What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-05-18 10:08:55 | Malware in Microsoft Edge Browser Extension (lien direct) | The new Microsoft Edge browser is based on Chromium, the same engine that powers Google Chrome, so it's capable of running any extension published in the Chrome Web Store. But at the same time, Microsoft also maintains its own add-on stores where the company says it's only publishing recommended extensions that have been previously verified […] | Malware | ||
|
2020-05-15 15:57:22 | Paving the way for Computer Science Professionals (lien direct) | Computer science is facing a crisis. To tackle the sector-wide skills gap Schaffhausen Institute of Technology (SIT) has created its new Master of Science (MSc) in Computer Science and Software Engineering to better prepare graduates for leadership. Launching in September 2020, the newly developed program is available for students with bachelor's in computer science or […] | Guideline | ||
|
2020-05-15 15:35:51 | Many at Risk of Cyberattack due to Outdated or Abandoned Open Source Components (lien direct) | Without a doubt, the role of open source is pivotal to software development across the board. Indeed, the software security corporation, Synopsys, has affirmed that open source constitutes seven out of ten lines of code on the average application. Among the most popular were jQuery which could be found in more than half (55%) of […] | |||
|
2020-05-15 09:28:11 | (Déjà vu) Cyber-attack hits UK electricity company (lien direct) | Elexon, a crucial middleman in the UK power grid network, reported that it fell victim to a cyber-attack earlier today. In a short message posted on its website, the company said the incident only impacted its internal IT network and employee laptops. The company’s email server was also impacted and had been taken down, cutting […] | |||
|
2020-05-15 09:27:16 | Data leak affects 115 million Pakistani mobile customers (lien direct) | Details of Pakistani mobile subscribers have surfaced online after a hacker tried to sell the package for 300 bitcoins equivalent to $2.1 million. The data leak exposed personally identifiable information (PII) for 115 million subscribers. The exposure took place in two subsequent breaches that exposed the details of 44 million and 55 million subscribers, respectively. […] | |||
|
2020-05-15 09:26:29 | Cyberattacks exploits G Suite and long domains (lien direct) | BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions. Business email compromise (BEC) attacks continue to be a thorn in companies' sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters […] | |||
|
2020-05-15 09:25:35 | HTTP status codes used by hackers to control malware implants (lien direct) | Security researchers from Kaspersky have identified a new version of the COMpfun malware that controls infected hosts using a mechanism that relies on HTTP status codes. The malware has been first spotted last year, in November, and has been deployed in attacks against diplomatic entities across Europe. Responsible for the attacks is a group known […] | Malware | ||
|
2020-05-15 09:24:46 | Facebook give $20k reward for vulnerability discovery (lien direct) | The cross-site scripting vulnerability could have allowed trivial account takeover. Facebook has awarded a security researcher $20,000 for discovering a cross-site scripting (XSS) vulnerability in the Facebook Login SDK, which is used by developers to add a “Continue with Facebook” button to a page as an authentication method. Exploitation could allow threat actors to hijack […] | Vulnerability Threat | ||
|
2020-05-14 15:29:29 | 60% of Brits Foresee Shift Towards Remote Working Post-Covid-19 (lien direct) | Covid-19 has radically altered almost every aspect of day-to-day life in hundreds of nations: Socialising, working, travelling and exercising have all been impacted. But once the initial shock of the pandemic is brought under control, how will our worlds change long term? According to a new survey, remote working is one element which organisations should […] | |||
|
2020-05-14 09:56:10 | Magellan Healthcare hit by ransomware attack (lien direct) | Logins, personal information and tax info were all exfiltrated ahead of the ransomware attack, thanks to a phishing email. Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. The company, which says it “empowers 1 in 10 Americans to lead healthier, more vibrant lives” according to its website, […] | Ransomware Guideline | ||
|
2020-05-14 09:55:12 | We won\'t pay, say Texas appellate courts after ransomware attack (lien direct) | Texas appellate courts and judicial agencies' websites and computer servers were shut down after a ransomware attack. A ransomware attack has hit the information technology office that supports Texas appellate courts and judicial agencies, leading to their websites and computer servers being shut down. The office said that it will not pay the ransom requested […] | Ransomware Guideline | ||
|
2020-05-14 09:53:04 | May Patch Tuesday reveals sharepoint and browser security flaws (lien direct) | Microsoft's May edition of Patch Tuesday landed yesterday, replete with critical updates for SharePoint Server as well as client-side patches for the Internet Explorer (IE) and Edge web browsers. Although the update batch tackles a bumper 111 flaws – including 16 rated as 'critical' – none have been exploited in the wild to date, according […] | |||
|
