What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-22 00:24:34 | NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws (lien direct) | U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure.
Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series, |
Guideline | ||
|
2021-06-13 23:59:46 | Chinese Hackers Believed to be Behind SITA, Air India Data Breach (lien direct) | The cyber assault on Air India that came to light last month lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41.
Group-IB dubbed the campaign "ColunmTK" based on the names of the command-and-control (C2) server domains that were used for communications. "The |
Data Breach Threat Guideline | APT 41 | |
|
2021-06-03 04:55:49 | Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module (lien direct) | A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications.
"Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module," researchers |
Guideline | ||
|
2021-05-18 04:46:18 | Free "vCISO Clinic" offers Resource-Constrained InfoSec Leaders a Helping Hand (lien direct) | Leaders in the InfoSec field face a strange dilemma. On the one hand, there are hundreds of thousands of resources available to find online to read (or watch) if they have questions – that's a benefit of a digital-first field. On the other hand, most leaders face challenges that – while not entirely unique each time – tend to require a specific touch or solution.
For most, it would be great to |
Guideline | ||
|
2021-05-09 23:17:59 | Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting (lien direct) | Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S.
The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr |
Malware Guideline | ||
|
2021-05-06 07:56:25 | CISO Challenge: Check Your Cybersecurity Skills On This New Competition Site (lien direct) | InfoSec leaders tend to be a specific type. Their jobs require them to think of possible threats, take actions that may not pay immediate results, plan for unknown security risks, and react quickly when emergencies arise, often before the morning's first coffee.
The high-stakes position also means that CISOs need to keep their knowledge and skills sharp – you can never really know what's around |
Guideline | ||
|
2021-04-30 01:08:00 | Here\'s A New Forum for Cybersecurity Leaders Outside of the Fortune 2000 (lien direct) | Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their organizations further – that they often find themselves on an island.
It's even more challenging for |
Guideline | ||
|
2021-04-27 04:26:34 | Cybersecurity Webinar: Understanding the 2020 MITRE ATT&CK Results (lien direct) | The release of MITRE Engenuity's Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry.
The organization's tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understand how well vendors perform on a variety of tasks.
However, for the uninitiated, the results can be |
Guideline | ||
|
2021-04-14 00:37:44 | Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves (lien direct) | One of the biggest consequences of the rapidly evolving cybersecurity threat landscape is that defenses must constantly build bigger systems to defend themselves.
This leads to both more complex systems and often less communication between them. More importantly, it can lead companies to invest in disparate “best in class” components instead of finding the best fit for their needs.
The constant |
Threat Guideline | ||
|
2021-04-06 06:43:59 | Watch Out! Mission Critical SAP Applications Are Under Active Attack (lien direct) | Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research.
"Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial |
Guideline | ||
|
2021-04-01 05:34:31 | DeepDotWeb Admin Pleads Guilty to Money Laundering Charges (lien direct) | The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb (DDW), a "news" website that "served as a gateway to numerous dark web marketplaces."
According to the unsealed court documents, Tal Prihar, 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan, 34, of Israel, |
Guideline | ||
|
2021-03-05 08:36:49 | Bug in Apple\'s Find My Feature Could\'ve Exposed Users\' Location Histories (lien direct) | Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users.
The findings are a consequence of an exhaustive review undertaken by the Open Wireless Link ( |
Guideline | ||
|
2021-03-02 01:37:31 | New \'unc0ver\' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3 (lien direct) | A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild.
The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its |
Tool Vulnerability Guideline | ||
|
2021-02-22 03:21:15 | How to Fight Business Email Compromise (BEC) with Email Authentication? (lien direct) | An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise.
Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.
It is a common misconception that cybercriminals usually lay their focus on MNCs and |
Guideline | ||
|
2021-02-16 05:02:42 | Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware (lien direct) | Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution.
The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices |
Malware Guideline | ||
|
2021-02-03 03:06:30 | Guide: How Security Consolidation Helps Small Cybersecurity Teams (lien direct) | The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions-from different vendors-creating a layered security infrastructure that introduces new challenges to any team, with a much more significant impact on small ones.
And yet, sophisticated attacks continue to bypass these advanced security |
Threat Guideline | ||
|
2021-01-31 23:14:26 | Google Discloses Severe Bug in Libgcrypt Encryption Library-Impacting Many Projects (lien direct) | A "severe" vulnerability in GNU Privacy Guard (GnuPG)'s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution.
The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs |
Vulnerability Guideline | ||
|
2021-01-15 03:31:43 | Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks (lien direct) | Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor.
Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A |
Malware Threat Guideline | APT 41 | ★★★★★ |
|
2020-12-24 22:33:49 | Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks (lien direct) | Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets.
"An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to |
Guideline | ||
|
2020-12-01 23:47:02 | CISO with a small security team? Learn from your peers\' experience with this free e-book (lien direct) | CISOs with small security teams hold an intensive juggling act. They're responsible for sustaining the company's security resilience, ensuring compliance is adhered to and implementing privacy controls.
In between these tasks, they need to follow up on board updates, lead cross-team communications and collaboration, and fight fires that may or may not be related to cybersecurity.
All the while, |
Guideline | ||
|
2020-11-23 00:02:36 | Why Replace Traditional Web Application Firewall (WAF) With New Age WAF? (lien direct) | At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS (Domain Name System) related outage and Distributed denial of service (DDoS) lead a negative impact on businesses. Among the wide range of countermeasures, a web application firewall is the first line |
Guideline | ||
|
2020-11-13 00:17:13 | Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs (lien direct) | Complexity is the bane of effective cybersecurity. The need to maintain an increasing array of cybersecurity tools to protect organizations from an expanding set of cyber threats is leading to runaway costs, staff inefficiencies, and suboptimal threat response. Small to medium-sized enterprises (SMEs) with limited budgets and staff are significantly impacted.
On average, SMEs manage more than a |
Threat Guideline | ||
|
2020-11-12 23:12:25 | SAD DNS - New Flaws Re-Enable DNS Cache Poisoning Attacks (lien direct) | A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks.
Dubbed "SAD DNS attack" (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific |
Guideline | ||
|
2020-10-28 22:59:15 | FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems (lien direct) | The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an "imminent" increase in ransomware and other cyberattacks against hospitals and healthcare providers.
"Malicious cyber actors are targeting the [Healthcare and Public Health] Sector with TrickBot malware, often leading to ransomware |
Ransomware Guideline | ||
|
2020-09-22 04:32:26 | British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies (lien direct) | A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on Monday at U.S. federal district court in St. Louis, Missouri.
Nathan Francis Wyatt , 39, who is a key member of the infamous international hacking group 'The Dark Overlord,' has been sentenced to five years in prison and |
Guideline | ||
|
2020-09-16 09:50:50 | FBI adds 5 Chinese APT41 hackers to its Cyber\'s Most Wanted List (lien direct) | The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking than 100 companies throughout the world.
Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and 'Wicked Spider,' the cyber-espionage group has been operating since at least 2012 and is not just |
Guideline | APT 41 | |
|
2020-09-15 04:30:04 | Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web (lien direct) | In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over 4,000 stolen credentials and other sensitive data exposed per cybersecurity company.
Even the |
Guideline | ||
|
2020-08-20 14:39:35 | Former Uber Security Chief Charged Over Covering Up 2016 Data Breach (lien direct) | The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016.
According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that also |
Data Breach Guideline | Uber | |
|
2020-06-29 04:21:46 | Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards (lien direct) | A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes.
Aleksei Yurievich Burkov, 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud-one count of access |
Guideline | ||
|
2020-05-28 02:52:25 | Researchers Uncover Brazilian Hacktivist\'s Identity Who Defaced Over 4800 Sites (lien direct) | It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps.
That's exactly what happened in the case of a hacktivist under the name of VandaTheGod, who has been attributed to a series of attacks on government |
Guideline | ||
|
2020-05-25 01:02:17 | New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug (lien direct) | The hacking team behind the "unc0ver" jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version.
Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver's lead developer Pwn20wnd said "every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next |
Tool Guideline | ||
|
2020-04-14 02:56:33 | Webinar: How MSSPs Can Overcome Coronavirus Quarantine Challenges (lien direct) | The Coronavirus quarantine introduces an extreme challenge for IT and Security teams to maintain secure environments during the mass transition of employees working remotely and the surge in cyberattacks targeting its inherent security weaknesses.
In a webinar for security service providers taking place on April 22nd (register here), a leading MSSP will share how they conquer and overcome the |
Guideline | ||
|
2020-03-04 02:16:28 | Top 10 Most Innovative Cybersecurity Companies After RSA 2020 (lien direct) | The RSA Conference, the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week.
According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning, and AI, policy and government, applied crypto and blockchain, and, new for the RSA Conference 2020 |
Guideline | ||
|
2020-01-24 01:51:26 | Russian Pleads Guilty to Running \'CardPlanet\' to Sell Stolen Credit Cards (lien direct) | Image credit: Times of Israel.
Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud.
The first website Burkov operated was an online marketplace for buying and selling stolen credit card and debit card numbers-called Cardplanet-which |
Guideline | ||
|
2019-12-21 07:39:11 | Hacker Who Tried to Blackmail Apple for $100,000 Sentenced in London (lien direct) | A 22-year-old man who claimed to have access to over 300 million iCloud accounts and threatened to factory reset all accounts unless Apple pays ransom has pleaded guilty in London for trying to blackmail Apple.
In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the "Turkish Crime Family" and in possession of 319 million iCloud accounts. |
Guideline | ||
|
2019-12-05 11:16:51 | FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware (lien direct) | The United States Department of Justice today disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan using which the duo stole more than $100 million over a period of 10 years.
