What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-13 21:04:53 | Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware (lien direct) | CAPTCHA-protected malicious URLs are snowballing lately, researchers said. | Malware | ||
|
2021-08-13 20:08:25 | SolarWinds 2.0 Could Ignite Financial Crisis – Podcast (lien direct) | That's what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it? | |||
|
2021-08-13 18:56:27 | Exchange Servers Under Active Attack via ProxyShell Bugs (lien direct) | There's an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs. | Threat | ||
|
2021-08-13 13:31:51 | WordPress Sites Abused in Aggah Spear-Phishing Campaign (lien direct) | The Pakistan-linked threat group's campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea. | Threat | ||
|
2021-08-12 21:20:55 | Rogue Marketplace AlphaBay Reboots (lien direct) | Illicit underground marketplace relaunches years after takedown. | |||
|
2021-08-12 20:30:58 | Black Hat: Novel DNS Hack Spills Confidential Corp Data (lien direct) | Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS. | Hack Vulnerability | ||
|
2021-08-12 17:32:47 | AdLoad Malware 2021 Samples Skate Past Apple XProtect (lien direct) | A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren't recognized by Apple's built-in security controls. | Malware | ||
|
2021-08-12 16:06:27 | Ransomware Payments Explode Amid \'Quadruple Extortion\' (lien direct) | Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks. | |||
|
2021-08-12 13:59:18 | QR Code Scammers Get Creative with Bitcoin ATMs (lien direct) | Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users. | Threat | ||
|
2021-08-12 13:19:50 | Microsoft Warns: Another Unpatched PrintNightmare Zero-Day (lien direct) | The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July. | |||
|
2021-08-11 21:56:00 | Accenture Confirms LockBit Ransomware Attack (lien direct) | LockBit offered Accenture's purported databases and made a requisite jab at its purportedly sad security. Accenture says it recovered just fine from backups. | Ransomware | ||
|
2021-08-11 19:17:13 | NSA Watchdog Will Review Tucker Carlson Spying Claims (lien direct) | Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted. | ★★★ | ||
|
2021-08-11 16:43:37 | \'Friends\' Reunion Anchors Video Swindle (lien direct) | Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix. | Spam | ||
|
2021-08-11 15:34:13 | Kaseya\'s \'Master Key\' to REvil Attack Leaked Online (lien direct) | The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said. | Ransomware | ||
|
2021-08-11 15:27:02 | SAP Patches Nine Critical & High-Severity Bugs (lien direct) | Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours. | |||
|
2021-08-11 15:12:47 | Crypto Hack Earned Crooks $600 Million (lien direct) | In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network. | Hack | ||
|
2021-08-10 21:21:44 | Connected Farms Easy Pickings for Global Food Supply-Chain Hack (lien direct) | John Deere security bugs could allow cyberattackers to damage crops, surrounding property or even people; impact harvests; or destroy farmland for years. | Hack | ||
|
2021-08-10 21:17:58 | Actively Exploited Windows Zero-Day Gets a Patch (lien direct) | Microsoft's August 2021 Patch Tuesday addressed a smaller set of bugs than usual, including more Print Spooler problems, a zero-day and seven critical vulnerabilities. | |||
|
2021-08-10 17:22:28 | eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices (lien direct) | Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendors' devices that are common in SOHO setups. | Ransomware | ||
|
2021-08-10 15:33:46 | Chaos Malware Walks Line Between Ransomware and Wiper (lien direct) | The dangerous malware has been rapidly developed since June and could be released into the wild soon. | Ransomware Malware | ||
|
2021-08-10 14:43:41 | Fuzz Off: How to Shake Up Code to Get It Right – Podcast (lien direct) | Is fuzzing for the cybersec elite, or should it be accessible to all software developers? FuzzCon panelists say join the party as they share fuzzing wins & fails. | |||
|
2021-08-10 13:47:59 | 1M Stolen Credit Cards Hit Dark Web for Free (lien direct) | A dump of hundreds of thousands of active accounts is aimed at promoting AllWorld.Cards, a recently launched cybercriminal site for selling payment credentials online. | |||
|
2021-08-09 21:06:30 | \'Glowworm\' Attack Turns Power Light Flickers into Audio (lien direct) | Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings. | |||
|
2021-08-09 19:41:45 | Black Hat: Scaling Automated Disinformation for Misery and Profit (lien direct) | Researchers demonstrated the power deep neural networks enlisted to create a bot army with the firepower to shape public opinion and spark QAnon 2.0. | |||
|
2021-08-09 19:41:30 | Auth Bypass Bug Exploited, Affecting Millions of Routers (lien direct) | A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks. | |||
|
