What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-11-26 13:47:37 | Experts discovered control systems for aircraft warning lights open online (lien direct) | Aircraft warning lights, an essential component of the aviation infrastructure, but they pose a serious risk if controlled by hackers. The independent researcher Amitay Dan discovered that control panels for aircraft warning lights were exposed to the Internet, potentially allowing attackers to control them with unpredictable and catastrophic consequences. Aircraft warning lights are important components of […] | |||
|
2019-11-26 10:35:20 | Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts (lien direct) | Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent. According to the company, the cause of behavior that violates their policies is a couple of “malicious” software […] | |||
|
2019-11-26 08:25:19 | Some Fortinet products used hardcoded keys and weak encryption for communications (lien direct) | Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam […] | Vulnerability | ||
|
2019-11-25 22:55:46 | PoC exploit code for Apache Solr RCE flaw is available online (lien direct) | Over the summer, the Apache Solr team addressed a remote code execution flaw, not a working exploit code was published online. The bug addressed by the Apache Solr team fixed over the summer is more dangerous than initially thought. Apache Solr is a highly reliable, scalable and fault-tolerant, open-source search engine written in Java. Solr […] | |||
|
2019-11-25 14:53:02 | Livingston School District hit by a ransomware attack (lien direct) | Livingston School District in New Jersey is the last victim of a ransomware attack that caused a two hour delayed opening. Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. A new ransomware attack hit a school district in the US, the malware has […] | Ransomware Malware | ||
|
2019-11-25 11:32:48 | After 1 Million of malware samples analyzed (lien direct) | Malware Hunter – One year after its launch, Marco Ramilli shared the results of its project that has analyzed more than 1 Million malware samples. Malware Hunter – One year ago I decided to invest in static Malware Analysis automation by setting up a full-stack environment able to grab samples from common opensources and to […] | Malware | ||
|
2019-11-25 09:23:32 | Federal Communications Commission has cut off government funding for equipment from Chinese firms (lien direct) | U.S. Federal Communications Commission has cut off government funding for equipment from Huawei and ZTE due to security concerns. U.S. Federal Communications Commission has cut off government funding for equipment from the Chinese companies Huawei and ZTE due to security concerns. The Federal Communications Commission is also requesting to the government to assign subsidies to […] | |||
|
2019-11-25 07:27:26 | Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gateways (lien direct) | Crooks behind the Raccoon Stealer have adopted a simple and effective technique to circumvent popular anti-spam messaging gateways. Cybercriminals behind the Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The Raccoon stealer was first spotted in April, it was designed to steal victims' credit card data, […] | |||
|
2019-11-24 15:18:19 | Twitter allows users to use 2FA without a phone number (lien direct) | Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. 2FA is already implemented on Twitter, currently, the users of the […] | |||
|
2019-11-24 12:31:11 | Security Affairs newsletter Round 241 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Experts found undocumented access feature in Siemens SIMATIC PLCs Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365 Crooks use carding bots to check stolen card data ahead of the holiday season Experts report […] | |||
|
2019-11-24 10:56:59 | Iran – Government blocks Internet access in response to the protests (lien direct) | Iran – After the announcement of the government to cut fuel subsidies, protests erupted in the country and the authorities blocked Internet access. After the announcement of the government to cut fuel subsidies, protests erupted in Iran and the authorities blocked access to the internet to prevent the spreading of news, videos, and images online. Initially, mobile […] | |||
|
2019-11-23 18:47:08 | Catch Hospitality Group discloses PoS malware infection at its restaurants (lien direct) | The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain. Catch Hospitality Group announced that a PoS malware has infected its payment […] | Malware | ||
|
2019-11-23 15:59:49 | Kaspersky found dozens of flaws in 4 open-source VNC software (lien direct) | Kaspersky researchers found dozens of flaws in four popular open-source virtual network computing (VNC) systems. Experts from Kaspersky analyzed several different implementations of a remote access system called Virtual Network Computing (VNC) and identified a number of memory corruption vulnerabilities. Some of the vulnerabilities found by the experts could lead to remote code execution. The […] | Guideline | ||
|
