What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-05 11:59:04 | GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise (lien direct) | As the dust settles following the recently disclosed hack of NewsCorp, important lessons are emerging for the cybersecurity and journalism communities. Related: How China challenged Google in Operation Aurora The Chinese government is well known for its censorship– and … (more…) | Hack | ||
 |
2022-04-04 03:41:30 | Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles (lien direct) | A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique against the popular Combined Charging System (CCS) that could potentially disrupt the ability to charge electric vehicles at scale. Dubbed "Brokenwire," the method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the | Hack | ||
 |
2022-04-01 14:42:28 | Anonymous targets oligarchs\' Russian businesses: Marathon Group hacked (lien direct) | Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis Corp, while today the group claimed the hack of Marathon Group. The Marathon Group is a Russian investment firm […] | Hack | ||
|
2022-03-31 20:05:46 | Apple issues emergency patches to fix actively exploited zero-days (lien direct) | Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released emergency security patches to address two zero-day vulnerabilities actively exploited to hack iPhones, iPads, and Macs. The first zero-day, tracked as CVE-2022-22674, is an out-of-bounds read issue that resides in the Intel Graphics Driver that could […] | Hack | ||
 |
2022-03-31 17:27:39 | SentinelLabs: New Modem Wiper Malware May be Connected to Viasat Hack (lien direct) | A pair of security researchers at SentinelLabs have intercepted a piece of destructive wiper malware hitting routers and modems and found digital breadcrumbs suggesting a link to the devastating Viasat hack that took down wind turbines in Germany. | Malware Hack | ||
 |
2022-03-30 20:40:03 | IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data (lien direct) | Data released by the group purports to belong to Apple, Facebook, and others. | Hack | ||
 |
2022-03-30 16:00:00 | Personal Data of 820,000 NYC Students Exposed (lien direct) | Grading system hack causes potentially historic breach of students' personal data | Hack | ★★ | |
|
2022-03-30 14:57:56 | Remote \'Brokenwire\' Hack Prevents Charging of Electric Vehicles (lien direct) | Researchers from the University of Oxford in the UK and Switzerland's Armasuisse federal agency have identified a new attack method that can be used to remotely interrupt the charging of electric vehicles. | Hack | ||
 |
2022-03-30 14:23:49 | Ronin Network Cryptocurrency Hack, Experts Commentary (lien direct) | More than $600 million in cryptocurrency has been stolen from the gaming-focused Ronin Network in what may be the largest crypto hack ever. It’s been reported that 173,600 in Ethereum cryptocurrency (worth $594.6 million) and $25.5 million in U.S. dollars were taken, resulting in a total loss of $625 million. | Hack | ||
|
2022-03-30 14:18:14 | Lapsus$ extortion gang claims to have hacked IT Giant Globant (lien direct) | The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked tens of gigabytes of stolen data. The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked roughly 70 Gb of stolen data. The gang claims that the company has implemented poor security practices that allowed them to hack their […] | Hack | ||
|
2022-03-30 12:32:14 | Lapsus$ Claims Hack of IT Giant Globant After Arrests of Alleged Members (lien direct) | The Lapsus$ hacker group on Wednesday leaked tens of gigabytes of files allegedly stolen from IT giant Globant. The hackers have made available roughly 70 Gb of data that they claim represents Globant customer source code. SecurityWeek has reached out to Globant for comment, but we have yet to hear back. | Hack | ||
|
2022-03-29 22:03:16 | $625M stolen from Axie Infinity \'s Ronin bridge, the largest ever crypto hack (lien direct) | Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity ‘s Ronin network bridge. Threat actors have stolen almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity’s Ronin network bridge. The attack took place on March 23rd, but the cyber heist was […] | Hack Threat | ||
|