2021-08-09 16:18:25 | Android Malware \'FlyTrap\' Hijacks Facebook Accounts (lien direct) | Coupon codes for Netlifx or Google AdWords? Voting for the best football team? Beware: Malicious apps offering such come-ons could inflict a new trojan. | Malware | ||
|
2021-08-09 13:00:08 | Cutting Through the Noise from Daily Alerts (lien direct) | The biggest challenge for security teams today is the quality of the threat intelligence platforms and feeds. How much of the intel is garbage and unusable? Threat intelligence process itself spans and feeds into many external and internal systems and applications. Without actionable data, it is impossible to understand the relevance and potential impact of a threat. Learn how Threat Intelligence management plays a role to help prioritize and act fast. | Threat | ||
|
2021-08-06 20:41:40 | Golang Cryptomining Worm Offers 15% Speed Boost (lien direct) | The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process. | Malware | ||
|
2021-08-06 18:54:49 | Amazon Kindle Vulnerable to Malicious EBooks (lien direct) | Prior to a patch, a serious bug could have allowed attackers to take over Kindles and steal personal data. | |||
|
2021-08-06 16:07:55 | Critical Cisco Bug in VPN Routers Allows Remote Takeover (lien direct) | Security researchers warned that at least 8,800 vulnerable systems are open to compromise. | |||
|
2021-08-06 15:01:49 | Zoom Settlement: An $85M Business Case for Security Investment (lien direct) | Zoom's security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup. | |||
|
2021-08-06 14:44:16 | Angry Affiliate Leaks Conti Ransomware Gang Playbook (lien direct) | The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks. | Ransomware | ||
|
2021-08-05 23:40:42 | Black Hat: New CISA Head Woos Crowd With Public-Private Task Force (lien direct) | Day two Black Hat keynote by CISA Director Jen Easterly includes launch of private-public partnership with Amazon, Google and Microsoft to fight cybercrime. | |||
|
2021-08-05 21:54:16 | Auditors: Feds\' Cybersecurity Gets the Dunce Cap (lien direct) | Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-. | |||
|
2021-08-05 15:26:32 | MacOS Flaw in Telegram Retrieves Deleted Messages (lien direct) | Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead. | |||
|
2021-08-05 14:36:23 | Black Hat: Microsoft\'s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say (lien direct) | Researchers show how to circumvent Microsoft's Windows Hello biometric authentication using a spoofed USB camera. | |||
|
2021-08-05 14:16:03 | Black Hat: Charming Kitten Leaves More Paw Prints (lien direct) | IBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof. | APT 35 APT 35 | ||
|
2021-08-04 21:34:27 | \'I\'m Calling About Your Car Warranty\', aka PII Hijinx (lien direct) | Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts. | |||
|
2021-08-04 21:14:30 | Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms (lien direct) | A researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities. | |||
|
2021-08-04 19:57:35 | Black Hat: Let\'s All Help Cyber-Immunize Each Other (lien direct) | We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity. | |||
|
2021-08-04 14:44:54 | Phishing Campaign Dangles SharePoint File-Shares (lien direct) | Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered. | |||
|
2021-08-04 04:00:06 | We COVID-Clicked on Garbage, Report Finds: Podcast (lien direct) | Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020. | |||
|
2021-08-03 20:16:26 | Iranian APT Lures Defense Contractor in Catfishing-Malware Scam (lien direct) | Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456. | Malware | ||
|
2021-08-03 20:00:31 | Ransomware Volumes Hit Record Highs as 2021 Wears On (lien direct) | The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way. | Ransomware Guideline | ||
|
2021-08-03 15:28:32 | Raccoon Stealer Bundles Malware, Propagates Via Google SEO (lien direct) | An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware. | |||
|
2021-08-03 14:55:56 | \'DeadRinger\' Targeted Exchange Servers Long Before Discovery (lien direct) | Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017. | |||
|
2021-08-02 20:58:54 | \'PwnedPiper\': Devastating Bugs in >80% of Hospital Pneumatics (lien direct) | Podcast: Blood samples aren't martinis. You can't shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware. | Guideline | ||
|
2021-08-02 19:15:42 | Chipotle Emails Serve Up Phishing Lures (lien direct) | Mass email distribution service compromise mirrors earlier Nobelium attacks. | |||
|
2021-07-30 21:06:23 | NSA Warns Public Networks are Hacker Hotbeds (lien direct) | Agency warns attackers targeting teleworkers to steal corporate data. | |||
|
2021-07-30 15:21:41 | Novel Meteor Wiper Used in Attack that Crippled Iranian Train System (lien direct) | A July 9th attack disrupted service and taunted Iran's leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints. | Guideline |
To see everything:
Our RSS (filtrered)
