What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-14 23:50:26 | NSA warns against using DoH inside enterprise networks (lien direct) | The NSA urges companies to host their own DoH resolvers and avoid sending DNS traffic to third-parties. | |||
|
2021-01-14 20:16:00 | Facebook sues two Chrome extension devs for scraping user data (lien direct) | Facebook filed a lawsuit today in Portugal against browser extension maker Oink and Stuff. | |||
|
2021-01-14 20:03:28 | SolarWinds defense: How to stop similar attacks (lien direct) | The Linux Foundation, which knows a thing or two about building secure software, has suggestions on how we can avoid SolarWinds type attacks in the future. It won't be easy. But it must be done. | |||
|
2021-01-14 16:14:57 | Cisco says it won\'t patch 74 security bugs in older RV routers that reached EOL (lien direct) | Cisco advises RV110W, RV130, RV130W, and RV215W device owners to migrate to newer gear. | |||
|
2021-01-14 13:32:34 | Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs (lien direct) | The ContentFilterExclusionList has been removed in macOS 11.2 beta 2. | |||
|
2021-01-14 13:28:50 | Trump ban: No \'moment for celebration\' in the eyes of Twitter chief (lien direct) | Analysis: Twitter CEO Jack Dorsey has highlighted how enmeshed private companies, politics, and public safety have become. | |||
|
2021-01-14 11:00:00 | Scam-as-a-Service operation made more than $6.5 million in 2020 (lien direct) | "Classiscam" operation is made up of around 40 groups operating in the US and across several European countries. | |||
|
2021-01-14 09:24:37 | Ring trials customer video end-to-end encryption for smart doorbells (lien direct) | The security feature will be opt-in for users that want to encrypt their video feeds. | |||
|
2021-01-13 18:48:03 | Iranian cyberspies behind major Christmas SMS spear-phishing campaign (lien direct) | Iranian hackers managed to successfully hide URLs to phishing sites behind legitimate google.com links. | |||
|
2021-01-13 14:02:46 | TikTok tightens up privacy controls for young users (lien direct) | The default privacy setting for young users will now be set to private. | |||
|
2021-01-13 11:42:51 | RG Coins cryptocurrency exchange owner lands 10 years behind bars for money laundering (lien direct) | Prosecutors uncovered fake auctions, scammed customers, and a web of cash-to-cryptocurrency schemes. | |||
|
2021-01-13 10:13:38 | Adobe fixes critical code execution vulnerabilities in 2021\'s first major patch round (lien direct) | Seven different products have received fixes during January's security update. | |||
|
2021-01-12 19:59:00 | Google reveals sophisticated Windows & Android hacking operation (lien direct) | The attackers used a combination of Android, Chrome, and Windows vulnerabilities, including both zero-days and n-days exploits. | |||
|
2021-01-12 18:18:00 | Microsoft fixes Defender zero-day in January 2021 Patch Tuesday (lien direct) | Microsoft fixes 83 security bugs in the January 2021 Patch Tuesday releases. | |||
|
2021-01-12 15:44:00 | Mimecast says hackers abused one of its certificates to access Microsoft accounts (lien direct) | Mimecast, a provider of email management software, said learned of the security incident from Microsoft. | |||
|
2021-01-12 14:53:19 | macOS malware used run-only AppleScripts to avoid detection for five years (lien direct) | The macOS.OSAMiner has been active since 2015, primarily infecting users in Asia. | Malware | ||
|
2021-01-12 10:30:03 | Colombian energy, metal firms under fire in new Trojan attack wave (lien direct) | Threat actors have selected three different Trojans to conduct cyberespionage. | Threat | ||
|
2021-01-12 08:12:40 | Facebook targets “stop the steal” content ahead of Inauguration Day (lien direct) | Facebook is ramping up content moderation efforts with “new urgency.” | |||
|
2021-01-12 01:45:00 | Third malware strain discovered in SolarWinds supply chain attack (lien direct) | CrowdStrike, one of the two security firms formally investigating the hack, sheds some light on how hackers compromised the SolarWinds Orion app build process. | Malware | ||
|
2021-01-11 21:30:22 | Ubiquiti tells customers to change passwords after security breach (lien direct) | Data for UI.com accounts was accessed in mysterious data breach. | |||
|
2021-01-11 21:30:04 | CES 2021: Intel adds ransomware detection capabilities at the silicon level (lien direct) | Intel 11th Gen Intel Core vPro CPUs with support for the Hardware Shield and TDT features will be able to detect ransomware attacks at the hardware level, many layers below antivirus software. | Ransomware | ||
|
2021-01-11 19:28:12 | Microsoft Sysmon adds support for detecting Process Herpaderping attacks (lien direct) | Sysmon 13.00, released today, can detect both Process Hollowing and Process Herpaderping attacks, giving system administrators an edge in detecting and debugging malware attacks. | Malware | ||
|
2021-01-11 15:52:48 | Free decrypter released for victims of Darkside ransomware (lien direct) | A new tool released today by Romanian security firm Bitdefender allows victims of the Darkside ransomware to recover their files without paying the ransom demand. | Ransomware Tool | ||
|
2021-01-09 08:00:03 | Some ransomware gangs are going after top execs to pressure companies into paying (lien direct) | Ransomware gangs are prioritizing stealing data from workstations used by executives in the hopes of finding and using valuable information to use in the extortion process. | Ransomware | ||
|
2021-01-09 01:08:00 | Google removes Parler app from Play Store (lien direct) | Google cites the lack of content moderation on the platform and "ongoing and urgent public safety threat." | |||
|
