Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-04-11 12:30:05 |
Tax Fraud and ID Theft Services Getting Cheaper on the Dark Web (lien direct) |
Financial and social security identity theft services are becoming more and more affordable every year on the dark web, leading to a drop in the skill level required for tax fraud schemes. [...] |
Guideline
|
|
|
|
2019-04-09 12:45:00 |
Cryptominers Still Top Threat In March Despite Coinhive Demise (lien direct) |
Although Coinhive shut down and its cryptominer dropped down on the sixth place in Check Point's latest Global Threat Index, coinminers continue to lead the pack with Cryptoloot, XMRig, and Jsecoin taking the first, third, and fifth place. [...] |
Threat
Guideline
|
|
|
|
2019-03-20 16:31:01 |
Lithuanian Pleads Guilty to Stealing $100 Million From Google, Facebook (lien direct) |
A Lithuanian man pleaded guilty to wire fraud, aggravated identity theft, and three counts of money laundering, and faces a maximum of 30 years in jail after tricking Google and Facebook employees into wiring over $100 million into bank accounts he controlled. [...] |
Guideline
|
|
|
|
2019-03-14 14:39:03 |
Intel Fixes High Severity Vulnerabilities in Graphics Driver for Windows (lien direct) |
Intel fixed 20 security vulnerabilities in the Intel Graphics Driver for Windows which would lead to escalation of privilege, denial of service, or information disclosure if exploited by attackers with local access to the system under attack. [...] |
Guideline
|
|
|
|
2019-03-07 14:58:01 |
Facebook Removes Campaigns Used to Sow Discord in UK and Romania (lien direct) |
Facebook stated that they have discovered and removed content related to two coordinated campaigns used to sow political discord in the UK and Romania. Facebook is categorizing these campaigns as inauthentic behavior as they misrepresented themselves and are being used to mislead visitors. [...] |
Guideline
|
|
|
|
2019-03-01 18:30:04 |
Update ColdFusion Now, Critical Zero-Day Bug Exploited in the Wild (lien direct) |
Adobe today released emergency updates that fix a critical vulnerability for the ColdFusion web app development platform. The bug can lead to arbitrary code execution and has been exploited in the wild. [...] |
Vulnerability
Guideline
|
|
|
|
2019-02-26 04:38:00 |
Hackers Backdoor Cloud Servers to Attack Future Customers (lien direct) |
A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios. [...] |
Guideline
|
|
|
|
2019-02-25 13:32:03 |
NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux (lien direct) |
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines. [...] |
Guideline
|
|
|
|
2019-02-21 15:06:05 |
Adobe Patches Critical Information Disclosure Flaw in Reader, Again (lien direct) |
Adobe issued a security update to address a bypass for the CVE-2019-7089 zero-day patch issued on February 12, which would lead to sensitive information disclosure in the context of the current user in vulnerable Adobe Acrobat and Reader for Windows and macOS [...] |
Guideline
|
|
|
|
2019-02-21 08:42:01 |
Drupal Fixes Highly Critical Vulnerability (lien direct) |
Administrators of websites running the Drupal content management software (CMS) are urged to take immediate action to mitigate a newly discovered a vulnerability that can lead to remote execution of PHP code under specific circumstances. [...] |
Vulnerability
Guideline
|
|
|
|
2019-02-13 00:01:00 |
The Scarlet Widow Gang Entraps Victims Using Romance Scams (lien direct) |
We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but the emotional entanglement ultimately leads to heartbreak. [...] |
Guideline
|
|
|
|
2019-02-08 09:20:03 |
Apple Patched Two Actively Exploited Zero-Days in iOS 12.1.4 (lien direct) |
As revealed by Project Zero team lead Ben Hawkes on Twitter, Apple fixed two zero-day vulnerabilities which were being exploited in the wild before the release of the iOS 12.1.4 security update. [...] |
Guideline
|
|
|
|
2019-01-31 09:34:04 |
Dell Introduces Dell SafeGuard and Response Solutions To Fight Evolving Threats (lien direct) |
Dell released of a portfolio of endpoint security solutions which combine leading managed security services with premier endpoint protection technology from CrowdStrike and global incident response and threat intelligence from Secureworks [...] |
