What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-02 12:56:07 | (Déjà vu) Steganography alert: Backdoor spyware stashed in Microsoft logo (lien direct) | Now that's sticker shock Internet snoops have been caught concealing spyware in an old Windows logo in an attack on governments in the Middle East.… | |||
|
2022-10-02 12:56:07 | Stenography alert: Backdoor spyware stashed in Microsoft logo (lien direct) | Now that's sticker shock Internet snoops has been caught concealing spyware in an old Windows logo in an attack on governments in the Middle East.… | |||
|
2022-10-02 08:47:05 | BlackCat malware lashes out at US defense IT contractor (lien direct) | Also, Amazon's Ring footage TV shows draws criticism, US v Societ spying docs found, and more In Brief The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense.… | Ransomware Malware | ||
|
2022-09-30 22:48:12 | As Hurricane Ian hits, FCC rules cell carriers must help each other in disasters (lien direct) | You will or won't do it voluntarily? Doesn't matter, we'll mandate it The Federal Communications Commission today issued rules codifying a voluntary 2016 agreement between cellular networks that they cover for their competitors knocked offline during a natural or cyber disaster.… | |||
|
2022-09-29 13:00:09 | Covert malware targets VMware for hypervisor-level espionage (lien direct) | VMware, Mandiant track back operators, finding ties to China Emerging covert malware families that target VMware environments could allow criminals to gain persistent administrative access to the hypervisor, transfer files, and execute arbitrary commands between virtual machines, according to VMware and Mandiant, which discovered the software nasty earlier this year.… | Malware | ||
|
2022-09-28 17:00:07 | Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web (lien direct) | Beware what could be hiding in those LNK shortcuts A tool sold on the dark web that allows cybercriminals to build malicious shortcuts for delivering malware is being used in a campaign pushing a longtime .NET keylogger and remote access trojan (RAT) named Agent Tesla.… | Malware Tool | ||
|
2022-09-28 16:30:07 | Hacked Fast Company sends \'obscene and racist\' alerts via Apple News (lien direct) | Someone going by 'Thrax' claims responsibility for 'incredibly easy' breach Apple News shut down Fast Company's news channel after "an incredibly offensive alert" was sent to subscribers following a hack of the business publication on Tuesday evening.… | Hack | ||
|
2022-09-28 03:35:31 | Australia asks FBI to help find attacker who stole data from millions of users (lien direct) | Apparent perp claims to have deleted swiped info as carrier Optus struggles to get its story straight +Comment Australian authorities have asked the United States Federal Bureau of Investigation (FBI) to assist with investigations into the data breach at local telco Optus.… | |||
|
2022-09-27 18:15:08 | Samsung sued for gobbling up too much personal info that miscreants then stole (lien direct) | If you're gonna force everyone to register an account, at least protect that data, lawsuit argues A lawsuit has accused Samsung of failing to address a cyber-intrusion in early 2022, leading to the theft of US customers' personally identifiable information (PII) in a second attack months later in July.… | Guideline | ||
|
2022-09-27 18:15:08 | Samsung facing class action over customer data leaks (lien direct) | Not only did the company fail to protect their data, the suit alleges, it also forced users to register A class action lawsuit has accused Samsung of failing to address a data breach in early 2022, leading to the theft of US customers' personally identifiable information (PII) in a second attack earlier this month.… | Data Breach Guideline | ||
|
2022-09-27 14:00:12 | Microsoft boosts phishing protection in Windows 11 22H2 (lien direct) | Security tool warns admins and users when a password is used on an untrusted site or stored locally In the latest version of Windows 11, Microsoft is introducing a feature in its Microsoft Defender SmartScreen tool designed to keep passwords safer.… | Tool | ||
|
2022-09-25 08:50:14 | Noberus ransomware gets info-stealing upgrades, targets Veeam backup software (lien direct) | 'One of the most dangerous and active malware developers operating at the moment' Crooks spreading the Noberus ransomware are adding weapons to their malware to steal data and credentials from compromised networks.… | Ransomware Malware | ||
|
2022-09-23 17:29:13 | Significant customer data exposed in attack on Australian telco (lien direct) | Subscribers have questions – like 'When were you going to tell us?' Australian telecommunications company Optus has fallen victim to a significant cyberattack and data breach.… | |||
|
2022-09-22 20:15:34 | Check out this Android spyware, says Microsoft, the home of a gazillion Windows flaws (lien direct) | While issuing an emergency patch for Endpoint Configuration Manager Data-stealing spyware disguised as a banking rewards app is targeting Android users, Microsoft's security team has warned.… | |||
|
2022-09-22 15:15:05 | Cambodian authorities crack down on cyber slavery amid international pressure (lien direct) | Lured by fake jobs, victims are isolated abroad and forced to carry out crypto, romance scams and more Authorities in Sihanoukville, Cambodia announced on Sunday that a raid last week uncovered evidence of forced labor cybercrime syndicates that participated in human trafficking and torture.… | |||
|
