Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-24 07:13:20 |
Exploit code released for three iOS 0-days that Apple failed to patch (lien direct) |
Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. [...] |
Patching
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-24 03:23:23 |
Cisco fixes highly critical vulnerabilities in IOS XE Software (lien direct) |
Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-24 02:19:57 |
SonicWall fixes critical bug allowing SMA 100 device takeover (lien direct) |
SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 18:08:25 |
Google: Manifest V2 Chrome extensions to stop working in 2023 (lien direct) |
Google has shared the phase-out timeline for Manifest V2 Chrome extensions and its plans to bring Manifest V3 to full feature parity. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 17:34:05 |
(Déjà vu) Microsoft gets Windows 11 ready for release with new build (lien direct) |
Microsoft has moved Windows 11 to the Windows Insider 'Release' channel in anticipation of its upcoming launch on October 5th. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 17:34:05 |
Windows 11 is now available in the Insider \'Release\' channel (lien direct) |
Microsoft has moved Windows 11 to the Windows Insider 'Release' channel in anticipation of its upcoming launch on October 5th. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 15:50:32 |
Hacking group used ProxyLogon exploits to breach hotels worldwide (lien direct) |
A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 14:23:32 |
(Déjà vu) Apple patches new zero-day bug used to hack iPhones and Macs (lien direct) |
Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...] |
Hack
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 14:23:32 |
Apple fixes another zero-day used to deploy NSO iPhone spyware (lien direct) |
Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...] |
Hack
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 12:24:41 |
Malware devs trick Windows validation with malformed certs (lien direct) |
Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 09:30:22 |
Google tests if \'Chrome/100.0\' user agent breaks websites (lien direct) |
Google is testing whether changing the Chrome user agent to three-digit 'Chrome/100' will cause loss of functionality on websites that are expecting a two digit version number. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-23 02:26:00 |
REVil ransomware devs added a backdoor to cheat affiliates (lien direct) |
Cybercriminals are slowly realizing that the REvil ransomware operators have been hijacking ransom negotiations, to cut affiliates out of payments. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-22 18:03:52 |
Microsoft announces new Windows 11-powered Surface devices (lien direct) |
At its Surface event, Microsoft announced four new devices - Surface Duo 2, Surface Go 3, Surface Laptop Studio, and Surface Pro 8. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-22 17:44:24 |
Hackers are scanning for VMware CVE-2021-22005 targets, patch now! (lien direct) |
Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. [...] |
Vulnerability
Threat
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-22 13:24:43 |
FBI, CISA, and NSA warn of escalating Conti ransomware attacks (lien direct) |
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned today of an increased number of Conti ransomware attacks targeting US organizations. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-22 12:59:05 |
Apple will disable insecure TLS in future iOS, macOS releases (lien direct) |
Apple has deprecated the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in recently launched iOS and macOS versions and plans to remove support in future releases altogether. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-22 12:09:02 |
Second farming cooperative shut down by ransomware this week (lien direct) |
Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-22 09:43:39 |
Phishing-as-a-service operation uses double theft to boost profits (lien direct) |
Microsoft says BulletProofLink, a large-scale phishing-as-a-service operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-22 08:05:54 |
RaidForums data marketplace accidentally exposes private staff page (lien direct) |
Underground marketplace and hacker forum, Raidforums, recently exposed internal pages from its website, meant for staff members only. Raidforums is a data breach marketplace where threat actors often sell or leak illicitly obtained data dumps. [...] |
Threat
|
|
★★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 16:01:41 |
(Déjà vu) New macOS zero-day bug lets attackers run commands remotely (lien direct) |
Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 16:01:41 |
New zero-day bug lets attackers run arbitrary commands on Macs (lien direct) |
Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 14:54:13 |
Microsoft PC Health Check adds detailed Windows 11 compatibility info (lien direct) |
Microsoft has released an updated PC Health Check tool that provides detailed information about whether a device's hardware is compatible with Windows 11. [...] |
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 13:40:19 |
VMware warns of critical bug in default vCenter Server installs (lien direct) |
VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 12:35:14 |
US sanctions cryptocurrency exchange used by ransomware gangs (lien direct) |
The US Treasury Department announced the first-ever sanctions against a cryptocurrency exchange, the Russian-linked Suex, for facilitating ransom transactions for ransomware gangs and helping them evade sanctions. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 11:54:56 |
