What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-22 17:30:52 | Ransomware Attackers Publish 4K Private Scottish Gov Agency Files (lien direct) | Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve. | Ransomware | ||
|
2021-01-22 12:45:42 | Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks (lien direct) | Netscout researchers identify more than 14,000 existing servers that can be abused by 'the general attack population' to flood organizations' networks with traffic. | |||
|
2021-01-21 20:00:13 | Einstein Healthcare Network Announces August Breach (lien direct) | Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty. | |||
|
2021-01-21 19:42:41 | SQL Server Malware Tied to Iranian Software Firm, Researchers Allege (lien direct) | Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm. | Malware | ||
|
2021-01-21 15:02:34 | Google Forms Set Baseline For Widespread BEC Attacks (lien direct) | Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms. | |||
|
2021-01-21 14:00:41 | Google Searches Expose Stolen Corporate Credentials (lien direct) | A phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments. | |||
|
2021-01-20 21:47:54 | Critical Cisco SD-WAN Bugs Allow RCE Attacks (lien direct) | Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite. | |||
|
2021-01-20 20:45:43 | NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs (lien direct) | The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory. | |||
|
2021-01-20 17:36:35 | Malwarebytes Hit by SolarWinds Attackers (lien direct) | The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365. | ★★★★★ | ||
|
2021-01-20 16:42:58 | Investment Scammers Prey on Dating App Users, Interpol Warns (lien direct) | Users of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment-fraud scammers. | |||
|
2021-01-20 15:21:46 | Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms (lien direct) | Mystery of spying using popular chat apps uncovered by Google Project Zero researcher. | |||
|
2021-01-19 21:25:10 | DNSpooq Flaws Allow DNS Hijacking of Millions of Devices (lien direct) | Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution. | |||
|
2021-01-19 20:20:03 | Rob Joyce to Take Over as NSA Cybersecurity Director (lien direct) | Joyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration. | Uber | ||
|
2021-01-19 16:40:55 | SolarWinds Malware Arsenal Widens with Raindrop (lien direct) | The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks. | Malware | Solardwinds | ★★★ |
|
2021-01-19 15:51:30 | Linux Devices Under Attack by New FreakOut Malware (lien direct) | The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks. | Malware | ||
|
2021-01-19 14:45:27 | Attackers Steal E-Mails, Info from OpenWrt Forum (lien direct) | Users of the Linux-based open-source firmware-which include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn. | |||
|
2021-01-18 15:35:20 | Medical Device Security: Diagnosis Critical (lien direct) | Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced. | |||
|
2021-01-15 22:04:12 | Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show (lien direct) | Expert panel awards dubious honors to 2021 Consumer Electronics Show's biggest flops. | |||
|
2021-01-15 21:47:20 | Microsoft Implements Windows Zerologon Flaw \'Enforcement Mode\' (lien direct) | Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472. | |||
|
2021-01-15 17:02:52 | Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls (lien direct) | Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data. | |||
|
2021-01-15 16:19:40 | Google Boots 164 Apps from Play Marketplace for Shady Ad Practices (lien direct) | The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year. | |||
|
2021-01-14 22:30:52 | Facebook: Malicious Chrome Extension Developers Scraped Profile Data (lien direct) | Facebook has sued two Chrome devs for scraping user profile data - including names, user IDs and more. | |||
|
2021-01-14 19:33:49 | Florida Ethics Officer Charged with Cyberstalking (lien direct) | Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking. | |||
|
2021-01-14 17:20:34 | Telegram Bots at Heart of Classiscam Scam-as-a-Service (lien direct) | The cybercriminal service has scammed victims out of $6.5 million and continues to spread on Telegram. | |||
|
2021-01-14 16:45:04 | Cloud Attacks Are Bypassing MFA, Feds Warn (lien direct) | CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted. | |||
|
2021-01-14 13:28:22 | Ring Adds End-to-End Encryption to Quell Security Uproar (lien direct) | The optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns. | |||
