Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-29 08:15:02 |
Kawasaki discloses security breach, potential data leak (lien direct) |
Japan's Kawasaki Heavy Industries announced a security breach and potential data leak after unauthorized access to a Japanese company server from multiple overseas offices. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-28 16:18:52 |
Aida Cruises cancels trips due to mysterious "IT restrictions" (lien direct) |
German cruise line AIDA Cruises is dealing with mysterious "IT restrictions" that have led to the cancellation of New Year's Eve cruises embarking this past weekend. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-28 13:46:45 |
Finnish Parliament attackers hack lawmakers\' email accounts (lien direct) |
The email accounts of multiple members of parliament (MPs) were compromised following a cyberattack as revealed today by the Parliament of Finland. [...] |
Hack
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-28 12:48:46 |
CISA releases Azure, Microsoft 365 malicious activity detection tool (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. [...] |
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-28 12:12:53 |
Home appliance giant Whirlpool hit in Nefilim ransomware attack (lien direct) |
Home appliances giant Whirlpool suffered a ransomware attack by the Nefilim ransomware gang who stole data before encrypting devices. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-28 10:38:12 |
UK NCA visits WeLeakInfo users to warn of using stolen data (lien direct) |
21 WeLeakInfo customers have been arrested across the UK for using stolen credentials downloaded from WeLeakInfo following an operation coordinated by the UK National Crime Agency (NCA). [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-28 09:21:12 |
Multi-platform card skimmer found on Shopify, BigCommerce stores (lien direct) |
A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-28 06:57:33 |
(Déjà vu) GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic (lien direct) |
A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-28 06:57:33 |
(Déjà vu) GitHub-based malware calculates Cobalt Strike payload from Imgur pic (lien direct) |
A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-27 12:43:58 |
Windows 10 Cloud PC: What is known about Microsoft\'s new service (lien direct) |
With Cloud PC, Microsoft would handle your device configuration in your organization with regular updates, security improvements, and managed support. Cloud PC appears to be a part of the company's "Windows as a Service" tagline, which has become more apparent this year. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-26 13:51:17 |
Koei Tecmo discloses data breach after hacker leaks stolen data (lien direct) |
Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-26 11:23:03 |
Apple iCloud outage prevents device activations, access to data (lien direct) |
Apple users are experiencing problems setting up new devices or accessing files stored on the cloud due to an ongoing iCloud outage that has lasted for more than 24 hours. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-26 09:50:11 |
SolarWinds releases updated advisory for new SUPERNOVA malware (lien direct) |
SolarWinds has released an updated advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-25 14:08:50 |
CrowdStrike releases free Azure security tool after failed hack (lien direct) |
Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials. [...] |
Hack
Tool
Threat
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-25 10:15:15 |
Fake Amazon gift card emails deliver the Dridex malware (lien direct) |
The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards. [...] |
Spam
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-24 13:12:37 |
FreePBX developer Sangoma hit with Conti ransomware attack (lien direct) |
Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. [...] |
Ransomware
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-24 12:00:11 |
North Korean state hackers breach COVID-19 research entities (lien direct) |
North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development. [...] |
Medical
|
APT 38
APT 28
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-24 11:10:02 |
Google Chrome is testing larger cache sizes to increase performance (lien direct) |
Google is experimenting with increased storage for the browser cache to reduce the performance hit caused by the recently added partitioned cache feature. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-24 10:20:49 |
NetGalley discloses data breach after website was hacked (lien direct) |
The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information. [...] |
Data Breach
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-24 08:20:00 |
Hacker earns $2 million in bug bounties on HackerOne (lien direct) |
Cosmin Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-24 06:26:49 |
Citrix confirms ongoing DDoS attack impacting NetScaler ADCs (lien direct) |
Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller (ADC) networking appliances with EDT enabled. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-23 18:34:06 |
FBI: Iran behind pro-Trump \'enemies of the people\' doxing site (lien direct) |
Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-23 16:23:17 |
PSA: Active Chase phishing scam pretends to be fraud alerts (lien direct) |
A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-23 14:57:27 |
Windows zero-day with bad patch gets new public exploit code (lien direct) |
Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-23 14:34:40 |
Microsoft 365 admins can now get security incident email alerts (lien direct) |
Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-23 13:12:50 |
UK privacy watchdog warns SolarWinds victims to report data breaches (lien direct) |
United Kingdom's Information Commissioner's Office (ICO) has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. [...] |
Hack
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-23 12:01:01 |
Holiday deal exclusive: Get 20% off Emsisoft Anti-Malware (lien direct) |