2019-11-23 11:22:51 | Chinese smartphone vendor OnePlus discloses a new data breach (lien direct) | Chinese smartphone vendor OnePlus has suffered a new data breach, according to a company’s notice hackers accessed customers’ order information. OnePlus disclosed a data breach, an “unauthorized party” accessed some customers' order information, including names, contact numbers, emails, and shipping addresses. “We want to update you that we have discovered that some of our users’ […] | Data Breach | ||
|
2019-11-22 21:11:35 | Personal and social information of 1.2B people exposed on an open Elasticsearch install (lien direct) | Security duo discovered personal and social information 1.2 billion people exposed online on an unsecured Elasticsearch server. Researchers Bob Diachenko and Vinny Troia discovered an unsecured Eslasticsearch server containing an unprecedented 4 billion user accounts. The database, discovered on October 16, 2019, contained more than 4 terabytes of data is the largest data leaks from a single […] | |||
|
2019-11-22 15:03:07 | French Rouen hospital hit by a ransomware attack (lien direct) | The University Hospital Center (CHU) of Rouen was hit by the malware last week, the ransomware had a severe impact on the operations during the weekend. The AFP news agency reported that a ransomware attack on a hospital in Rouen last week caused “very long delays in care.” Medical staff at the hospital were not […] | Ransomware Malware | ||
|
2019-11-22 13:11:42 | Payment solutions giant Edenred announces malware infection (lien direct) | The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently investigating the incident. Edenred is a French company specialized in prepaid corporate services. […] | Malware | ||
|
2019-11-22 11:38:02 | (Déjà vu) Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison (lien direct) | The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. Stanislav Vitaliyevich Lisov (34), the Russian hacker who created and used Neverquest banking malware has been sentenced to 4 years in prison by the United States District Court for the Southern District of New York. […] | Malware | ||
|
2019-11-22 09:47:44 | T-Mobile discloses data breach affecting prepaid wireless customers (lien direct) | Bad news for T-Mobile prepaid customer, the US-based telecom giant T-Mobile today disclosed a new data breach incident. The US branch of the telecommunications giant T-Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The cybersecurity team at T-Mobile discovered an unauthorized access to […] | Data Breach | ||
|
2019-11-22 08:09:59 | AccorHotels subsidiary Gekko Group exposes hotels and travelers data in massive data leak (lien direct) | Security experts from vpnMentor discovered that Gekko Group, an AccorHotels subsidiary, exposes hotels and travelers in a massive data leak. Gekko Group is a leading European B2B hotel booking platform that also owns smaller hospitality brands, including Teldar Travel & Infinite Hotel. The AccorHotels subsidiary has a combined customer base of 600,000 hotels worldwide. vpnMentor discovered a database exposed […] | Guideline | ||
|
2019-11-21 23:33:22 | ENISA publishes a Threat Landscape for 5G Networks (lien direct) | ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated […] | Threat | ★★ | |
|
2019-11-21 20:56:47 | Google will pay up to $1.5m for full chain RCE for Android on Titan M chips (lien direct) | Google announced that it will increase bug bounty rewards for Android, it will pay up to $1.5 million for bugs that allow to hack new Titan M security chip. At the end of 2018, Google announced its Titan M dedicated security chip that is currently installed on Google Pixel 3 and Pixel 4 devices. The […] | Hack | ||
|
2019-11-21 19:13:41 | DePriMon downloader uses a never seen installation technique (lien direct) | ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since […] | |||
|
2019-11-21 14:43:39 | A critical flaw in Jetpack exposes millions of WordPress sites (lien direct) | A critical flaw in the Jetpack WordPress Plugin could be exploited by threat actors to hack WordPress websites running flawed versions of the plugin. A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1. and later, admins and owners of WordPress websites are urged to update their installs to Jetpack version 7.9.1. Jetpack is a […] | Hack Vulnerability Threat | ||
|
2019-11-21 12:29:03 | Microsoft warns of growing DoppelPaymer Ransomware threat (lien direct) | The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat. The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware, the tech giant provided useful information on the threat and how it spreads. “Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information […] | Ransomware Threat Guideline | ||
|
2019-11-21 09:26:07 | Roboto, a new P2P botnet targets Linux Webmin servers (lien direct) | Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. Researchers at 360Netlab discovered a new P2P botnet, tracked as Roboto, that is targeting Linux servers running unpatched installations of Webmin installs. The experts first spotted the Roboto botnet in August when they detected a suspicious […] | |||
|
