What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-22 03:47:13 | Atlassian asks customers to patch critical Jira vulnerability (lien direct) | Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI. [...] | Vulnerability | ||
|
2021-07-21 17:17:53 | TikTok, Snapchat account hijacker arrested for role in Twitter hack (lien direct) | A fourth suspect has been arrested today for his role in the Twitter hack last year that gave attackers access to the company's internal network exposing high-profile accounts to hijacking. [...] | Hack | ||
|
2021-07-21 14:42:16 | CISA warns of stealthy malware found on hacked Pulse Secure devices (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. [...] | Malware | ||
|
2021-07-21 10:13:53 | France warns of APT31 cyberspies targeting French organizations (lien direct) | The French national cyber-security agency today warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 cyberespionage group. [...] | APT 31 | ||
|
2021-07-21 10:00:00 | Chinese state hackers breached over a dozen US pipeline operators (lien direct) | Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. [...] | |||
|
2021-07-21 09:00:00 | NPM package steals Chrome passwords on Windows via recovery tool (lien direct) | New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access. [...] | Malware Tool | ||
|
2021-07-21 08:00:00 | Google Chrome now comes with up to 50x faster phishing detection (lien direct) | Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday. [...] | |||
|
2021-07-21 06:20:41 | XLoader malware steals logins from macOS and Windows systems (lien direct) | A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. [...] | Malware | ||
|
2021-07-21 04:32:04 | (Déjà vu) Microsoft shares workaround for Windows 10 SeriousSAM vulnerability (lien direct) | Microsoft has shared a workaround for a Windows 10 zero-day vulnerability dubbed SeriousSAM that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] | Vulnerability | ||
|
2021-07-21 04:32:04 | Microsoft shares workarounds for new Windows 10 zero-day bug (lien direct) | Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] | Vulnerability | ||
|
2021-07-20 18:19:42 | Microsoft Teams chat feature rolling out to Windows 11 (lien direct) | With Windows 11, Microsoft is integrating the Microsoft Teams chatting feature into the Windows Taskbar. Microsoft Teams Chat feature is based on Microsoft Teams desktop client and Microsoft is basically extending Teams capability by bringing the dedicated button right to your taskbar. [...] | |||
|
2021-07-20 15:03:45 | DuckDuckGo\'s new email privacy service forwards tracker-free messages (lien direct) | DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting. [...] | |||
|
2021-07-20 12:27:13 | New Windows 10 vulnerability allows anyone to get admin privileges (lien direct) | Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [...] | Vulnerability | ||
|
2021-07-20 12:21:46 | New Linux kernel bug lets you get root on most modern distros (lien direct) | Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices. [...] | Vulnerability | ||
|
2021-07-20 07:27:09 | FBI: Threat actors may be targeting the 2020 Tokyo Summer Olympics (lien direct) | The Federal Bureau of Investigation (FBI) warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered. [...] | Threat | ||
|
2021-07-20 07:00:00 | 16-year-old bug in printer software gives hackers admin rights (lien direct) | A 16-year-old security vulnerability found in HP, Xerox, and Samsung printers drivers allows attackers to gain admin rights on systems using the vulnerable driver software. [...] | Vulnerability | ||
|
2021-07-20 06:47:16 | Fortinet fixes bug letting unauthenticated hackers run code as root (lien direct) | Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. [...] | Vulnerability | ||
|
2021-07-20 04:00:00 | New MosaicLoader malware targets software pirates via online ads (lien direct) | An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates' systems. [...] | Malware | ||
|
2021-07-19 16:50:21 | iPhone WiFi bug morphs into zero-click hacking, but there\'s a fix (lien direct) | Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. [...] | ★★★★★ | ||
|
2021-07-19 14:48:53 | Microsoft takes down domains used to scam Office 365 users (lien direct) | Microsoft's Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company's customers. [...] | |||
|
2021-07-19 10:44:21 | US indicts members of Chinese-backed hacking group APT40 (lien direct) | Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. [...] | Industrial | APT 40 | |
|
2021-07-19 08:02:33 | Saudi Aramco data breach sees 1 TB stolen data for sale (lien direct) | Attackers have stolen 1 TB of proprietary data belonging to Saudi Aramco and are offering it for sale on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the largest public petroleum and natural gas companies in the world. The sales price, albeit negotiable, is set at $5 million. [...] | Data Breach | ||
|
2021-07-19 07:49:45 | US and allies officially accuse China of Microsoft Exchange attacks (lien direct) | US and allies, including the European Union, the United Kingdom, and NATO, are officially blaming China for this year's widespread Microsoft Exchange hacking campaign. [...] | |||
|
2021-07-19 05:03:41 | iPhones running latest iOS hacked to deploy NSO Group spyware (lien direct) | Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's latest iOS release, hacked using zero-day zero-click iMessage exploits. [...] | |||
|
2021-07-18 16:30:00 | (Déjà vu) Windows 11 features, expected release date, and latest news (lien direct) | Microsoft has released the next version of Windows called "Windows 11" and it is coming later this year. Windows 11 is the successor to Windows 10 and it's a big update with tons of new features, redesigned Start Menu, and more. [...] | |||
|
2021-07-18 16:02:20 | New Windows print spooler zero day exploitable via remote print servers (lien direct) | Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. [...] | Vulnerability Threat | ||
|
