Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-10-12 17:00:00 |
Winnti APT group docks in Sri Lanka for new campaign (lien direct) |
>Categories: Threat IntelligenceTags: Winnti
Tags: APT
Tags: China
Tags: Sri Lanka
Tags: India
Tags: Keyplug
Tags: malware
Tags: dropbox
Tags: C2
Tags: DBoxAgent
In this research paper, we document a new campaign we attribute to the Winnti APT group. The victims are located in Sri Lanka at a point in time where the country is going through economic hardship while China makes headlines for docking on of its special vessels there.
(Read more...)
|
|
|
|
|
2022-10-12 16:15:00 |
Top 5 ransomware detection techniques: Pros and cons of each (lien direct) |
>Categories: BusinessDetecting ransomware can be tricky. Attackers use obfuscation and evasion techniques to avoid detection, and new ransomware variants are produced every day. In this post, we look at five ransomware detection techniques and their pros and cons.
(Read more...)
|
Ransomware
|
|
|
|
2022-10-11 23:30:00 |
An 18 year scam odyssey of stranded astronauts (lien direct) |
>Categories: NewsTags: scam
Tags: fake
Tags: fraud
Tags: phish
Tags: romance
Tags: 419
Tags: astronaut
Tags: space
Tags: station
Tags: shuttle
Tags: rocket
Tags: fake
Tags: email
We take a look at a scam which has come around every couple of years and which has finally claimed a sizable bounty from a victim.
(Read more...)
|
|
|
|
|
2022-10-11 23:00:00 |
Security awareness campaign highlights things your bank will never say (lien direct) |
>Categories: NewsTags: Bank
Tags: awareness
Tags: campaign
Tags: never say that
Tags: security
Tags: phish
Tags: phishing
We take a look at an awareness campaign based around the kind of thing you should never hear your bank saying.
(Read more...)
|
|
|
|
|
2022-10-11 11:00:00 |
Court rules webcam monitoring of remote employee was an invasion of privacy (lien direct) |
>Categories: NewsCategories: PrivacyTags: Dutch
Tags: court
Tags: webcam monitoring
Tags: privacy
A Dutch court has ruled that demanding a remote employee submit to constant webcam monitoring was an invasion of their privacy
(Read more...)
|
|
|
|
|
2022-10-11 10:45:00 |
Smart lights vulnerable to "blink and you\'ll miss it" attack (lien direct) |
>Categories: NewsTags: smart light system
Tags: light bulb
Tags: IoT
Tags: Internet of Things
Tags: compromise
Tags: CVE
In 2022, even our light bulbs have CVEs
( |
|
|
|
|
2022-10-10 15:00:00 |
Teen talk: What it\'s like to grow up online, and the role of parents: Lock and Code S03E21 (lien direct) |
>Categories: PodcastThis week on Lock and Code, we speak with a Bay Area teen about the difficulties of growing up with the Internet, and with 1Password co-founder Sara Teare about how to raise kids online today.
(Read more...)
|
|
|
|
|
2022-10-10 13:30:00 |
White House unveils Blueprint for an AI Bill of Rights (lien direct) |
>Categories: NewsThe blueprint aims to make AI less harmful to Americans by holding its creators accountable.
(Read more...)
|
|
|
|
|
2022-10-07 16:15:00 |
Romance scammer given 25 years of alone time (lien direct) |
>Categories: NewsTags: Scam
Tags: spam
Tags: phish
Tags: BEC
Tags: business email compromise
Tags: romance
Tags: fake
Tags: fraud
Tags: wire
Tags: money mule
We take a look at a scammer, involved in both BEC fraud and romance scams, who has been jailed for a whopping 25 years.
(Read more...)
|
|
|
|
|
2022-10-07 15:00:00 |
Credential stuffers take aim at Final Fantasy XIV players (lien direct) |
>Categories: NewsTags: Final Fantasy XIV
Tags: Square Enix
Tags: phishing
Tags: credential stuffing
Tags: theft
Tags: steal
Tags: compromise
Tags: hijack
Attackers are preying on accounts with passwords used on other sites and services.
(Read more...)
|
|
|
|
|
2022-10-07 15:00:00 |
Meta accuses apps of stealing WhatsApp accounts (lien direct) |
>Categories: NewsTags: Meta
Tags: WhatsApp
Tags: apps
Tags: mobile
Tags: android
Tags: device
Tags: account
Tags: credentials
Tags: spam
Meta is suing developers for multiple credential-stealing apps found on Google Play and elsewhere.
