Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-05-03 09:25:15 |
Hackers breach LineageOS servers via unpatched vulnerability (lien direct) |
LineageOS source code, OS builds, and signing keys were unaffected, developers said. |
Vulnerability
|
|
|
|
2020-05-03 00:02:35 |
UK NCSC to stop using \'whitelist\' and \'blacklist\' due to racial stereotyping (lien direct) |
UK cyber-security agency to use "allow list" and "deny list" on its website, going forward. |
|
|
|
|
2020-05-02 14:10:00 |
Hacker leaks 15 million records from Tokopedia, Indonesia\'s largest online store (lien direct) |
The Tokopedia data has been published on a well-known hacking forum. |
|
|
|
|
2020-05-01 18:26:58 |
Trump bans acquisition of foreign power grid equipment, citing hacking threats (lien direct) |
White House says foreign-made equipment "augments the ability of foreign adversaries to create and exploit vulnerabilities" in the US power grid. |
|
|
|
|
2020-05-01 14:42:18 |
New Firefox service will generate unique email aliases to enter in online forms (lien direct) |
Firefox Private Relay add-on to help users safeguard their email addresses from spammers. |
|
|
|
|
2020-05-01 11:55:00 |
Oracle warns of attacks against recently patched WebLogic security bug (lien direct) |
Oracle patched the bug last month but attacks began after proof-of-concept code was published on GitHub. |
|
|
|
|
2020-05-01 11:36:00 |
SaltStack Salt critical bugs allow data center, cloud server hijacking as root (lien direct) |
Researchers expect the vulnerabilities to be exploited in the wild within days. |
|
|
|
|
2020-05-01 10:22:09 |
Ninja Forms WordPress bug exposed over a million users to XSS attacks, website hijacking (lien direct) |
The severe XSS vulnerability permitted site takeover and visitor browser redirection to malicious websites. |
Vulnerability
|
|
|
|
2020-05-01 09:00:09 |
Dreambot malware operation goes silent (lien direct) |
Dreambot backend servers have gone down and no new samples have been spotted for weeks. |
Malware
|
|
|
|
2020-04-30 23:25:23 |
DHS CISA to provide DoH and DoT servers for government use (lien direct) |
Until official servers are available, government agencies told to disable DoH (DNS-over-HTTPS) and DoT (DNS-over-TLS) on their networks. |
|
|
|
|
2020-04-30 21:43:46 |
Ransomware mentioned in 1,000+ SEC filings over the past year (lien direct) |
A growing number of public companies have started listing ransomware as a forward-looking risk factor in their SEC documents. |
Ransomware
|
|
|
|
2020-04-30 14:02:08 |
Spear-phishing campaign compromises executives at 150+ companies (lien direct) |
PerSwaysion group appears to be formed of members based in Nigeria and South Africa. |
|
|
|
|
2020-04-30 13:28:10 |
Here\'s the NSA\'s guide for choosing a safe text chat and video conferencing service (lien direct) |
NSA publishes guidance on choosing a secure teleworking service. Assessed tools include Slack, Zoom, Signal, Skype, more. |
|
|
|
|
2020-04-30 10:00:09 |
Critical vulnerabilities in WordPress plugins lead to e-learning platform hijacking (lien direct) |
The most serious issues discovered can be used in remote code execution attacks. |
|
|
|
|
2020-04-30 09:02:29 |
Investors sue LabCorp over security failures in light of data breach, ransomware attack (lien direct) |
The lawsuit claims that the company's security posture led to investor losses. |
Ransomware
|
|
|
|
2020-04-30 04:00:04 |
This new Android mobile malware targets banks, financial services across Europe (lien direct) |
Researchers believe EventBot has the potential to become the “next big mobile threat.” |
Malware
|
|
|
|
2020-04-29 19:39:00 |
Google announces Chrome Web Store crackdown for August 2020 (lien direct) |
Google plans to remove a bunch of garbage and useless Chrome extensions from the Web Store. |
|
|
|
|
2020-04-29 17:17:48 |
Kaspersky: RDP brute-force attacks have gone up since start of COVID-19 (lien direct) |
RDP brute-force attack numbers rose in mid-March as quarantines were being imposed over the globe. |
|
|
|
|
2020-04-29 13:13:37 |
Estonia: Foreign hackers breached local email provider for targeted attacks (lien direct) |
Hackers hijacked a small number of Mail.ee accounts "belonging to persons of interest to a foreign country." |
|
|
|
|
2020-04-29 08:25:42 |
GitLab awards researcher $20,000, patches remote code execution bug (lien direct) |
Engineers jumped on the issue which earned the researcher $1,000 at the point of triage. |
|
|
|
|
2020-04-29 08:18:11 |
Microsoft open-sources in-house library for handling QUIC connections (lien direct) |
Microsoft says MsQuic will soon be part of most of its products, like Windows, .NET, Microsoft 365, and others. |
|
|
|
|
2020-04-29 07:27:34 |
Adobe patches critical code, corruption bugs across Bridge, Illustrator, Magento (lien direct) |
The company has squashed a range of critical flaws leading to arbitrary code execution. |
Guideline
|
|
|
|
2020-04-29 00:17:57 |
Two Usenet providers blame data breaches on partner company (lien direct) |
Remember Usenet? |
|
|
|
|
2020-04-28 22:11:00 |
Google discloses zero-click bugs impacting several Apple operating systems (lien direct) |
Apple needs to follow in Google and Mozilla's footsteps and secure its multimedia processing libraries. |
|
|
|
|
2020-04-28 17:17:51 |
(Déjà vu) Hackers threaten to leak data from famous high-end Zaha Hadid architecture firm (lien direct) |
Hackers have stolen data from the company's network, encrypted everything with ransomware, and are now threatening to release files on the dark web if the company doesn't pay a ransom demand. |
