What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-20 16:24:49 | Most Email Security Approaches Fail to Block Common Threats (lien direct) | A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. | |||
|
2022-04-20 12:12:08 | Google: 2021 was a Banner Year for Exploited 0-Day Bugs (lien direct) | Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. | |||
|
2022-04-19 16:04:33 | \'CatalanGate\' Spyware Infections Tied to NSO Group (lien direct) | Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia. | |||
|
2022-04-19 14:07:05 | Protect Your Executives\' Cybersecurity Amidst Global Cyberwar (lien direct) | In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company's risk of direct or collateral damage. | |||
|
2022-04-18 13:00:30 | Cyberattackers Put the Pedal to the Medal: Podcast (lien direct) | Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. | |||
|
2022-04-15 17:34:48 | Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web (lien direct) | Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims. | Ransomware | ||
|
2022-04-14 15:57:20 | Feds: APTs Have Tools That Can Take Over Critical Infrastructure (lien direct) | Threat actors have developed custom modules to compromise various ICS devices as well as Windows workstations that pose an imminent threat, particularly to energy providers. | Threat | ||
|
2022-04-13 15:01:36 | Feds Shut Down RaidForums Hacking Marketplace (lien direct) | The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. | |||
|
2022-04-12 17:22:38 | Menswear Brand Zegna Reveals Ransomware Attack (lien direct) | Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay. | Ransomware | ||
|
2022-04-11 17:26:25 | Microsoft Takes Down Domains Used in Cyberattack Against Ukraine (lien direct) | The APT28 (Advanced persistence threat) is operating since 2009, this group has worked under different names such as Sofacy, Sednit, Strontium Storm, Fancy Bear, Iron Twilight, and Pawn. | APT 28 | ||
|
2022-04-08 16:06:29 | Google Play Bitten by Sharkbot Info-stealer \'AV Solution\' (lien direct) | Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times. | |||
|
2022-04-07 13:46:17 | SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts (lien direct) | Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. | Vulnerability | ||
|
2022-04-07 13:00:56 | MacOS Malware: Myth vs. Truth – Podcast (lien direct) | Huntress Labs R&D Director Jamie Levy busts the old “Macs don't get viruses” myth and offers tips on how MacOS malware differs and how to protect against it. | Malware | ||
|
2022-04-06 12:37:47 | Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info (lien direct) | Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages. | Threat | ||
|
2022-04-05 17:53:47 | Authorities Fully Behead Hydra Dark Marketplace (lien direct) | The popular underground market traded in drugs, stolen data, forged documents and more -- raking in billions in Bitcoin. | |||
|
2022-04-05 13:30:50 | No-Joke Borat RAT Propagates Ransomware, DDoS (lien direct) | This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity. | Malware Threat | ||
|
2022-04-01 13:02:17 | Apple Rushes Out Patches for 0-Days in MacOS, iOS (lien direct) | The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. | Threat | ★★★ | |
|
2022-03-31 18:09:07 | Belarusian \'Ghostwriter\' Actor Picks Up BitB for Ukraine-Related Attacks (lien direct) | Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia. | |||
|
2022-03-31 14:49:47 | Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn (lien direct) | A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of 'smart car tech' and EVs surges. | ★★★★★ | ||
|
2022-03-31 13:22:49 | QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug (lien direct) | QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch. | Vulnerability | ||
|
2022-03-31 13:00:09 | A Blockchain Primer and a Bored Ape Headscratcher – Podcast (lien direct) | Mystified? Now's the time to learn about cryptocurrency-associated risks: Listen to KnowBe4's Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe. | ★★★★★ | ||
|
2022-03-30 18:04:11 | Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn (lien direct) | The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications. | ★★★★★ | ||
|
2022-03-30 17:14:57 | Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments (lien direct) | The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. | |||
|
2022-03-30 16:29:10 | Lapsus$ \'Back from Vacation\' (lien direct) | Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list. | |||
|
2022-03-30 16:14:30 | Google Chrome Bug Actively Exploited as Zero-Day (lien direct) | The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine. | |||
|
