What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-27 20:35:05 | Experts: WH Cybersecurity Summit Should Be Followed by Regulation, Enforcement (lien direct) | Amazon, Google, Microsoft etc. making major commitments to shore up nation's cyber-defenses just won't be enough, researchers say. | |||
|
2021-08-27 20:16:34 | Winning the Cyber-Defense Race: Understand the Finish Line (lien direct) | Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It's not achieving visibility. | |||
|
2021-08-27 17:32:56 | FIN8 Targets US Bank With New \'Sardonic\' Backdoor (lien direct) | The latest refinement of the APT's BadHatch backdoor can leverage new malware on the fly without redeployment, making it potent and nimble. | Malware | ★★★ | |
|
2021-08-27 16:49:23 | Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover (lien direct) | It's unclear if Microsoft customers were breached during the months-long period where the #ChaosDB bug in Jupyter Notebooks was exploitable. | |||
|
2021-08-27 13:50:44 | Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor (lien direct) | The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims' files on its dark web portal. | Ransomware | ||
|
2021-08-27 13:00:36 | Top Strategies That Define the Success of a Modern Vulnerability Management Program (lien direct) | Modern vulnerability management programs require a strategy that defines what success means for your organization's cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you'll set up your IT teams to be better equipped to steer off cyberattacks. | Vulnerability | ||
|
2021-08-27 12:00:38 | \'Pay Ransom\' Screen? Too Late, Humpty Dumpty – Podcast (lien direct) | Splunk's Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells. | |||
|
2021-08-26 20:50:23 | Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin (lien direct) | Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin. | Malware | ||
|
2021-08-26 16:40:38 | F5 Bug Could Lead to Complete System Takeover (lien direct) | The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. | Guideline | ||
|
2021-08-26 13:00:11 | Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity (lien direct) | Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021. | Ransomware Threat | ||
|
2021-08-26 12:39:54 | Microsoft Breaks Silence on Barrage of ProxyShell Attacks (lien direct) | versions of the software are affected by a spate of bugs under active exploitations. | |||
|
2021-08-25 22:48:34 | Cisco Issues Critical Fixes for High-End Nexus Gear (lien direct) | Networking giant issues two critical patches and six high-severity patches. | |||
|
2021-08-25 18:23:58 | Win10 Admin Rights Tossed Off by Yet Another Plug-In (lien direct) | Then again, you don't even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights. | |||
|
2021-08-25 15:10:46 | US Media, Retailers Targeted by New SparklingGoblin APT (lien direct) | The new APT uses an undocumented backdoor to infiltrate the education, retail and government sectors. | |||
|
2021-08-25 11:41:31 | California Man Hacked iCloud Accounts to Steal Nude Photos (lien direct) | Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials. | Guideline | ||
|
2021-08-24 19:35:41 | Poly Network Recoups $610M Stolen from DeFi Platform (lien direct) | The attacker returned the loot after being offered a gig as chief security advisor with Poly Network. | |||
|
2021-08-24 17:51:56 | Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day (lien direct) | Cybersecurity watchdog CitizenLab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time. | |||
|
2021-08-24 16:27:01 | Custom WhatsApp Build Delivers Triada Malware (lien direct) | Researchers have spotted the latest version of the Triada trojan targeting mobile devices via an advertising SDK. | Malware | ||
|
2021-08-24 12:00:45 | Effective Threat-Hunting Queries in a Redacted World (lien direct) | Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers' infrastructure. | |||
|
2021-08-23 23:18:36 | Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs (lien direct) | Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools. | |||
|
2021-08-23 18:54:29 | ProxyShell Attacks Pummel Unpatched Exchange Servers (lien direct) | CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. | |||
|
2021-08-23 15:58:04 | Windows 10 Admin Rights Gobbled by Razer Devices (lien direct) | So much for Windows 10's security: a zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. | |||
|
2021-08-23 14:18:30 | Managing Privileged Access to Secure the Post-COVID Perimeter (lien direct) | Joseph Carson, chief security scientist & advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices. | |||
|
2021-08-23 14:08:42 | Attackers Actively Exploiting Realtek SDK Flaws (lien direct) | Multiple vulnerabilities in software used by 65 vendors under active attack. | |||
|
