What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-12-19 09:48:35 | (Déjà vu) 26,000 North American Customers Records Exposed by Honda (lien direct) | Automotive giant Honda exposed roughly 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers after misconfiguring an Elasticsearch cluster on October 21, 2019. Honda’s security team in Japan promptly secured the publicly accessible server within just a few hours after being contacted by Security Discovery researcher Bob Diachenko on December 12. Source: Bleeping Computer | |||
|
2019-12-18 10:19:03 | (Déjà vu) Cyber-Espionage Campaign Targets 100s of Companies (lien direct) | Hundreds of industrial companies are currently the targets of cyber-espionage activity from an advanced threat actor. The adversary uses a new version of an older info-stealer to extract sensitive data and files. The attacker uses spear-phishing emails with malicious attachments often disguised as PDF files. Separ is the malware of choice, which steals login data […] | Malware Threat | ||
|
2019-12-18 10:17:56 | (Déjà vu) Vulnerable Windows PCs identified with New BlueKeep Scanner (lien direct) | A new scanning tool is now available for checking if your computer is vulnerable to the BlueKeep security issue in Windows Remote Desktop Services. Despite Microsoft rolling out a patch in mid-May, there are tens of thousands of devices exposing a Remote Desktop Protocol (RDP) service to the public internet. Source: Bleeping Computer | Tool | ||
|
2019-12-18 10:16:17 | (Déjà vu) Over 1,000 U.S. Schools in 2019 hit by Ransomware attack (lien direct) | Since January, 1,039 schools across the U.S. have been potentially hit by a ransomware attack after 72 school districts and/or educational institutions have publicly reported being a ransomware victim according to a report from security solutions provider Armor. Source: Bleeping Computer | Ransomware | ||
|
2019-12-18 10:15:06 | 38,000 people will get a new password this week by standing in line (lien direct) | A non-standard and somewhat weird password reset operation is currently underway at a German university, where more than 38,000 students and staff were asked this week to stand in line with their ID card and a piece of paper to receive new passwords for their email accounts. All of this is going on at the […] | |||
|
2019-12-18 10:13:28 | (Déjà vu) Patient Records of 15 Million People Exposed (lien direct) | A cyberattack against LifeLabs exposed personal information on patients in Ontario and British Columbia. A cyberattack against LifeLabs, Canada’s largest medical testing provider, left personal information of more than 15 million individuals exposed before the company paid a ransom to retrieve the data. According to a letter sent to customers, the names, addresses, email addresses, customer […] | |||
|
2019-12-17 10:39:36 | Mobile devices responsible for 41% of DDoS attack traffic (lien direct) | The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year ago, with amplification attacks using the domain name system (DNS) remaining the most popular technique for attacking targets.DNS amplification attacks accounted for 45% of the attacks, while HTTP floods and TCP SYN attacks accounted for 14% and 7.7%, […] | |||
|
2019-12-17 10:36:25 | Hacking and malware behind 75% of all data breaches in the financial services industry (lien direct) | Only 6% of all breaches in 2019 were suffered by financial services firms, according to Bitglass. However, these breaches compromised significantly more records than those that occurred in other industries. In total, more than 60% of all leaked records in 2019 were exposed by financial services organizations. This is at least partially due to the Capital One mega […] | Malware | ||
|
2019-12-17 10:33:40 | WordPress patches several security concerns (lien direct) | WordPress has pushed out version 5.3.1 patching four security issues. WordPress versions 5.3 and earlier are affected and the company is recommending users download the new version, which is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released. Source: SC Magazine | Patching | ||
|
2019-12-17 10:30:38 | LightInTheBox left 1.6 customer records left exposed (lien direct) | An unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year. In what the breach discovers VPNMentor described as a major lapse in LighInTheBox's data security and potentially devastating to the victims exposing them to not only a cyberattack but potentially […] | |||
