What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-09 22:49:27 | Thousands of Fortinet VPN Account Credentials Leaked (lien direct) | They were posted for free by former Babuk gang members who've bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. | Ransomware | ||
|
2021-09-09 20:38:41 | McDonald\'s Email Blast Includes Password to Monopoly Game Database (lien direct) | Usernames, passwords for database sent in prize redemption emails. | |||
|
2021-09-09 17:51:24 | Financial Cybercrime: Why Cryptocurrency is the Perfect \'Getaway Car\' (lien direct) | John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency. | |||
|
2021-09-09 16:39:13 | \'Azurescape\' Kubernetes Attack Allows Cross-Container Cloud Compromise (lien direct) | A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering. | Uber | ||
|
2021-09-09 14:30:56 | SideWalk Backdoor Linked to China-Linked Spy Group \'Grayfly\' (lien direct) | Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. | Malware Guideline | APT 41 | |
|
2021-09-09 12:58:48 | Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix (lien direct) | An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom. | Vulnerability Guideline | ||
|
2021-09-09 11:26:58 | BladeHawk Attackers Target Kurds with Android Apps (lien direct) | Pro-Kurd Facebook profiles deliver '888 RAT' and 'SpyNote' trojans, masked as legitimate apps, to perform mobile espionage. | |||
|
2021-09-08 21:14:06 | What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast (lien direct) | There are a lot of "tells" that the ransomware group doesn't understand how negotiators work, despite threatening to dox data if victims call for help. | Ransomware | ||
|
2021-09-08 19:00:26 | Tooling Network Detection & Response for Ransomware (lien direct) | Justin Jett, director of audit and compliance at Plixer, discusses how to effectively use network flow data in the fight against ransomware. | Ransomware | ||
|
2021-09-08 17:28:35 | Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports (lien direct) | Australian immunization app bug lets attackers fake vaccine status. | |||
|
2021-09-08 17:03:06 | TeamTNT\'s New Tools Target Multiple OS (lien direct) | The attackers are indiscriminately striking thousands of victims worldwide with their new “Chimaera” campaign. | |||
|
2021-09-08 12:24:51 | Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows (lien direct) | Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files. | Vulnerability | ★★★★ | |
|
2021-09-07 22:41:45 | Ragnar Locker Gang Warns Victims Not to Call the FBI (lien direct) | Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help. | Ransomware | ||
|
2021-09-07 20:39:19 | Netgear Smart Switches Open to Complete Takeover (lien direct) | The Demon's Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks. | |||
|
2021-09-07 16:07:58 | Jenkins Hit as Atlassian Confluence Cyberattacks Widen (lien direct) | Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed. | |||
|
2021-09-07 16:07:40 | ProtonMail Forced to Log IP Address of French Activist (lien direct) | The privacy-touting, end-to-end encrypted email provider erased its site's “we don't log your IP” boast after France sicced Swiss cops on it. | |||
|
2021-09-07 12:48:58 | Authorities Arrest Another TrickBot Gang Member in South Korea (lien direct) | A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions. | |||
|
2021-09-07 12:00:31 | Holy Grail of Security: Answers to \'Did XYZ Work?\' – Podcast (lien direct) | Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats. | |||
|
2021-09-06 15:29:26 | Human Fraud: Detecting Them Before They Detect You (lien direct) | Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack. | |||
|
2021-09-06 12:00:02 | IoT Attacks Skyrocket, Doubling in 6 Months (lien direct) | The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets. | |||
|
2021-09-03 16:15:26 | The State of Incident Response: Measuring Risk and Evaluating Your Preparedness (lien direct) | Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster. | |||
|
2021-09-03 16:07:53 | FIN7 Capitalizes on Windows 11 Release in Latest Gambit (lien direct) | The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider. | |||
|
2021-09-03 11:31:13 | Brute-Force Attacks Target Inboxes for Gift Card Data (lien direct) | Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data. | |||
|
2021-09-02 21:38:40 | NFT Collector Tricked into Buying Fake Banksy (lien direct) | An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money. | |||
|
2021-09-02 20:12:24 | SpyFone & CEO Banned From Stalkerware Biz (lien direct) | The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data. | |||
|
2021-09-02 18:32:18 | Bluetooth Bugs Open Billions of Devices to DoS, Code Execution (lien direct) | The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets. | |||
