What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-26 15:21:46 | Apple fixes macOS zero-day bug exploited by Shlayer malware (lien direct) | Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. [...] | Malware Vulnerability | ||
|
2021-04-26 12:54:01 | Microsoft Defender now blocks cryptojacking malware using Intel TDT (lien direct) | Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology (TDT). [...] | Malware Threat | ||
|
2021-04-26 12:15:54 | Apple iCloud Mail outage causing email sending, receiving issues (lien direct) | Apple's iCloud Mail service is suffering an outage since this morning, preventing some people from sending and receiving emails. [...] | |||
|
2021-04-26 11:16:34 | US warns of Russian state hackers still targeting US, foreign orgs (lien direct) | The FBI, the US Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) warned today of continued attacks coordinated by the Russian-backed APT 29 hacking group against US and foreign organizations. [...] | APT 29 | ||
|
2021-04-25 16:28:55 | Hacker leaks 20 million alleged BigBasket user records for free (lien direct) | A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. [...] | Threat | ||
|
2021-04-25 13:02:25 | Windows 10 package manager can now remove any app from the command line (lien direct) | The Windows 10 package manager is getting some new and exciting features that allow you to manage any installed applications directly from the command line. [...] | |||
|
2021-04-25 03:16:00 | (Déjà vu) Emotet malware nukes itself today from all infected computers worldwide (lien direct) | Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement. [...] | Malware | ||
|
2021-04-25 03:16:00 | Emotet malware forcibly removed today by German police update (lien direct) | Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement. [...] | Malware | ||
|
2021-04-24 13:24:12 | Microsoft pushes emergency fix for Windows 10 KB5001330 gaming issues (lien direct) | Microsoft has released an emergency fix for gaming issues introduced by the Windows 10 2004 and Windows 10 20H2 KB5001330 update. [...] | |||
|
2021-04-24 12:06:51 | A ransomware gang made $260,000 in 5 days using the 7zip utility (lien direct) | A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program. [...] | Ransomware | ||
|
2021-04-24 10:36:12 | New cryptomining malware builds an army of Windows, Linux bots (lien direct) | A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads. [...] | Malware | ||
|
2021-04-24 09:47:12 | Fake Microsoft DirectX 12 site pushes crypto-stealing malware (lien direct) | Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords. [...] | Malware | ||
|
2021-04-24 02:16:37 | HashiCorp is the latest victim of Codecov supply-chain attack (lien direct) | Open-source software tools and Vault maker HashiCorp disclosed a security incident yesterday that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key. [...] | |||
|
2021-04-23 18:20:27 | The Week in Ransomware - April 23rd 2021 - A brutal week (lien direct) | This week has been brutal, not because of many ransomware variants released but due to a single ransomware campaign that affected thousands of people. [...] | Ransomware | ||
|
2021-04-23 16:18:42 | Passwordstate password manager hacked in supply chain attack (lien direct) | ClickStudios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks. [...] | Malware | ||
|
2021-04-23 12:25:21 | Phishing impersonates global recruitment firm to push malware (lien direct) | An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers. [...] | Malware | ||
|
2021-04-23 01:44:12 | Twitter accidentally sends suspicious emails asking to confirm accounts (lien direct) | Twitter caused quite the panic Thursday night when they accidentally sent emails asking users to confirm their accounts, which looked suspiciously like a phishing attack. [...] | |||
|
2021-04-22 18:44:38 | Microsoft releases first non-subscription Office 2021, LTSC previews (lien direct) | Microsoft has launched the first commercial preview releases for Microsoft Office Long Term Servicing Channel (LTSC) for Windows and Office 2021 for Mac. [...] | |||
|
2021-04-22 17:54:09 | Windows 10 1909 KB5001396 cumulative update preview released (lien direct) | Microsoft has released the optional KB5001396 preview cumulative update for Windows 10 1909 with numerous fixes that increase performance in the operating system. [...] | |||
|
2021-04-22 17:19:38 | NVIDIA staff suggests rolling back Windows 10 update to fix game issues (lien direct) | An NVIDIA staff member has suggested users roll back to an earlier version of Windows 10 to resolve gameplay issues on devices using NVIDIA GPUs. [...] | |||
|
2021-04-22 15:30:05 | Botnet backdoors Microsoft Exchange servers, mines cryptocurrency (lien direct) | Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots. [...] | |||
|
2021-04-22 12:01:17 | Windows 10 News and Interests taskbar news feed rolling out worldwide (lien direct) | The new Windows 10 News and Interests taskbar news feed feature is now rolling out to Windows 10 devices worldwide. [...] | |||
|
2021-04-22 11:40:33 | Exchange Online down: Microsoft 365 outage affects email delivery (lien direct) | A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. [...] | |||
|
2021-04-22 11:08:01 | QNAP removes backdoor account in NAS backup, disaster recovery app (lien direct) | QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials. [...] | Vulnerability | ||
|
2021-04-22 06:18:43 | Attackers can hide \'external sender\' email warnings with HTML and CSS (lien direct) | The "external sender" warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher. Turns out, all it takes for attackers to alter the "external sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code. [...] | |||
