What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-26 14:56:01 | (Déjà vu) Author of NeverQuest botnet pleads guilty to bank fraud (lien direct) | The Russian hacker Stanislav Vitaliyevich Lisov pleads guilty to bank fraud after running a botnet that spread ‘NeverQuest’ malware for three years. The Russian hacker Stanislav Vitaliyevich Lisov, aka “Black,” “Blackf,” is accused of using the NeverQuest banking Trojan to steal login information from victims. The man has pled guilty to one count of conspiracy […] | Malware Guideline | ||
|
2019-01-22 15:40:05 | Adobe fixed XSS flaws in Experience Manager that can result in information Disclosure (lien direct) | Adobe released security updates to address multiple XSS vulnerabilities in the Experience Manager and Experience Manager Forms that can lead to information disclosure. Adobe released security updates for the Experience Manager and Experience Manager Forms to address flaws that can lead to information disclosure. The Experience Manager is affected by a stored cross-site scripting (XSS) issue […] | Guideline | ||
|
2019-01-11 22:55:00 | British hacker sentenced to jail for attack on Liberian Telecoms firms (lien direct) | The British hacker Daniel Kaye has been sentenced to 32 months in prison for the cyberattack on Liberian telecom firms. The British hacker Daniel Kaye (29) has been sentenced to 32 months in prison for the 2016 attack that took down telecommunications services in Liberia. Kaye pleaded guilty in December to two charges under the Computer Misuse […] | Guideline | ||
|
2018-12-21 08:30:01 | 5 IoT Security Predictions for 2019 (lien direct) | 2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019 Insights from VDOO's leadership 2018 was the year of the Internet of Things (IoT) – massive attacks and various botnets, a leap in regulation and standards, and increased adoption […] | Guideline | ||
|
2018-12-10 16:30:01 | Duke-Cohan sentenced to three years in prison due to false bomb threats and DDoS (lien direct) | The British teenager George Duke-Cohan (19) has been sentenced to three years in prison due to false bomb threats and carrying out DDoS attacks.A Cohan was arrested in August by the U.K. National Crime Agency (NCA), the teenager, aka “7R1D3N7,” “DoubleParallax” and “optcz1,” was arrested on August 31 and pleaded guilty to three counts of making hoax […] | Guideline | ||
|
2018-11-20 15:00:01 | Two hackers involved in the TalkTalk hack sentenced to prison (lien direct) | Two men from Tamworth, Staffordshire were sentenced to prison for their roles in the 2015 TalkTalk hack. Two men, Connor Allsopp, 21, and Matthew Hanley, 23, pleaded guilty to charges of hacking. Allsopp has been sentenced to 8 months in jail and Hanley to 12 months. In October 2015, TalkTalk Telecom Group plc publicly disclosed that four […] | Hack Guideline | ||
|
2018-11-11 13:58:00 | CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild (lien direct) | Experts at Volexity discovered that a recently patched remote code execution flaw (CVE-2018-15961) affecting the Adobe ColdFusion has been exploited in the wild. Security experts from Volexity reported that attackers in the wild are exploiting a recently patched remote code execution vulnerability affecting the Adobe ColdFusion. The flaw, tracked as CVE-2018-15961, is an unrestricted file upload vulnerability, successful exploitation could lead to […] | Vulnerability Guideline | ||
|
2018-10-30 08:39:00 | The author of the Mirai botnet gets six months of house arrest (lien direct) | Paras Jha (22), the author of the Mirai botnet has been sentenced to six months of house arrest and ordered to pay $8.6 million in compensation for DDoS attacks against the systems of Rutgers University. A New Jersey court sentenced the author of the Mirai botnet, Paras Jha, 22, of Fanwood, after pleading guilty to violating […] | Guideline | ||
|
2018-10-23 06:49:01 | The fix for the DOM-based XSS in Branch.io introduced a new XSS flaw (lien direct) | The security patch for the recently disclosed cross-site scripting (XSS) vulnerability in Branch.io has introduced another similar XSS vulnerability. According to the security researcher Linus Särud, the security fix for the recently disclosed cross-site scripting (XSS) vulnerability in Branch.io has introduced another similar XSS vulnerability. The Branch.io company provides the leading mobile linking platform, with solutions that unify […] | Vulnerability Guideline | ||
|
2018-10-21 09:09:05 | (Déjà vu) Security Affairs newsletter Round 185 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · Ex-NASA contractor pleaded guilty for cyberstalking crimes […] | Guideline | ||
|
2018-10-17 19:14:00 | MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry (lien direct) | Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here). The victim was one of the most important leaders in the field of security and defensive military […] | Guideline | ||
|
2018-10-14 13:35:02 | Ex-NASA contractor pleaded guilty for cyberstalking crimes (lien direct) | A former NASA contractor has pleaded guilty for a cyberstalking scheme, the man blackmailed seven women threatening to publish their nude pictures. Richard Bauer (28), an ex-NASA contractor has pleaded guilty for a cyberstalking, the man allegedly threatened to publish nude pictures of the women unless they sent him other explicit pictures. Richard Bauer of Los Angeles, who worked […] | Guideline | ||