|
2021-09-02 16:03:51 | Google Play Sign-Ins Allow Covert Location-Tracking (lien direct) | A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app. | |||
|
2021-09-02 15:41:13 | Cisco Patches Critical Authentication Bug With Public Exploit (lien direct) | There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet. | |||
|
2021-09-02 12:51:59 | 7 Ways to Defend Mobile Apps, APIs from Cyberattacks (lien direct) | David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them. | |||
|
2021-09-02 12:28:13 | WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted (lien direct) | Users should be careful whose pics they view and should, of course, update their apps. | |||
|
2021-09-02 11:28:29 | Digital State IDs Start Rollouts Despite Privacy Concerns (lien direct) | Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely. | |||
|
2021-09-02 11:03:23 | Comcast RF Attack Leveraged Remotes for Surveillance (lien direct) | IoT vulnerabilities turn remote into listening device, researchers find, which impacted 18 million Xfinity customers. | |||
|
2021-09-01 17:58:38 | Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites (lien direct) | Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned. | |||
|
2021-09-01 15:55:23 | LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files (lien direct) | The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack. | Ransomware | ||
|
2021-09-01 14:40:46 | BEC Scammers Seek Native English Speakers on Underground (lien direct) | Cybercrooks are posting help-wanted ads on dark web forums, promising to do the technical work of compromising email accounts but looking for native English speakers to carry out the social-engineering part of these lucrative scams. | |||
|
2021-09-01 12:17:17 | Feds Warn of Ransomware Attacks Ahead of Labor Day (lien direct) | Threat actors recently have used long holiday weekends -- when many staff are taking time off -- as a prime opportunity to ambush organizations. | Ransomware Threat | ||
|
2021-08-31 20:35:18 | Fortress Home Security Open to Remote Disarmament (lien direct) | A pair of unpatched security vulnerabilities can allow unauthenticated cyberattackers to turn off window, door and motion-sensor monitoring. | |||
|
2021-08-31 20:33:41 | Cream Finance DeFi Platform Rooked For $29M (lien direct) | Cream is latest DeFi platform to get fleeced in rash of attacks. | |||
|
2021-08-31 20:12:46 | Proxyware Services Open Orgs to Abuse – Report (lien direct) | Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn. | |||
|
2021-08-31 16:12:26 | WooCommerce Pricing Plugin Allows Malicious Code-Injection (lien direct) | The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers. | |||
|
2021-08-31 15:08:46 | QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout (lien direct) | The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL. | |||
|
2021-08-31 13:29:17 | Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers (lien direct) | Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them. | |||
|
2021-08-31 10:42:18 | LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection (lien direct) | Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems. | Ransomware Threat | ||
|
2021-08-30 21:46:56 | HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform (lien direct) | HPE joins Apple in warning customers of a high-severity Sudo vulnerability. | |||
|
2021-08-30 20:32:41 | Army Testing Facial Recognition in Child-Care Centers (lien direct) | Army looking for AI to layer over daycare CCTV to boost 'family quality of life.' | |||
|
2021-08-30 19:44:54 | The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers (lien direct) | In part one of a two-part series, Akamai's director of security technology and strategy, Tony Lauro, lays out what orgs need to know to defend against account takeover attacks. | |||
|
2021-08-30 17:31:06 | Microsoft Exchange \'ProxyToken\' Bug Allows Email Snooping (lien direct) | The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims' personal information, sensitive company data and more. | |||
|
2021-08-30 15:14:21 | LockBit Gang to Publish 103GB of Bangkok Air Customer Data (lien direct) | The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day. | Ransomware | ||
|
2021-08-28 16:58:45 | T-Mobile\'s Security Is \'Awful,\' Says Purported Thief (lien direct) | John Binns, claiming to be behind the massive T-Mobile theft of >50m customer records, dissed the security measures of the US's No. 2 wireless biggest carrier. T-Mobile is "humbled," it said, announcing new partnerships with security heavyweights on Friday. | ★★★ | ||
|
2021-08-27 20:54:13 | Parallels Offers \'Inconvenient\' Fix for High-Severity Bug (lien direct) | Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions. |
To see everything:
Our RSS (filtrered)
