Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-06-10 22:45:00 |
Senators ask Juniper for the results of its 2015 NSA backdoor investigation (lien direct) |
Thirteen US senators ask Juniper to publish the findings of its 2015 investigation. |
|
|
|
|
2020-06-10 16:43:06 |
Slovak police seize wiretapping devices connected to government network (lien direct) |
Slovak police also arrest four people, including the head of the government agency responsible for managing the government network. |
|
|
|
|
2020-06-10 04:30:06 |
Arm CPUs impacted by rare side-channel attack (lien direct) |
Arm issues guidance to developers to mitigate new "straight-line speculation" attack. |
|
|
|
|
2020-06-09 19:27:00 |
New CrossTalk attack impacts Intel\'s mobile, desktop, and server CPUs (lien direct) |
Academics detail a new vulnerability named CrossTalk that can be used to leak data across Intel CPU cores. |
Vulnerability
|
|
★★★
|
|
2020-06-09 17:43:00 |
Microsoft June 2020 Patch Tuesday fixes 129 vulnerabilities (lien direct) |
This month's updates have started rolling out earlier today. |
|
|
|
|
2020-06-09 13:00:11 |
KingMiner botnet brute-forces MSSQL databases to install cryptocurrency miner (lien direct) |
The KingMiner gang is brute-forcing the "sa" user, the highest-privileged account on a MSSQL database. |
|
|
|
|
2020-06-09 12:46:26 |
Malicious Android apps deactivated fraud code to bypass Google\'s security scans (lien direct) |
Trick didn't work. Google banned them anyway. |
|
|
|
|
2020-06-08 19:51:00 |
CallStranger vulnerability lets attacks bypass security systems and scan LANs (lien direct) |
The CallStranger vulnerability can also be used to launch major DDoS attacks. |
Vulnerability
|
|
★★★★★
|
|
2020-06-08 13:00:00 |
Vulnerabilities in popular open source projects doubled in 2019 (lien direct) |
Jenkins and MySQL vulnerabilities have had the most weaponized vulnerabilities in the past five years. |
|
|
|
|
2020-06-06 00:56:51 |
Apple publishes free resources to improve password security (lien direct) |
The new tools are meant to help the developers of password managers and Apple hopes the tools will reduce the instances where users chose their own password rather than rely on the password manager. |
|
|
|
|
2020-06-05 16:50:27 |
QNAP NAS devices targeted in another wave of ransomware attacks (lien direct) |
eCh0raix ransomware gang returns with a new wave of attacks against QNAP NAS devices. |
Ransomware
|
|
|
|
2020-06-05 03:55:50 |
China, Iran, and Russia worked together to call out US hypocrisy on BLM protests (lien direct) |
Report from social media research group shows foreign diplomats and state-controlled media pounced on the US' abysmal handling of the BLM protests to attack the US as a beacon of freedom and further their own political goals. |
|
|
|
|
2020-06-04 17:28:48 |
Trump and Biden campaign staffers targeted by Iranian and Chinese hackers (lien direct) |
Google's TAG team says foreign nation-state hackers are going after the two US presidential candidates. |
|
|
|
|
2020-06-04 17:28:00 |
Google: Chinese and Iranian hackers targeted Biden and Trump campaign staffers (lien direct) |
Google's TAG team said phishing attacks against Biden and Trump campaign staffers were unsuccessful. |
|
|
|
|
2020-06-04 04:15:07 |
Incognito mode detection still works in Chrome despite promise to fix (lien direct) |
Google said last year that it would fix a bug that allowed sites to detect incognito mode, but no fix ever came. |
|
|
|
|
2020-06-03 22:41:31 |
Hackers hijack one of Coincheck\'s domains for spear-phishing attacks (lien direct) |
Hackers hijacked Coincheck's domain registrar account and then changed DNS settings. |
|
|
|
|
2020-06-03 18:00:14 |
Google apps and websites get support for more security keys on iOS devices (lien direct) |
You can now use hardware security keys to access Google apps and services running on iOS devices. |
|
|
|
|
2020-06-03 16:14:09 |
Large-scale attack tries to steal configuration files from WordPress sites (lien direct) |
Attackers tried to download configuration files from WordPress sites so they could steal database credentials. |
|
|
|
|
2020-06-03 11:27:00 |
Facebook software engineer resigns with scathing criticism of the network\'s refusal to act on \'weaponized hatred\' (lien direct) |
The former Facebook employee accuses the social network of allowing “politicians to radicalize individuals and glorify violence.” |
|
|
|
|
2020-06-03 10:00:10 |
Tor\'s latest release makes it easier to find secure onion services (lien direct) |
Tor Browser 9.5 is also working towards making Dark Web addresses easier to remember. |
|
|
|
|
2020-06-03 09:06:43 |
Google opens up Advanced Protection Program to Nest devices (lien direct) |
The move follows integration with services including Android and Chrome. |
|
|
|
|
2020-06-03 00:29:05 |
Ransomware gang says it breached one of NASA\'s IT contractors (lien direct) |
DopplePaymer ransomware gang claims to have breached DMI, a major US IT and cybersecurity provider, and one of NASA IT contractors. |
Ransomware
|
|
|
|
2020-06-02 20:19:48 |
New cold boot attack affects seven years of LG Android smartphones (lien direct) |
LG has released a firmware fix in May 2020. Attack requires physical access. |
|
|
|
|
2020-06-02 16:04:00 |
REvil ransomware gang launches auction site to sell stolen data (lien direct) |
Ransomware gang takes extortion to a whole new level. Threatens to auction Madonna's legal documents in a future auction. |
Ransomware
|
