What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-04 15:59:01 | Critical Cisco Flaws Open VPN Routers Up to RCE Attacks (lien direct) | The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses. | |||
|
2021-02-04 15:58:45 | Microsoft Office 365 Attacks Sparked from Google Firebase (lien direct) | A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials. | |||
|
2021-02-04 12:52:35 | Clearview Facial-Recognition Technology Ruled Illegal in Canada (lien direct) | The company's controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges. | |||
|
2021-02-03 21:37:41 | Emotet\'s Takedown: Have We Seen the Last of the Malware? (lien direct) | A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware. | |||
|
2021-02-03 21:22:49 | Second SolarWinds Attack Group Breaks into USDA Payroll - Report (lien direct) | A second APT, potentially linked to the Chinese government, could be behind the Supernova malware. | |||
|
2021-02-03 20:50:54 | New Malware Hijacks Kubernetes Clusters to Mine Monero (lien direct) | Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.' | Malware | Uber | |
|
2021-02-03 15:40:01 | Five Critical Android Bugs Patched, Part of Feb. Security Bulletin (lien direct) | February's security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8. | |||
|
2021-02-03 11:00:21 | SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover (lien direct) | The by-now infamous company has issued patches for three security vulnerabilities in total. | |||
|
2021-02-02 21:38:50 | TrickBot Continues Resurgence with Port-Scanning Module (lien direct) | The infamous malware has incorporated the legitimate Masscan tool, which looks for open TCP/IP ports with lightning-fast results. | Malware | ||
|
2021-02-02 18:17:18 | Crypto Crook Hired Steven Seagal to Promote Scam, Now Faces Charges (lien direct) | Feds charged California-based private detective for stealing $11M from investors, with help from actor Steven Seagal. | |||
|
2021-02-02 17:37:56 | Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins (lien direct) | The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-performance computing clusters. | Malware | ||
|
2021-02-02 17:31:10 | Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise (lien direct) | An e-commerce credit-card skimmer is being used by a second skimmer to steal payment data - and both are on Costway's website. | |||
|
2021-02-02 15:15:44 | Agent Tesla Trojan \'Kneecaps\' Microsoft\'s Anti-Malware Interface (lien direct) | A new version of the Agent Tesla RAT can 'kneecap' endpoint protection software supported by Microsoft ASMI. | |||
|
2021-02-02 14:00:11 | Identity Theft Spikes Due to COVID-19 Relief (lien direct) | Cases reported to the FTC doubled last year as cybercriminals took advantage of increased filing for government relief benefits due to the pandemic. | |||
|
2021-02-01 21:47:19 | Wind River Security Incident Affects SSNs, Passport Numbers (lien direct) | Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network. | |||
|
2021-02-01 21:18:09 | Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers (lien direct) | Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign. | |||
|
2021-02-01 21:12:13 | SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat (lien direct) | Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks. | Hack | ||
|
2021-02-01 16:59:19 | Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code (lien direct) | The flaw in the free-source library could have been ported to multiple applications. | |||
|
2021-02-01 16:50:24 | Alleged Gaming Software Supply-Chain Attack Installs Spyware (lien direct) | Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices. | Malware | ||
|
2021-01-29 21:56:50 | WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites (lien direct) | The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites. | |||
|
2021-01-29 21:54:24 | Microsoft 365 Becomes Haven for BEC Innovation (lien direct) | Two new phishing tactics use the platform's automated responses to evade email filters. | |||
|
2021-01-29 18:01:38 | Industrial Gear at Risk from Fuji Code-Execution Bugs (lien direct) | Fuji Electric's Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more. | |||
|
2021-01-29 16:52:30 | Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System (lien direct) | Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits. | |||
|
2021-01-29 13:29:10 | Lazarus Affiliate \'ZINC\' Blamed for Campaign Against Security Researcher (lien direct) | New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with 'Comebacker' malware. | APT 38 | ||
|