2022-09-22 13:45:08 | Fake sites fool Zoom users into downloading deadly code (lien direct) | Ah, the human touch Beware the Zoom site you don't recognize, as a criminal gang is creating multiple fake versions aimed at luring users to download malware that can steal banking data, IP addresses, and other information.… | Malware | ||
|
2022-09-21 15:56:01 | Malwarebytes blocks Google, YouTube as malware (lien direct) | Sounds like fair comment Google and its Youtube domains are being flagged as malicious by Malwarebytes as of Wednesday morning, blocking users from accessing a whole range of websites.… | Malware | ||
|
2022-09-21 09:26:11 | ChromeLoader, what took you so long? Malvertising irritant now slings ransomware (lien direct) | Doesn't make cents, makes bigger bucks instead ... probably ChromeLoader – the malware that exploded onto the scene this year by hijacking browsers to redirect users to pages of ads – is apparently evolving into a more significant threat by deploying malicious payloads that go beyond malvertising.… | Ransomware Malware Threat | ||
|
2022-09-20 00:09:39 | NASA to live-stream SLS rocket fuel leak repair test (lien direct) | For those on tenterhooks over this Moon mission NASA will televise a test on Wednesday to confirm whether a repair made to its Space Launch System (SLS) rocket has fixed the hydrogen leak that forced officials to scrub a previous launch attempt.… | |||
|
2022-09-19 17:12:15 | Grand Theft Auto 6 maker confirms source code, vids stolen in cyber-heist (lien direct) | So is that three or four stars? Take-Two Interactive confirmed on Monday that its Rockstar Games subsidiary has been compromised and confidential data for Grand Theft Auto 6 has been stolen.… | |||
|
2022-09-19 13:37:53 | GPT-3 \'prompt injection\' attack causes bad bot manners (lien direct) | Also, EA goes kernel-deep to stop cheaters, PuTTY gets hijacked by North Korea, and more. In Brief OpenAI's popular natural language model GPT-3 has a problem: It can be tricked into behaving badly by doing little more than telling it to ignore its previous orders.… | |||
|
2022-09-17 07:32:11 | Can reflections in eyeglasses actually leak info from Zoom calls? Here\'s a study into it (lien direct) | About time someone shined some light onto this Boffins at the University of Michigan in the US and Zhejiang University in China want to highlight how bespectacled video conferencing participants are inadvertently revealing sensitive on-screen information via reflections in their eyeglasses.… | |||
|
2022-09-16 21:45:39 | School chat app Seesaw abused to send \'inappropriate image\' to parents, teachers (lien direct) | This is why we don't reuse passwords, kids Parents and teachers received a link to an "inappropriate image" this week via Seesaw after miscreants hijacked accounts in a credential stuffing attack against the popular school messaging app.… | |||
|
2022-09-16 06:04:05 | Eastern European org hit by second record-smashing DDoS attack (lien direct) | Cough, cough, U, cough, kraine Akamai says it has absorbed the largest-ever publicly known distributed denial of service (DDoS) attack – an assault against an unfortunate Eastern European organization that went beyond 700 million packets per second.… | |||
|
2022-09-16 05:33:56 | EU puts smart device manufacturers on the hook for cyber security (lien direct) | Requires five years of patching, 24 hour incident reporting, and proper security … for starters The European Commission has revealed a Cyber Resilience Act that will require manufacturers of connected devices to secure them properly before shipping, disclose and fix flaws promptly, and guarantee fixes will flow for five years.… | |||
|
2022-09-16 03:13:43 | Uber reels from \'security incident\' in which cloud systems seemingly hijacked (lien direct) | AWS and G Suite admin accounts likely popped, HackerOne bug bounty page hit, and more Uber is tonight reeling from what looks like a substantial cybersecurity breach.… | Uber | ||
|
2022-09-15 02:12:07 | WordPress-powered sites backdoored after FishPig suffers supply chain attack (lien direct) | And two other security snafus in this web publishing world It's only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites.… | |||
|
2022-09-14 13:30:10 | Google fined $4b after Euro court snips 5% off earlier price (lien direct) | Search giant's appeal lands flat as fine imposed for anticompetitive practice in Android search The European General Court has imposed a €4.125 billion (about $4.13 billion) fine on Google, largely upholding an earlier ruling on the ad-tech giant's anticompetitive practices in mobile search.… | |||
|
2022-09-14 00:57:37 | Ransomware gang threatens 1m-plus medical record leak (lien direct) | Criminals continue to target some of the most vulnerable Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.… | Ransomware | ||
|
2022-09-13 07:30:11 | Cisco: Yes, Yanluowang leaked our data. No, it\'s not serious (lien direct) | Everything's fine! The Yanluowang ransomware group behind the May attack on Cisco Systems has publicly leaked the stolen files on the dark web over the weekend, but the networking giant says there's nothing to worry about.… | Ransomware | ||
|
2022-09-13 05:30:08 | Chinese-linked cyber crims nab $529 million from Indian nationals (lien direct) | Authorities also bust a shell company scam operation with links to the Middle Kingdom Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh.… | |||
|
2022-09-12 23:07:44 | Apple patches iPhone and macOS flaws under active attack (lien direct) | High-value targets tend to get hit Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited.… | |||