2022-03-29 14:23:50 | Data of 820,000 NYC Students Compromised In Hack Of Online Grading System (lien direct) | In response to reports that the personal data of around 820,000 current and former New York City public school students was compromised in the hack of a widely-used online grading and attendance system earlier this year according to the US Dept. of Education, cyber security experts reacted below. | Hack | ||
|
2022-03-29 00:50:41 | New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack (lien direct) | An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. In a set of screenshots posted on Twitter, Bill Demirkapi published a two-page "intrusion timeline" allegedly prepared by Mandiant, the cybersecurity firm hired by | Hack | ||
|
2022-03-28 21:48:16 | Anonymous is working on a huge data dump that will blow Russia away (lien direct) | The Anonymous collective hacked the Russian construction company Rostproekt and announced that a leak that will Blow Russia Away. Anonymous continues its offensive against Russia, the collective announced the hack of the Russian construction company Rostproekt and announced a leak that will blow Russia away. Link to the stolen data from the company have been […] | Hack | ||
|
2022-03-28 19:28:47 | Researchers Hack Remote Keyless System of Honda Vehicles (lien direct) | A researcher has published proof-of-concept (PoC) videos to demonstrate how an attacker can remotely unlock the doors of a Honda vehicle, or even start its engine. | Hack | ||
|
2022-03-24 22:09:04 | Experts explained how to hack a building controller widely adopted in Russia (lien direct) | A researcher discovered critical flaws that can be exploited by remote attackers to hack a building controller popular in Russia. A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia. Researcher Jose Bertin discovered critical flaws affecting a controller made by Russian […] | Hack | ||
 |
2022-03-24 19:20:26 | WIRED: "A Mysterious Satellite Hack Has Victims Far Beyond Ukraine" (lien direct) |
WIRED wrote: "More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet's rotation, the satellite beams high-speed internet down to people across Europe. S |
Hack | ||
|
2022-03-24 15:23:22 | Over 100 Building Controllers in Russia Vulnerable to Remote Hacker Attacks (lien direct) | A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia. | Hack | ||
|
2022-03-24 14:20:17 | A mysterious satellite hack has victims far beyond Ukraine (lien direct) | The biggest hack since Russia's war began knocked thousands of people offline. | Hack | ||
|
2022-03-24 06:34:03 | Okta says 375 customers impacted by the hack, but Lapsus$ gang says it is lying (lien direct) | The provider of access management systems Okta confirmed the data breach and revealed that 2.5% of its customers were impacted. This week Lapsus$ extortion group claimed to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots […] | Data Breach Hack | ||
|
2022-03-22 14:31:17 | Lapsus$ extortion gang claims to have stolen sensitive data from Okta (lien direct) | The Lapsus$ extortion group claims to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Some of the images published by the threat actors appear to be related to the company’s […] | Hack Threat | ||
|
2022-03-17 16:50:47 | Anonymous continues to support Ukraine against the Russia (lien direct) | The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of […] | Hack | ||
|
2022-03-15 09:48:29 | Israel Says Government Sites Targeted by Hack (lien direct) | Israel's National Cyber Directorate said that the country suffered a cyber attack on Monday that briefly took down a number of government web sites. | Hack | ||
|
2022-03-10 05:37:58 | TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices (lien direct) | Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The flaws can allow remote attackers to manipulate the power of millions of enterprise devices carrying out extreme […] | Hack | ||
|
2022-03-10 01:47:28 | Alleged Ukrainian Hacker in US Court After Extradition From Poland (lien direct) | A Ukrainian man appeared before a US court on Wednesday to face charges over his role in ransomware attacks, including last year's hack of IT software company Kaseya. | Ransomware Hack | ||
 |
2022-03-09 21:10:20 | APT41 Spies Broke Into 6 US State Networks via a Livestock App (lien direct) | The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. | Hack Threat | APT 41 | |
|