2020-05-14 09:51:48 | Ransomware attack on Diebold Nixdorf (lien direct) | ATM manufacturer Diebold Nixdorf has suffered a ransomware attack on its corporate network, disrupting some operations. The malware attack, first reported by security blogger Brian Krebs, did not affect the company’s ATMs or customer networks. Diebold Nixdorf discovered the issue – in which crooks appear to have installed the ProLock ransomware – on 25 April. […] | Ransomware Malware | ||
|
2020-05-14 09:50:47 | U.S. Marshals Service data breach leaves 387,000 prisoners vulnerable (lien direct) | The U.S. Marshals Service (USMS) has started notifying 387,000 former and current inmates of a security breach that may have compromised their personal identifiable information. According to USMS officials, the incident occurred in December 2019, when a bad actor infiltrated the DSNet system, a platform that aids “the movement and housing of USMS prisoners with […] | Data Breach | ||
|
2020-05-14 09:17:45 | Fortune 500 Insurance Company Magellan Health Falls Victim to Ransomware Attack (lien direct) | Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. The company, which says it “empowers 1 in 10 Americans to lead healthier, more vibrant lives” according to its website, said the incident was discovered on April 11. It also said that it became apparent during a forensic investigation that […] | Ransomware Guideline | ||
|
2020-05-13 09:52:58 | Private messages revealed in WeLeakData hack (lien direct) | A month after hacker forum WeLeakData.com was shuttered, the content of its database, including hackers' private messages, is for sale on the dark web. Noting claims that the FBI seized the forum, resulting in its closure, are unsupported, researchers at Cyble who identified and verified the database leak said, “After a brief time of being […] | Hack | ||
|
2020-05-13 09:52:08 | 111 Bugs addressed by Microsoft on May Patch Tuesday (lien direct) | Important-rated EoP flaws make up the bulk of the CVEs; SharePoint continues its critical run with four worrying bugs. Microsoft has released fixes for 111 security vulnerabilities in its May Patch Tuesday update, including 16 critical bugs and 96 that are rated important. Unlike other recent monthly updates from the computing giant this year, none […] | |||
|
2020-05-13 09:50:31 | 1 million sites threatened by WordPress plugin bug (lien direct) | Severe CSRF to XSS bugs open the door to code execution and complete website compromise. Page Builder by SiteOrigin, a WordPress plugin with a million active installs that's used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. According to researchers at WordPress, both security bugs can lead […] | Guideline | ||
|
2020-05-13 09:49:35 | “Anti-Ransomware Day” declared by Interpol (lien direct) | International crime-fighting organization INTERPOL has teamed up with cybersecurity firm Kaspersky to declare WannaCry’s third anniversary ‘Anti-Ransomware Day.’ bWannaCry, notorious as the largest ransomware epidemic in history, reached its peak on May 12, 2017. Recent research by Kaspersky confirms that three years on, WannaCry retains the dubious honor of being among the most prevalent ransomware […] | Ransomware | Wannacry | |
|
2020-05-13 09:48:20 | Data breach confirmed by Chatbooks (lien direct) | Photo print service Chatbooks has disclosed a data breach after customers' emails, passwords and more were listed for sale on underground forums. Photo-print service Chatbooks has confirmed a data breach, a week after cybercriminals listed a database containing customer email addresses, passwords and more for sale on an underground forum. The Utah-based company allows users […] | Data Breach | ||
|
2020-05-12 16:53:34 | The UK Workforce Prefers Working Remotely (lien direct) | On Sunday, the UK’s Prime Minister spoke to the country to outline the next steps of the country-wide lockdown that was imposed last March to control the spread of the Coronavirus. Social distancing measures have forced an estimated 20 million people to work from their home, and if we consider that, as of December 2019, […] | |||
|
2020-05-12 15:08:04 | Global Remote Working Survey: OneLogin discover UK consumers worst in the world for WiFi security (lien direct) | OneLogin, a global leader in identity and access management, released a new global study examining the security implications of the shift to remote work due to the Covid-19 pandemic. The study of 5,000 remote employees from Germany, France, the United Kingdom, the Republic of Ireland, and the United States, reveals that security measures and password […] | Guideline | ||
|
2020-05-12 13:10:50 | Can you explain encryption to me? (lien direct) | From: Thomas, Kevin Sent: 24 August 2019 10:43 To: Malik, Javvad Subject: Encryption Jav I'm updating the presentation pack for this months management meeting. Can you send me a short description of encryption so the SLT can better understand the solution. Kev From: Malik, Javvad Sent: 24 August 2019 11:03 To: Thomas, Kevin Subject: Encryption […] | |||
|
2020-05-12 10:16:30 | Thunderbolt-Equipped Devices vulnerable to \'ThunderSpy\' (lien direct) | If an attacker can get his hands on a Thunderbolt-equipped device for five minutes, he can launch a new data-stealing attack called “Thunderspy.” A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. […] | |||
|
