What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-07 17:42:00 | 4 Key Questions for Zero-Trust Success (lien direct) | Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust. | |||
|
2021-10-06 21:27:32 | Canopy Parental Control App Wide Open to Unpatched XSS Bugs (lien direct) | The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. | |||
|
2021-10-06 20:34:28 | VMware ESXi Servers Encrypted by Lightning-Fast Python Script (lien direct) | The little snippet of Python code strikes fast and nasty, taking less than three hours to complete a ransomware attack from initial breach to encryption. | Ransomware | ||
|
2021-10-06 18:11:58 | ESPecter Bootkit Malware Haunts Victims with Persistent Espionage (lien direct) | The rare UEFI bootkit drops a fully featured backdoor on PCs and gains the ultimate persistence by modifying the Windows Boot Manager. | Malware | ||
|
2021-10-06 15:26:17 | Twitch Gets Gutted: All Source Code Leaked (lien direct) | An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch's source code, comments going back to its inception and more. | |||
|
2021-10-05 21:09:10 | IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft (lien direct) | Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses. | |||
|
2021-10-05 20:01:27 | Apache Web Server Zero-Day Exposes Sensitive Data (lien direct) | The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating. | |||
|
2021-10-05 14:55:30 | How to Build an Incident-Response Plan, Before Security Disaster Strikes (lien direct) | Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack. | |||
|
2021-10-05 14:30:59 | Facebook Blames Outage on Faulty Router Configuration (lien direct) | One easily disproved conspiracy theory linked the ~six-hour outage to a supposed data breach tied to a Sept. 22 hacker forum ad for 1.5B Facebook user records. | Data Breach | ||
|
2021-10-05 14:16:22 | Oops! Compound DeFi Platform Gives Out $90M, Would Like it Back, Please (lien direct) | The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users - then threatened to dox the recipients. | |||
|
2021-10-04 20:40:31 | Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR (lien direct) | They were all flat on their faces for hours on Monday, throwing off DNS error messages or other server-related errors. | |||
|
2021-10-04 20:31:06 | Encrypted & Fileless Malware Sees Big Growth (lien direct) | An analysis of second-quarter malware trends shows that threats are becoming stealthier. | Malware | ||
|
2021-10-04 15:22:32 | Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions (lien direct) | A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans. | |||
|
2021-10-01 20:08:23 | MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed (lien direct) | Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA. | |||
|
2021-10-01 17:50:42 | 3.1M Neiman Marcus Customer Card Details Breached (lien direct) | Experts say the detection delay of 17 months is a colossal security blunder by the retailer. | |||
|
2021-10-01 15:27:01 | Flubot Malware Targets Androids With Fake Security Updates (lien direct) | The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients. | Malware | ||
|
2021-10-01 12:36:25 | New APT ChamelGang Targets Russian Energy, Aviation Orgs (lien direct) | First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. | Malware | ||
|
2021-09-30 22:38:50 | Google Emergency Update Fixes Two Chrome Zero Days (lien direct) | This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild. | |||
|
2021-09-30 19:32:14 | Military\'s RFID Tracking of Guns May Endanger Troops (lien direct) | RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say. | |||
|
2021-09-30 17:56:05 | Tips & Tricks for Unmasking Ghoulish API Behavior (lien direct) | Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity. | |||
|
2021-09-30 17:08:50 | Baby\'s Death Alleged to Be Linked to Ransomware (lien direct) | Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby's death. | Ransomware | ||
|
2021-09-30 17:05:09 | Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts (lien direct) | The group uses millions of password combos at the rate of nearly 2,700 login attempts per minute with new techniques that push the ATO envelope. | |||
|
2021-09-30 15:26:52 | (Déjà vu) Apple Pay with Visa Hacked to Make Payments via Locked iPhones (lien direct) | Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed. | |||
|
2021-09-30 15:26:52 | Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones (lien direct) | Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. | |||
|
2021-09-30 12:50:55 | The Top Ransomware Threats Aren\'t Who You Think (lien direct) | Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally. | Ransomware | ||
|
2021-09-30 11:29:23 | Thousands of University Wi-Fi Networks Expose Log-In Credentials (lien direct) | Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users. | |||
|
2021-09-29 23:10:32 | Keep Attackers Out of VPNs: Feds Offer Guidance (lien direct) | The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. | |||
|
2021-09-29 20:48:33 | Apple AirTag Zero-Day Weaponizes Trackers (lien direct) | Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. | |||
|
2021-09-29 18:08:54 | GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride (lien direct) | The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques. | Malware | ||
|
2021-09-29 15:43:52 | Conti Ransomware Expands Ability to Blow Up Backups (lien direct) | The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. | Ransomware | ||
|
2021-09-29 14:45:03 | SAS 2021: \'Tomiris\' Backdoor Linked to SolarWinds Malware (lien direct) | Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks. | Malware | ||
|
2021-09-29 13:55:05 | Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts (lien direct) | A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others. | |||
|
2021-09-28 21:36:11 | How to Prevent Account Takeovers in 2021 (lien direct) | Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers. | |||
|
2021-09-28 18:42:02 | Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts (lien direct) | The BloodyStealer trojan helps cyberattackers go after in-game goods and credits. | Malware | ||
|
2021-09-28 17:45:59 | SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever (lien direct) | A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities. | Malware | ||
|
2021-09-28 15:06:20 | Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw (lien direct) | The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. | |||
|
2021-09-28 14:39:49 | SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor (lien direct) | Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence. | |||
|
2021-09-28 10:00:26 | Credential Spear-Phishing Uses Spoofed Zix Encrypted Email (lien direct) | The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more. | Spam | ||
|
2021-09-27 20:29:43 | 5 Steps to Securing Your Network Perimeter (lien direct) | Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress. | |||
|
2021-09-27 18:27:15 | Women, Minorities Are Hacked More Than Others (lien direct) | Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests. | |||
|
2021-09-27 15:35:42 | EU: Russia Behind \'Ghostwriter\' Campaign Targeting Germany (lien direct) | It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia. | |||
|
2021-09-27 14:59:58 | 3.8 Billion Users\' Combined Clubhouse, Facebook Data Up for Sale (lien direct) | Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn. | |||
|
2021-09-24 18:46:59 | Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords (lien direct) | Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. | |||
|
2021-09-24 15:48:53 | TangleBot Malware Reaches Deep into Android Device Functions (lien direct) | The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others. | Malware | ||
|
2021-09-24 14:01:06 | Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN (lien direct) | Unauthenticated cyberattackers can also wreak havoc on networking device configurations. | |||
|
2021-09-24 11:29:27 | Apple Patches 3 More Zero-Days Under Active Attack (lien direct) | One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges. | |||
|
2021-09-23 23:00:27 | REvil Affiliates Confirm: Leadership Were Cheating Dirtbags (lien direct) | After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court." | |||
|
2021-09-23 19:10:20 | 5 Tips for Achieving Better Cybersecurity Risk Management (lien direct) | Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively. | |||
|
2021-09-23 18:35:31 | 100M IoT Devices Exposed By Zero-Day Bug (lien direct) | A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more. | Vulnerability | ||
|
2021-09-23 14:08:12 | FamousSparrow APT Wings in to Spy on Hotels, Governments (lien direct) | A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe. |
To see everything:
Our RSS (filtrered)