(Read more...)
|
|
|
|
|
2022-10-07 10:30:00 |
Malwarebytes\' modernized bug bounty program-here\'s all you need to know (lien direct) |
>Categories: BusinessWe've updated our bug bounty program with increased rewards and a new way to submit vulnerabilities
(Read more...)
|
|
|
|
|
2022-10-07 01:45:00 |
Android vulnerabilities could allow arbitrary code execution (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: Google
Tags: Android
Tags: Qualcomm
Tags: WLAN
Tags: CVE-2022-25720
Tags: CVE-2022-25718
Tags: CVE-2022-25748
Tags: CVE-2022-20419
Tags: ActivityManager
Google has issued patches for 42 vulnerabilities, including four marked critical
(Read more...)
|
|
|
|
|
2022-10-06 15:30:00 |
Hundreds of Microsoft SQL servers found to be backdoored (lien direct) |
>Categories: NewsTags: Microsoft SQL
Tags: brute force
Tags: Maggie
Tags: Extended Stored Procedure
Researchers have found a backdoor that specifically targets Microsoft SQL servers.
(Read more...)
|
|
|
|
|
2022-10-06 15:00:00 |
Data Access Agreement offers a new path for UK - US data requests (lien direct) |
>Categories: NewsTags: Data access agreement
Tags: DAA
Tags: UK
Tags: US
Tags: crime
Tags: criminal
Tags: telecommunications
Tags: request
Tags: share
Tags: data
We take a look at a possibly controversial new way for two governments to make direct data requests in cases of law enforcement.
(Read more...)
|
|
|
|
|
2022-10-06 13:00:00 |
Cyberstalking, pig masks, and cockroaches: Former eBay execs are sentenced (lien direct) |
>Categories: NewsTags: ebay
Tags: harassment
Tags: doxing
Tags: online threats
Tags: stalking
Tags: cyberstalking
Two former eBay executives have been sentenced to prison for their roles in a cyberstalking campaign aimed at the company's critics.
(Read more...)
|
|
|
|
|
2022-10-06 11:00:00 |
BOD 23-01: Improving asset visibility and vulnerability detection on federal networks (lien direct) |
>Categories: NewsTags: BOD 23-01
Tags: asset visibility
Tags: vulnerability detection
Tags: federal networks
Tags: CISA
Tags: CDM
Tags:
CISA has issued BOD 23-10 which requires all FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodic scans of these devices, and provide this information to CISA.
(Read more...)
|
Vulnerability
|
|
|
|
2022-10-05 22:45:00 |
Admin from hell facing 10 years for sabotaging ex-employer\'s network (lien direct) |
>Categories: NewsTags: hire
Tags: hiring
Tags: rehire
Tags: insider threat
Tags: ex-employee
Tags: logins
Tags: network
Tags: FBI
Failing to keep a tight reign on ex-employees' credentials can lead to all manner of chaos.
(Read more...)
|
Guideline
|
|
|
|
2022-10-05 15:45:00 |
Bogus job offers hide trojanised open-source software (lien direct) |
>Categories: NewsTags: malware
Tags: ZINC
Tags: microsoft
Tags: infection
Tags: C&C
Tags: open source
Tags: job offer
Tags: fake
Tags: LinkedIn
A North Korean ZINC group is accused of creating compromised versions of KiTTY, PuTTY, TightVNC, and other popular open-source software apps
(Read more...)
|
Guideline
Medical
|
APT 38
|
|
|
2022-10-05 11:30:00 |
Kim Kardashian gets huge fine for crypto ad (lien direct) |
>Categories: NewsThe SEC fined the celebrity $1.26 million for touting a crypto security without telling followers what she was paid to promote it.
(Read more...)
|
|
|
|
|
2022-10-04 15:00:00 |
TikTok\'s "secret operation" tracks you even if you don\'t use it (lien direct) |
>Categories: NewsCategories: PrivacyIf you think TikTok is acting like Google or Meta when collecting data, you're not wrong.
(Read more...)
|
|
|
|
|
2022-10-04 12:00:00 |
Huge increase in smishing scams, warns IRS (lien direct) |
>Categories: NewsCategories: ScamsTags: IRS
Tags: smishing
The Internal Revenue Service has issued a warning for taxpayers over a recent increase in IRS-themed smishing scams.
(Read more...)
|
|
|
|
|
2022-10-04 11:00:00 |
Ransomware review: September 2022 (lien direct) |
>Categories: Threat IntelligenceIn September, LockBit accounted for almost half of all known ransomware attacks.
(Read more...)
|
Ransomware
|
|
|
|
2022-10-04 08:00:00 |
Ransomware-affected school district refuses to pay, gets stolen data released (lien direct) |
>Categories: NewsTags: compromise
Tags: ransomware
Tags: leak
Tags: extortion
Tags: LAUSD
Data stolen from Los Angeles Unified School District has been leaked online, after staff refused to pay the ransom related to a ransomware attack.
