What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-21 16:39:50 | Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow (lien direct) | Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks. | ★★★★★ | ||
|
2020-12-21 12:00:41 | Telemed Poll Uncovers Biggest Risks and Best Practices (lien direct) | What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll. | |||
|
2020-12-18 21:26:47 | Cloud is King: 9 Software Security Trends to Watch in 2021 (lien direct) | Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year. | |||
|
2020-12-18 19:01:07 | Sunburst\'s C2 Secrets Reveal Second-Stage SolarWinds Victims (lien direct) | Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign. | Solardwinds Solardwinds | ||
|
2020-12-18 16:42:53 | Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies (lien direct) | The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned. | |||
|
2020-12-18 16:32:55 | Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download (lien direct) | Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues. | Threat | ||
|
2020-12-18 16:00:13 | Insider Threats: What Are They, Really? (lien direct) | "Insider threat" or "human error" shows up a lot as the major cause of data breaches across all types of reports out there. But often it's not defined, or it's not clearly defined, so people conjure up their own definition. | General Information | ||
|
2020-12-17 23:11:27 | How to Increase Your Security Posture with Fewer Resources (lien direct) | Plixer's Justin Jett, Compliance & Audit director, discusses how to do more with less when your security resources are thin. | |||
|
2020-12-17 23:07:56 | Nuclear Weapons Agency Hacked in Widening Cyberattack – Report (lien direct) | Sources said the DoE suffered "damage" in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector. | |||
|
2020-12-17 22:27:38 | 5M WordPress Sites Running the Contact Form 7 Plugin are Open to Attack (lien direct) | A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. | |||
|
2020-12-17 19:42:45 | Police Vouch for Hacker Who Guessed Trump\'s Twitter Password (lien direct) | No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump's Twitter account by guessing his password, “MAGA2020!” last October. | |||
|
2020-12-17 19:18:31 | Air-Gap Attack Turns Memory Modules into Wi-Fi Radios (lien direct) | Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers. | |||
|
2020-12-17 19:17:49 | RubyGems Packages Laced with Bitcoin-Stealing Malware (lien direct) | Two malicious software building blocks that could be baked into web applications prey on unsuspecting users. | Malware | ||
|
2020-12-17 17:30:15 | Cryptologists Crack Zodiac Killer\'s 340 Cipher (lien direct) | The Zodiac's serial killer's 340 cipher, which couldn't be solved for 50 years, has been cracked by a remote team of mathematicians. | ★★★★ | ||
|
2020-12-17 17:03:48 | 3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons (lien direct) | Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft. | Malware | ||
|
2020-12-17 17:00:29 | Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr (lien direct) | The massive shift to remote work has turbocharged the shadow IT problem. | |||
|
2020-12-16 18:37:18 | Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor (lien direct) | In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks. | Ransomware | ||
|
2020-12-16 17:05:49 | The SolarWinds Perfect Storm: Default Password, Access Sales and More (lien direct) | Meanwhile, Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack. | Mobile | Solardwinds | ★★ |
|
2020-12-16 16:16:36 | Sextortionist Campaign Targets iOS, Android Users with New Spyware (lien direct) | Goontact lures users of illicit sites through Telegram and other secure messaging apps and steals their information for future fraudulent use. | |||
|
2020-12-15 21:43:58 | Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam (lien direct) | Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware. | |||
|
2020-12-15 21:30:11 | Easy WP SMTP Security Bug Can Reveal Admin Credentials (lien direct) | A poorly configured file opens users up to site takeover. | |||
|
2020-12-15 21:29:51 | Gitpaste-12 Worm Widens Set of Exploits in New Attacks (lien direct) | The worm returned in recent attacks against web applications, IP cameras and routers. | |||
|
2020-12-15 21:04:30 | Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome (lien direct) | Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support. | |||
|
2020-12-15 17:36:17 | 45 Million Medical Images Left Exposed Online (lien direct) | A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes. | |||
|
2020-12-15 16:47:26 | Agent Tesla Keylogger Gets Data Theft and Targeting Update (lien direct) | The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients. | ★★★★ | ||
|