2022-03-08 13:13:23 | Millions of APC Smart UPS Devices Can Be Remotely Hacked, Damaged (lien direct) | Uninterruptible power supply (UPS) products made by Schneider Electric subsidiary APC are affected by critical vulnerabilities that can be exploited to remotely hack and damage devices, according to enterprise device security company Armis. | Hack | ||
 |
2022-03-06 13:00:21 | Attackers can force Amazon Echos to hack themselves with self-issued commands (lien direct) | Popular “smart” device follows commands issued by its own speaker. What could go wrong? | Hack | ||
 |
2022-03-03 12:32:33 | Details of an NSA Hacking Operation (lien direct) | Pangu Lab in China just published a report of a hacking operation by the Equation Group (aka the NSA). It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers (aka some Russian group). …the scope of victims exceeded 287 targets in 45 countries, including Russia, Japan, Spain, Germany, Italy, etc. The attack lasted for over 10 years. Moreover, one victim in Japan is used as a jump server for further attack. News article. | Hack | ★★★ | |
|
2022-03-02 06:47:24 | Hackers Try to Hack European Officials to Get Info on Ukrainian Refugees, Supplies (lien direct) | Details of a new nation-state sponsored phishing campaign has been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social engineering attacks "Asylum | Hack | ||
|
2022-02-24 19:59:17 | Nigerian Admits in US Court to Hacking Payroll Company (lien direct) | A Nigerian national pleaded guilty in a U.S. court for his role in a scheme to hack into thousands of user accounts maintained by a payroll processing company, to steal payroll deposits. | Hack Guideline | ||
|
2022-02-23 13:16:49 | Meyer Data Breach – Expert Commentary (lien direct) | A major US-based kitchenware giant Meyer Corp has disclosed a cyber attack that may have led to the exposure of employee data. Meyer discovered an external hack to their employee database system, but is yet to confirm the number of employees impacted and the extent of the data breach. | Data Breach Hack | ||
|
2022-02-16 16:44:19 | Red Cross Hack Linked to Iranian Influence Operation? (lien direct) | A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran. | Hack | ||
|
2022-02-15 21:25:36 | Android 13 virtualization hack runs Windows (and Doom) in a VM on Android (lien direct) | Android 13's KVM support is for enhanced security, but you can also hijack it for fun. | Hack | ||
 |
2022-02-15 20:55:25 | How to hack the Registry File to change the size of the Windows 11 taskbar (lien direct) | Normally, Microsoft does not allow users to modify the relative size of the Windows 11 taskbar. But with a hack of the Registry File, we can make that possible. | Hack | ||
|
2022-02-15 19:09:31 | Horizontall HackTheBox Walkthrough (lien direct) | Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and | Hack Vulnerability | ||
|
2022-02-11 12:17:53 | On the Irish Health Services Executive Hack (lien direct) | A detailed report of the 2021 ransomware attack against Ireland's Health Services Executive lists some really bad security practices: The report notes that: The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction. It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event. Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. (The antivirus server was later encrypted in the attack). ... | Ransomware Hack Guideline | ||
 |
2022-02-10 14:11:02 | (Déjà vu) Apple patches new zero-day exploited to hack iPhones, iPads, Macs (lien direct) | Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. [...] | Hack | ||
|
2022-02-10 13:25:37 | (Déjà vu) Mass Hack Of 500 Stores Running Magento 1 (lien direct) | Breaking story – Analysts at Sancec have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. According to Sansec, the attack became evident late last month when their crawler discovered 374 infections on […] | Hack | ||
|
2022-02-10 12:57:00 | $100K Bounty To Hack ExpressVPN – YouAttest Comments (lien direct) | Express VPN is challenging researchers to crack into their TrustedServer challenging researchers to crack into their TrustedServer system with a $100K bug bounty. $100K Ground Rules: The first person to submit a valid vulnerability will receive an additional US$100,000 bonus bounty. This bonus will be valid until the prize has been claimed. Avoid violating the […] | Hack Vulnerability | ||
 |