2021-08-20 21:11:16 | Web Censorship Systems Can Facilitate Massive DDoS Attacks (lien direct) | Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks. | |||
|
2021-08-20 14:09:50 | Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits (lien direct) | Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization's network. | Ransomware Threat | ||
|
2021-08-19 22:06:26 | What\'s Next for T-Mobile and Its Customers? – Podcast (lien direct) | Hopefully not a hacked-up hairball of a “no can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite. | |||
|
2021-08-19 21:13:24 | How Ready Are You for a Ransomware Attack? (lien direct) | Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement. | Ransomware | ||
|
2021-08-19 20:34:42 | Critical Cisco Bug in Small Business Routers to Remain Unpatched (lien direct) | The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life. | |||
|
2021-08-19 20:19:04 | InkySquid State Actor Exploiting Known IE Bugs (lien direct) | The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks. | APT 37 | ||
|
2021-08-19 16:58:54 | Windows EoP Bug Detailed by Google Project Zero (lien direct) | Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention. | |||
|
2021-08-19 16:38:31 | COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate (lien direct) | COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors. | Threat | ||
|
2021-08-19 14:35:49 | Postmortem on U.S. Census Hack Exposes Cybersecurity Failures (lien direct) | Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems. | Hack | ★★★★★ | |
|
2021-08-18 18:26:25 | Bogus Cryptomining Apps Infest Google Play (lien direct) | The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads. | |||
|
2021-08-18 17:54:05 | T-Mobile: >40 Million Customers\' Data Stolen (lien direct) | Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection. | |||
|
2021-08-18 14:30:51 | Memory Bugs in BlackBerry\'s QNX Embedded OS Open Devices to Attacks (lien direct) | The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices. | |||
|
2021-08-18 13:19:15 | Kerberos Authentication Spoofing: Don\'t Bypass the Spec (lien direct) | Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS. | |||
|
2021-08-18 12:07:33 | Unpatched Fortinet Bug Allows Firewall Takeovers (lien direct) | The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month. | |||
|
2021-08-18 11:24:42 | HolesWarm Malware Exploits Unpatched Windows, Linux Servers (lien direct) | The botnet cryptominer has already compromised 1,000-plus clouds since June. | Malware | ||
|
2021-08-17 18:56:39 | The Overlooked Security Risks of The Cloud (lien direct) | Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working. | |||
|
2021-08-17 16:44:58 | LockBit 2.0 Ransomware Proliferates Globally (lien direct) | Fresh attacks target companies' employees, promising millions of dollars in exchange for valid account credentials for initial access. | Ransomware | ||
|
2021-08-17 16:20:30 | Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop (lien direct) | A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek's Kalay network, used in 83m devices. | Vulnerability | ||
|
2021-08-17 14:46:09 | Terrorist Watchlist Exposed Online with Nearly 1.9M Records (lien direct) | A researcher discovered a data cache from the FBI's Terrorist Screening Center left online without a password or authentication requirement. | |||
|
2021-08-17 13:58:12 | Apple: CSAM Image-Detection Backdoor \'Narrow\' in Scope (lien direct) | Computing giant tries to reassure users that the tool won't be used for mass surveillance. | Tool | ||
|
2021-08-17 13:00:00 | How to Reduce Exchange Server Downtime in Case of a Disaster? (lien direct) | Exchange downtime can have serious implications on businesses. Thus, it's important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime. | |||
|
2021-08-17 04:00:43 | Phishing Costs Nearly Quadrupled Over 6 Years (lien direct) | Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not payouts to crooks. | Ransomware | ||
|
2021-08-16 20:50:23 | Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets (lien direct) | Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets. | |||
|
2021-08-16 18:22:25 | XSS Bug in SEOPress WordPress Plugin Allows Site Takeover (lien direct) | The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites. | |||
|
2021-08-16 15:12:24 | 100m T-Mobile Customer Records Purportedly Up for Sale (lien direct) | The seller claims to have sucker-punched U.S. infrastructure out of retaliation. The offer: 30m records for ~1 penny each, with the rest being sold privately. | |||
|
2021-08-13 21:19:16 | Amazon\'s Plan to Track Worker Keystrokes: A Sign of Controls to Come? (lien direct) | Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according to Motherboard which reviewed the document. […] |
To see everything:
Our RSS (filtrered)