Threat
Guideline
|
|
|
|
2019-01-29 18:00:02 |
Theoretical Ransomware Attack Could Lead to Global Damages Says Report (lien direct) |
According to a speculative cyber risk scenario prepared by Cambridge University for risk management purposes, a ransomware strain that would manage to impact more than 600,000 businesses worldwide within 24 hours would potentially lead to damages of billions not covered by insurers [...] |
Ransomware
Guideline
|
|
|
|
2019-01-24 08:51:00 |
NumPy Is Awaiting Fix for Critical Remote Code Execution Bug (lien direct) |
The current version of the popular NumPy library relies on unsafe default usage of a Python module that could lead to remote code execution in the context of the affected application. [...] |
Guideline
|
|
|
|
2018-12-27 18:38:02 |
Demo Exploit Code Published for Remote Code Execution via Microsoft Edge (lien direct) |
Exploit code demonstrating a memory corruption bug in Microsoft's Edge web browser has been published today by the researcher that discovered and reported the vulnerability in the first place. The code can lead to remote code execution on unpatched machines. [...] |
Vulnerability
Guideline
|
|
|
|
2018-12-21 16:01:05 |
(Déjà vu) The Week in Ransomware - December 21st 2018 - No More Ransom (lien direct) |
Slow week with ransomware news as we lead up into the holidays. Mostly small variants that won't get much distribution or releases of new variants of older ransomware. [...] |
Ransomware
Guideline
|
|
|
|
2018-12-21 16:01:05 |
(Déjà vu) The Week in Ransomware - December 21st 2018 - No More Ransomware (lien direct) |
Slow week with ransomware news as we lead up into the holidays. Mostly small variants that won't get much distribution or releases of new variants of older ransomware. [...] |
Ransomware
Guideline
|
|
|
|
2018-12-16 11:14:03 |
Phishing Attack Pretends to be a Office 365 Non-Delivery Email (lien direct) |
A phishing campaign has been discovered that pretends to be a non-delivery notifications from Office 365 that leads you to a page attempting to steal your login credentails. [...] |
Guideline
|
|
|
|
2018-12-14 18:31:01 |
The Week in Ransomware - December 14th 2018 - Slow Week (lien direct) |
It is a pretty slow week as we lead up to the holidays. Historically, ransomware tends to slow down during this time as people go away for vacation and businesses take more time off. [...] |
Ransomware
Guideline
|
|
★★★★
|
|
2018-11-28 21:43:00 |
Bing is Warning that the VLC Media Player Site is Unsafe (lien direct) |
The web site for the popular VLC Media Player - VideoLan.org - is getting a big warning in Bing when users hover their cursor over it. This warning states that the "Site might be dangerous" and that it could "lead to malicious software that can harm your device." [...] |
Guideline
|
|
|
|
2018-11-08 19:15:00 |
Notorious "DerpTrolling" Pleads Guilty to DDoS Attacks on EA & Sony (lien direct) |
A Utah resident named Austin Thompson has pleaded guilty in federal court in San Diego for performing DDoS attacks against multiple victims from 2013 to 2014. These victims ranged from small Twitch streamers to major gaming companies such as EA, Sony, and Microsoft. [...] |
Guideline
|
|
|
|
2018-11-06 03:12:01 |
U-Boot\'s Trusted Boot Validation Bypassed (lien direct) |
Memory handling issues in U-Boot open-source bootloader for embedded devices make possible multiple exploitation techniques that lead to arbitrary code execution. [...] |
Guideline
|
|
|
|
2018-10-04 22:07:02 |
Mozilla Patches Critical Vulnerability in Thunderbird 60.2.1 (lien direct) |
Mozilla has released Thunderbird version 60.2.1 to resolve numerous security updates in the mail program. One of these vulnerabilities is labeled as Critical as it could potentially lead to remote code execution. [...] |
Vulnerability
Guideline
|
|
|
|
2018-06-27 07:05:00 |
Facebook, Google Manipulate Users to Share Personal Data Despite GDPR (lien direct) |
Despite the new GDPR regulation entering into effect across Europe, Facebook and Google are manipulating users into sharing personal data by leveraging misleading wording and confusing interfaces, according to a report released today by the Norwegian Consumer Council (NCC). [...] |