|
2019-12-17 10:22:50 | New Jersey\'s largest hospital pays to resolve ransomware attack (lien direct) | New Jersey's largest hospital system said that it has paid hackers a ransom after a ransomware attack disrupted its services earlier this month. Hackensack Meridian Health, a $6 billion non-profit health provider system based in Edison, N.J., operates 17 hospitals, nursing homes, and outpatient centers, as well as psychiatric facility Carrier Clinic. The hospital system […] | Ransomware | ||
|
2019-12-16 11:10:32 | New Orleans Cyberattack occurred due to Ryuk Ransomware (lien direct) | Based on files uploaded to the VirusTotal scanning service, the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors.On December 14th, 2019, one day after the City of New Orleans ransomware attack, what appear to be memory dumps of suspicious executables were uploaded from an IP address from the […] | Ransomware Threat | ||
|
2019-12-16 10:07:51 | Labor crunch highlights the cybersecurity gaps in threat intelligence practices (lien direct) | In Greek mythology, Sisyphus, the King of Corinth, was punished by Hades by being forced to roll a huge stone up a hill, only to have it roll down again as soon as he reached the summit, and then have the process repeat ad infinitum. The Paradox of Sisyphus exemplifies the modern state of cybersecurity. Source: […] | Threat | ||
|
2019-12-16 10:05:29 | The privacy and security trends that will make 2020 (lien direct) | Privacy concerns will ratchet up further around IoT and 5G. Even if the industry manages to secure the billions of IoT devices already deployed, they permeate so many aspects of life that it will be nearly impossible to keep personal and private information out of the public domain. Source: Help Net Security | |||
|
2019-12-16 10:04:20 | Witney Carson, \'Dancing With Stars\' Pro Hacked (lien direct) | With being in the spotlight, celebrities are unfortunately a notable, prime target for hackers and reality TV personality, Witney Carson was tragically the latest subject whose social media accounts were comprised this past week. The Dancing With the Stars pro took to Twitter on Saturday to share with fans and followers that her official Facebook account had been hacked and she was in […] | |||
|
2019-12-16 10:01:24 | Targeted PoS Attacks reported by on Gas Station Merchants (lien direct) | At least two North American chains have been hit in sophisticated new campaigns for stealing payment card data. Point of Sale (PoS) systems belonging to at least two North American gas station merchants and a hospitality chain have been attacked over the last few months by what Visa this week described as sophisticated cybercrime groups […] | |||
|
2019-12-06 17:12:55 | Microsoft Research Team finds Password Reuse Rampant (lien direct) | What if I told you that 1.5% of publicly leaked passwords were still being used to sign in to Microsoft accounts? It doesn't sound like much, but it actually equates to 44 million users still using leaked passwords for their Microsoft accounts. This is what the Microsoft research team found when it performed a scan […] | |||
|
2019-12-06 16:31:02 | Quentyn Taylor – Rant of the Week (lien direct) | Quentyn Taylor, Director of Information Security at Canon Europe Ltd. has shared his Rant of the Week with the Guru! | |||
|
2019-12-06 09:53:30 | $5 Million Bounty set by US For Hacker behind Zeus Banking Thefts (lien direct) | Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says. The US State Department in collaboration with the US Department of Justice and the FBI Thursday announced an unprecedented $5 million reward for information leading to the arrest […] | Guideline | ||
|
2019-12-06 09:49:45 | (Déjà vu) Company sued by Facebook for Running Bad Ads (lien direct) | In a lawsuit filed today, Facebook alleges that a Chinese company used malware to compromise user accounts to run deceptive ads on the social media platform. The end goal of compromising Facebook accounts was distribution of deceptive ads for counterfeit goods and diet pills. Source: Bleeping Computer | Malware | ||
|
