to Windows 10 and Windows Server 2019 systems worldwide. |
|
|
|
|
2020-03-12 14:00:08 |
Card data from the Volusion web skimmer incident surfaces on the dark web (lien direct) |
In September-October 2019, hackers planted malware to steal card data from 6,589 online stores. |
Malware
|
|
|
|
2020-03-12 12:14:17 |
Cookiethief Android malware uses proxies to hijack your Facebook account (lien direct) |
Cookiethief Trojan infections are on the rise and Facebook cookies appear to be a prime target. |
Malware
|
|
|
|
2020-03-11 20:25:06 |
Avast disables JavaScript engine in its antivirus following major bug (lien direct) |
Vulnerability would have allowed attackers to take over computers running the Avast antivirus. |
Vulnerability
|
|
|
|
2020-03-11 17:25:00 |
Dutch government loses hard drives with data of 6.9 million registered donors (lien direct) |
External hard drives stored all donor data from February 1998 to June 2010. |
|
|
|
|
2020-03-11 12:30:05 |
Why are governments so vulnerable to ransomware attacks? (lien direct) |
Government systems paralyzed by malware cause chaos. New research explores why are attacks so frequently successful. |
Ransomware
Malware
|
|
|
|
2020-03-11 11:57:05 |
Whisper, an anonymous secret-sharing app, failed to keep messages or profiles private (lien direct) |
Millions of users' private profiles and highly sensitive datasets were viewable online. |
|
|
|
|
2020-03-11 08:58:15 |
University of Hertfordshire avoids data breach action by UK watchdog (lien direct) |
The ICO is taking no further action despite student information being inappropriately shared. |
Data Breach
|
|
|
|
2020-03-11 02:03:50 |
Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks (lien direct) |
Academics break TRR protections on RAM cards for new Rowhammer attacks. |
|
|
|
|
2020-03-10 22:55:25 |
Microsoft March 2020 Patch Tuesday fixes 115 vulnerabilities (lien direct) |
The March 2020 Patch Tuesday is the largest Patch Tuesday release in Microsoft's history. |
|
|
|
|
2020-03-10 20:58:00 |
Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu (lien direct) |
SMB vulnerability is currently not patched, but now everyone knows it's there. |
Vulnerability
|
|
|
|
2020-03-10 17:26:27 |
Microsoft orchestrates coordinated takedown of Necurs botnet (lien direct) |
Microsoft and partners in 35 countries move to bring down Necurs, today's largest malware botnet. |
Malware
|
|
|
|
2020-03-10 17:00:06 |
Intel CPUs vulnerable to new LVI attacks (lien direct) |
Researchers say Intel processors will need another round of silicon chip re-designs to protect against new attack. |
|
|
|
|
2020-03-10 13:59:50 |
Avast AntiTrack certificate bug allowed others to snoop on your online activities (lien direct) |
The vulnerability opened up PCs to browser hijacking and more. |
Vulnerability
|
|
|
|
2020-03-10 05:50:00 |
FBI arrests Russian behind Deer.io, a Shopify-like platform for cybercrime (lien direct) |
Feds say Deer.io has been hosting hundreds of online shops where hackers are selling hacked accounts. |
|
|
|
|
2020-03-10 04:03:00 |
Years-long campaign targets hackers through trojanized hacking tools (lien direct) |
A group believed to reside in Vietnam has been hacking other hackers for years. |
|
|
|
|
2020-03-09 23:11:27 |
Spying concerns raised over Iran\'s official COVID-19 detection app (lien direct) |
Google removes Iran's official COVID-19 detection app from the Play Store. |
|
|
|
|
2020-03-09 15:05:17 |
Brave to generate random browser fingerprints to preserve user privacy (lien direct) |
"Brave's new approach aims to make every browser look completely unique, both between websites and between browsing sessions." |
|
|
|
|
2020-03-09 09:37:00 |
NordVPN HTTP POST bug exposed customer information, no authentication required (lien direct) |
The exploit could be triggered with a simple request. |
|
|
|
|
2020-03-09 00:14:47 |
Multiple nation-state groups are hacking Microsoft Exchange servers (lien direct) |
Government-backed groups are exploiting CVE-2020-0688 to take over Exchange email servers. |
|
|
|
|
2020-03-07 20:58:00 |
A list of security conferences canceled or postponed due to coronavirus concerns (lien direct) |
Some conferences have canceled, some have postponed the event, while others have gone virtual. |
|
|
|
|
2020-03-07 15:39:00 |
AMD processors from 2011 to 2019 vulnerable to two new attacks (lien direct) |
