What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-03 15:23:16 | VMWare Urges Users to Patch Critical Authentication Bypass Bug (lien direct) | Vulnerability-for which a proof-of-concept is forthcoming-is one of a string of flaws the company fixed that could lead to an attack chain. | Guideline | ||
|
2022-07-21 12:59:30 | Hackers for Hire: Adversaries Employ \'Cyber Mercenaries\' (lien direct) | Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP. | Guideline | ||
|
2022-07-19 15:33:01 | Authentication Risks Discovered in Okta Platform (lien direct) | Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction. | Guideline | ||
|
2022-07-06 10:33:35 | Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens (lien direct) | A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web. | Guideline | ||
|
2022-06-16 11:24:26 | Ransomware Risk in Healthcare Endangers Patients (lien direct) | Ryan Witt, Proofpoint's Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care. | Ransomware Guideline | ||
|
2022-03-09 16:00:32 | Most ServiceNow Instances Misconfigured, Exposed (lien direct) | Customers aren't locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction. | Guideline | ||
|
2022-02-18 13:46:04 | Iranian State Broadcaster Clobbered by \'Clumsy, Buggy\' Code (lien direct) | Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran's Supreme Leader was a clumsy and unsophisticated wiper attack. | Guideline | ||
|
2022-02-16 15:59:14 | Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers (lien direct) | A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS. | Guideline | ★★ | |
|
2022-02-15 18:33:28 | Chrome Zero-Day Under Active Attack: Patch ASAP (lien direct) | The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems. | Guideline | ★★ | |
|
2022-02-10 22:13:33 | Sharp SIM-Swapping Spike Causes $68M in Losses (lien direct) | The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. | Guideline | ||
|
2022-01-18 15:44:21 | Critical ManageEngine Desktop Server Bug Opens Orgs to Malware (lien direct) | Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. | Malware Guideline | ||
|
2021-12-22 18:24:07 | All in One SEO Plugin Bug Threatens 3M Websites with Takeovers (lien direct) | A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. | Vulnerability Guideline | ||
|
2021-12-10 17:58:04 | Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack (lien direct) | The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” | Tool Vulnerability Guideline | ||
|
2021-11-30 18:11:16 | Finland Faces Blizzard of FluBot-Spreading Text Messages (lien direct) | Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an "exceptional" attack. | Guideline | ||
|
2021-11-11 18:48:06 | Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash (lien direct) | A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector. | Threat Guideline | ||
|
2021-11-05 13:03:07 | Feds Offer $10 Million Bounty on DarkSide Info (lien direct) | The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group. | Ransomware Guideline | ||
|
2021-10-27 19:13:47 | Adobe\'s Surprise Security Bulletin Dominated by Critical Patches (lien direct) | Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure. | Guideline | ||
|
2021-10-27 13:04:20 | (Déjà vu) Cyberattack Cripples Iranian Fuel Distribution Network (lien direct) | The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. | Guideline | ||
|
2021-10-27 13:04:20 | Cyber Attack Cripples Iranian Fuel Distribution Network (lien direct) | The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. | Guideline | ||
|
2021-10-21 19:31:40 | TA551 Shifts Tactics to Install Sliver Red-Teaming Tool (lien direct) | A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment. | Ransomware Tool Threat Guideline | ||
|
2021-09-14 13:10:49 | Romance, BEC Scams Lands Soldier in Jail for 46 Months (lien direct) | A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans. | Guideline | ||
|
2021-09-09 14:30:56 | SideWalk Backdoor Linked to China-Linked Spy Group \'Grayfly\' (lien direct) | Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. | Malware Guideline | APT 41 | |
|
2021-09-09 12:58:48 | Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix (lien direct) | An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom. | Vulnerability Guideline | ||
|
2021-08-26 16:40:38 | F5 Bug Could Lead to Complete System Takeover (lien direct) | The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. | Guideline | ||
|
2021-08-25 11:41:31 | California Man Hacked iCloud Accounts to Steal Nude Photos (lien direct) | Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials. | Guideline | ||
|
2021-08-03 20:00:31 | Ransomware Volumes Hit Record Highs as 2021 Wears On (lien direct) | The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way. | Ransomware Guideline | ||
|