2019-12-06 09:48:32 | (Déjà vu) Ransomware attack at Shakespeare Theatre (lien direct) | A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area. This could not come at a worse time for the Theatre as they were getting ready to begin their first scheduled performance of Charles […] | Ransomware | ||
|
2019-12-06 09:47:32 | HackerOne Cookie leak allows access to vulnerability reports (lien direct) | Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst's account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported the error […] | Vulnerability | ||
|
2019-12-06 09:45:45 | CyrusOne attacked by evil ransomware (lien direct) | Data center provider CyrusOne was reportedly hit with a combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware. Details are scarce, but ZDNet reported the attack took place on December 4. A screenshot of the ransom note indicated all the files were locked and that the threat actors would allow one file to be decrypted for free […] | Ransomware Threat | ||
|
2019-12-05 10:58:16 | Security concerns going into 2020 (lien direct) | 2019 has been the year of the data breach with over 10 billion records estimated to have been leaked. The news headlines have been flooded with unfortunate attacks with enterprises on both sides of the Atlantic suffering. Whether it's ransomware, phishing or endpoint attacks, there's always something on the horizon waiting for its turn in the spotlight. Yet, with 2020 now on our doorstep, cyber security professionals are concerned with what new threat vectors may lie around the corner as we enter the next decade, especially with new legislation becoming enforced. | Data Breach Threat | ||
|
2019-12-05 10:26:18 | Holiday phishing scam surge aimed at small business (lien direct) | NEW YORK – The email looked legitimate, so Danielle Radin clicked on the link it contained, expecting to have her products included in a holiday gift guide. “I instantly regretted it,” says Radin, owner of Mantra Magnets, a website that sells wellness products. “It took me to some random website that looked like those pop-ups telling […] | |||
|
2019-12-05 10:22:45 | (Déjà vu) Geost Operators are spied on by researchers (lien direct) | The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business. Researchers who discovered one of the largest Android banking botnets to date also found its attackers’ chat log, which they have been watching for nearly a year to learn the inner workings of this cybercrime operation, […] | |||
|
2019-11-29 12:11:59 | Javvad Malik – Rant of the Week (lien direct) | Javvad Malik, Security Awareness Advocate at KnowBe4 has shared his Rant of the Week with the Guru! | |||
|
2019-11-29 10:00:37 | (Déjà vu) Thanksgiving eCard Emails Distributing Malware (lien direct) | With Thanksgiving being celebrated in the United States, malware distributors are sending out holiday themed emails to distribute the Emotet Trojan and other malware. New email campaigns are underway that pretend to be Thanksgiving Day greeting cards and office closing notices with last minute invoices. Users who fall for the emails and open the attached word […] | Malware | ||
|
2019-11-29 09:59:36 | (Déjà vu) Malicious SDK banned from Facebook and Twitter (lien direct) | Twitter warned its users that a software development kit (SDK) developed by oneAudience could have allowed that company to obtain account information. Facebook also posted a notice concerning not only the oneAudience SDK, but also for fellow SDK maker Mobiburn. OneAudience confirmed the problem and then shut down the SDK along with its associated websites but said […] | |||
|
2019-11-29 09:58:37 | Major data breach hits Palo Alto Networks (lien direct) | The cybersecurity firm Palo Alto Networks has admitted that it suffered a data breach which resulted in the personal data of both past and current employees being leaked online. Business Insider, who broke the story, was first made aware of the breach by a former employee of the company that wished to remain anonymous. Source: Tech Radar | Data Breach | ||
|
2019-11-29 09:57:04 | James Fisher and Son “No indication” data lost during cyber attack (lien direct) | Cumbrian marine services firm James Fisher and Sons has said there is no indication that personal or commercially sensitive data was lost during a recent cyber attack. In a trading update the Barrow-headquartered business appeared to reveal the attack had been centred on its JFD arm, which provides diving equipment and rescue training to commercial […] | |||