Guideline
|
|
|
|
2018-06-14 11:12:03 |
Dark Web Drug Vendor Pleads Guilty After Feds Traced His Bitcoin Transactions (lien direct) |
Gal Vallerius, a 36-year-old French national pleaded guilty this week in the US of selling narcotics on the Dark Web under the nickname of OxyMonster. [...] |
Guideline
|
|
|
|
2018-05-28 14:10:01 |
Cobalt Hacking Group Still Active Despite Leader\'s Arrest (lien direct) |
Despite their leader's arrest in Spain two months ago, the Cobalt hacker group that's specialized in stealing money from banks and financial institutions has remained active, even launching a new campaign. [...] |
Guideline
|
|
|
|
2018-05-02 15:46:01 |
Newark\'s New Mass Surveillance Program Criticized by Civil Liberties Org (lien direct) |
A network of surveillance cameras in various locations throughout Newark, NJ will enable people to monitor these locations for criminal activity. The program, the Citizen Virtual Patrol, has been described by local leaders as "a block watch on steroids". [...] |
Guideline
|
|
|
|
2018-04-27 06:05:02 |
North Korean Hackers Are up to No Good Again (lien direct) |
For a month leading up to today's historic meet between North and South Korea's presidents, a North Korean hacking group has amplified operations and has targeted a wide variety of business sectors in at least 17 countries. The purpose of this campaign was to infect organizations, perform reconnaissance, and steal sensitive data. [...] |
Guideline
|
|
|
|
2018-03-19 10:48:01 |
One Every 200 Google Search Suggestions Is Polluted (lien direct) |
One of every 200 Google search autocomplete suggestions are poisoned and are used to drive traffic to misleading sites, to malware, or other malicious content, a team of academics from three US universities has discovered. [...] |
Guideline
|
|
|
|
2018-03-02 17:07:03 |
Using Extensity to Manage Your Extensions and Optimize Chrome (lien direct) |
Chrome extensions are very useful pieces of software. Unfortunately, using too many of them increase the memory usage of Chrome, which could lead to problems. This is where the Extensity Chrome extension comes in as it can help you organize your extension so Chrome runs more efficiently. [...] |
Guideline
|
|
|
|
2018-02-26 14:27:00 |
The Rig Exploit Kit Has Forsaken Ransomware for Coinminers (lien direct) |
The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player âthe RIG exploit kitâ has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers). [...] |
Guideline
|
|
|
|
2018-02-18 12:50:04 |
macOS May Lose Data Due to APFS Filesystem Bug (lien direct) |
Under certain circumstances, macOS may copy data into the void, leading to data loss of important files, all due to a bug in how the operating system handles APFS sparse disk images. [...] |
Guideline
|
|
|
|
2018-02-15 09:25:02 |
ATM Skimmer Kingpin Escapes UK Police (lien direct) |
In what many consider to be a monumental failure on the part of UK police, the ringleader of a notorious ATM skimming gang has escaped prosecutors and is believed to be hiding abroad, after being let out on bail. [...] |
Guideline
|
|
|
|
2018-02-12 05:02:07 |
It\'s 2018 and You Can Still p0wn Your Linux Box by Plugging in a USB Stick (lien direct) |
Linux users running KDE Plasma desktop environments need to apply patches to fix a bug that can lead to malicious code execution every time a user mounts a USB thumb drive on his computer. [...] |
Guideline
|
|
|
|
2018-02-01 13:00:09 |
Ransomware Hero to Receive FBI Award (lien direct) |
The US Federal Bureau of Investigation (FBI) announced on Tuesday that it would be awarding the FBI Director's Community Leadership Award to Michael Gillespie for his efforts in combating ransomware and helping users who fell victims to this threat. [...] |
Guideline
|
|
|
|
2017-12-22 09:15:15 |
Lizard Squad and PoodleCorp Hacker Pleads Guilty to DDoS Attacks (lien direct) |
A member of the infamous Lizard Squad and PoodleCorp hacking groups pleaded guilty this week to charges of running a DDoS-for-hire platform that he and others used to launch DDoS attacks on targets across the globe. [...] |
Guideline
|
|
|
|
2017-12-18 10:47:06 |
Firefox Prepares to Mark All HTTP Sites "Not Secure" After HTTPS Adoption Rises (lien direct) |