2020-05-12 10:15:05 | Ransomware attack on celebrity data (lien direct) | Today's big ransomware story is a star-studded affair, according to entertainment news website Variety.com. Variety says that the law firm Grubman Shire Meiselas & Sacks, or just gsmlaw.com for short, has experienced a ransomware attack that apparently involved the appropriately named REvil malware. Rather than simply knocking the law firm out of action temporarily, the […] | Ransomware | ||
|
2020-05-12 10:07:58 | Second Maze ransomware attack for Pitney Bownes (lien direct) | The cyber criminal group behind the increasingly dangerous Maze ransomware strain claims it has successfully encrypted systems at mailing and shipping services firm Pitney Bowes, less than a year after it was hit by a similar attack. previous major attack. The group behind Maze, which specialises in double extortion, a type of attack that increases […] | Ransomware | ||
|
2020-05-12 10:06:33 | U.S. Targets hit by returning Sphinx malware (lien direct) | The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes. The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the […] | Spam Malware | ||
|
2020-05-12 09:48:32 | YouTube channel descriptions conceal Astaroth malware (lien direct) | Over the past year, the Astaroth infostealer trojan has evolved into one of today’s stealthiest malware strains, containing a slew of anti-analysis and anti-sandbox checks to prevent security researchers from detecting and analyzing its operations. Luckily, all these innovations are only used to target and infect users in one country alone — namely Brazil. The […] | Malware | ||
|
2020-05-11 15:53:03 | User Isolation Protection: Stop Reacting and Get Back in Control (lien direct) | By Kevin Bailey, Managing Director & Principal – Security Research at Omnisperience When I look back at the cybersecurity industry, in the early 2000s it involved a few hundred vendors battling for their share of a ~$750 million market. The hacker was motivated by the chase and notoriety rather than monetary rewards. Fast forward to […] | |||
|
2020-05-11 10:22:29 | Personal data of four million dating app users hacked (lien direct) | Almost four million users of a popular Android dating app have had their personal and log-in data stolen by hackers, according to Risk Based Security. The security vendor said it found the data on a prominent hacking forum - now free for anyone to access, although it had been previously up for sale. It's associated […] | |||
|
2020-05-11 10:21:39 | New encrypt and open locked files features for Sodinokibi ransomware (lien direct) | The Sodinokibi (REvil) ransomware has added a new feature that allows it to encrypt more of a victim’s files, even those that are opened and locked by another process. Some applications, such as database or mail servers, will lock files that they have open so that other programs cannot modify them. These file locks prevent […] | Ransomware | ||
|
2020-05-11 10:19:31 | $70M ransomware loss for Cognizant (lien direct) | IT services provider Cognizant is expecting to lose between US$50 to US$70 million in the aftermath of a recent ransomware attack. The US-based company revealed on 18 April it had been hit by a “Maze” ransomware cyber attack, resulting in service disruptions for some of its clients. Although Cognizant claimed it responded “immediately” to the […] | Ransomware | ||
|
2020-05-11 10:18:47 | EVILNUM malware targeting global financial sector (lien direct) | Hackers behind a series of targeted financial attacks have been updating their malware to better evade detection over the last year, according to new Prevailion research slated to be published Wednesday. Since at least February 2019, the hackers, who have begun impersonating CEOs and banks in their lure documents, have introduced at least seven updates […] | Malware | ||
|
2020-05-11 10:17:52 | Microsoft and Intel project converts malware into pictures (lien direct) | Microsoft and Intel have recently collaborated on a new research project that explored a new approach to detecting and classifying malware. Called STAMINA (STAtic Malware-as-Image Network Analysis), the project relies on a new technique that converts malware samples into grayscale images and then scans the image for textural and structural patterns specific to malware samples. […] | Malware | ||
|
2020-05-07 15:49:32 | World Password Day 2020: How Good Is Your Password Hygiene? (lien direct) | In these strange times, we all need something to celebrate, so happy World Password Day! Intel started World Password Day in 2013 and the first Thursday in May has been used to promote good password practices ever since. The need for strong passwords to protect personal data has been well-documented, with the 2019 Data Breach Investigations Report […] | Data Breach | ||
|
2020-05-07 14:35:26 | \'Pandemic – The Perfect Storm\' (lien direct) | By Prof. John Walker To say we live in unprecedented times must be the understatement of the century – in fact, what we have seen in recent years does amount to gross disbelief. Terrorist attacks finding their way to the streets of the UK, active Russian agents seemingly acting with murderous impunity, whilst looking wondrously […] | |||
|
2020-05-07 14:16:31 | NHS COVID-19 App – Peak Neoliberal Paternalism or National Benevolence? (lien direct) | Technology has undoubtedly made life more bearable during a global pandemic. From drones being rolled out to deliver medicines and essential items across Ireland, to the rise of video conferencing platforms, such as Zoom creating a more connected community of remote workers. The affordances of our ever increasingly digital epoch have made isolation more tolerable […] | |||