2022-02-09 07:58:43 | Hack In Paris lance un call for papers pour son édition de 2022 (lien direct) | Après 2 ans de restrictions dues à la pandémie et une édition 2021 réalisée en ligne, Hack in Paris, l'événement cyber organisé par Sysdream, filiale de Hub One spécialisée en cybersécurité, opérateur de technologies digitales pour les entreprises, revient en physique du 27 juin au 1er juillet prochains à la Maison de la Chimie. Hack In Paris vient de lancer son " call for papers " et Sysdream est à la recherche d'experts cyber pour s'exprimer à l'occasion de différentes formations, conférences et workshops. The post Hack In Paris lance un call for papers pour son édition de 2022 first appeared on UnderNews. | Hack | ||
|
2022-02-09 05:53:03 | U.S. Arrests Two and Seizes $3.6 Million in Cryptocurrency Stolen in 2016 Bitfinex Hack (lien direct) | The U.S. Justice Department (DoJ) on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "stolen funds through a labyrinth of cryptocurrency | Hack | ||
|
2022-02-08 22:30:26 | US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack (lien direct) | The law enforcement seized $3.6 billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. Law enforcement Ilya Lichtenstein (34) and his wife, Heather Morgan (31), were arrested for alleged conspiracy to launder $4.5 Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. Law enforcement also seized over $3.6 billion in cryptocurrency […] | Hack | ||
|
2022-02-08 17:56:38 | Justice Dept. Announces $3.6B Crypto Seizure, 2 Arrests (lien direct) | The Justice Department announced Tuesday its largest-ever financial seizure - more than $3.5 billion - and the arrests of a New York couple accused of conspiring to launder billions of dollars in cryptocurrency stolen from the 2016 hack of a virtual currency exchange. | Hack | ||
|
2022-02-08 14:23:51 | CyberheistNews Vol 12 #06 [Heads Up] Beware of New Quickbooks Payment Scams (lien direct) |
![CyberheistNews Vol 12 #06 [Heads Up] Beware of New Quickbooks Payment Scams](https://blog.knowbe4.com/hubfs/Stu_Headshot_2021_resize.png)
[Heads Up] Beware of New QuickBooks Payment Scams
Email not displaying? |
CyberheistNews Vol 12 #06 | Feb. 8th., 2022
[Heads Up] Beware of New QuickBooks Payment Scams
Many small and mid-sized companies use Intuit's popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email.
The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell.
Unfortunately, phishing criminals are using QuickBooks' popularity to send business email compromise (BEC) scams. The emails appear as if they are coming from a legitimate vendor using QuickBooks, but if the potential victim takes the bait, the invoice they pay will be to the scammer.
Worse, the payment request can require that the payee use ACH (automated clearing house) method, which requires the payee to input their bank account details. So, if the victim falls for the scam, the criminal now has their bank account information. Not good.
Note: Some other QuickBooks scam warnings will tell you that QuickBooks will never ask for your ACH or banking details. This is not completely true. QuickBooks, the company and its support staff, never will, but QuickBooks email payment requests often do. Warn your users in Accounting.
CONTINUED at the KnowBe4 blog with both legit and malicious example screenshots:
https://blog.knowbe4.com/beware-of-quickbooks-payment-scams
|
Malware Hack Threat Conference | APT 35 | |
|
2022-02-08 12:51:37 | US seizes $3.6 billion stolen in 2016 Bitfinex cryptoexchange hack (lien direct) | The US Department of Justice announced that law enforcement seized billions worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. [...] | Hack | ||
|
2022-02-07 11:55:33 | New Report Alleges Widespread Pegasus Spying by Israel Police (lien direct) | Police used Pegasus spyware to hack phones of dozens of prominent Israelis, including a son of former premier Benjamin Netanyahu, activists and senior government officials, an Israeli newspaper reported Monday. | Hack | ||
|
2022-02-04 09:03:26 | News Corp discloses hack from "persistent" nation state cyber attacks (lien direct) | American media and publishing giant News Corp has disclosed today that it was the target of a "persistent" cyberattack. The attack discovered sometime this January, reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists. [...] | Hack | ||
|
2022-02-04 03:52:32 | Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware (lien direct) | A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into | Hack Vulnerability |
To see everything:
