Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-31 07:15:22 |
Netgear leaves vulnerabilities unpatched in Nighthawk router (lien direct) |
Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-30 15:17:31 |
Have I Been Pwned adds 441K accounts stolen by RedLine malware (lien direct) |
The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441,000 accounts stolen in an information-stealing campaign using RedLine malware. [...] |
Data Breach
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-30 11:02:00 |
University loses 77TB of research data due to backup error (lien direct) |
The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-30 09:55:50 |
(Déjà vu) Firmware attack can drop persistent malware in hidden SSD area (lien direct) |
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-30 09:55:50 |
Hiding malware inside the flex capacity space on modern SSDs (lien direct) |
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-30 07:20:58 |
Twitter account of FBI\'s fake chat app, ANOM seen trolling today (lien direct) |
The Twitter account previously associated with the ANOM chat app is posting frivolous tweets this week. ANOM was a fake encrypted messaging platform created as part of a global sting operation led by the U.S. FBI, Australian Federal Police (AFP), and other law enforcement agencies to catch criminals. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-29 15:42:14 |
Silent danger: One in five aged domains is malicious, risky, or unsafe (lien direct) |
The number of malicious dormant domains is on the rise, and as researchers warn, roughly 22.3% of strategically aged domains pose some form of danger. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-29 14:01:07 |
(Déjà vu) Ransomware gang coughs up decryptor after realizing they hit the police (lien direct) |
The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-29 14:01:07 |
AvosLocker ransomware gives free decryptor to US police dept (lien direct) |
The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-29 12:03:42 |
T-Mobile says new data breach caused by SIM swap attacks (lien direct) |
T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" that they fell victim to SIM swap attacks. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-29 09:15:08 |
Microsoft Defender Log4j scanner triggers false positive alerts (lien direct) |
Microsoft Defender for Endpoint is currently showing "sensor tampering" alerts linked to the company's newly deployed Microsoft 365 Defender scanner for Log4j processes. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-29 07:07:07 |
Fintech firm hit by log4j hack refuses to pay $5 million ransom (lien direct) |
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish the customer data should ONUS refuse to comply. [...] |
Hack
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-28 15:12:01 |
Log4j 2.17.1 out now, fixes new remote code execution bug (lien direct) |
Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-28 14:23:39 |
New Flagpro malware linked to Chinese state-backed hackers (lien direct) |
The cyber-espionage APT (advanced persistent threat) group tracked as 'BlackTech' was spotted using a novel malware called 'Flagpro' in attacks against Japanese firms. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-28 13:07:19 |
RedLine malware shows why passwords shouldn\'t be saved in browsers (lien direct) |
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-28 12:27:44 |
LastPass users warned their master passwords are compromised (lien direct) |
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use it to log into their accounts from unknown locations. [...] |
|
LastPass
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-28 11:38:39 |
Riskware Android streaming apps found on Samsung\'s Galaxy store (lien direct) |
Samsung's official Android app store, called the Galaxy Store, has had an infiltration of riskware apps that triggered multiple Play Protect warnings on people's devices. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-28 04:14:45 |
Amazon Alexa slammed for giving lethal challenge to 10-year-old girl (lien direct) |
An Amazon Echo owner was left shocked after Alexa proposed a dangerous challenge to her 10-year old child. AI-powered virtual assistants like Alexa that power smart devices and speakers such as Echo, Echo Dot, and Amazon Tap, come with a plethora of capabilities, including playing verbal games. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-27 11:19:45 |
QNAP NAS devices hit in surge of ech0raix ransomware attacks (lien direct) |
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-27 07:56:23 |
(Déjà vu) Microsoft: Windows 11 bug causes HDR color rendering issues (lien direct) |
Microsoft has confirmed a new issue impacting devices running Windows 11, version 21H2, where apps using Win32 APIs to render colors on some high dynamic range (HDR) displays may not work as expected. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-27 07:56:23 |
Windows 11 bug causes color rendering issues on HDR displays (lien direct) |
Microsoft has confirmed a new issue impacting devices running Windows 11, version 21H2, where apps using Win32 APIs to render colors on some high dynamic range (HDR) displays may not work as expected. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-27 02:56:34 |
Shutterfly services disrupted by Conti ransomware attack (lien direct) |
Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-26 13:41:42 |
Privacy-focused search engine DuckDuckGo grew by 46% in 2021 (lien direct) |
The privacy-focused search engine DuckDuckGo continues to grow rapidly, with the company now averaging over 100 million daily search queries and growing by almost 47% in 2021. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-24 16:34:18 |
The Week in Ransomware - December 24th 2021 - No rest for the weary (lien direct) |
The holiday season is here, but there is no rest for our weary admins as ransomware gangs are still conducting attacks over the Christmas and New Years breaks. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-24 11:26:18 |
Rook ransomware is yet another spawn of the leaked Babuk code (lien direct) |
A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-24 11:00:32 |
Global IT services provider Inetum hit by ransomware attack (lien direct) |
Less than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack that had a limited impact on the business and its customers. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-24 10:27:54 |
Android banking trojan spreads via fake Google Play Store page (lien direct) |
An Android banking trojan targeting Itaú Unibanco, a large financial services provider in Brazil with 55 million customers globally, is using a fake Google Play store to spread to devices. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-24 10:00:00 |
Blackmagic fixes critical DaVinci Resolve code execution flaws (lien direct) |
Blackmagic Software has recently addressed two security vulnerabilities in the highly popular DaVinci Resolve software that would allow attackers to gain code execution on unpatched systems. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-24 08:11:22 |
Dridex Omicron phishing taunts with funeral helpline number (lien direct) |
A malware distributor for the Dridex banking malware has been toying with victims and researchers over the last few weeks. The latest example is a phishing campaign that taunts victims with a COVID-19 funeral assistance helpline number. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-23 17:33:01 |
Stealthy BLISTER malware slips in unnoticed on Windows systems (lien direct) |
Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables. [...] |
Malware
|
|
★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-23 17:09:32 |
Apple fixes macOS security flaw behind Gatekeeper bypass (lien direct) |
Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. [...] |
Vulnerability
|
|
★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-23 13:31:49 |
Phishing campaign targets CoinSpot cryptoexchange 2FA codes (lien direct) |
A new phishing campaign that targets users of the CoinSpot cryptocurrency exchange employs a new theme that revolves around withdrawal confirmations. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-23 12:47:14 |
AvosLocker ransomware reboots in Safe Mode to bypass security tools (lien direct) |
Recent AvosLocker ransomware attacks are characterized by a focus on disabling endpoint security solutions that stand in the way of threat actors. [...] |
Ransomware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-23 10:49:36 |
Pro Wrestling Tees discloses data breach after credit cards stolen (lien direct) |
Popular wrestling t-shirt site Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-23 10:01:23 |
VK introduces 2FA and plans to make it mandatory in 2022 (lien direct) |
VK, Russia's most popular social media platform with 650 million users, is finally introducing two-factor authentication on all its services and plans to make it mandatory in February 2022 for administrators of large communities. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 16:46:05 |
Honeypot experiment reveals what hackers want from IoT devices (lien direct) |
A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 15:30:00 |
\'Hack DHS\' bug bounty program expands to Log4j security flaws (lien direct) |
The Department of Homeland Security (DHS) has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 14:51:13 |
Rideshare account hacker faces up to 22 years in prison (lien direct) |
A man pleaded guilty to fraudulently opening rideshare and delivery service accounts using stolen identity information sold on dark web marketplaces. [...] |
Guideline
|
|
★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 14:15:54 |
Microsoft Azure App Service flaw exposed customer source code (lien direct) |
A security flaw found in Azure App Service, a Microsoft-managed platform for building and hosting web apps, led to the exposure of PHP, Node, Python, Ruby, or Java customer source code deployed on Microsoft's cloud infrastructure. [...] |
|
|
★★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 14:00:58 |
Opera browser working on clipboard anti-hijacking feature (lien direct) |
The Opera browser team is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 12:47:28 |
Microsoft Teams bug allowing phishing unpatched since March (lien direct) |
Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Team's link preview feature reported since March 2021. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 12:15:38 |
Dridex malware trolls employees with fake job termination emails (lien direct) |
A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 10:42:21 |
NVIDIA discloses applications impacted by Log4j vulnerability (lien direct) |
NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 10:23:40 |
CISA releases Apache Log4j scanner to find vulnerable apps (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-22 08:24:22 |
Major services including Slack, AWS, Hulu, Imgur facing outages (lien direct) |
Major services across the internet are currently facing ongoing networking outages. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-21 17:37:20 |
PYSA ransomware behind most double extortion attacks in November (lien direct) |
Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal. [...] |
Ransomware
Tool
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-21 17:07:32 |
New Dell BIOS updates cause laptops and desktops not to boot (lien direct) |
Recently released Dell BIOS updates are reportedly causing serious boot problems on multiple laptops and desktop models. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-21 15:02:41 |
2easy now a significant dark web marketplace for stolen data (lien direct) |
A dark web marketplace named '2easy' is becoming a significant player in the sale of stolen data "Logs" harvested from roughly 600,000 devices infected with information-stealing malware. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-21 14:25:26 |
800K WordPress sites still impacted by critical SEO plugin flaw (lien direct) |
Two critical and high severity security vulnerabilities in the highly popular "All in One" SEO WordPress plugin exposed over 3 million websites to takeover attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-12-21 12:51:27 |
Threat actors steal $80 million per month with fake giveaways, surveys (lien direct) |
Scammers are estimated to have made $80 million per month by impersonating popular brands asking people to participate in fake surveys or giveaways. [...] |
|
|
|