|
2018-10-06 09:20:05 | Silk Road admin pleaded guilty to drug trafficking charges and faces up to 20 years in prison (lien direct) | Gary Davis, one of the admins and moderators of the notorious Silk Road black marketplace, pleaded guilty to drug trafficking charges. Gary Davis is an Irish national (20) who was one of the admins and moderators of the notorious Silk Road black marketplace, on Friday he pleaded guilty to drug trafficking charges. “Geoffrey S. Berman, the United States Attorney for […] | Guideline | ||
|
2018-09-14 06:40:03 | Kelihos botmaster pleads guilty in U.S. District Court in Connecticut (lien direct) | The creator of the infamous Kelihos Botnet, Peter Yuryevich Levashov (38) pleaded guilty this week to computer crime, fraud, conspiracy and identity theft charges. Yuryevich Levashov (38), the botmaster of the dreaded Kelihos Botnet pleaded guilty this week to computer crime, fraud, conspiracy and identity theft charges. In April 2017, the United States Department of Justice announced that Peter […] | Guideline | ||
|
2018-09-11 21:39:05 | Adobe Patch Tuesday for September 2018 fixes 10 flaws in Flash Player and ColdFusion (lien direct) | Adobe Patch Tuesday updates for September 2018 address a total of 10 vulnerabilities in Flash Player and ColdFusion, the good news is that none is severe. The Adobe Patch Tuesday updates for September 2018 addressed an important privilege escalation vulnerability (CVE-2018-15967) in Adobe Flash Player 30.0.0.154 and earlier versions. The successful exploitation of the flaw could lead to information […] | Vulnerability Guideline | ||
|
2018-08-08 04:22:00 | Hacking WiFi Password in a few steps using a new attack on WPA/WPA2 (lien direct) | A security researcher has devised a new WiFi hacking technique that could be exploited to easily crack WiFi passwords of most modern routers. The security researcher Jens ‘Atom’ Steube, lead developer of the popular password-cracking tool Hashcat, has devised a new WiFi hacking technique that could be exploited to easily crack WiFi passwords of most modern routers. The […] | Tool Guideline | ★★★★★ | |
|
2018-07-25 06:35:00 | Apache Software Foundation fixes important flaws in Apache Tomcat (lien direct) | The Apache Software Foundation has rolled out security updates for the Tomcat application server that address several flaws. The Apache Software Foundation has released security updates for the Tomcat application server that address several vulnerabilities, including issues that trigger a denial-of-service (DoS) condition or can lead to information disclosure. Apache Tomcat is an open-source Java Servlet Container that implements […] | Guideline | ||
|
2018-07-03 20:39:02 | Rowhammer Evolves into RAMpage Exploit, Targeting Android Phones Since 2012 (lien direct) | rThis week researchers demonstrated that most Android phones released since 2012 are still vulnerable to the RAMpage attack. In 2012, security researchers identified a bug in modern DRAM (dynamic random access memory) chips that could lead to memory corruption. In 2015, Google Project Zero researchers demonstrated “rowhammer“, a working exploit of this attack providing privilege […] | Guideline | ||
|
2018-05-30 12:30:02 | CVE-2018-11235 flaw in Git can lead to arbitrary code execution (lien direct) | The Git community disclosed a dangerous vulnerability in Git, tracked as CVE-2018-11235, that can lead to arbitrary code execution when a user operates in a malicious repository. The Git developer team and other firms offering Git repository hosting services have issued security updates to address a remote code execution vulnerability, tracked as CVE-2018-11235 in the Git […] | Guideline | ||
|
2018-05-29 05:17:01 | The Cobalt Hacking crew is still active even after the arrest of its leader (lien direct) | Group-IB has released a new report on Cobalt group's attacks against banks and financial sector organizations worldwide after the arrest of its leader. Threat intelligence firm Group-IB published an interesting report titiled “Cobalt: Evolution and Joint Operations” on the joint operations of Cobalt and Anunak (Carbanak) groups after the arrest of the leader in March 2018. Researchers reported that […] | Guideline | ||
|
2018-05-25 12:12:03 | Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix) (lien direct) | As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass. Under certain circumstances, this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run […] | Guideline | ||
|
2018-05-11 10:29:02 | Tech giant Telstra warns cloud customers they\'re at risk of hack due to a SNAFU (lien direct) | On May 4th Tech giant Telstra discovered a vulnerability in its service that could potentially expose customers of its cloud who run self-managed resources. Telstra is a leading provider of mobile phones, mobile devices, home phones and broadband internet. On May 4th, the company has discovered a vulnerability in its service that could potentially expose […] | Guideline | ||
|