2020-12-15 16:43:27 | Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure (lien direct) | Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. | |||
|
2020-12-14 20:45:31 | Spotify Changes Passwords After Another Data Breach (lien direct) | This is the third breach in the past few weeks for the world's most popular streaming service. | Data Breach | ||
|
2020-12-14 19:50:14 | Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts (lien direct) | The insider threat will go to jail for two years after compromising Cisco's cloud infrastructure. | Threat | ||
|
2020-12-14 19:08:27 | DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report (lien direct) | The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort. | |||
|
2020-12-14 18:36:06 | Microsoft Office 365 Credentials Under Attack By Fax \'Alert\' Emails (lien direct) | Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials. | |||
|
2020-12-14 16:34:11 | New Windows Trojan Steals Browser Credentials, Outlook Files (lien direct) | The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims. | Malware | ||
|
2020-12-11 20:51:14 | Security Issues in PoS Terminals Open Consumers to Fraud (lien direct) | Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords. | |||
|
2020-12-11 20:39:59 | Adrozek Malware Delivers Fake Ads to 30K Devices a Day (lien direct) | The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat. | Malware | Adrozek | |
|
2020-12-11 19:41:40 | PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers (lien direct) | The malware takes aim at PostgreSQL database servers with never-before-seen techniques. | Malware | ||
|
2020-12-11 18:14:34 | Feds: K-12 Cyberattacks Dramatically on the Rise (lien direct) | Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said. | |||
|
2020-12-11 17:05:37 | Facebook Shutters Accounts Used in APT32 Cyberattacks (lien direct) | Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks. | Malware Threat | APT 32 | |
|
2020-12-10 21:24:13 | Defending the Intelligent Edge from Evolving Attacks (lien direct) | Fortinet's Aamir Lakhani discusses best practices for securing company data against next-gen threats, like edge access trojans (EATs). | |||
|
2020-12-10 20:41:57 | Pfizer COVID-19 Vaccine Targeted in EU Cyberattack (lien direct) | Threat actors accessed Pfizer vaccine documentation submitted to EU regulators in the latest cyberattack trying to profit off pandemic suffering. | Threat | ||
|
2020-12-10 17:50:29 | MoleRats APT Returns with Espionage Play Using Facebook, Dropbox (lien direct) | The threat group is increasing its espionage activity in light of the current political climate and recent events in the Middle East, with two new backdoors. | Threat | ||
|
2020-12-10 16:26:14 | PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers (lien direct) | Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases. | Ransomware | ||
|
2020-12-10 16:09:42 | Critical Cisco Jabber Bug Gets Updated Fix (lien direct) | A series of bugs, patched in September, still allow remote code execution by attackers. | ★★★★★ | ||
|
2020-12-10 15:00:29 | Cyber Monday is Every Monday: Securing the \'New Normal\' (lien direct) | From eCommerce threats, to security concerns in connected speakers, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year. | |||
|
2020-12-10 12:44:36 | Misery of Ransomware Hits Hospitals the Hardest (lien direct) | Ransomware attacks targeting hospitals have exacted a human cost as well as financial. | Ransomware | ||
|
2020-12-10 11:00:46 | Critical Steam Flaws Could Let Gamers to Crash Opponents\' Computers (lien direct) | Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life. | |||
|
2020-12-09 21:26:54 | Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020 (lien direct) | As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart. | |||
|
2020-12-09 19:53:13 | SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign (lien direct) | Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets. | APT-C-17 | ||
|
2020-12-09 16:40:43 | COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware (lien direct) | Cybercriminals are leveraging the recent rollout of the COVID-19 vaccines globally in various cyberattacks - from stealing email passwords to distributing the Zebrocy malware. | Malware | ||
|
2020-12-09 14:56:14 | D-Link Routers at Risk for Remote Takeover from Zero-Day Flaws (lien direct) | Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware. | |||
|
2020-12-08 22:52:24 | Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets (lien direct) | Google updates its mobile OS, fixing ten critical bugs, including one remote code execution flaw. | |||
|
2020-12-08 22:08:41 | FireEye Cyberattack Compromises Red-Team Security Tools (lien direct) | An attacker stole FireEye's Red Team assessment tools that the company uses to test its customers' security. | ★★★ |
To see everything:
Our RSS (filtrered)