|
2020-05-07 10:00:46 | \'POWER-SUPPLaY\' allows data to be lifted from air-gapped systems (lien direct) | A security researcher has developed an leftfield technique for extracting data from air-gapped systems that relies on hacking power supplies. The Mission Impossible-style approach, dubbed 'POWER-SUPPLaY', relies on creating an acoustic covert channel by turning a PC's power supplies into speakers. The technique, developed by Israeli security researcher Dr Mordechai Guri, is capable of working […] | |||
|
2020-05-07 09:59:57 | Major Facebook bug affecting iOS apps fixed (lien direct) | A major Facebook bug caused a large number of iOS applications to crash on Wednesday for more than three hours, according to reports on GitHub and social media. The bug impacted some of the biggest iOS apps today, including the likes of TikTok, Spotify, Tinder, Venmo, GrubHub, Doordash, Soundcloud, and Pinterest, just to name a […] | |||
|
2020-05-07 09:58:59 | (Déjà vu) 22 million Unacademy records sold by hacker after breach (lien direct) | Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users. Unacademy is one of India’s largest online learning platforms boasting 14K teachers, over a million video lessons, and over 20 million registered users (learners). After recently […] | Data Breach | ||
|
2020-05-07 09:56:52 | Lazarus macOS Spyware hidden in Two-Factor Authentication Application (lien direct) | The Dacls RAT has been ported from an existing Linux version. The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. […] | Medical | APT 38 | |
|
2020-05-07 09:55:52 | Snake ransomware attack at Fresenius Group hospital operator (lien direct) | A major ransomware attack has disrupted operations at Germany-based Fresenius Group, Europe’s largest private hospital operator whose dialysis products and services are in huge demand in the middle of the COVID-19 pandemic. The ransomware attack was first reported to security researcher Brian Krebs of KrebsOnSecurity by an employee of Fresenius Kabi, a division of the […] | Ransomware | ||
|
2020-05-06 09:32:42 | (Déjà vu) Integrated data breach alerts in Firefox 76 (lien direct) | Mozilla has released Firefox 76 today, May 5th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with bug fixes, new features, and security fixes. Included with today’s release are data breach notifications in the integrated Firefox Lockwise password manager, Picture-in-Picture, and new Audio Worklets for better audio processing. Windows, Mac, and Linux […] | Data Breach | ||
|
2020-05-06 09:31:54 | RCE Bug Allows Attacker Device Access (lien direct) | The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week. Google has patched a vulnerability in its Android OS that could allow attackers to completely take over someone's device to install programs, steal or change data, or create new accounts with full […] | Vulnerability | ||
|
2020-05-06 09:30:58 | Ransomware attack on Taiwan\'s state-opened energy company (lien direct) | Ransomware has struck the computer systems of Taiwan's state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop. CPC Corp., an important national asset responsible for delivering oil products and importing liquefied natural gas (LNG), said Tuesday that, after hackers attacked its IT network, the company had restored some […] | Ransomware | ||
|
2020-05-06 09:30:10 | DNS filtering increased by Telstra to combat malware (lien direct) | Australia’s incumbent telco Telstra announced on Wednesday it has stepped up its DNS filtering capabilities in an effort to fight malware passing through its network. Dubbed Cleaner Pipes, the initiative focuses on blocking command and control communications of botnets, the downloading of remote access trojans, as well as other forms of malware. The telco said […] | Malware | ||
|
2020-05-06 09:28:59 | Coronavirus Android app locks screens with malware (lien direct) | An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites. Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and […] | Malware | ||
|
2020-05-05 09:59:08 | (Déjà vu) Flooring company Tarkett hit by cyber-attack (lien direct) | French flooring company Tarkett has revealed that its operations have been disrupted by a cyber-attack that struck last week. In a press release published today (May 4), Tarkett said the attack “has affected part of its operations since April 29th” despite the company taking prompt remedial action. “In response, Tarkett immediately shut down its information […] | |||
|
2020-05-05 09:57:34 | WebMonitor RAT spread by Zoom installers (lien direct) | Researchers warn the installers are legitimate but don’t come from official sources of the Zoom app, including the Apple App Store and Google Play. This story was updated on 5/4 to include comments from Zoom. A newly discovered attack campaign is abusing Zoom installers to spread the RevCode WebMonitor RAT and exploit reliance on messaging […] | |||
|
2020-05-05 09:55:40 | Breach revealing information of 774,000 migrants investigated (lien direct) | The home affairs and employment departments are investigating a data breach revealing the personal details of 774,000 migrants and people aspiring to migrate to Australia, despite playing down the seriousness of the breach. On Sunday, Guardian Australia revealed the government's SkillSelect app allowed users to see unique identifiers of applicants for skilled visas, including partial […] | Data Breach |
To see everything:
Our RSS (filtrered)