2019-11-20 18:34:41 | Chicago student charged with writing code to spread ISIS propaganda (lien direct) | US authorities arrested Thomas Osadzinski, a student at DePaul University, because he allegedly built a custom Gentoo Linux distro for ISIS. Thomas Osadzinski (20), a student at DePaul University, Chicago, was arrested because he allegedly built a custom Gentoo Linux distro for ISIS, he could now face up to 20 years in prison. The Chicago […] | |||
|
2019-11-20 07:30:58 | Monero Project website has been compromised to deliver a coin stealer (lien direct) | The official website of the Monero Project has been compromised to deliver a coin stealer. The official website of the Monero Project has been compromised to deliver a cryptocurrency stealer on November 18. The hack was discovered after a user downloaded a Linux 64-bit command line (CLI) Monero binary that was containing a coin stealer. […] | Hack | ||
|
2019-11-20 07:26:20 | Hackers leak 2TB of Data From Cayman National Bank stolen by Phineas Fisher (lien direct) | New data leak threatens the world of finance after the Panama Papers, hackers published 2TB of the Cayman National bank’s confidential data. The Cayman Islands are a fiscal paradise that attracts money of questionable origin from all over the world, for this reason, the content of a new data leak is scaring the global finance. […] | |||
|
2019-11-20 06:35:59 | Ransomware Revival: Troldesh becomes a leader by the number of attacks (lien direct) | Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. Group-IB, a Singapore-based cybersecurity company: ransomware accounted for over half of all malicious mailings in H1 2019, detected and analyzed by Group-IB's Computer Emergency Response Team (CERT-GIB), with Troldesh aka Shade being the most popular tool […] | Ransomware Tool | ||
|
2019-11-19 21:57:25 | CTHoW v2.0 – Cyber Threat Hunting on Windows (lien direct) | Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network. I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques, attackers […] | Threat | ||
|
2019-11-19 19:55:37 | CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance (lien direct) | Experts found multiple flaws (CVE-2019-2234) in the Android camera apps provided by Google and Samsung that could allow attackers to spy on users. Cybersecurity experts from Checkmarx discovered multiple vulnerabilities in the Android camera apps provided by Google and Samsung could have been exploited by hackers to spy on hundreds of millions of users. The […] | |||
|
2019-11-19 15:32:49 | Alleged Magecart hackers planted a software skimmer into Macy\'s Website (lien direct) | Macy's has started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information. Macy's has started notifying some of its customers that discovered a software skimmer on its website used by crooks to steal their personal and financial information. The malicious software was discovered on October 15, […] | |||
|
2019-11-19 13:29:26 | (Déjà vu) Adobe announces end of support for Acrobat 2015 and Adobe Reader 2015 (lien direct) | Adobe announces the end of support for Acrobat 2015 and Reader 2015 It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015. It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015, the company will no longer receive any security updates after the deadline. Adobe plans to […] | |||
|
2019-11-19 08:50:42 | (Déjà vu) Ransomware infected systems at state government of Louisiana (lien direct) | Another ransomware attack made the headlines, the victim is the state government of Louisiana, numerous services have been impacted. The state government of Louisiana was hit by a ransomware attack that affected multiple state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development. The incident forced […] | Ransomware | ||
|
2019-11-19 07:35:21 | Belorussian authorities blocked ProtonMail following a wave of bomb threats (lien direct) | On Friday, Belorussian authorities have blocked access to the end-to-end encrypted email service ProtonMail after receiving a wave of bomb threats. On Friday, Belorussian authorities decided to block the access to ProtonMail after receiving a series of bomb threats. The threats were sent by an unknown attacker from a ProtonMail email address to private companies […] | |||
|
2019-11-18 21:43:33 | Tianfu Cup 2019 – 11 teams earned a total of 545,000 for their Zero-Day Exploits (lien direct) | The Tianfu Cup 2019 International Cyber Security Competition is ended and white hat hackers have earned $545,000 for working zero-day exploits. During Day 1 of the Tianfu Cup 2019 contest 13 hacking attempts out of a total of 32 were successful, 13 attempts failed and in 12 cases the researchers abandoned the attempts. Now that the competition […] | |||
|
2019-11-18 15:45:58 | Google addressed an XSS flaw in Gmail (lien direct) | Google addressed an XSS vulnerability in Gmail, the IT staff at Google defined the vulnerability as “awesome.” Michał Bentkowski, Chief Security Researcher from security frim Securitum, found an XSS vulnerability in Gmail and responsibly disclosed it this week after Google has addressed it. The flaw, described by Google IT staff as an awesome XSS issue, resides […] | Vulnerability | ||
|