|
2022-09-10 11:00:07 | Shape-shifting cryptominer savaging Linux endpoints and IoT (lien direct) | Also, Authorities seize WT1SHOP selling 5.8m sets of PII, The North Face users face tough secuirty hike In brief AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones.… | Malware | ||
|
2022-09-08 12:00:09 | Lazarus Group unleashed a MagicRAT to spy on energy providers (lien direct) | Cisco finds custom malware in North Korea's latest cyberespionage effort The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos.… | Malware Medical | APT 38 | |
|
2022-09-07 12:34:49 | Cybercriminals target games popular with kids to distribute malware (lien direct) | Kaspersky research finds Minecraft and Roblox have the most malicious files associated with them With 3 billion players globally, the $200 billion gaming market is an increasingly ripe target for cybercriminals – with the perennially popular Minecraft one of the most targeted lures.… | Malware | ||
|
2022-09-07 05:15:14 | As Cybersecurity Week begins, Beijing claims US attacked Uni doing military research (lien direct) | National Security Agency apparently has tools that crack Solaris boxes China has accused the United States of a savage cyber attack on a university famed for conducting aerospace research and linked to China's military.… | |||
|
2022-09-06 17:45:09 | (Déjà vu) Ransomware gang hits second-largest US school district (lien direct) | FBI and CISA on-site to assist with incident response over Labor Day weekend Cybercriminals hit the Los Angeles Unified School District (LAUSD) over the holiday weekend with a ransomware attack that temporarily shut down email, computer systems, and applications.… | Ransomware | ||
|
2022-09-06 16:15:14 | Newly discovered cyberspy crew targets Asian governments and corporations (lien direct) | Worok uses mix of publicly available tools, custom malware to steal info, gang active since 2020 A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access.… | Malware | ||
|
2022-09-06 13:30:10 | Unhappy about excluding nation-state attacks from cyberinsurance? Get ready to pay (lien direct) | Lloyd's defends stance as critics say policy tweaks make it less worthwhile to spend on premiums Critics unhappy about insurers excluding certain nation-state attacks from cyber policies should consider the alternative: higher prices, according to Lloyd's of London.… | |||
|
2022-09-05 06:57:12 | Microsoft mistakenly rated Chromium, Electron, as malware (lien direct) | Windows Defender update fixed the mess after a weekend of false positive weirdness Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them.… | Malware | ||
|
2022-09-02 01:11:24 | Ex-NSA trio who spied on Americans for UAE now banned from arms exports (lien direct) | From hero to zero-day ... to plain zero Three former US government cyber-spies who, among other things, illicitly compromised and snooped on Americans' devices for the United Arab Emirates government have been banned from participating in international arms exports under a deal reached with Uncle Sam.… | |||
|
2022-09-01 07:04:15 | Oh no, that James Webb Space Telescope snap might actually contain malware (lien direct) | Is nothing sacred? Scumbags are using a photo from the James Webb Space Telescope to smuggle Windows malware onto victims' computers – albeit in a roundabout way.… | Malware | ||
|
2022-08-31 05:02:05 | China-linked APT40 gang targets wind farms, Australian government (lien direct) | ScanBox installed after victims lured to fake Murdoch news sites with phishing emails Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site.… | APT 40 | ||
|
2022-08-30 22:58:05 | Find a security hole in Google\'s open source and you could bag a $31,337 reward (lien direct) | Will it be enough to prevent the next software supply-chain attack? Google has created a bug bounty program that will reward those who find and report vulnerabilities in its open-source projects, thereby hopefully strengthening software supply-chain security.… | ★★★★★ | ||
|
2022-08-30 10:27:12 | That \'clean\' Google Translate app is actually Windows crypto-mining malware (lien direct) | Ah, nothing like a classic Trojan horse Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.… | Malware | ||
|
2022-08-30 00:43:14 | Google Play to ban Android VPN apps from interfering with ads (lien direct) | Developers say this is not the privacy protection it's made out to be Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications.… | |||
|
2022-08-26 19:21:03 | PyPI warns of first-ever phishing campaign against its users (lien direct) | On the bright side, top devs are getting hardware security keys The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service.… | |||
|
2022-08-26 16:33:28 | Now Oktapus gets access to some DoorDash customer info via phishing attack (lien direct) | Double check who exactly you're sending your username and password to, eh? DoorDash has confirmed that "a small percentage" of its customers and delivery drivers' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were exposed as part of a broad phishing campaign dubbed Oktapus.… | |||
|
2022-08-25 18:01:53 | Crooks target top execs on Office 365 with MFA-bypass scheme (lien direct) | The 'widespread' campaign hunts for multimillion-dollar transactions A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication.… | |||
|
2022-08-25 09:24:07 | Shout-out to whoever went to Black Hat with North Korean malware on their PC (lien direct) | I am the one who NOCs The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.… | Malware |
To see everything:
