What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-20 17:49:05 | Addressed macOS vulnerability enables malware evasion of security checks (lien direct) | BleepingComputer reports that threat actors could exploit a macOS vulnerability to facilitate malware distribution without being detected by Gatekeeper through application execution restrictions. | Malware Vulnerability Threat | ★★★ | |
|
2021-01-05 01:16:42 | SolarWinds hack poses risk to cloud services\' API keys and IAM identities (lien direct) | The SolarWinds hack endangers not just organizations' on-premises systems but also their cloud-based infrastructure. | Hack | ||
|
2021-01-05 00:20:33 | Fourth breach at T-Mobile puts focus on security of post mergers (lien direct) | T-Mobile reported a breach that compromised customer data – the company's fourth in three years – raises questions about whether the mobile carrier’s massive merger with Sprint left the combined company more vulnerable. Indeed, when companies merge, particularly sizable ones, the integration of technology systems and networks can often introduce new security considerations. “The volume… | |||
|
2021-01-04 23:54:45 | SolarWinds, top executives hit with class action lawsuit over Orion software breach (lien direct) | Stockholders who purchased company shares in 2020 are suing the IT management software company for materially misleading investors about their security practices. | Guideline | ||
|
2020-12-31 17:18:40 | Financial services industry hit with tens of millions of attacks per day (lien direct) | The report found that the bad threat actors primarily used common attack paths, such as SQL injection, local file inclusion and cross-site scripting. | Threat | ||
|
2020-12-29 22:36:15 | Kawasaki Heavy Industries, a partner of defense companies and agencies, reports breach (lien direct) | Of particular concern among some cybersecurity experts is the fact that the company took several months to report to the incidents, which stemmed from unauthorized access to servers from overseas offices. | |||
|
2020-12-28 22:50:46 | In wake of SolarWinds and Vietnam, more supply chain attacks expected 2021 (lien direct) | Research from ESET of a supply chain attack in Vietnam in which digital certificates were compromised set off continued discussions in the industry about the nature of recent supply chain attacks, and how security teams can most effectively prepare and respond. | |||
|
2020-12-24 18:21:52 | DDoS attacks hit Citrix Application Delivery Controllers, hindering customer performance (lien direct) | Citrix reported Thursday a DDoS attack that was hitting its Citrix Application Delivery Controllers (ADCs), the networking products that let security and network teams manage the delivery speed and quality of applications to end users. According to the Citrix threat advisory, the attacker or bots can overwhelm the Citrix ADC Datagram Transport Layer Security (DTLS)… | Threat | ||
|
2020-12-23 21:59:17 | Credential phishing attack impersonating USPS targets consumers over the holidays (lien direct) | The credential phishing attack impersonated the U.S. Postal Service that sought to get victims to give up their credit card credentials and pay a special delivery fee within three days to ensure package delivered. | |||
|
2020-12-21 22:33:02 | Breach alerts dismissed as junk? New guide for sending vital emails may help (lien direct) | The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But steps may be required to ensure these and other critical messages don't get ignored, bounced or quarantined. | Data Breach | ||
|
2020-12-21 14:02:21 | Security experts warn of long-term risk tied to Energy Department breach (lien direct) | The department formally confirmed the hackers' tentacles had reached into the agency, but that the malware injected had been isolated to its business networks. Some security experts argue, however, that visibility into the IT network may give hackers a path to the OT network. | Malware | ||
|
2020-12-19 01:52:38 | \'Very, very large\' telecom organization and Fortune 500 company breached in SolarWinds hack (lien direct) | Noteworthy is the combination of the targets, which adds up to what one researcher described as attacks against the backbone of the nation's critical infrastructure. | Hack | ||
|
2020-12-18 16:16:30 | Former NSA security chief details what\'s happening inside DoD to respond to SolarWinds hack (lien direct) | Former NSA Chief Security Officer Chris Kubic, now CSO at Fidelis, spoke with SC Media about what's happening behind the scenes in the CIO and CISO offices of the Pentagon. | Hack | ||
|
2020-12-18 15:02:44 | As Microsoft confirms breach from SolarWinds hack, President Brad Smith argues for federal policy changes (lien direct) | Smith suggested a three-point plan he believed would prevent further supply chain attacks: Increasing intelligence sharing between government and the private sector, developing stronger international norms for acceptable behavior in cyberespionage, and finding harsher ways to hold governments accountable. | |||
|
2020-12-16 00:03:27 | Here are the critical responses required of all businesses after SolarWinds supply-chain hack (lien direct) | SolarWinds customers – over 300,000 of them, including most of the Fortune 500 – must determine what was breached, mitigate the damage before using the software again, and explore new supply chain safeguards. | Hack | ||
|
2020-12-15 00:05:15 | Spotify notifies customers of breach, files under CCPA (lien direct) | Streaming service Spotify has notified an unspecified number of its customers of a data breach, responding by resetting passwords on the accounts that were attacked. The company filed the breach under California's new privacy law, the California Consumer Privacy Act, which went into effect on Jan. 1. While the notice did not specify the precise… | |||
|
2020-12-11 22:17:37 | Employees 85% more likely to leak files today vs pre-COVID (lien direct) | The vast majority of that 85 percent are malicious insiders and the rest are caused by employee carelessness. | |||
|
2020-12-11 21:59:43 | New ransomware campaign exploits weak MySQL credentials to lock thousands of databases (lien direct) | Researchers have tracked 92 separate attacks since January, but the group's website indicates it has compromised tens of thousands of internet-exposed databases. | Ransomware | ||
|
2020-12-04 23:42:09 | Kmart, a vulnerable target, among those hit in Egregor ransomware attack spree (lien direct) | Kmart stores have dwindled in number since the company filed for bankruptcy in 2018. Some argue that makes the one-time retail giant a logical target. | Ransomware | ||
|
2020-12-04 13:24:34 | DeathStalker APT group seen in US for first time this year, targeting user devices (lien direct) | The notorious hacker-for-hire APT group DeathStalker was detected in the United States for the first time this year, Kaspersky has confirmed. Prior to today's report, the group had mostly been observed in Europe and Asia. In a release posted earlier today, Kaspersky researchers also reported that the attack featured a new strain of malware from… | Malware | ||
|
2020-12-01 02:32:29 | Belden hit by attack on company servers (lien direct) | The incident involved unauthorized access and copying of some current and former employee data, as well as limited company information about some business partners. | |||
|
2020-12-01 01:09:48 | Bandook malware found targeting \'unusually wide variety\' of industries, regions (lien direct) | Security researchers are warning that the once-dormant Bandook malware family is back and could possibly be part of a broader operation selling offensive hacking tools to governments and cybercriminal groups. | Malware | ||
|
2020-11-25 17:24:22 | Home Depot settles with state AGs for 2014 point-of-sale hack (lien direct) | Home Depot settled with the attorneys general of 45 states and the District of Columbia over a 2014 point-of-sale systems hack, agreeing to pay $17.5 million, states announced Tuesday. The Home Depot breach was, at the time, the largest reported breach in history, capturing 56 million credit cards. It came during a string of attacks… | Hack | ||
|
2020-11-24 20:28:56 | Popular apps leak data that adversaries could use to spy on targets (lien direct) | Two popular Baidu apps collect data that can surreptitiously track a user's location through Stingray devices or intercept phone calls and text messages. | |||
|
2020-11-20 23:33:57 | Websites requiring security software downloads opened door to supply chain attack (lien direct) | Does requiring users to download software as a precursor to being able to use one's website or online services – even if it's security software – introduce more risk than reward? | |||
|
2020-11-18 11:00:31 | How to prevent expensive data breaches in the cloud (lien direct) | Security has become a major concern for customers of cloud service storage providers as more organizations migrate sensitive data and services to the cloud. A recent Ermetic survey found that nearly 80 percent of companies had experienced at least one cloud data breach in the past 18 months, while 43 percent reported 10 or more… | Data Breach | ||
|
2020-11-18 01:30:20 | Attackers can abuse a misconfigured IAM role across 16 AWS services (lien direct) | Researchers at Palo Alto's Unit 42 have confirmed that they have compromised a customer's AWS cloud account with thousands of workloads. | |||
|
2020-11-13 22:03:44 | The five most common ways businesses get compromised by ransomware (lien direct) | Shadow IT, malicious email attachments, bad hygiene and other "low hanging fruit" continue to plague many businesses, according to incident response data from Red Canary. | Ransomware | ||
|
2016-10-31 21:10:03 | Invasion of the App Snatchers: Analyzing the Masque Attack that replaces apps with imposters (lien direct) | iPhones running on iOS 9.3.5 and earlier remain vulnerable to the Masque Attack, through which unscrupulous third-parties replace genuine App Store apps with their own malformed, yet seemingly authentic software programs. |
|||
|
2016-10-31 18:00:00 | Australian Red Cross data breach biggest in country\'s history (lien direct) | 1.3 million Australian Red Cross records leaked, exposing medical data |
|||
|
2016-10-31 16:26:53 | Phishing emails promising invites to cybersecurity conference actually dispersing malware (lien direct) | Threat actors have been discovered trying to infect security-minded individuals with a trojan downloader by sending spear phishing emails that offer free invitations to Palo Alto Networks' Cyber Security Summit in Jakarta, Indonesia. |
|||
|
2016-10-31 16:00:00 | Student discovers security flaw in Virgin Media recruitment system (lien direct) | A student has discovered a security vulnerability in the software which Virgin Media uses for recruitment and job applications. |
|||
|
2016-10-31 15:58:42 | Shadow Brokers claim to leak NSA cyberespionage targets (lien direct) | The Shadow Brokers hacking group has leaked another batch NSA-linked data containing a list of servers linked to cyberespionage hacking programs. |
|||
|
2016-10-31 15:39:07 | EU privacy regulators query Yahoo CEO on breach (lien direct) | Yahoo CEO Marissa Mayer was sent a letter from a watchdog group overseeing privacy regulators in the European Union seeking answers on the affect of a massive breach the company experienced. |
Yahoo | ||
|
2016-10-29 13:00:00 | LTE vulnerabilities could allow attackers to reroute calls to malicious base station (lien direct) | A researcher from Chinese security firm Qihoo 360 has revealed details on a vulnerability in 4G LTE networks that, if exploited, could allow hackers to use fake, malicious base stations to perform man-in-the-middle attacks. |
|||
|
2016-10-25 20:48:19 | Mirai DDoS attacks not caused by state actors: FlashPoint (lien direct) | The Mirai DDoS attack that took down a slew of prominent websites last Friday was most likely initiated by users from hackforums[.]net and not a nation-state or cybercriminal organization, according to FlashPoint. |
|||
|
2016-10-21 17:00:00 | DDoS attack Friday hits Twitter, Reddit, Spotify and others (lien direct) | The East Coast was under siege on Friday morning from a large-scale distributed denial of service attack (DDoS) that brought down a number of prominent websites, including Twitter, Spotify, Netflix, GitHub, Amazon and Reddit. |
|||
|
2016-10-07 18:15:00 | Verizon looking to slice $1B off its purchase price of Yahoo following massive breach, source (lien direct) | Verizon is attempting to negotiate down its bid to buy Yahoo, shaving off $1 billion from its $4.8 billion agreement to purchase Yahoo's internet business. |
Yahoo | ||
|
2016-10-07 16:35:39 | Clinton Foundation donors targeted in phishing scheme (lien direct) | The Clinton Foundation is again being discussed in cybersecurity circles, but this time it is phishing emails aimed at donors and not hacks that is . |
|||
|
2016-10-07 16:09:51 | Consumer cybersecurity concerns cost U.K. economy billions, study (lien direct) | New study found UK consumers use fewer mobile apps out of cybersecurity concerns. |
|||
|
2016-10-07 16:04:02 | Central Ohio Urology Group reports 300K records compromised (lien direct) | The Central Ohio Urology Group reported that in early August it became aware of an incident where an unauthorized posted patient and employee information to Twitter. |
|||
|
2016-10-07 16:00:00 | Security concerns are inhibiting mobile payment adoption worldwide (lien direct) | More than half of global consumers believe mobile wallets are less secure than cash, but nearly 60 percent of executives say mobile money will build their business because it's safe. |
|||
|
2016-10-07 15:30:00 | Remote switch-on enlists Mac webcams as spies (lien direct) | Without users noticing, a new attack enables malware to switch on Apple webcams. |
|||
|
2016-10-07 15:30:00 | Ransomware became main threat to Android users in 1H 2016 (lien direct) | The Android SLocker ransomware family accounts for 16 percent of mobile malware in the UK. |
|||
|
2016-10-07 15:07:16 | Google repairs 78 Android vulnerabilities, seven critical (lien direct) | Google this week made available patches addressing 78 vulnerabilities, including seven critical flaws, the most severe of which could enable kernel-level remote code execution, resulting in a total device takeover. |
|||
|
2016-10-07 13:00:00 | Researchers send wireless logins through the human body (lien direct) | Researchers generated 'on-body' wireless data transmissions using commodity devices sensors such as fingerprint sensors or touchpads on mobile phones and laptops. |
|||
|
2016-10-07 12:30:00 | FastPOS malware goes modular, adds stealth to speed (lien direct) | As the holiday shopping season approaches, the newest iteration of point-of-sale malware FastPOS appears to have improved its evasion efforts by using modular architecture. |
|||
|
2016-10-06 21:49:07 | Microsoft fix-it script addresses Windows 10 Anniversary installation issues (lien direct) | Users had complained Windows 10 Anniversary wouldn't install on their computers. |
|||
|
2016-10-06 21:00:00 | iPhone 7s arrive logged into strangers\' Apple IDs, iOS 10 browser raises privacy concerns (lien direct) | An unusual glitch is reportedly affecting Apple customers that recently purchased new iPhones private browsing flaw in iOS 10 isn't as bad as it seems. |
|||
|
2016-10-06 20:37:31 | Brazilian cybercriminals add a human touch to their phishing schemes (lien direct) | Brazilian cybercriminals are now duping their victims into entering into a live chat by pretending to be part of a bank's customer service department in order to quickly extract critical personal information. |
To see everything:
Our RSS (filtrered)