Russian state hackers use new TinyTurla malware as secondary backdoor (lien direct) |
Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. [...] |
Malware
|
|
★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 11:52:10 |
Atlassian Trello is down - second outage this week (lien direct) |
Trello is down for many users around the world, second time this week. Trello is a web-based TODO list-style platform owned by Atlassian, makers of Jira and Confluence. [...] |
|
|
★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 11:24:30 |
Netgear fixes dangerous code execution bug in multiple routers (lien direct) |
Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-21 03:25:06 |
Marketron marketing services hit by Blackmatter ransomware (lien direct) |
BlackMatter ransomware gang over the weekend hit Marketron, a business software solutions provider that serves more than 6,000 customers in the media industry. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-20 19:03:16 |
How to fix the Windows 0x0000011b network printing error (lien direct) |
A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-20 16:15:36 |
Hacked sites push TeamViewer using fake expired certificate alert (lien direct) |
Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-20 14:07:54 |
US farmer cooperative hit by $5.9M BlackMatter ransomware attack (lien direct) |
U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-20 13:34:57 |
Microsoft investigates Outlook issues with security keys, search (lien direct) |
Microsoft is investigating several issues impacting Outlook customers and leading to problems related to security keys, search results, and more. [...] |
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-20 11:39:25 |
VoIP.ms phone services disrupted by DDoS extortion attack (lien direct) |
Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-20 09:43:58 |
Republican Governors Association email server breached by state hackers (lien direct) |
The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. [...] |
Data Breach
|
|
★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-20 09:37:45 |
EventBuilder misconfiguration exposes Microsoft event registrant data (lien direct) |
Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines. [...] |
|
|
★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-20 08:41:14 |
Europol links Italian Mafia to million-dollar phishing scheme (lien direct) |
In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million ($11.7 million) last year alone. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-19 12:58:30 |
New "Elon Musk Club" crypto giveaway scam promoted via email (lien direct) |
A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks. [...] |
Spam
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-19 10:00:00 |
AT&T lost $200M in seven years to illegal phone unlocking scheme (lien direct) |
A Pakistani fraudster was sentenced earlier this week to 12 years in prison after AT&T, the world's largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven year scheme that led to the fraudulent unlocking of almost 2 million phones. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-18 13:59:06 |
Windows 11 is no longer compatible with Oracle VirtualBox VMs (lien direct) |
Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-18 10:00:00 |
Researchers compile list of vulnerabilities abused by ransomware gangs (lien direct) |
Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 18:16:43 |
The Week in Ransomware - September 17th 2021 - REvil decrypted (lien direct) |
It has been an interesting week with decryptors released, ransomware gangs continuing to rail against negotiators, and the US government expected to sanction crypto exchanges next week. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 17:49:30 |
U.S. to sanction crypto exchanges, wallets used by ransomware (lien direct) |
The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 15:48:39 |
Admin of DDoS service behind 200,000 attacks faces 35yrs in prison (lien direct) |
At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 13:40:30 |
Mozilla tests Microsoft Bing as the default Firefox search engine (lien direct) |
Mozilla is running a study to test users' responses to changing the default Firefox search engine to Microsoft Bing. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 13:00:00 |
Billions more Android devices will reset risky app permissions (lien direct) |
Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 11:23:14 |
OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners (lien direct) |
Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 08:06:28 |
Microsoft asks Azure Linux admins to manually patch OMIGOD bugs (lien direct) |
Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 06:52:35 |
How to fix printers asking for admins creds after PrintNightmare patch (lien direct) |
Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-17 06:11:17 |
US govt sites showing porn, viagra ads share a common software vendor (lien direct) |
Multiple U.S. government sites using .gov and .mil domains have been seen hosting porn and spam content, such as Viagra ads, in the last year. A security researcher noticed all of these sites share a common software vendor, Laserfiche. [...] |
Spam
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-09-16 15:08:33 |
Microsoft rolls out Office LTSC 2021 for Windows and Mac (lien direct) |
Microsoft today started rolling out Office LTSC (Long Term Servicing Channel) for Windows and macOS, the non-subscription Office version for commercial and government customers. [...] |
|
|
|