|
2019-11-29 09:54:57 | (Déjà vu) DiBella\'s data breach affecting 305,000 cards occurred because of Fin7 (lien direct) | Fifteen months after DiBella's Old Fashioned Submarines was notified by the FBI and credit card companies of a data breach the sandwich shop chain has issued a notice informing its customers of the incident. The company reported its stores in Connecticut, Indiana, Michigan, Ohio, New York and Pennsylvania may have had the information on as […] | Data Breach | ||
|
2019-11-28 17:26:24 | Shopping Online This Black Friday? Cybersecurity Professionals Are Worried About You (lien direct) | Black Friday is here, and deals are popping up all over the internet. Consumers are browsing for the most generous discounts, their inboxes flooded with promotional emails alerting them of cheap flights to exotic locations available for a fraction of the cost. But while the prospect of acquiring a new smartphone at a slashed price […] | |||
|
2019-11-28 10:00:05 | (Déjà vu) Medical records locked by ransomware at Great Plains Health (lien direct) | Great Plains Health medical center is recovering from a ransomware incident that hit its computer network at the beginning of the week and forced switching to pen and paper to maintain activity. The attack was detected on Monday around 7 p.m. and the IT department worked through the night to reduce the impact on local […] | Ransomware | ||
|
2019-11-28 09:57:14 | Over 80,000 devices were hijacked by Dexphot Malware and used to Mine Cryptocurrency (lien direct) | Microsoft is warning of malware, Dexphot, that has infected more than 80,000 machines, sucking up their CPU power in order to mine cryptocurrency. Researchers first discovered Dexphot in October 2018 and saw its activity peak during July. They said that the malware has a complex attack chain and also uses various methods to outwit detection […] | Malware | ||
|
2019-11-28 09:56:06 | Social media giants Facebook and Twitter ban malicious SDK that deleted member info (lien direct) | Twitter warned its users that a software development kit (SDK) developed by oneAudience could have allowed that company to obtain account information. Facebook also posted a notice concerning not only the oneAudience SDK, but also for fellow SDK maker Mobiburn. OneAudience confirmed the problem and then shut down the SDK along with its associated websites but said […] | |||
|
2019-11-28 09:54:39 | 305,000 cards affected by Fin7 in DiBella\'s data breach (lien direct) | Fifteen months after DiBella's Old Fashioned Submarines was notified by the FBI and credit card companies of a data breach the sandwich shop chain has issued a notice informing its customers of the incident. The company reported its stores in Connecticut, Indiana, Michigan, Ohio, New York and Pennsylvania may have had the information on as […] | Data Breach | ||
|
2019-11-28 09:51:46 | (Déjà vu) Prosegur Security Firm Shut Down Network due to Ryuk Ransomware (lien direct) | In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform. The company restricted communications with its customers to avoid malware propagation. Although there is no official confirmation, BleepingComputer has learned that the attack affects all Prosegur locations in Europe. […] | Ransomware Malware | ||
|
2019-11-27 10:24:38 | Fake Shared Documents Fooling Dropbox users in Phishing Scam (lien direct) | It's funny how hackers, phishers, and scamsters can be blatantly obvious and inexplicably unpredictable at the same time. I'm saying obvious because they target the most widely used services/platforms and lots of users know what they're up to - not just security professionals, but many ordinary users know about these phishing scams and what to look […] | ★★★ | ||
|
2019-11-27 10:23:00 | Pornographic tweet on \'Welsh gov Twitter account blamed on \'hack\' (lien direct) | The BBC reports that the grotty image was shared early afternoon on 25 November, but was quickly taken down. An official from the Welsh government said the filthy tweet was down to a cyber attack, not the clumsy clicking of some civil servant. And that’s all we really know about the whole situation, with details being rather […] | ★★★★ | ||
|