2021-01-28 20:06:57 | Rocke Group\'s Malware Now Has Worm Capabilities (lien direct) | The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics. | Malware | APT 32 | |
|
2021-01-28 18:01:24 | Utah Ponders Making Online \'Catfishing\' a Crime (lien direct) | Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow. | |||
|
2021-01-28 16:46:01 | LogoKit Simplifies Office 365, SharePoint \'Login\' Phishing Pages (lien direct) | A phishing kit has been found running on at least 700 domains - and mimicking services via false SharePoint, OneDrive and Office 365 login portals. | |||
|
2021-01-28 15:52:29 | Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball (lien direct) | A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. | Hack | ||
|
2021-01-27 21:43:22 | TeamTNT Cloaks Malware With Open-Source Tool (lien direct) | The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs. | Malware Tool | ||
|
2021-01-27 21:08:48 | NetWalker Ransomware Suspect Charged: Tor Site Seized (lien direct) | The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector. | Ransomware | ||
|
2021-01-27 20:32:55 | Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming (lien direct) | A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet. | |||
|
2021-01-27 19:16:41 | Sudo Bug Gives Root Access to Mass Numbers of Linux Systems (lien direct) | Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo. | |||
|
2021-01-27 18:05:51 | ADT Security Camera Flaw Opened Homes, Stores to Eavesdropping (lien direct) | Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more. | |||
|
2021-01-27 18:04:49 | Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline (lien direct) | Hundreds of servers and 1 million Emotet infections have been dismantled globally, while tales have emerged on Twitter that NetWalker's Dark Web leaks site is offline. | |||
|
2021-01-27 12:21:28 | Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update (lien direct) | An anonymous researcher identified bugs in the software's kernel and WebKit browser engine that are likely part of an exploit chain. | |||
|
2021-01-26 22:11:54 | Nvidia Squashes High-Severity Jetson DoS Flaw (lien direct) | If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products. | Guideline | ||
|
2021-01-26 21:24:34 | DanaBot Malware Roars Back into Relevancy (lien direct) | Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months. | Malware | ||
|
2021-01-26 19:35:44 | 23M Gamer Records Exposed in VIPGames Leak (lien direct) | The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds. | |||
|
2021-01-26 17:24:00 | Criminal, Domestic Violence Case Info Exposed in Cook County Leak (lien direct) | Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records. | |||
|
2021-01-26 17:15:33 | Nefilim Ransomware Gang Hits Jackpot with Ghost Account (lien direct) | An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed. | Ransomware | ||
|
2021-01-26 14:49:03 | North Korea Targets Security Researchers in Elaborate 0-Day Campaign (lien direct) | Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor. | |||
|
2021-01-26 11:00:07 | TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks (lien direct) | A security flaw in TikTok could have allowed attackers to query query the platform's database – potentially opening up for privacy violations. | |||
|
2021-01-25 21:51:13 | Breaking Down Joe Biden\'s $10B Cybersecurity \'Down Payment\' (lien direct) | Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in. | |||
|
2021-01-25 21:16:11 | Outgoing FCC Chair Issues Final Security Salvo Against China (lien direct) | Ajit Pai says Chinese telecom companies 'biggest national security threat' for regulators in exit interview. | |||
|
2021-01-25 21:08:02 | 2.28M MeetMindful Daters Compromised in Data Breach (lien direct) | The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download. | Data Breach | ||
|
2021-01-25 17:53:51 | Cisco DNA Center Bug Opens Enterprises to Remote Attack (lien direct) | The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks. | Vulnerability | ||
|
2021-01-25 17:04:19 | SonicWall Breach Stems from \'Probable\' Zero-Days (lien direct) | The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series. | |||
|
2021-01-22 21:57:10 | Microsoft Edge, Google Chrome Roll Out Password Protection Tools (lien direct) | The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords. | |||
|
2021-01-22 21:55:34 | Amazon Kindle RCE Attack Starts with an Email (lien direct) | The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims. | |||
|
2021-01-22 18:35:24 | Discord-Stealing Malware Invades npm Packages (lien direct) | The CursedGrabber malware has infiltrated the open-source software code repository. | Malware |
To see everything:
Our RSS (filtrered)
