What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-23 13:16:25 | Google Report Spotlights Uptick in Controversial \'Geofence Warrants\' by Police (lien direct) | Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause. | |||
|
2021-09-23 13:00:25 | Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products (lien direct) | Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid. | |||
|
2021-09-23 13:00:16 | Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API (lien direct) | Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection. | |||
|
2021-09-23 11:10:45 | Large-Scale Phishing-as-a-Service Operation Exposed (lien direct) | Discovery of BulletProofLink-which provides phishing kits, email templates, hosting and other tools-sheds light on how wannabe cybercriminals can get into the business. | |||
|
2021-09-22 22:17:33 | Crystal Valley Farm Coop Hit with Ransomware (lien direct) | It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure. | Ransomware | ||
|
2021-09-22 19:41:59 | Netgear SOHO Security Bug Allows RCE, Corporate Attacks (lien direct) | The issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security. | |||
|
2021-09-22 17:22:53 | Unpatched Apple Zero-Day in macOS Finder Allows Code Execution (lien direct) | All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS. | |||
|
2021-09-22 16:50:34 | How REvil May Have Ripped Off Its Own Affiliates (lien direct) | A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates' cuts of ransom payments. | |||
|
2021-09-22 16:17:33 | VMware Warns of Ransomware-Friendly Bug in vCenter Server (lien direct) | VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs. | Patching | ||
|
2021-09-22 14:52:40 | TikTok, GitHub, Facebook Join Open-Source Bug Bounty (lien direct) | The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain. | ★★★★★ | ||
|
2021-09-22 14:10:57 | Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts (lien direct) | The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime. | Ransomware | ||
|
2021-09-21 19:22:19 | Epik Confirms Hack, Gigabytes of Data on Offer (lien direct) | "Time to find out who in your family secretly ran ... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security. | |||
|
2021-09-21 17:49:24 | Hackers Are Going \'Deep-Sea Phishing,\' So What Can You Do About It? (lien direct) | Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses. | |||
|
2021-09-21 16:02:35 | Turla APT Plants Novel Backdoor In Wake of Afghan Unrest (lien direct) | “TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years. | Malware | ||
|
2021-09-21 13:14:02 | BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom (lien direct) | Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks. | Ransomware | ||
|
2021-09-21 13:00:56 | 46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe? (lien direct) | Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old. | |||
|
2021-09-20 21:25:24 | Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate (lien direct) | Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety. | |||
|
2021-09-20 19:50:19 | Europol Breaks Open Extensive Mafia Cybercrime Ring (lien direct) | Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits. | |||
|
2021-09-20 19:02:57 | Payment API Bungling Exposes Millions of Users\' Payment Data (lien direct) | Misconfigured APIs make any app risky, but when you're talking about financial apps, you're talking about handing ne'er-do-wells the power to turn your pockets inside-out. | |||
|
2021-09-20 13:00:24 | Bring Your APIs Out of the Shadows to Protect Your Business (lien direct) | APIs are immensely more complex to secure. Shadow APIs-those unknown or forgotten API endpoints that escape the attention and protection of IT¬-present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do. | |||
|
2021-09-17 17:16:42 | Porn Problem: Adult Ads Persist on US Gov\'t, Military Sites (lien direct) | Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. | |||
|
2021-09-17 13:20:03 | Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do (lien direct) | Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms. | |||
|
2021-09-17 12:57:42 | AT&T Phone-Unlocking Malware Ring Costs Carrier $200M (lien direct) | With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan. | Malware | ||
|
2021-09-17 12:07:59 | Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang (lien direct) | Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. | Ransomware | ||
|
2021-09-16 18:26:59 | Airline Credential-Theft Takes Off in Widening Campaign (lien direct) | A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom. | |||