2019-11-27 10:17:21 | (Déjà vu) New Ransomware Has Made a Name for Itself (lien direct) | A new ransomware called DeathRansom began with a rocky start, but has now resolved it’s issues and has begun to infect victims and encrypt their data. When DeathRansom was first being distributed, it pretended to encrypt files, but researchers and users found that they could just remove the appended .wctc extension and the files would become usable again. Starting […] | Ransomware | ||
|
2019-11-27 10:15:27 | (Déjà vu) Fake Phisher Sites Created as Bait for Holiday Shopping Deals (lien direct) | While most users are familiar with phishing scams that attempt to steal a user’s login credentials, phishers also use emails to lure consumers to fake retail sites in order to steal their money or sell cheap knockoffs. Phishers Create Fake Sites as Bait for Holiday Shopping Deals Source: Bleeping Computer | |||
|
2019-11-26 09:55:18 | (Déjà vu) Y2K Bug-Like Problem Patched Splunk Faces (lien direct) | Remember the Y2K bug that threatened computer programs to go crazy on January 1, 2000? A similar timestamp recognition problem is affecting Splunk platform instances neglected by their administrators before 2020. Source: Bleeping Computer | |||
|
2019-11-26 09:53:14 | Ransomware attacks NYPD fingerprint database (lien direct) | The New York City Police Department's fingerprint database was hit with ransomware in October 2018, a local newspaper learned. The attack was brought in by a third-party vendor who was installing video equipment at the NYPD's police academy when it connected its infected computer to the police network, according to the New York Post. Source: SC […] | Ransomware | ||
|
2019-11-26 09:51:16 | Nursing homes\' services provider ransomware attack (lien direct) | Cybercriminals are reportedly demanding a $14 million extortion payment after using Ryuk ransomware to infect Virtual Care Provider Inc. (VCPI), a company that provides IT consulting and cloud-based data hosting and security services to roughly 110 nursing homes around the U.S. Source: SC Magazine | Ransomware | ||
|
2019-11-26 09:50:11 | Phish victims fall for 3rd-party fake payment processing page (lien direct) | Cybercriminals have devised a card-skimming scheme that involves creating a phishing page that impersonates a retailer's third-party payment service platform (PSP). Certain e-commerce websites outsource their financial transactions by redirecting customers to a secure page operated by PSP companies. But in this scam, discovered by researchers at Malwarebytes, the malicious actors swap out the genuine PSP […] | |||
|
2019-11-26 09:48:50 | Customer Data Exposed by PoS Malware of at Catch Restaurants (lien direct) | A newly announced data breach of several popular Catch restaurants stemmed from malware on its point-of-sale (PoS) systems. Popular NYC restaurants Catch NYC, Catch Roof and Catch Steak discovered and removed malware on their point-of-sale (PoS) systems - but not before it exposed credit-card information from unknowing diners. Source: Threat Post | Data Breach Malware Threat | ||
|
2019-11-25 09:51:10 | (Déjà vu) Credit Card Stealing Malware Incident announced by Catch Restaurants (lien direct) | Catch Hospitality Group has disclosed that point-of-sale systems (POS) at NYC hotspots Catch NYC, Catch Rooftop, and Catch Steak were infected with malware that allowed attackers to steal credit card information from customers. According to Catches ‘payment card incident’ notice, the POS malware was active at Catch NYC and Catch Rooftop between March 19, 2019 and […] | Malware | ||
|
2019-11-25 09:48:25 | (Déjà vu) Phishing Spotlight…Login to Unblock Microsoft Excel (lien direct) | As part of our ongoing series to educate users about some of the more silly phishing scams out there, we bring a new one that states Excel is blocked unless you login and verify your details. As people get more educated about phishing scams and how to spot them, we continue to see scammers create […] | |||
|
2019-11-25 09:46:16 | T-Mobile prepaid accounts data breach (lien direct) | Wireless communications company T-Mobile has disclosed a data breach incident that impacts certain customers with pre-paid service accounts. “Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities,” stated a notification that the Germany-based company posted online. Source: SC Magazine | Data Breach |
To see everything:
Our RSS (filtrered)
