What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-05 23:13:43 | 1.1M Compromised Accounts Found at 17 Major Companies (lien direct) | The accounts fell victim to credential-stuffing attacks, according to the New York State AG. | |||
|
2022-01-05 22:18:28 | \'Elephant Beetle\' Lurks for Months in Networks (lien direct) | The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars. | |||
|
2022-01-05 21:09:35 | Broward Breach Highlights Healthcare Supply-Chain Problems (lien direct) | More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October. | |||
|
2022-01-05 20:49:37 | Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails (lien direct) | A simple-to-exploit bug that allows bad actors to send emails from Uber's official system -- skating past email security -- went unaddressed despite multiple flagging by researchers. | Uber Uber | ||
|
2022-01-05 19:00:03 | FTC to Go After Companies that Ignore Log4j (lien direct) | Companies that fail to protect secure consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned. | Equifax | ||
|
2022-01-05 13:00:55 | \'Malsmoke\' Exploits Microsoft\'s E-Signature Verification (lien direct) | The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries. | Ransomware Malware | ||
|
2022-01-04 22:49:54 | Microsoft Sees Rampant Log4j Exploit Attempts, Testing (lien direct) | Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. | |||
|
2022-01-04 20:49:39 | SEGA\'s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More (lien direct) | SEGA's disclosure underscores a common, potentially catastrophic, flub - misconfigured Amazon Web Services (AWS) S3 buckets. | |||
|
2022-01-04 20:33:40 | Data Skimmer Hits 100+ Sotheby\'s Real-Estate Websites (lien direct) | The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player. | |||
|
2022-01-04 17:12:12 | Purple Fox Rootkit Dropped by Malicious Telegram Installers (lien direct) | Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites. | |||
|
2022-01-04 16:43:57 | McMenamins Data Breach Affects 12 Years of Employee Info (lien direct) | The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack. | Ransomware Data Breach | ||
|
2022-01-04 13:16:55 | Portugal Media Giant Impresa Crippled by Ransomware Attack (lien direct) | The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year's weekend attack. | Ransomware | ||
|
2021-12-30 18:01:59 | What the Rise in Cyber-Recon Means for Your Security Strategy (lien direct) | Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. | |||
|
2021-12-30 16:16:23 | APT \'Aquatic Panda\' Targets Universities with Log4Shell Exploit Tools (lien direct) | Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. | Threat | ||
|
2021-12-29 19:13:45 | Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud (lien direct) | Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them. | |||
|
2021-12-29 14:26:18 | Cryptomining Attack Exploits Docker API Misconfiguration Since 2019 (lien direct) | Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency. | |||
|
2021-12-29 13:00:12 | 5 Cybersecurity Trends to Watch in 2022 (lien direct) | Here's what cybersecurity watchers want infosec pros to know heading into 2022. | |||
|
2021-12-28 16:31:41 | That Toy You Got for Christmas Could Be Spying on You (lien direct) | Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. | |||
|
2021-12-28 11:00:24 | 2021 Wants Another Chance (A Lighter-Side Year in Review) (lien direct) | The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. | |||
|
2021-12-27 19:34:19 | Global Cyberattacks from Nation-State Actors Posing Greater Threats (lien direct) | Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. | |||
|
2021-12-27 18:57:24 | The 5 Most-Wanted Threatpost Stories of 2021 (lien direct) | A look back at what was hot with readers in this second year of the pandemic. | |||
|
2021-12-23 19:04:13 | 4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code (lien direct) | The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. | Vulnerability | ||
|
2021-12-23 16:00:22 | Telegram Abused to Steal Crypto-Wallet Credentials (lien direct) | Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. | |||
|
2021-12-23 15:00:19 | \'Spider-Man: No Way Home\' Download Installs Cryptominer (lien direct) | The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report. | |||
|
2021-12-22 18:39:08 | PYSA Emerges as Top Ransomware Actor in November (lien direct) | Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks. | Ransomware | ||
|