|
2021-09-16 13:08:24 | Financial Cybercrime: Following Cryptocurrency via Public Ledgers (lien direct) | John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack. | |||
|
2021-09-16 13:00:37 | REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out (lien direct) | Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13. | Ransomware | ||
|
2021-09-16 13:00:01 | DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast (lien direct) | Imperva's Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee, | |||
|
2021-09-16 12:01:55 | HP Omen Hub Exposes Millions of Gamers to Cyberattack (lien direct) | A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming. | |||
|
2021-09-16 11:37:48 | Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk (lien direct) | Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said. | |||
|
2021-09-15 19:01:48 | No Patch for High-Severity Bug in Legacy IBM System X Servers (lien direct) | Two of IBM's aging flagship server models, retired in 2020, won't be patched for a command-injection flaw. | |||
|
2021-09-15 13:06:52 | Attackers Impersonate DoT in Two-Day Phishing Scam (lien direct) | Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site. | Threat | ||
|
2021-09-14 21:02:49 | Adobe Snuffs Critical Bugs in Acrobat, Experience Manager (lien direct) | Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop. | ★★ | ||
|
2021-09-14 20:29:14 | Microsoft Patches Actively Exploited Windows Zero-Day Bug (lien direct) | On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. | Threat | ||
|
2021-09-14 20:05:52 | 2021\'s Most Dangerous Software Weaknesses (lien direct) | Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers. | |||
|
2021-09-14 17:21:59 | ZLoader\'s Back, Abusing Google AdWords, Disabling Windows Defender (lien direct) | The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in. | |||
|
2021-09-14 15:03:41 | Pair of Google Chrome Zero-Day Bugs Actively Exploited (lien direct) | The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. | |||
|
2021-09-14 13:45:31 | Unpatched Bugs Plague Databases; Your Data Is Probably Not Secure – Podcast (lien direct) | Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws. | |||
|
2021-09-14 13:10:49 | Romance, BEC Scams Lands Soldier in Jail for 46 Months (lien direct) | A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans. | Guideline | ||
|
2021-09-14 11:24:06 | BlackMatter Ransomware Hits Japanese Tech Giant Olympus (lien direct) | The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups. | Ransomware | ||
|
2021-09-13 18:59:22 | REvil\'s Back; Coder Fat-Fingered Away Its Decryptor Key? (lien direct) | How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That's how we sh*t ourselves.” | Ransomware | ★★ | |
|
2021-09-13 18:41:05 | WhatsApp\'s End-to-End Encryption Isn\'t Actually Broken (lien direct) | WhatsApp's moderators sent messages flagged by intended recipients. Researchers say this isn't concerning -- yet. | |||
|
2021-09-13 18:17:37 | Honing Cybersecurity Strategy When Everyone\'s a Target for Ransomware (lien direct) | Aamir Lakhani, researcher at FortiGuard Labs, explains why organizations must extend cyber-awareness training across the entire enterprise, from Luddites to the C-suite. | Ransomware | ||
|
2021-09-13 18:08:10 | WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing (lien direct) | The security vulnerability can be exploited with a malicious CSV file. | Vulnerability | ||
|
2021-09-10 20:17:59 | MyRepublic Data Breach Raises Data-Protection Questions (lien direct) | The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say. | Data Breach | ||
|
2021-09-10 19:37:45 | Top Steps for Ransomware Recovery and Preparation (lien direct) | Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future. | Ransomware | ||
|
2021-09-10 16:31:14 | Yandex Pummeled by Potent Meris DDoS Botnet (lien direct) | Record-breaking distributed denial of service attack targets Russia's version of Google - Yandex. | |||
|
2021-09-10 16:25:53 | SOVA, Worryingly Sophisticated Android Trojan, Takes Flight (lien direct) | The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.' | Malware | ||
|
2021-09-10 14:35:50 | 5 Steps For Securing Your Remote Work Space (lien direct) | With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home. Here are five recommendations for securing your home office. | |||
|
2021-09-10 10:46:17 | Stolen Credentials Led to Data Theft at United Nations (lien direct) | Threat actors accessed the organization's proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks. | Threat |
To see everything:
Our RSS (filtrered)