2018-05-02 11:47:04 | GitHub urged some users to reset their passwords after accidental recorded them (lien direct) | GitHub, world’s leading software development platform, forced password reset for some users after the discovery of a problem that caused internal logs to record passwords in plain text. GitHub urged some users to reset their passwords after a problem caused internal logs to record passwords in plain text. Some users published on Twitter the communication […] | Guideline | ||
|
2018-05-02 05:48:03 | CVE 2018-8781 Privilege Escalation flaw was introduced in Linux Kernel 8 years ago (lien direct) | Researchers from security firm Check Point discovered a security vulnerability in a driver in the Linux kernel, tracked as CVE 2018-8781, that leads to local privilege escalation. The CVE 2018-8781 flaw, introduced 8 years ago, could be exploited by a local user with access to a vulnerable privileged driver to escalate local privileges and read from and write to […] | Guideline | ||
|
2018-03-27 07:34:02 | Experts uncovered a watering hole attack on leading Hong Kong Telecom Site exploiting CVE-2018-4878 flaw (lien direct) | Researchers at Morphisec have uncovered a watering hole attack on leading Hong Kong Telecom website exploiting the CVE-2018-4878 flash vulnerability. Security experts at Morphisec have discovered a watering hole attack on leading Hong Kong Telecom website exploiting the CVE-2018-4878 flash vulnerability. In a watering hole attack, hackers infect the websites likely to be visited by their targeted victims, this […] | Guideline | ||
|
2018-03-12 13:06:03 | The South America connection and the leadership on ATM Malware development (lien direct) | Besides being known about corruption scandals, South America is a reference to the development of ATM malware spreading globally with Brazil, Colombia, and Mexico leading the way. A research conducted by KASPERSKY has revealed a convergence on attacks against financial institutions, where traditional crimes and cybercrime join forces together to target and attack ATM (Automated […] | Guideline | ||
|
2018-02-19 07:24:01 | An APFS Filesystem flaw could lead macOS losing data under certain conditions (lien direct) | The Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS losing data under certain conditions. A few days ago a ‘text bomb‘ bug was reported for Apple iOS and macOS apps, the issue can crash any Apple iPhone, iPad Or Mac. Now the Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS […] | Guideline | ||
|
2017-12-12 07:55:49 | The OceanLotus MacOS Backdoor Transforms into HiddenLotus with a Slick UNICODE Trick (lien direct) | >Experts at Malwarebytes warns of a new variant of the macOS OceanLotus backdoor is using an innovative technique to avoid detection, A few years ago the bad actors realized they could use UNICODE characters that looked like English characters to lead unsuspecting victims to malicious websites. Now, they have figured out how to use a […] | Guideline | APT 32 | |
|
2017-12-02 11:54:55 | Kaspersky case – Now we know who is the NSA hacker who kept Agency\'s cyber weapons at home (lien direct) | >A former NSA hacker pleaded guilty on Friday to illegally taking classified documents home, which were later stolen by Russian cyber spies. A member of the US National Security Agency Tailored Access Operations hacking team, Nghia Hoang Pho (67) pleaded guilty in a US district court in Baltimore on Friday to one count of willful retention of national defense […] | Guideline | ||
|
2017-11-29 10:40:24 | Kazakhstan-born Canadian citizen pleads guilty to 2014 Yahoo hack, he admits helping Russian Intelligence (lien direct) | >The Kazakhstan-born Canadian citizen Karim Baratov (22) has pleaded guilty to massive 2014 Yahoo hack that affected three billion accounts. The Kazakhstan-born Canadian citizen Karim Baratov (22) (Kay, a.k.a Karim Taloverov, a.k.a Karim Akehmet Tokbergenov), has pleaded guilty to massive 2014 Yahoo data breach that affected three billion accounts. Karim Baratov was arrested in Toronto at his home by the Toronto Police […] | Guideline | Yahoo | |
|
2017-10-12 06:49:03 | Results and forecasts: Group-IB presented Hi-Tech Crime Trends 2017 report (lien direct) | >Hi-Tech Crime Trends 2017 – Banks, powerstations and cryptocyrrency exchanges are forecast to be the most likely targets for hacking in the near future Group-IB, one of the global leaders in preventing and investigating high-tech crimes and online fraud, presented its Hi-Tech Crime Trends 2017 report at CyberCrimeCon, In the next year, the main source of losses […] | Guideline | ||
|
2017-10-11 06:55:21 | Accenture – Embarrassing data leak business data in a public Amazon S3 bucket (lien direct) | >The leading global professional services company Accenture exposed its business data in a public Amazon S3 bucket. Disconcerting! Another Tech giant has fallen victim of an embarrassing data leak, this time the leading global professional services company Accenture exposed its business data in a public Amazon S3 bucket. The incident exposed internal Accenture private keys, secret API data, […] | Guideline | ||
|
2017-09-23 11:42:09 | CSE CybSec ZLAB Malware Analysis Report: Petya (lien direct) | I’m proud to share with you the second report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report Petya. CybSec Enterprise recently launched a malware Lab called it Z-Lab, that is composed of a group of skilled researchers and lead by Eng. Antonio Pirozzi. It’s a pleasure for me to […] | Guideline |
To see everything:
Our RSS (filtrered)