Maksim Yakubets, the leader of 'Evil Corp' hacking group, and his co-conspirator Igor Turashev primarily distributed Dridex - also known as 'Bugat' |
Malware Guideline | ||
|
2019-11-27 01:56:34 | The Hacker News 2020 Cybersecurity Salary Survey – Call for Participation (lien direct) | For the first time, The Hacker News launches a comprehensive Cybersecurity Salary Survey aimed to provide insights into the payment standards of security positions, enabling security professionals to benchmark their salaries against their peers, as well as get clear insights into the leading roles, certifications, geo- and industry- components that factor a cybersecurity position payroll. |
Guideline | ||
|
2019-10-31 03:40:27 | Leading Web Domain Name Registrars Disclose Data Breach (lien direct) | Another day, another massive data breach-this time affecting a leading web technology company, as well as both of its subsidiaries, from where millions of customers around the world have purchased domain names for their websites.
The world's top domain registrars Web.com, Network Solutions, and Register.com disclosed a security breach that may have resulted in the theft of customers' account |
Data Breach Guideline | ||
|
2019-10-31 01:08:58 | Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty (lien direct) | Two grey hat hackers have pleaded guilty to blackmailing Uber, LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016.
In a San Jose courthouse in California on Wednesday, Brandon Charles Glover (26) of Florida and Vasile Mereacre (23) of Toronto admitted they accessed and downloaded confidential corporate |
Guideline | Uber | |
|
2019-10-28 10:15:51 | UniCredit Bank Suffers \'Data Incident\' Exposing 3 Million Italian Customer Records (lien direct) | UniCredit, an Italian global banking and financial services company, announced today that it suffered a security incident that leaked some personal information belonging to at least 3 million of its domestic customers.
Officially founded in 1870, UniCredit is Italy's biggest banking and financial services and one of the leading European commercial banks with more than 8,500 branches across 17 |
Guideline | ||
|
2019-10-02 01:30:32 | Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content (lien direct) | An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos.
According to an press note released by the U.S. Justice Department, Reyes Daniel Ruiz, a 34-year-old resident of California and former Yahoo software engineer, admitted |
Hack Guideline | Yahoo | |
|
2019-08-27 11:36:03 | Imperva Breach Exposes WAF Customers\' Data, Including SSL Certs, API Keys (lien direct) | Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today.
The security breach particularly affects customers of Imperva's Cloud Web Application Firewall (WAF) product, formerly known as Incapsula, a |
Data Breach Guideline | ||
|
2019-06-11 07:34:01 | Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign Software (lien direct) | It's Patch Tuesday week!
Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign.
Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform-all critical in severity-that could lead to arbitrary |
Guideline | ||
|
2019-05-14 08:44:03 | Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder (lien direct) | Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse.
None of the flaws patched this month in Adobe products has been found exploited in the wild.
Out of 87 total flaws, a whopping number of vulnerabilities (i.e., |
Guideline | ||
|
2019-04-30 00:07:03 | Unprotected Database Exposes Personal Info of 80 Million American Households (lien direct) | A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households-nearly 65 percent of the total number of American households.
Discovered by VPNMentor's research team lead by hacktivists Noam Rotem and Ran Locar, the unsecured database includes 24GB of extremely detailed information about individual homes, |
Guideline | ||
|
2019-02-04 00:17:04 | First Hacker Convicted of \'SIM Swapping\' Attack Gets 10 Years in Prison (lien direct) | A 20-year-old college student who stole cryptocurrency worth more than $5 million by hijacking victims' phone numbers has pleaded guilty and accepted a sentence of 10 years in prison.
Ortiz was arrested last year on charges of siphoning millions of dollars in cryptocurrency from around 40 victims using a method commonly known as "SIM swapping," which typically involves fraudulently porting of
|
Guideline | ||
|
2019-01-21 01:42:00 | Alleged Russian Hacker Pleads Not Guilty After Extradition to United States (lien direct) | A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York.
Aleksandr Zhukov, 38, was arrested in November last year by Bulgarian authorities after the U.S. issued an international warrant against him, and was
|
Guideline | ||
|
2019-01-16 01:21:02 | Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs (lien direct) | A California-based Voice-Over-IP (VoIP) services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication.
VOIPo is one of a leading providers of Voice-Over-IP (VoIP) services in the United States offering reseller VoIP, Cloud
|
Guideline | ||
|
2019-01-09 07:40:04 | German Police Seek Help In Finding Parcel Bomber With MAC Address (lien direct) | German police are seeking your help in gathering information related to a MAC address that could lead to the cell phone device used by a DHL blackmailer who last year parceled out bombs at different addresses in Brandenburg and Berlin.
Between November 2017 and April 2018, someone used German parcel delivery service DHL to sent out several so-called improvised explosive devices (IEDs) in
|
Guideline | ||
|
2018-11-09 00:22:02 | (Déjà vu) Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty (lien direct) | A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014.
According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. "DerpTroll," took down servers of several major gaming platforms including Electronic Arts' Origin service,
|
Guideline |
To see everything:
Our RSS (filtrered)