2021-07-18 11:22:44 | Ransomware hits law firm counseling Fortune 500, Global 500 companies (lien direct) | Campbell Conroy & O'Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 2021 ransomware attack. [...] | Ransomware Data Breach | ||
|
2021-07-18 10:16:32 | Comparis customers targeted by scammers after ransomware attack (lien direct) | Leading Swiss price comparison platform Comparis has notified customers of a data breach following a ransomware attack that hit and took down its entire network last week. [...] | Ransomware Data Breach Guideline | ||
|
2021-07-17 17:35:12 | Windows 11\'s subsystem for Android - What we know so far (lien direct) | With Windows 11, Microsoft is planning to integrate Amazon Appstore into Windows 11's Microsoft Store. Here's everything we know so far. [...] | |||
|
2021-07-17 11:44:22 | HelloKitty ransomware is targeting vulnerable SonicWall devices (lien direct) | CISA is warning of threat actors targeting "a known, previously patched, vulnerability" found in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with end-of-life firmware. [...] | Ransomware Threat | ||
|
2021-07-17 09:53:43 | Ecuador\'s state-run CNT telco hit by RansomEXX ransomware (lien direct) | Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. [...] | Ransomware | ||
|
2021-07-17 09:45:11 | Can\'t download Windows 10 21H2? Here\'s how to get it (lien direct) | Microsoft released the first preview build of Windows 10 21H2 this week, but it is not being offered to everyone at this time. However, for those who want to test the new build now, a way has been discovered that allows anyone to upgrade to the new feature update. [...] | |||
|
2021-07-16 16:53:58 | Cyberattack on Moldova\'s Court of Accounts destroyed public audits (lien direct) | Moldova's "Court of Accounts" has suffered a cyberattack leading to the agency's public databases and audits being destroyed. [...] | Guideline | ||
|
2021-07-16 15:42:25 | The Week in Ransomware - July 16th 2021 - REvil disappears (lien direct) | Ransomware operations have been quieter this week as the White House engages in talks with the Russian government about cracking down on cybercriminals believed to be operating in Russia. [...] | Ransomware | ||
|
2021-07-16 14:46:41 | US govt offers $10 million reward for tips on nation-state hackers (lien direct) | The United States government has taken two more active measures to fight and defend against malicious cyber activities affecting the country's business and critical infrastructure sectors. [...] | |||
|
2021-07-16 11:21:54 | (Déjà vu) Windows 10 21H2 preview released with new security features (lien direct) | Microsoft has officially announced the Windows 10 21H2 feature update (build 19044.1147) and released the first preview build to Insiders for testing. [...] | |||
|
2021-07-16 10:36:57 | D-Link issues hotfix for hard-coded password router vulnerabilities (lien direct) | D-Link has issued a hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router that can allow attackers to execute arbitrary code on unpatched routers, gain access to sensitive information, or crash the routers after triggering a denial of service state. [...] | |||
|
2021-07-16 08:56:14 | Microsoft Defender for Identity now detects PrintNightmare attacks (lien direct) | Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers' attempts to abuse this critical vulnerability. [...] | |||
|
2021-07-16 06:29:27 | (Déjà vu) Critical Cloudflare CDN flaw allowed compromise of 12% of all sites (lien direct) | Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. [...] | Vulnerability | ||
|
2021-07-16 06:29:27 | Cloudflare fixes CDN code execution bug affecting 12.7% of all sites (lien direct) | Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. [...] | Vulnerability | ||
|
2021-07-16 03:31:22 | (Déjà vu) Google patches 8th Chrome zero-day exploited in the wild this year (lien direct) | Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild. [...] | Vulnerability | ||
|
2021-07-15 20:49:51 | Microsoft shares guidance on new Windows Print Spooler vulnerability (lien direct) | Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight. [...] | Vulnerability | ||
|
2021-07-15 19:49:46 | Windows 10 21H2 has been released for testing, but not for everyone (lien direct) | Microsoft has officially announced the Windows 10 21H2 feature update (build 19044.1147) and released the first preview build to Insiders for testing. [...] | |||
|
2021-07-15 17:24:11 | Microsoft unveils Windows 11\'s beautiful new context menus (lien direct) | Windows 11 preview build 22000.71 is now live in the Dev Channel of the Windows Insider program and it comes with visual improvements for the context menu and various right-click menus. [...] | |||
|
2021-07-15 14:57:54 | (Déjà vu) Windows print nightmare continues with malicious driver packages (lien direct) | Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. [...] | Threat | ||
|
2021-07-15 14:57:54 | Microsoft\'s print nightmare continues with malicious driver packages (lien direct) | Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. [...] | Threat | ||
|
2021-07-15 12:38:53 | Microsoft: Israeli firm used Windows zero-days to deploy spyware (lien direct) | Microsoft and Citizen Lab have linked Israeli spyware company Candiru (also tracked as Sourgum) to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. [...] | |||
|
2021-07-15 12:08:41 | WooCommerce fixes vulnerability exposing 5 million sites to data theft (lien direct) | WooCommerce, the popular e-commerce plugin for the WordPress content management system has been updated to patch a serious vulnerability that could be exploited without authentication. [...] | Vulnerability | ||
|
2021-07-15 11:13:34 | Linux version of HelloKitty ransomware targets VMware ESXi servers (lien direct) | The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage. [...] | Ransomware | ||
|
2021-07-15 08:00:00 | Microsoft: Update Windows Server 2012 before extended support ends (lien direct) | Microsoft has reminded Windows Server 2012 and SQL Server 2012 users that the products will reach their extended support end dates during the next two years, urging them to update to avoid security and compliance gaps. [...] |
To see everything:
Our RSS (filtrered)
