What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-20 23:14:23 | 2FA Bypassed in $34.6M Crypto.com Heist (lien direct) | In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds. | |||
|
2022-01-20 19:35:29 | Critical Cisco StarOS Bug Grants Root Access via Debug Mode (lien direct) | Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges. | |||
|
2022-01-20 18:39:21 | Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug (lien direct) | SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks' internal devices. | Threat | ||
|
2022-01-20 16:50:30 | Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs (lien direct) | The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open. | |||
|
2022-01-20 15:49:56 | Red Cross Begs Attackers Not to Leak 515K People\'s Stolen Data (lien direct) | The Red Cross was forced to shut down IT systems behind its Restoring Family Links system, which reunites families separated by war, disaster or migration. | |||
|
2022-01-20 14:27:48 | SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack (lien direct) | R.R. Donnelly, the integrated services company, confirmed a 'systems intrusion' that occurred in late December and is still under investigation. | Ransomware | ||
|
2022-01-19 20:55:28 | Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say (lien direct) | Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia's wider effort to undermine Ukraine's sovereignty, according to analysts. | Ransomware Malware | ||
|
2022-01-19 18:30:44 | Box 2FA Bypass Opens User Accounts to Attack (lien direct) | A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. | |||
|
2022-01-19 13:36:34 | Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks (lien direct) | Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details. | |||
|
2022-01-19 11:00:12 | Cloned Dept. of Labor Site Hawks Fake Government Contracts (lien direct) | A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects -- but harvests credentials instead. | |||
|
2022-01-18 22:33:43 | Will 2022 Be the Year of the Software Bill of Materials? (lien direct) | Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. | |||
|
2022-01-18 20:21:04 | The Log4j Vulnerability Puts Pressure on the Security World (lien direct) | It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. | Vulnerability | ||
|
2022-01-18 19:33:13 | Cybercriminals Actively Target VMware vSphere with Cryptominers (lien direct) | VMware's container-based application development environment has become attractive to cyberattackers. | |||
|
2022-01-18 17:23:12 | \'White Rabbit\' Ransomware May Be FIN8 Tool (lien direct) | It's a double-extortion play that uses the command-line password 'KissMe' to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art. | Ransomware Tool | ||
|
2022-01-18 15:44:21 | Critical ManageEngine Desktop Server Bug Opens Orgs to Malware (lien direct) | Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. | Malware Guideline | ||
|
2022-01-18 14:03:08 | Organizations Face a \'Losing Battle\' Against Vulnerabilities (lien direct) | Companies must take more 'innovative and proactive' approaches to security in 2022 to combat threats that emerged last year, researchers said. | |||
|
2022-01-14 16:43:43 | Real Big Phish: Mobile Phishing & Managing User Fallibility (lien direct) | Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike. | |||
|
2022-01-14 16:37:13 | Critical Cisco Contact Center Bug Threatens Customer-Service Havoc (lien direct) | Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies' customers. | |||
|
2022-01-14 16:06:49 | \'Be Afraid:\' Massive Cyberattack Downs Ukrainian Gov\'t Sites (lien direct) | As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site. | |||
|
2022-01-14 14:45:35 | Russian Security Takes Down REvil Ransomware Gang (lien direct) | The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure. | Ransomware | ||
|
2022-01-14 14:07:36 | Three Plugins with Same Bug Put 84K WordPress Sites at Risk (lien direct) | Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform. | |||
|
2022-01-13 23:08:53 | Microsoft Yanks Buggy Windows Server Updates (lien direct) | Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable. | |||
|
2022-01-13 21:03:09 | North Korean APTs Stole ~$400M in Crypto in 2021 (lien direct) | Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens. | ★★★★★ | ||
|
2022-01-13 17:35:34 | US Military Ties Prolific MuddyWater Cyberespionage APT to Iran (lien direct) | US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools. | Malware | ||
|