The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default. [...] |
Guideline
|
|
|
|
2017-12-18 00:30:00 |
Hacker "Courvoisier" Pleads Guilty to Attacks on Uber, Groupon, T Mobile, Others (lien direct) |
A UK man living in a caravan park has pleaded guilty last week to cyber-attacks on 17 websites and selling stolen user information on the Dark Web. [...] |
Guideline
|
Uber
|
|
|
2017-12-14 17:15:24 |
Top Security Firm Admits to MitM Security Incident (lien direct) |
Netherlands-based Fox-IT, one of the world's leading IT security providers, disclosed today a security breach during which an unknown attacker carried out a Man-in-the-Middle (MitM) attack and spied on a small number of Fox-IT customers. [...] |
Guideline
|
|
|
|
2017-12-13 14:00:07 |
US Charges Three Men with Creating and Running First-Ever Mirai Botnet (lien direct) |
Three men have pleaded guilty for their role in the creation of the Mirai malware and the use of the subsequent Mirai botnet to launch DDoS attacks on multiple targets across the Internet, according to documents unsealed today by the US Department of Justice (DOJ). [...] |
Guideline
|
|
|
|
2017-12-04 13:05:15 |
Man Hacks Jail Computer Network to Get Friend Released Early (lien direct) |
A Michigan man pleaded guilty last week to hacking the computer network of the Washtenaw County Jail, where he modified inmate records in an attempt to have an inmate released early. [...] |
Guideline
|
|
|
|
2017-12-02 04:06:49 |
NSA Employee at the Middle of the Kaspersky Saga Admits Taking Files Home (lien direct) |
The US Department of Justice (DOJ) has formally charged a former NSA employee for taking classified documents home. The man, Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today, according to court documents released by the DOJ. [...] |
Guideline
|
|
|
|
2017-11-29 07:48:19 |
The Least Significant Pawn in the Yahoo Hack Pleads Guilty (lien direct) |
Karim Baratov, a 22-year-old Canadian national, pleaded guilty to charges related to the FBI's investigation into the Yahoo 2014 data breach. [...] |
Guideline
|
Yahoo
|
|
|
2017-11-24 09:23:02 |
Mirai Activity Picks up Once More After Publication of PoC Exploit Code (lien direct) |
The publication of proof-of-concept (PoC) exploit code in a public vulnerabilities database has lead to increased activity from Mirai-based IoT botnets, Li Fengpei, a security researcher with Qihoo 360 Netlab, told Bleeping Computer today. [...] |
Guideline
|
|
|
|
2017-10-31 11:45:06 |
Comodo Sells SSL Business to Silicon Valley VC Firm for Undisclosed Amount (lien direct) |
Comodo, the Internets' leading Certificate Authority (CA), has sold a majority stake in its SSL issuance business for an undisclosed amount to Francisco Partners, a San Francisco-based venture capital firm. [...] |
Guideline
|
|
|
|
2017-10-07 19:55:31 |
Market Research Firm Forrester Says Hackers Stole Sensitive Reports (lien direct) |
Forrester, one of the world's leading market research and investment advisory firms, admitted late Friday afternoon to a security breach that took place during the past week. [...] |
Guideline
|
|
|
|
2017-08-24 10:10:38 |
FSB Agents Arrested for Giving CIA Information About Russian Hackers (lien direct) |
A Russian television station — TV Rain — claims to have obtained insider information about the arrests of Sergey Mikhailov, a Russian intelligence agent that lead the FSB's Center for Information Security, and Dmitry Dokuchayev, also an FSB agent and Mikhailov's deputy. [...] |
Guideline
|
|
|
|
2017-08-11 06:45:33 |
Source Code Management Tools Affected by Severe Vulnerability (lien direct) |
Three of the most popular version control systems (VCSs) used in managing source code projects are vulnerable to a flaw that allows an attacker to run code on a victim's platform, potentially leading to the theft of source code or the hijacking of the underlying machine. [...] |
Guideline
|
|
★★★★★
|
|
2017-08-04 19:56:08 |
MalwareTech Pleads Not Guilty to Creating Kronos Trojan, To Be Released on Bail (lien direct) |
Marcus Hutchins, the security researcher known as MalwareTech, has pleaded not guilty to today in a Las Vegas court to charges of creating and updating the Kronos banking trojan, according to his lawyer Adrian Marie Lobo. [...] |
Guideline
|
|
|