(Read more...)
|
Ransomware
|
|
|
|
2022-10-03 12:00:00 |
Actively exploited vulnerability in Bitbucket Server and Data Center (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: Atlassian
Tags: Bitbucket
Tags: git
Tags: CVE-2022-36804
Tags: RCE
Tags: read permission
International cybersecurity authorities are warning about the active exploitation of a vulnerability in Bitbucket Server and Data Center
(Read more...)
|
Vulnerability
|
|
|
|
2022-10-03 10:00:00 |
Romance scammer deepfakes Mark Ruffalo to con elderly artist (lien direct) |
>Categories: NewsTags: romance scam
Tags: deepfake
Tags: mark ruffalo
Tags: manga
Tags: theft
Tags: online
Tags: social media
We take a look at a romance scammer getting ahead of the game and using deepfakes to steal a huge amount of money from a victim.
(Read more...)
|
|
|
|
|
2022-10-02 19:00:00 |
Why (almost) everything we told you about passwords was wrong (lien direct) |
Categories: NewsSorry.
(Read more...)
|
|
|
|
|
2022-09-30 13:00:00 |
Two new Exchange Server zero-days in the wild (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: Exchange
Tags: ProxyShell
Tags: remote PowerShell
Tags: web shell
Tags: CVE-2022-41040
Tags: CVE-2022-41082
Tags: SSRF
Tags: RCE
Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers
(Read more...)
|
|
|
|
|
2022-09-29 17:00:00 |
Local government cybersecurity: 5 best practices (lien direct) |
>Categories: BusinessWith a few best practices, local governments can improve their cybersecurity posture and make it less likely that threat actors attack their systems. We'll break down five best practices for local government cybersecurity in this post.
(Read more...)
|
Threat
|
|
|
|
2022-09-29 16:00:00 |
Optus data breach "attacker" says sorry, it was a mistake (lien direct) |
>Categories: NewsTags: Optus
Tags: breach
Tags: optusdata
Tags: text messages
Tags: drivers' licenses
Tags: Medicare
Tags: identity protection
A hacker stole the personal information of 10 million Optus customers, threatened to publish them in lots of 10,000 a day unless the ransom was paid, and then suddenly did a 180 degree turn.
(Read more...)
|
Data Breach
|
|
|
|
2022-09-29 12:00:00 |
Fast Company hacked to send obscene and racist messages (lien direct) |
>Categories: CybercrimeCategories: NewsThe US business magazine appeared to have two separate and related incidents in which it was compromised.
(Read more...)
|
|
|
|
|
2022-09-28 21:15:00 |
APT28 attack uses old PowerPoint trick to download malware (lien direct) |
>Categories: NewsTags: APT28
Tags: Fancy Bear
Tags: PowerPoint
Tags: PowerShell
Tags: One Drive
Tags: SyncAppvPublishingServer
The Russian APT known as Fancy Bear was caught using an old mouseover technique that doesn't need macros
(Read more...)
|
Malware
|
APT 28
|
|
|
2022-09-28 13:00:00 |
FCC moves to block robotexts (lien direct) |
>Categories: NewsCategories: ScamsThe Federal Communications Commission wants mobile carriers to block spam texts at the network level.
(Read more...)
|
Spam
|
|
|
|
2022-09-28 13:00:00 |
Spyware disguises itself as Zoom downloads (lien direct) |
>Categories: NewsCriminals are taking advantage Zoom's continuing popularity
(Read more...)
|
|
|
|
|
2022-09-28 10:30:00 |
Erbium stealer on the hunt for data (lien direct) |
>Categories: NewsTags: erbium
Tags: malware
Tags: data theft
Tags: stealer
Tags: wallets
Tags: cryptocurrency
Tags: browsers
Tags: browser
Tags: infection
Tags: malware as a service
We take a look at reports of new data theft malware relying on sold old tricks
(Read more...)
|
Malware
|
|
|
|
2022-09-28 03:00:00 |
4 times students compromised school cybersecurity (lien direct) |
>Categories: NewsTags: School
Tags: password
Tags: sticky note
Tags: lax security
Tags:
Sometimes we hear stories about brilliant students that hack their school and get celebrated, but it doesn't always end well.
(Read more...)
|
Hack
|
|
|
|
2022-09-27 12:15:00 |
Facebook users sue Meta for allegedly building "secret workaround" to Apple privacy safeguards (lien direct) |
>Categories: NewsCategories: PrivacyMeta is being sued by a couple of its users for allegedly deliberately circumventing Apple's privacy features on the iPhone.