2022-01-13 15:04:01 | New GootLoader Campaign Targets Accounting, Law Firms (lien direct) | Once prolific spreaders of REvil ransomware, the GootLoader malware gang has pivoted to actively targeting employees of law and accounting firms with malicious downloads. The Threat Response Unit from eSentire issued an alert about having over the past three weeks observed GootLoader attacks on three law firms and one accounting firm. WordPress vulnerabilities let the […] | Malware Threat | ||
|
2022-01-13 14:00:54 | Adobe Cloud Abused to Steal Office 365, Gmail Credentials (lien direct) | Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered. | Threat | ||
|
2022-01-12 21:05:26 | Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft (lien direct) | Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access. | |||
|
2022-01-12 21:04:58 | Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign (lien direct) | A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. | |||
|
2022-01-12 19:49:14 | Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts (lien direct) | Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users. | |||
|
2022-01-12 18:11:53 | New York AG Warns 17 Firms of Credential Attacks (lien direct) | Sponsored: Password security is highlighted in attorney general warning to New York state businesses. | |||
|
2022-01-12 13:21:33 | FIFA Ultimate Team Account Takeovers Plague EA Gamers (lien direct) | Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts. | |||
|
2022-01-11 21:54:57 | Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days (lien direct) | The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. | |||
|
2022-01-11 20:35:47 | MacOS Bug Could Let Creeps Snoop On You (lien direct) | The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots. | |||
|
2022-01-11 19:49:41 | WordPress Bugs Exploded in 2021, Most Exploitable (lien direct) | Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk. | |||
|
2022-01-11 17:06:11 | FIN7 Mailing Malicious USB Sticks to Drop Ransomware (lien direct) | The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense. | Ransomware | ||
|
2022-01-11 15:00:15 | \'Fully Undetected\' SysJoker Backdoor Malware Targets Windows, Linux & macOS (lien direct) | The malware establishes initial access on targeted machines, then waits for additional code to execute. | Malware | ||
|
2022-01-11 14:09:21 | Critical SonicWall NAC Vulnerability Stems from Apache Mods (lien direct) | Researchers offer more detail on the bug, which can allow attackers to completely take over targets. | Vulnerability | ||
|
2022-01-11 12:00:04 | Millions of Routers Exposed by Bug in USB Module (lien direct) | The high-severity RCE flaw is in the KCodes NetUSB kernel module found in popular end-user routers from Netgear, TP-Link, DLink, and Western Digital, et al. | |||
|
2022-01-10 17:55:00 | URL Parsing Bugs Allow DoS, RCE, Spoofing & More (lien direct) | Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications. | |||
|
2022-01-10 16:29:55 | Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High (lien direct) | Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found. | |||
|
2022-01-07 22:16:03 | EoL Systems Stonewalling Log4j Fixes for Fed Agencies (lien direct) | End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It's a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says. | Patching | ||
|
2022-01-07 21:14:35 | Cyberattackers Hit Data of 80K Fertility Patients (lien direct) | Fertility Centers of Illinois' security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files. | |||
|
2022-01-07 19:12:20 | 3.7M FlexBooker Records Dumped on Hacker Forum (lien direct) | Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum. | |||
|
2022-01-07 16:14:21 | QNAP: Get NAS Devices Off the Internet Now (lien direct) | There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned. | Ransomware | ||
|
2022-01-07 15:12:26 | Log4J-Related RCE Flaw in H2 Database Earns Critical Rating (lien direct) | Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. | |||
|
2022-01-06 19:48:04 | Activision Files Unusual Lawsuit over Call of Duty Cheat Codes (lien direct) | Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages. | |||
|
2022-01-06 17:28:43 | Google Voice Authentication Scam Leaves Victims on the Hook (lien direct) | The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week. | |||
|
2022-01-06 16:47:44 | Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover (lien direct) | ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch. | |||
|
2022-01-06 15:44:27 | Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying (lien direct) | The 'NoReboot' technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen. | Malware | ||
|
2022-01-06 14:00:44 | Attackers Exploit Flaw in Google Docs\' Comments Feature (lien direct) | A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said. |
To see everything:
Our RSS (filtrered)