2022-03-30 13:13:49 | MSHTML Flaw Exploited to Attack Russian Dissidents (lien direct) | A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin. | Threat | ||
|
2022-03-29 20:33:08 | Log4JShell Used to Swarm VMware Servers with Miners, Backdoors (lien direct) | Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing. | |||
|
2022-03-29 14:02:41 | Exchange Servers Speared in IcedID Phishing Campaign (lien direct) | The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques. | Malware | ||
|
2022-03-28 18:28:34 | Okta Says It Goofed in Handling the Lapsus$ Attack (lien direct) | "We made a mistake," Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers. | |||
|
2022-03-28 17:33:43 | Critical Sophos Security Bug Allows RCE on Firewalls (lien direct) | The security vendor's appliance suffers from an authentication-bypass issue. | |||
|
2022-03-25 21:25:17 | DOJ Indicts Russian Gov\'t Employees Over Targeting Power Sector (lien direct) | The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant. | |||
|
2022-03-25 13:19:59 | Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch (lien direct) | Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February. | Threat | ||
|
2022-03-24 21:23:30 | UK Cops Collar 7 Suspected Lapsus$ Gang Members (lien direct) | London Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they've been tracking an Oxford teen since mid-2021. | |||
|
2022-03-24 20:21:02 | Microsoft Azure Developers Awash in PII-Stealing npm Packages (lien direct) | A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. | |||
|
2022-03-24 19:23:12 | Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug (lien direct) | A patch fixes exploit hidden in Elden Ring that traps PC players in a 'death loop.' | |||
|
2022-03-24 17:11:40 | HubSpot Data Breach Ripples Through Crytocurrency Industry (lien direct) | ~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up. | Data Breach | ||
|
2022-03-24 14:08:06 | Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection (lien direct) | Mustang Panda's already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant. | |||
|
2022-03-24 13:10:04 | Microsoft Help Files Disguise Vidar Malware (lien direct) | Attackers are hiding interesting malware in a boring place, hoping victims won't bother to look. | Malware | ||
|
2022-03-24 13:00:59 | Top 3 Attack Trends in API Security – Podcast (lien direct) | Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest. | |||
|
2022-03-24 13:00:16 | Tax-Season Scammers Spoof Fintechs Stash, Public (lien direct) | Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials. | Threat | ||
|
2022-03-23 15:43:49 | DeadBolt Ransomware Resurfaces to Hit QNAP Again (lien direct) | A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January. | Ransomware | ||
|
2022-03-23 15:28:03 | Microsoft: Lapsus$ Used Employee Account to Steal Source Code (lien direct) | The data-extortion gang got at Microsoft's Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack. | |||
|
2022-03-22 22:14:40 | Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta (lien direct) | Lapsus$ shared screenshots of internal Okta systems and 40Gb of purportedly stolen Microsoft data on Bing, Bing Maps and Cortana. | |||
|
2022-03-22 16:31:18 | Russia Lays Groundwork for Cyberattacks on US Infrastructure – White House (lien direct) | "Evolving intelligence" shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said -- but researchers warn that many orgs are not prepared. | |||
|
2022-03-22 15:42:39 | FIDO: Here\'s Another Knife to Help Murder Passwords (lien direct) | After years of promising a passwordless future – really, any day now! – FIDO is proposing tweaks to WebAuthn that could put us out of password misery. Experts aren't so sure. | |||
|
2022-03-22 14:21:42 | Serpent Backdoor Slithers into Orgs Using Chocolatey Installer (lien direct) | An unusual attack using an open-source Python package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies. | |||
|
2022-03-21 23:57:04 | Browser-in-the-Browser Attack Makes Phishing Nearly Invisible (lien direct) | Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al. | |||
|
2022-03-21 19:18:32 | Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts (lien direct) | The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it's actually spyware capable of stealing any and all information from victims' social-media accounts. | |||
|
2022-03-21 17:48:51 | Conti Ransomware V. 3, Including Decryptor, Leaked (lien direct) | The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but it's reportedly clunkier code. | Ransomware | ||
|
2022-03-21 14:22:53 | Bridgestone Hit as Ransomware Torches Toyota Supply Chain (lien direct) | A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit. | Ransomware |
To see everything:
Our RSS (filtrered)