(Read more...)
|
|
|
|
|
2022-09-27 12:00:00 |
TikTok faces $28m fine for failing to protect children\'s privacy (lien direct) |
>Categories: NewsTags: ICO
Tags: tiktok
Tags: data
Tags: protection
Tags: kids
Tags: children
Tags: fine
Tags: privacy
Tags: safety
The ICOs is looking to fine TikTok over what it claims are issues related to the UK's data protection laws.
(Read more...)
|
|
|
|
|
2022-09-27 11:30:00 |
Flaw in some ManageEngine apps is being actively exploited, says CISA (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsThe critical CVE-2022-35405 flaw affects several Zoho ManageEngine products. Federal and private organizations must patch now!
(Read more...)
|
|
|
|
|
2022-09-27 11:00:00 |
Exchange servers abused for spam through malicious OAuth applications (lien direct) |
>Categories: NewsTags: Exchange
Tags: OAuth
Tags: spam
Tags: MFA
Tags: Transport rules
Tags: connector
Threat actors have been using malicious OAuth applications to abuse Microsoft Exchange servers for their spam campaign.
(Read more...)
|
Spam
|
|
|
|
2022-09-26 13:30:00 |
Calling in the ransomware negotiator, with Kurtis Minder: Lock and Code S03E20 (lien direct) |
>Categories: PodcastThis week on Lock and Code, we speak with Kurtis Minder, CEO of GroupSense, about how a company decides to bring in a ransomware negotiator when it's hit with the destructive malware.
(Read more...)
|
Ransomware
|
|
|
|
2022-09-26 13:00:00 |
Windows 11 pulls ahead of Windows 10 in anti-phishing stakes (lien direct) |
>Categories: NewsTags: Windows 11
Tags: Windows 10
Tags: phishing
Tags: protection
Tags: warning
Tags: message
Tags: Defender Smartscreen
We take a look at a new set of security features for Windows 11, and see what Windows 10 can expect to miss out on.
(Read more...)
|
|
|
|
|
2022-09-26 12:00:00 |
Twitter fixes bug that left devices logged in after password reset (lien direct) |
>Categories: NewsCategories: PrivacyTwitter says it has fixed a bug that meant users weren't logged out of active sessions on all devices after manually resetting their passwords.
(Read more...)
|
|
|
|
|
2022-09-26 10:00:00 |
Critical WhatsApp vulnerabilities patched: Check you\'ve updated! (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: WhatsApp
Tags: CVE-2022-36934
Tags: CVE-2022-27492
Two RCE vulnerabilities were patched in WhatsApp. Both vulnerabilities were video related and could be used to compromise your device.
(Read more...)
|
|
|
|
|
2022-09-23 18:00:00 |
Malwarebytes recognized as endpoint security leader by G2 (lien direct) |
>Categories: BusinessG2 has released their Fall 2022 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories based on factual customer reviews.
(Read more...)
|
Guideline
|
|
|
|
2022-09-23 09:00:00 |
A first look at the builder for LockBit 3.0 Black (lien direct) |
>Categories: NewsCategories: RansomwareTags: LockBit
Tags: builder
Tags: leaked
The LockBit gang's latest ransomware builder has been leaked, and we have a copy
(Read more...)
|
Ransomware
|
|
|
|
2022-09-22 13:15:00 |
Medtronic\'s MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsMedtronic, an insulin pump company, notified its users of a potential risk of attack due to a flaw in its pump's communication protocol.
(Read more...)
|
|
|
|
|
2022-09-22 12:00:00 |
Welcome to high tech hacking in 2022: Annoying users until they say "yes" (lien direct) |
>Categories: NewsTags: MFA fatigue
Tags: 2FA
Tags: push notification
Tags: security
Tags: phishing
Tags: attack
Tags: burnout
Tags: stress
Tags: verify
Cybercriminals' new tactic of simply boring victims into submission has had some surprising succcess.
(Read more...)
|
|
|
|
|
2022-09-22 12:00:00 |
Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: CVE-2022-40959
Tags: CVE-2022-40960
Tags: CVE-2022-40962
Tags: CVE-2022-3033
Tags: Mozilla
Tags: Firefox
Tags: Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird which could be exploited to take control of a system.
(Read more...)
|
|
|
|
|
2022-09-22 11:45:00 |
Morgan Stanley\'s years-long "extensive failure" to protect customer data ends in huge fine (lien direct) |
>Categories: NewsCategories: PrivacyThe SEC has unearthed a long list of whoopsies by Morgan Stanley, all involving the mishandling of sensitive data when disposing of devices.
(Read more...)
|
|
|
|