|
2021-01-13 22:03:32 | TikTok Takes Teen Accounts Private (lien direct) | The company announced accounts for ages 13-15 will default to privacy setting, among other safety measures. | |||
|
2021-01-13 21:22:01 | High-Severity Cisco Flaw Found in CMX Software For Retailers (lien direct) | Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers. | |||
|
2021-01-13 19:41:49 | Critical WordPress-Plugin Bug Found in \'Orbit Fox\' Allows Site Takeover (lien direct) | Two security vulnerabilities -- one a privilege-escalation problem and the other a stored XSS bug -- afflict a WordPress plugin with 40,000 installs. | |||
|
2021-01-13 17:15:17 | (Déjà vu) Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data (lien direct) | On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet. | |||
|
2021-01-13 16:57:39 | Sophisticated Hacks Against Android, Windows Reveals Zero-Day Trove (lien direct) | Watering-hole attacks executed by 'experts' exploited Chrome, Windows and Android flaws and were carried out on two servers. | |||
|
2021-01-13 14:00:07 | CISOs Prep For COVID-19 Exposure Notification in the Workplace (lien direct) | Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt. | |||
|
2021-01-12 21:45:23 | Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes (lien direct) | The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks. | |||
|
2021-01-12 18:45:14 | Data Breach at \'Resident Evil\' Gaming Company Widens (lien direct) | Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers. | |||
|
2021-01-12 18:35:41 | Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack (lien direct) | A sophisticated threat actor has hijacked email security connections to spy on targets. | Threat | ||
|
2021-01-12 18:30:47 | BumbleBee Opens Exchange Servers in xHunt Spy Campaign (lien direct) | The BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands. | |||
|
2021-01-12 17:13:28 | Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content (lien direct) | Adobe issued patches for seven critical arbitrary-code-execution flaws plaguing Windows and MacOS users. | |||
|
2021-01-12 16:26:58 | Europol Reveals Dismantling of \'Largest\' Underground Marketplace (lien direct) | Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace's infrastructure, including more than 20 servers. | |||
|
2021-01-12 15:00:19 | Ethical Hackers Breach U.N., Access 100,000 Private Records (lien direct) | Researchers informed organization of a flaw that exposed GitHub credentials through the organization's vulnerability disclosure program. | Vulnerability | ||
|
2021-01-12 10:30:36 | Post-Backlash, WhatsApp Spells Out Privacy Policy Updates (lien direct) | WhatsApp aimed to clear the air about its updated privacy policy after reports of mandatory data sharing with Facebook drove users to Signal and Telegram in troves. | |||
|
2021-01-11 22:21:35 | Aliens and UFOs: A Final Frontier for Social Engineers (lien direct) | The release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for. | |||
|
2021-01-11 21:54:43 | Millions of Social Profiles Leaked by Chinese Data-Scrapers (lien direct) | A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn. | ★★★★★ | ||
|
2021-01-11 20:54:43 | Researcher Builds Parler Archive Amid Amazon Suspension (lien direct) | A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google. | |||
|
2021-01-11 17:53:21 | SolarWinds Hack Potentially Linked to Turla APT (lien direct) | Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. | Hack Mobile | Solardwinds Solardwinds | |
|
2021-01-08 21:31:52 | Malicious Software Infrastructure Easier to Get and Deploy Than Ever (lien direct) | Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces. | |||
|
2021-01-08 20:44:59 | A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets (lien direct) | Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021. | Ransomware | ||
|
2021-01-08 20:19:54 | Ryuk Rakes in $150M in Ransom Payments (lien direct) | An examination of the malware gang's payments reveals insights into its economic operations. | Malware | ||
|
2021-01-08 17:19:09 | SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack (lien direct) | Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds. | Hack | ||
|
2021-01-08 14:15:47 | FBI Warns of Egregor Attacks on Businesses Worldwide (lien direct) | The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior. | Malware | ||
|
2021-01-08 06:00:28 | Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking (lien direct) | Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices. |
To see everything:
Our RSS (filtrered)