Emsisoft has provided BleepingComputer visitors an exclusive holiday deal where you can get 20% off Emsisoft Anti-Malware until the end of the year. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-23 11:49:58 |
DHS warns of data theft risk when using Chinese products (lien direct) |
The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the People's Republic of China (PRC). [...] |
|
|
★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-23 09:59:47 |
QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities (lien direct) |
QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-22 17:20:11 |
Biden blasts Trump administration over SolarWinds attack response (lien direct) |
U.S. President-Elect Joe Biden has criticized the Trump administration over the lack of response regarding the SolarWinds response and for failing to officially attribute the attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-22 16:27:07 |
Roanoke College delays spring semester after cyberattack (lien direct) |
Roanoke College has delayed their spring semester by almost a month after a cyberattack has impacted files and data access. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-22 13:57:08 |
Safe-Inet, Insorg VPN services shut down by law enforcement (lien direct) |
Law enforcement agencies around the world in a coordinated effort took down and seized the infrastructure supporting Safe-Inet and Insorg VPN and proxy services known for catering cybercriminal activity. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-22 13:29:14 |
Microsoft: Don\'t delete Windows 10 root certificate expiring this month (lien direct) |
A Microsoft root certificate is expiring at the end of this month, and Microsoft warns that removing it could cause problems with the operating system. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-22 12:45:00 |
SolarWinds hackers breached US Treasury officials\' email accounts (lien direct) |
US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-22 10:52:12 |
FBI warns of ongoing COVID-19 vaccine related fraud schemes (lien direct) |
US federal agencies have warned about scammers exploiting the public's interest in the COVID-19 vaccine to harvest personal information and steal money through multiple ongoing and emerging fraud schemes. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-22 09:11:33 |
SolarWinds victims revealed after cracking the Sunburst malware DGA (lien direct) |
Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware, after ongoing investigations of the SolarWinds supply chain attack. [...] |
Malware
Threat
|
Solardwinds
Solardwinds
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 16:23:13 |
Trucking giant Forward Air hit by new Hades ransomware gang (lien direct) |
Trucking and freight logistics company Forward Air has suffered a ransomware attack by a new ransomware gang that has impacted the company's business operations. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 14:01:11 |
EXMO cryptocurrency exchange hacked, loses 5% of total assets (lien direct) |
British cryptocurrency exchange EXMO has disclosed that unknown attackers withdrew almost 5% of its total assets after compromising its hot wallets. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 12:59:00 |
Critical bugs in Dell Wyse ThinOS allow thin client take over (lien direct) |
Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 12:28:02 |
US seizes domains used for COVID-19 vaccine phishing attacks (lien direct) |
The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 10:38:48 |
VMware latest to confirm breach in SolarWinds hacking campaign (lien direct) |
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks and said that the hackers did not make any attempts of further exploitation after gaining access through the deployed backdoor. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 10:16:01 |
Google is bringing Discover to other Chromium browsers (lien direct) |
According to new code references found in the open-source Chromium platform, Chromium-based browsers should soon be able to take advantage of Google's personalized news feed called 'Discover'. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 09:17:57 |
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis (lien direct) |
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor. [...] |
Threat
|
|
★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 08:43:55 |
Microsoft fixes Windows 10 chkdsk bug causing boot failures (lien direct) |
Microsoft has acknowledged a new issue impacting Windows 10 customers that might cause booting to fail on devices where the chkdsk tool has been used to repair logical file system errors. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-21 02:15:00 |
Physical addresses of 270K Ledger owners leaked on hacker forum (lien direct) |
A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-20 14:20:28 |
Flavors designer Symrise halts production after Clop ransomware attack (lien direct) |
Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-20 11:28:01 |
Windows Hello is now being used by 84% of Windows 10 users (lien direct) |
Windows Hello, which is an all-in-one biometric authentication process integrated into Windows 10, is slowly growing in popularity. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-20 09:55:11 |
New Windows 10 tool lets you group your taskbar shortcuts (lien direct) |
A new Windows 10 utility called TaskbarGroups lets you group shortcuts on the taskbar so they can easily be launched without taking up a lot of space. [...] |
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-19 13:01:01 |
Gitpaste-12 worm botnet returns with 30+ vulnerability exploits (lien direct) |
Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2020-12-19 11:30:00 |
Google explains the cause of the recent YouTube, Gmail outage (lien direct) |
Google says that the global authentication system outage which affected most consumer-facing series on Monday was caused by a bug in the automated quota management system impacting the Google User ID Service. [...] |
|
|
|