|
|
|
2020-06-02 11:34:34 |
G Suite Marketplace primed for a privacy scandal, researchers warn (lien direct) |
G Suite apps that have access to Drive and Gmail data found communicating with undisclosed external services. |
|
|
|
|
2020-06-02 08:34:08 |
Amtrak discloses data breach, potential leak of customer account data (lien direct) |
The rail service says that customer PII may have been compromised. |
|
|
|
|
2020-06-02 05:00:08 |
VMware Cloud Director vulnerability could lead to hijack of enterprise server infrastructure (lien direct) |
The security flaw handed over the keys to enterprise infrastructure. |
Vulnerability
|
|
|
|
2020-06-01 20:58:49 |
White House says security incidents at US federal agencies went down in 2019 (lien direct) |
US federal agencies reported 28,581 cyber-security incidents in 2019, down by 8% from 31,107 in 2018. |
|
|
|
|
2020-06-01 17:39:14 |
After a breach, users rarely change their passwords, study finds (lien direct) |
Only a third of users changed their password following a data breach. |
|
|
|
|
2020-06-01 10:25:54 |
Researcher lands $100,000 reward for \'Sign in with Apple\' authentication bypass bug (lien direct) |
User accounts could be hijacked through missing validation processes on Apple servers. |
|
|
|
|
2020-06-01 02:05:28 |
Joomla team discloses data breach (lien direct) |
Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket. |
Data Breach
|
|
|
|
2020-05-31 10:43:56 |
Hacker leaks database of dark web hosting provider (lien direct) |
Leaked data contains email addresses, site admin passwords, and .onion domain private keys. |
|
|
|
|
2020-05-29 12:16:01 |
NCA launches UK ad campaign to divert kids searching for cybercrime tools (lien direct) |
DDoS-for-hire and Trojan-related searches are on the agency's radar. |
|
|
|
|
2020-05-29 10:51:03 |
Judge demands Capital One release Mandiant cyberforensic report on data breach (lien direct) |
Attorneys suing the company will now have access to the report in preparation for a potential trial. |
Data Breach
|
|
|
|
2020-05-29 05:00:05 |
GitHub warns Java developers of new malware poisoning NetBeans projects (lien direct) |
The malware's end goal was to install a remote access trojan and grant hackers access to highly sensitive workstations were sensitive projects were being developed. |
Malware
|
|
|
|
2020-05-28 20:56:33 |
Google to enable the Chrome anti-notification spam system in July 2020 (lien direct) |
Chrome will block sites from showing notification spam by default. Has been an opt-in feature since February. |
Spam
|
|
|
|
2020-05-28 19:16:01 |
Fortune 500 company NTT discloses security breach (lien direct) |
Japanese telecommunications giant NTT says hackers breached its internal network and stole data on 621 customers. |
|
|
|
|
2020-05-28 18:05:37 |
Cisco discloses security breach that impacted VIRL-PE infrastructure (lien direct) |
Hackers used vulnerabilities in the SaltStack data center software to breach six Cisco servers. |
|
|
|
|
2020-05-28 15:31:00 |
NSA warns of new Sandworm attacks on email servers (lien direct) |
NSA says Russia's military hackers have been attacking Exim email servers to plant backdoors since August 2019. |
|
|
|
|
2020-05-28 04:20:05 |
All the security features added in the Windows 10 May 2020 update (lien direct) |
Windows 10 v2004 comes with Windows Sandbox improvements, WiFi 6, WPA3, and Windows Hello in Safe Mode. |
|
|
|
|
2020-05-28 04:00:05 |
Valak targets Microsoft Exchange servers to steal enterprise data (lien direct) |
The malware has been “dramatically changed” in the past six months. |
Malware
|
|
|
|
2020-05-28 01:53:09 |
Michigan State University hit by ransomware gang (lien direct) |
The operators of the NetWalker ransomware gang have given MSU officials seven days to pay the ransom or they will leak stolen university files. |
Ransomware
|
|
|
|
2020-05-27 21:43:00 |
Google highlights Indian \'hack-for-hire\' companies in new TAG report (lien direct) |
Google also discloses seven coordinated political influence campaigns that took place on its platforms during Q1 2020. |
|
|
|
|
2020-05-27 16:58:00 |
Microsoft warns about attacks with the PonyFinal ransomware (lien direct) |
PonyFinal infections have been reported in India, Iran, and the US. |
Ransomware
|
|
|
|
2020-05-27 14:45:36 |
OpenSSH to deprecate SHA-1 logins due to security risk (lien direct) |
Breaking a SHA-1-generated SSH authentication key now costs roughly $50,000, putting high-profile remote servers at risk of attacks. |
|
|
|
|
2020-05-27 11:23:43 |
New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD (lien direct) |
Eighteen of the 26 bugs impact Linux. Eleven have been patched already. |
Tool
|
|
|
|
2020-05-27 00:55:00 |
26 million LiveJournal credentials leaked online, sold on the dark web (lien direct) |
LiveJournal credentials were obtained in a 2014 hack, but leaked online earlier this month. |
|
|
|
|
2020-05-26 15:18:26 |
Qihoo & Baidu disrupt malware botnet with hundreds of thousands of victims (lien direct) |
There's malware in China, too. Meet DoubleGuns, one of China's largest malware botnets. |
Malware
|
|
|
|
2020-05-26 12:01:08 |
Europol, Capgemini team up in cybercrime prevention, awareness campaigns (lien direct) |
Capgemini is now also supporting the No More Ransom Project. |
|
|
|
|
2020-05-26 11:26:56 |
Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19 (lien direct) |
Advent says the pandemic has resulted in “material” changes at Forescout. The company disagrees. |
|
|
|