2021-08-02 20:58:54 | \'PwnedPiper\': Devastating Bugs in >80% of Hospital Pneumatics (lien direct) | Podcast: Blood samples aren't martinis. You can't shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware. | Guideline | ||
|
2021-07-30 15:21:41 | Novel Meteor Wiper Used in Attack that Crippled Iranian Train System (lien direct) | A July 9th attack disrupted service and taunted Iran's leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints. | Guideline | ||
|
2021-07-22 17:46:25 | Industrial Networks Exposed Through Cloud-Based Operational Tech (lien direct) | Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. | Guideline | ||
|
2021-07-21 13:32:42 | French Launch NSO Probe After Macron Believed Spyware Target (lien direct) | Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware. | Guideline | ||
|
2021-07-13 14:36:47 | New CISA Director Confirmed, White House Gains Cyber-Director (lien direct) | Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on. | Ransomware Guideline | ||
|
2021-07-09 17:31:26 | Cisco BPA, WSA Bugs Allow Remote Cyberattacks (lien direct) | The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more. | Guideline | ||
|
2021-06-30 16:28:48 | Why MTTR is Bad for SecOps (lien direct) | Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. | Guideline | ||
|
2021-06-11 14:23:57 | Monumental Supply-Chain Attack on Airlines Traced to State Actor (lien direct) | Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks. | Guideline | APT 41 | ★★★ |
|
2021-06-03 18:20:15 | Google PPC Ads Used to Deliver Infostealers (lien direct) | The crooks pay top dollar for Google search results for the popular AnyDesk, Dropbox & Telegram apps that lead to a malicious, infostealer-packed website. | Guideline | ||
|
2021-05-11 18:38:36 | Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader (lien direct) | A patch for Adobe Acrobat, the world's leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution. | Vulnerability Guideline | ||
|
2021-05-11 16:08:19 | Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud (lien direct) | Aamir Lakhani, researcher at FortiGuard Labs, discusses leading-edge threats related to edge access/browsers/IoT, and the COVID-19 vaccine, as a way of getting into larger organizations. | Guideline | ||
|
2021-04-30 19:01:05 | WeSteal: A Cryptocurrency Stealing Tool That Does Just That (lien direct) | The developer of the WeSteal cryptocurrency stealer can't be bothered with fancy talk: they say flat-out that it's “the leading way to make money in 2021”. | Tool Guideline | ||
|
2021-02-26 21:53:26 | Amazon Dismisses Claims Alexa \'Skills\' Can Bypass Security Vetting Process (lien direct) | Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks. | Guideline | ||
|
2021-01-26 22:11:54 | Nvidia Squashes High-Severity Jetson DoS Flaw (lien direct) | If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products. | Guideline | ||
|
2021-01-04 20:14:52 | Leading Game Publishers Hit Hard by Leaked-Credential Epidemic (lien direct) | Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online. | Guideline | ||
|
2020-12-02 20:17:34 | Xerox DocuShare Bugs Allowed Data Leaks (lien direct) | CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes. | Guideline | ||
|
2020-11-12 14:10:57 | 2 More Google Chrome Zero-Days Under Active Exploitation (lien direct) | Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution. | Guideline | ★★★★★ | |
|
2019-03-13 18:29:03 | Intel Windows 10 Graphics Drivers Riddled With Flaws (lien direct) | Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code execution. | Guideline | ||
|
2019-03-04 23:36:00 | Teen Becomes First to Earn $1M in Bug Bounties with HackerOne (lien direct) | He is also the all-time top-ranked hacker on HackerOne's leaderboard, out of more than 330,000 hackers competing for the top spot. | Guideline | ||
|
2019-03-04 11:00:03 | Visitor Kiosk Access Systems Riddled with Bugs (lien direct) | Student researchers working with IBM X-Force Red team find security holes in five leading visitor management systems. | Guideline | ||
|
2019-01-28 16:04:00 | Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution (lien direct) | Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution. | Guideline | ★★★★ | |
|
2019-01-08 21:09:04 | Shipping Firms Speared with Targeted \'Whaling\' Attacks (lien direct) | Bad actors are imitating high-level executives in the shipping industry to launch BEC attacks that could lead to credential theft or worse - system compromise. | Guideline | ||
|
2018-12-28 15:24:04 | Hijacking Online Accounts Via Hacked Voicemail Systems (lien direct) | Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services. | Hack Guideline | ||
|
2018-12-11 22:19:04 | Facebook Fined $11.3M for Privacy Violations (lien direct) | Italy's regulator found the social giant guilty of misleading consumers as to what it does with their data. | Guideline |
To see everything:
Our RSS (filtrered)