2019-11-18 13:49:44 | Experts report a rampant growth in the number of malicious, lookalike domains (lien direct) | Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. Venafi, Inc. is a private cybersecurity company that develops software to secure and protect cryptographic keys and digital certificates. Ahead of the holiday shopping season, security experts from Venafi conducted a study of typosquatted domains […] | |||
|
2019-11-18 08:02:41 | New NextCry Ransomware targets Nextcloud instances on Linux servers (lien direct) | NextCry is a new ransomware that was spotted by researchers while encrypting data on Linux servers in the wild. Security experts spotted new ransomware dubbed NextCry that targets the clients of the NextCloud file sync and share service. The name comes from the extensions the ransomware appends to the filenames of encrypted files. The malicious code targets Nextcloud […] | Ransomware | ||
|
2019-11-18 06:31:12 | Crooks use carding bots to check stolen card data ahead of the holiday season (lien direct) | With the advent of this year’s holiday shopping season are cybercriminals are using carding bots to test stolen payment card data before using them. Cybercriminals need to test the validity of the stolen card data before carrying out fraudulent transactions or selling them during the holiday shopping season. Cybercriminals are automating this process using carding […] | |||
|
2019-11-17 18:31:41 | Security Affairs newsletter Round 240 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Bad News: AI and 5G Are Expected to Worsen Cybersecurity Risks Boardriders and its subsidiarities QuikSilver and Billabong infected with ransomware Major ASP.NET hosting provider SmarterASP hit by ransomware attack Apple Mail stores parts of encrypted emails in […] | Ransomware | ||
|
2019-11-17 15:19:22 | Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365 (lien direct) | The Tianfu Cup 2019 International Cyber Security Competition has started, in two days white hat hackers will attempt to exploit flaws in major software. The Tianfu Cup 2019 International Cyber Security Competition has started, white hat hackers will attempt to devise working zero-day exploits for popular software. Each working exploit receives a cash prize and […] | |||
|
2019-11-17 12:54:07 | Experts found undocumented access feature in Siemens SIMATIC PLCs (lien direct) | Researchers discovered a vulnerability in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could allow attackers to execute arbitrary code on vulnerable devices. Researchers discovered an undocumented access feature in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could be exploited by attackers to execute arbitrary code on affected devices. The feature was discovered by […] | Vulnerability | ||
|
2019-11-16 14:01:56 | WhatsApp flaw CVE-2019-11931 could be exploited to install spyware (lien direct) | The popular messaging platform WhatsApp made the headlines again, a new bug could be exploited by hackers to secretly install spyware. According to the website The Hacker News, WhatsApp has recently fixed a critical vulnerability, tracked as CVE-2019-11931, that could have allowed attackers to remotely compromise targeted devices. The CVE-2019-11931 is a stack-based buffer overflow issue […] | |||
|
2019-11-16 11:32:24 | Checkra1n, a working iPhone Jailbreak, was released (lien direct) | A working exploit for the checkm8 BootROM vulnerability is now available and security experts fear that threat actors could use is in attacks in the wild. This week, the “unpatchable” jailbreak, known as Checkra1n, for the checkm8 BootROM vulnerability was officially released potentially threatening millions of devices. “This release is an early beta preview and as such […] | Vulnerability Threat | ||
|
2019-11-15 19:33:03 | DDoS-for-Hire Services operator sentenced to 13 months in prison (lien direct) | Sergiy P. , the administrator of DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. Sergiy P. Usatyuk, a man that was operating several DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. DDoS-for-hire services, aka stressers or booters, allows crooks […] | |||
|
2019-11-15 15:36:55 | Two men arrested for stealing $550,000 in cryptocurrency with Sim Swapping (lien direct) | On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. The suspects stole the funds from at least 10 victims using […] | |||
|
2019-11-15 13:55:42 | The Australian Parliament was hacked earlier this year (lien direct) | The computer network of Australian Parliament was hacked earlier this year, and hackers exfiltrated data from the computers of several elected officials. According to the Australian Broadcasting Corp (ABC), earlier this year hackers penetrated the computer network of Australian Parliament and stole data from the computers of several elected officials. The attack took place on […] | |||
|
2019-11-15 12:57:25 | New TA2101 threat actor poses as government agencies to distribute malware (lien direct) | A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. A new threat actor, tracked as TA2101, is using email to impersonate government agencies in the United States, Germany, and Italy to multiple families of malware, deliver ransomware, and banking Trojans. The […] | Malware Threat |
To see everything:
Our RSS (filtrered)