2021-12-22 18:24:07 | All in One SEO Plugin Bug Threatens 3M Websites with Takeovers (lien direct) | A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. | Vulnerability Guideline | ||
|
2021-12-22 17:59:55 | Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS (lien direct) | Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects. | |||
|
2021-12-22 14:03:05 | Four Bugs in Microsoft Teams Left Platform Vulnerable Since March (lien direct) | Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user's IP address and launch a DoS attack. | |||
|
2021-12-21 22:08:01 | Time to Ditch Big-Brother Accounts for Network Scanning (lien direct) | Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice. | |||
|
2021-12-21 20:46:35 | Java Code Repository Riddled with Hidden Log4j Bugs; Here\'s Where to Look (lien direct) | There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. | |||
|
2021-12-21 20:08:42 | Half-Billion Compromised Credentials Lurking on Open Cloud Server (lien direct) | A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned. | |||
|
2021-12-21 16:46:02 | Two Active Directory Bugs Lead to Easy Windows Domain Takeover (lien direct) | Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. | Tool | ||
|
2021-12-21 14:42:02 | FBI: Another Zoho ManageEngine Zero-Day Under Active Attack (lien direct) | APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. | Malware Vulnerability | ||
|
2021-12-20 22:11:30 | Conti Ransomware Gang Has Full Log4Shell Attack Chain (lien direct) | Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain. | Ransomware | ||
|
2021-12-20 19:48:25 | Robocalls More Than Doubled in 2021, Cost Victims $30B (lien direct) | T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls. | |||
|
2021-12-20 16:01:57 | Third Log4J Bug Can Trigger DoS; Apache Issues Patch (lien direct) | The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. | Vulnerability | ||
|
2021-12-17 20:17:45 | Facebook Bans Spy-for-Hire Firms for Targeting 50K People (lien direct) | Meta, Facebook's parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets' phones. | Malware | ||
|
2021-12-17 19:49:15 | Spider-Man Movie Release Frenzy Bites Fans with Credit-Card Harvesting (lien direct) | Attackers are using the excitement over the new Spider-Man movie to steal bank information and spread malware. | |||
|
2021-12-17 19:23:09 | Malicious Joker App Scores Half-Million Downloads on Google Play (lien direct) | Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges. | Malware | ||
|
2021-12-17 17:43:43 | Brand-New Log4Shell Attack Vector Threatens Local Hosts (lien direct) | The discovery, which affects services running as localhost that aren't exposed to any network or the internet, vastly widens the scope of attack possibilities. | |||
|
2021-12-17 15:45:36 | Convergence Ahoy: Get Ready for Cloud-Based Ransomware (lien direct) | Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments. | Ransomware | ||
|
2021-12-17 13:57:02 | Conti Gang Suspected of Ransomware Attack on McMenamins (lien direct) | The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions. | Ransomware | ||
|
2021-12-16 19:16:06 | \'Tropic Trooper\' Reemerges to Target Transportation Outfits (lien direct) | Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies. | APT 23 | ||
|
2021-12-16 18:36:40 | \'PseudoManuscrypt\' Mass Spyware Campaign Targets 35K Systems (lien direct) | It's similar to Lazarus's Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. | APT 38 | ||
|
2021-12-16 13:45:46 | \'DarkWatchman\' RAT Shows Evolution in Fileless Malware (lien direct) | The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access. | Ransomware Malware Tool | ||
|
2021-12-15 23:18:44 | Relentless Log4j Attacks Include State Actors, Possible Worm (lien direct) | More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. | |||
|
2021-12-15 19:34:04 | Malicious Exchange Server Module Hoovers Up Outlook Credentials (lien direct) | "Owowa" stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made. | |||
|
2021-12-15 19:31:30 | SAP Kicks Log4Shell Vulnerability Out of 20 Apps (lien direct) | SAP's still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. | Vulnerability | ||
|
2021-12-15 14:04:19 | Apache\'s Fix for Log4Shell Can Lead to DoS Attacks (lien direct) | Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache's blanket of a quickly baked patch for Log4Shell also has holes. | |||
|
2021-12-15 00:27:24 | In 2022, Expect More Supply Chain Pain and Changing Security Roles (lien direct) | If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our key […] |
To see everything:
Our RSS (filtrered)