|
2021-04-21 19:13:50 | Signal CEO gives mobile-hacking firm a taste of being hacked (lien direct) | Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal. [...] | |||
|
2021-04-21 18:43:26 | Microsoft Autoruns is crashing when listing Windows 10 startups (lien direct) | A recent update to Microsoft's Sysinternals Autoruns program is causing the program to crash as its scans for autostarts in Windows. [...] | |||
|
2021-04-21 16:05:38 | Windows 10 now lets you seamlessly run Linux GUI apps (lien direct) | Windows 10 now lets you run Linux GUI apps (X11 and Wayland) without using a virtual machine after Microsoft added GUI support to the Windows Subsystem for Linux (WSL). [...] | |||
|
2021-04-21 14:12:03 | Windows 10 Task Manager now lets you throttle resource-hungry apps (lien direct) | Microsoft has added a new experimental 'Eco mode' feature to the Windows 10 Task Manager in the latest Preview build available for Windows Insiders in the Dev Channel. [...] | |||
|
2021-04-21 13:44:57 | Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices (lien direct) | A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives. [...] | Ransomware | ||
|
2021-04-21 13:08:00 | Linux bans University of Minnesota for committing malicious code (lien direct) | Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project. [...] | |||
|
2021-04-21 13:03:00 | Google fixes exploited Chrome zero-day dropped on Twitter last week (lien direct) | Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser. [...] | |||
|
2021-04-21 11:53:59 | CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [...] | Vulnerability | ||
|
2021-04-21 11:15:06 | Logins for 1.3 million Windows RDP servers collected from hacker market (lien direct) | The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. [...] | |||
|
2021-04-21 10:33:03 | WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts (lien direct) | WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent. [...] | Malware | ||
|
2021-04-21 10:02:49 | Facebook leaks strategy to numb reaction to data scraping incidents (lien direct) | Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network. [...] | |||
|
2021-04-20 16:39:29 | REvil gang tries to extort Apple, threatens to sell stolen blueprints (lien direct) | The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event where the new iMac was introduced. [...] | Ransomware | ||
|
2021-04-20 14:23:58 | SonicWall warns customers to patch 3 zero-days exploited in the wild (lien direct) | Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. [...] | |||
|
2021-04-20 13:45:02 | Eversource Energy data breach caused by unsecured cloud storage (lien direct) | Eversource, the largest power supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server. [...] | Data Breach | ||
|
2021-04-20 12:09:39 | Microsoft partially fixes Windows 7, Server 2008 vulnerability (lien direct) | Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. [...] | Vulnerability | ||
|
2021-04-20 11:03:06 | Pulse Secure VPN zero-day used to hack defense firms, govt orgs (lien direct) | Pulse Secure has shared mitigation measures for an actively exploited zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance. [...] | Hack | ||
|
2021-04-20 10:37:52 | Fake Microsoft Store, Spotify sites spread info-stealing malware (lien direct) | Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers. [...] | Malware | ||
|
2021-04-20 03:49:39 | (Déjà vu) Hundreds of networks reportedly hacked in Codecov supply-chain attack (lien direct) | More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. In new reporting, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems. [...] | |||
|
2021-04-20 03:49:39 | Hundreds of customer networks hacked in Codecov supply-chain attack (lien direct) | More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. Sources state hundreds of customer networks have been breached in the incident, expanding the scope of this system breach to beyond just Codecov's systems. [...] | |||
|
2021-04-20 03:23:19 | North Korean hackers adapt web skimming for stealing Bitcoin (lien direct) | Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say. [...] | |||
|
2021-04-19 20:01:50 | Microsoft\'s Windows 10 taskbar news feed ported to older versions (lien direct) | Microsoft is backporting their upcoming Windows 10 News and Interests taskbar feature to Windows 10 20H2 and Windows 10 21H1, allowing far more people to access the new feature. [...] | |||
|
2021-04-19 18:27:46 | Geico data breach exposed customers\' driver\'s license numbers (lien direct) | Car insurance provider Geico has suffered a data breach where threat actors stole the driver's licenses for policyholders for over a month. [...] | Data Breach Threat | ||
|
2021-04-19 17:07:40 | Google Alerts continues to be a hotbed of scams and malware (lien direct) | Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites. [...] | Malware Threat | ||
|
2021-04-19 16:42:29 | Windows 10\'s multitasking feature is getting downgraded (lien direct) | In 2018, Microsoft introduced a multitasking feature called "Windows Timeline" that lets you see a timeline of activities that you performed in Windows 10 including the webpages you visited, documents you created/opened, photos you added, and more. [...] | |||
|
2021-04-19 13:41:31 | Microsoft disables Google\'s FLoC tracking in Microsoft Edge, for now (lien direct) | Microsoft has disabled Google's controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser. [...] |
To see everything:
Our RSS (filtrered)