Academics disclose new Collide+Probe and Load+Reload attacks on AMD CPUs. |
|
|
|
|
2020-03-07 07:30:06 |
Google could have fixed 2FA code-stealing flaw in Authenticator app years ago (lien direct) |
Google Authenticator app lets other apps take screenshots of its code. Issue was first reported to Google in October 2014, but it was never addressed. |
|
|
|
|
2020-03-06 17:25:00 |
Former DHS official charged with theft of confidential government software, databases (lien direct) |
Former DHS Acting Inspector General accused of stealing DHS software in an attempt to make a profit by reselling it back to the US government. |
|
|
|
|
2020-03-06 12:10:00 |
Zoho zero-day published on Twitter (lien direct) |
Security experts fear the bug may be soon exploited by ransomware gangs. |
Ransomware
|
|
|
|
2020-03-06 06:00:04 |
Microsoft: 99.9% of compromised accounts did not use multi-factor authentication (lien direct) |
Only 11% of all enterprise accounts use a MFA solution overall. |
|
|
|
|
2020-03-05 23:05:36 |
Virgin Media exposes data of 900,000 users via unprotected marketing database (lien direct) |
UK telephone, television, and internet provider Virgin Media discloses data leak. |
|
|
|
|
2020-03-05 21:25:47 |
One of Roman Abramovich\'s companies got hit by ransomware (lien direct) |
Steel maker EVRAZ's North American operations are down after an infection with the Ryuk ransomware. |
Ransomware
|
|
|
|
2020-03-05 20:08:38 |
(Déjà vu) Facebook sues Namecheap for letting scammers register lookalike domains (lien direct) |
Facebook says Namecheap did not cooperate and share details about owners of suspicious domains. |
|
|
|
|
2020-03-05 20:08:00 |
Facebook sues Namecheap to unmask hackers who registered malicious domains (lien direct) |
Facebook says Namecheap did not cooperate and share details about the owners of the suspicious domains. |
|
|
|
|
2020-03-05 18:18:01 |
Microsoft, Google, Facebook, and others join forces with law enforcement on child abuse crackdown (lien direct) |
Participating tech firms include Facebook, Google, Microsoft, Twitter, Snap, and Roblox. |
|
|
|
|
2020-03-05 14:00:09 |
Intel CSME bug is worse than previously thought (lien direct) |
Researchers say a full patch requires replacing hardware. Only the latest Intel 10th generation CPUs are not affected. |
|
|
|
|
2020-03-05 12:57:00 |
T-Mobile says hacker gained access to employee email accounts, user data (lien direct) |
This is the second security breach T-Mobile discloses in the last six months, after a first incident in November 2019. |
|
|
|
|
2020-03-05 11:42:07 |
Backdoor malware is being spread through fake security certificate alerts (lien direct) |
Victims of this new technique are invited to install a malicious "security certificate update" when they visit compromised websites. |
Malware
|
|
|
|
2020-03-05 10:00:04 |
Chinese hackers use decade-old Bisonal Trojan in cyberespionage campaigns (lien direct) |
The RAT's core functions remain the same but it is unusual that the malware has been rehashed over so many years. |
Malware
|
|
|
|
2020-03-05 03:25:47 |
Ryuk ransomware hits Fortune 500 company EMCOR (lien direct) |
Company expects the incident to have an impact on its 2020 earnings, according to its 2019 Q4 financial report. |
Ransomware
|
|
|
|
2020-03-05 02:26:00 |
Malicious Chrome extension caught stealing Ledger wallet recovery seeds (lien direct) |
A Chrome extension named Ledger Live was exposed today as malicious. It is currently heavily promoted via Google search ads. |
|
|
|
|
2020-03-04 23:21:00 |
Browsers to block access to HTTPS sites using TLS 1.0 and 1.1 starting this month (lien direct) |
More than 850,000 websites still use outdated TLS 1.0 and 1.1 protocols. |
|
|
|
|
2020-03-04 12:00:02 |
Coronavirus claims another major tech event: Kaspersky\'s Security Analyst Summit postponed (lien direct) |
Organizers say that it won't be a “real” SAS without the hugs and clinking of beer glasses. |
|
|
|
|
2020-03-04 00:41:00 |
Let\'s Encrypt to revoke 3 million certificates on March 4 due to software bug (lien direct) |
Let's Encrypt issued 3,048,289 TLS certificates without checking the CAA field for the requesting domain. |
|
|
|
|
2020-03-03 20:25:59 |
Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums (lien direct) |
Impacted projects include WordPress, Concrete5, Composr, SilverStripe, ZenCart, and others. |
|
|
|