|
|
|
|
2020-04-28 17:17:00 |
Hackers threaten to leak data from high-end architecture firm Zaha Hadid (lien direct) |
Hackers have stolen data from the company's network, encrypted everything with ransomware, and are now threatening to release files on the dark web if the company doesn't pay a ransom demand. |
|
|
|
|
2020-04-28 14:00:00 |
PhantomLance spying campaign breaches Google Play security (lien direct) |
The four-year-long attack wave has been connected to dozens of malicious apps found in app stores. |
|
|
|
|
2020-04-28 05:15:06 |
Android OEM patch rates have improved, with Nokia and Google leading the charge (lien direct) |
The Android OEM patch rate has gone down from 44 days in 2018 to 38 days today. |
|
|
|
|
2020-04-28 04:30:08 |
Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone (lien direct) |
Attacks began earlier this month after WordPress theme developer did not release a patch for a trivial bug. |
|
|
|
|
2020-04-28 04:00:09 |
Consumers benefit as video call vendors scramble to revamp security in a COVID-19 world (lien direct) |
Houseparty, Discord, and Doxy.me, however, fail to meet basic security standards, new research suggests. |
|
|
|
|
2020-04-27 19:50:00 |
You can now manage Windows 10 devices through G Suite (lien direct) |
G Suite gets a long-awaited feature -- Windows 10 device management. |
|
|
|
|
2020-04-27 19:00:00 |
Financial sector is seeing more credential stuffing than DDoS attacks (lien direct) |
North American financial institutions and banks are targeted the most, primarily because most leaked credentials are from US services. |
|
|
|
|
2020-04-27 16:34:00 |
Shade (Troldesh) ransomware shuts down and releases decryption keys (lien direct) |
The Shade ransomware gang have published more than 750,000 decryption keys on GitHub. Kaspersky is working on a decryption app. |
Ransomware
|
|
|
|
2020-04-27 13:34:25 |
Israel government tells water treatment companies to change passwords (lien direct) |
Israel cyber-security agency reported intrusion attempts last week. |
|
|
|
|
2020-04-27 10:39:30 |
Germany pivots from centralized coronavirus tracing app to privacy-protecting alternative (lien direct) |
The move will likely be applauded by privacy and civil rights groups. |
|
|
|
|
2020-04-27 04:01:06 |
This is how viewing a GIF in Microsoft Teams triggered account hijacking bug (lien direct) |
Seeing an animation was enough to be impacted, researchers say. |
|
|
|
|
2020-04-26 02:39:25 |
Hackers are exploiting a Sophos firewall zero-day (lien direct) |
Sophos releases emergency patch to fix SQL injection bug exploited in the wild, impacting its XG Firewall product. |
|
|
|
|
2020-04-24 20:01:00 |
Symlink race bugs discovered in 28 antivirus products (lien direct) |
Most products have patched, researchers said, without naming the ones who skipped. |
|
|
|
|
2020-04-24 16:12:00 |
Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address (lien direct) |
Facebook fights to keep the lawsuit on track after NSO filed a motion to dismiss the case earlier this month. |
|
|
|
|
2020-04-24 12:05:00 |
Nintendo says 160,000 users impacted in recent account hacks (lien direct) |
Nintendo disconnects NNID legacy login system from main Nintendo profiles after massive account hijacking campaign. |
|
|
|
|
2020-04-24 08:26:00 |
Apple disputes recent iOS zero-day claim (lien direct) |
Apple says it "thoroughly investigated" a recent report about three iOS Mail bugs but "found no evidence they were used against customers." |
|
|
|
|
2020-04-24 07:17:38 |
Stuck at home, UK lockdown DIY fans slammed with Robert Dyas data breach (lien direct) |
The hardware store is the latest victim of card-skimmer malware. |
Data Breach
|
|
|
|
2020-04-24 06:34:11 |
Google will now demand online advertisers provide proof of identity and location (lien direct) |
The company is clamping down on fake content and scams by expanding checks previously reserved for political advertising. |
|
|
|
|
2020-04-23 20:40:55 |
RIPE opposes China\'s internet protocols upgrade plan (lien direct) |
RIPE speaks out against China and Huawei's "New IP" internet upgrade plan, says internet standards should be left to the IETF, not the UN. |
|
|
|
|
2020-04-23 12:48:11 |
NSA shares list of vulnerabilities commonly exploited to plant web shells (lien direct) |
NSA and ASD issue joint advisory on detecting and dealing with web shells. |
|
|
|
|
2020-04-23 12:00:07 |
As we turn to remote working, Malwarebytes joins VPN fray (lien direct) |
The new Malwarebytes Privacy VPN has been launched at a time VPN adoption is likely on the rise. |
|
|
|
|
2020-04-23 11:50:30 |
SBA reveals potential data breach impacting 8,000 emergency business loan applicants (lien direct) |
A US Senator says that the White House has “got to get it together.” |
Data Breach
|
|
|
|
2020-04-23 10:16:03 |
ESET takes down VictoryGate cryptomining botnet (lien direct) |
More than 35,000 computers believed to have been infected, according to ESET's sinkhole data. |
|
|
|
|
2020-04-23 10:00:07 |
Scammers are now taking advantage of US small business relief fund in phishing emails (lien direct) |
New campaigns are capitalizing not just on coronavirus fears but also on the outbreak's financial ramifications. |
|
|
|
|
2020-04-22 22:49:45 |
Valve says it\'s safe to play CS:GO and TF2 after source code leaked online (lien direct) |
Old 2017 source code for Counter-Strike: Global Offensive and Team Fortress 2 leaked online today on 4chan. |
|
|
|