2021-01-08 21:36:00 | CISA: SolarWinds hackers also used password guessing to breach targets (lien direct) | CISA says the threat actor behind the SolarWinds hack also used password guessing and password spraying to breach targets, not just trojanized updates. | Hack Threat | ||
|
2021-01-08 19:03:10 | State Department creates bureau to reduce \'likelihood of cyber conflict\' (lien direct) | The new Bureau of Cyberspace Security and Emerging Technologies (CSET) will manage cybersecurity issues as part of the US' foreign policy and diplomatic efforts. | |||
|
2021-01-08 15:22:53 | A crypto-mining botnet is now stealing Docker and AWS credentials (lien direct) | After if began stealing AWS credentials last summer, the TeamTNT botnet is now also stealing Docker API logins, making the use of firewalls mandatory for all internet-exposed Docker interfaces. | |||
|
2021-01-08 12:44:00 | Nvidia releases security update for high-severity graphics driver vulnerabilities (lien direct) | Exploits include data tampering, denial of service, and privilege escalation. | |||
|
2021-01-08 00:47:16 | New side-channel attack can recover encryption keys from Google Titan security keys (lien direct) | Attack requires physical access to the devices but Titan and other keys can be cloned if attacks are successful. | |||
|
2021-01-07 19:22:43 | Ryuk gang estimated to have made more than $150 million from ransomware attacks (lien direct) | Most of the Ryuk gang's "earnings" are being cashed out through accounts at crypto-exchanges Binance and Huobi. | Ransomware | ||
|
2021-01-07 15:09:00 | Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020 (lien direct) | Security firm Recorded Future said it tracked more than 10,000 malware command and control servers last year, used across more than 80 malware families. | Malware | ||
|
2021-01-07 12:01:54 | (Déjà vu) Former VP with an ax to grind hacks company, disrupts PPE supply, earns jail term (lien direct) | The sabotage of electronic records led to delays in shipping critical PPE during the COVID-19 pandemic. | |||
|
2021-01-07 12:01:00 | Disgruntled former VP hacks company, disrupts PPE supply, earns jail term (lien direct) | The sabotage of electronic records led to delays in shipping critical PPE during the COVID-19 pandemic. | |||
|
2021-01-07 11:00:15 | North Korean hackers launch RokRat Trojan in campaigns against the South (lien direct) | A VBA self decoding technique is being used to hide the malware on impacted systems. | Malware | ||
|
2021-01-07 00:52:00 | JetBrains denies being involved in SolarWinds hack (lien direct) | JetBrains denies reports that is being under investigation and somehow related to the SolarWinds breach. | Hack | ★★★★★ | |
|
2021-01-06 19:41:18 | SolarWinds fallout: DOJ says hackers accessed its Microsoft O365 email server (lien direct) | The US Department of Justice is one of the rare SolarWinds victims where hackers escalated the hack to a second phase and moved to access internal email inboxes, the agency said today. | Hack | ||
|
2021-01-06 15:40:25 | Nissan source code leaked online after Git repo misconfiguration (lien direct) | Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin. | |||
|
2021-01-05 21:18:00 | US government formally blames Russia for SolarWinds hack (lien direct) | Joint statement from the FBI, CISA, ODNI, and NSA says SolarWinds hack was "likely Russian in origin." | Hack | ||
|
2021-01-05 17:15:29 | Italian mobile operator offers to replace SIM cards after massive data breach (lien direct) | Hackers stole the personal data for 2.5 million Ho Mobile subscribers. | Data Breach | ||
|
2021-01-05 15:00:03 | Hackers target cryptocurrency users with new ElectroRAT malware (lien direct) | Intezer Labs said it discovered fake cryptocurrency apps laced with ElectroRAT, a new Go-based malware strain. | Malware | ||
|
2021-01-05 11:51:18 | As coronavirus cases surge, so do cyberattacks against the healthcare sector (lien direct) | Researchers say healthcare organizations have faced a 45% spike in attacks since November. | |||
|
2021-01-04 20:35:13 | SolarWinds: The more we learn, the worse it looks (lien direct) | While you've been distracted by the holidays, coronavirus, and politics, the more we learn about the SolarWinds security fiasco, the worse it looks. | |||
|
2021-01-04 19:33:57 | Malware uses WiFi BSSID for victim identification (lien direct) | Malware authors are using the WiFi AP MAC address (also known as the BSSID) as a way to geo-locate infected hosts. | Malware | ||
|
2021-01-04 15:02:00 | Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email (lien direct) | With millions of us waiting for our place in the vaccine queue, criminals are already trying to cash in. | |||
|
2021-01-04 10:52:00 | Ticketmaster fined $10 million after staff hacked competitor to \'choke off\' presale ticket business (lien direct) | US prosecutors say the goal was to “steal back” key clients. | |||
|
2021-01-04 10:45:24 | T-Mobile discloses its fourth data breach in three years (lien direct) | Personal details and financial information was not exposed, T-Mobile said. | Data Breach | ||
|
2021-01-02 03:59:00 | Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways (lien direct) | The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries. | |||
|
2020-12-31 20:20:26 | SolarWinds hackers accessed Microsoft source code (lien direct) | Microsoft says this is no big deal as the company doesn't rely on the secrecy of source code for the security of its products. | |||
|
2020-12-30 17:15:00 | CISA updates SolarWinds guidance, tells US govt agencies to update right away (lien direct) | US federal agencies must update by the end of the year or take all SolarWinds Orion apps offline. |
To see everything:
Our RSS (filtrered)
