What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-14 15:38:35 | DHS announces \'Hack DHS\' bug bounty program for vetted researchers (lien direct) | The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed "Hack DHS" that allows vetted cybersecurity researchers to find and report security vulnerabilities in external DHS systems. [...] | |||
|
2021-12-14 14:12:20 | (Déjà vu) Windows 11 KB5008215 update released with application, VPN fixes (lien direct) | Microsoft has released the Windows 11 KB5008215 cumulative update to fix security vulnerabilities and bugs introduced in previous versions. [...] | |||
|
2021-12-14 14:09:44 | Microsoft fixes Windows AppX Installer zero-day used by Emotet (lien direct) | Microsoft has patched a high severity Windows zero-day vulnerability exploited in the wild to deliver Emotet malware payloads. [...] | Malware Vulnerability | ||
|
2021-12-14 13:41:43 | (Déjà vu) Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws (lien direct) | Today is Microsoft's December 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 67 flaws. These updates include a fix for an actively exploited Windows Installer vulnerability used in malware distribution campaigns. [...] | Malware Vulnerability | ||
|
2021-12-14 13:37:24 | Windows 10 KB5008212 & KB5008206 updates released (lien direct) | Like the November release, this month's security updates include security fixes for November 2021 Update, May 2021 Update, October 2020 Update (version 20H2), and May 2020 Update (version 2004). It's also the last security update for version 2004, which has been retired today. [...] | |||
|
2021-12-14 13:01:29 | Microsoft rolls out end-to-end encryption for Teams calls (lien direct) | Microsoft announced today the general availability of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls. [...] | |||
|
2021-12-14 12:16:08 | Hackers steal Microsoft Exchange credentials using IIS module (lien direct) | Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. [...] | Threat | ||
|
2021-12-14 11:51:27 | EU Parliament adopts Digital Services Act, but concerns persist (lien direct) | The European Parliament's Internal Market and Consumer Protection Committee has adopted the Digital Services Act (DSA) proposal by 36 votes to 7 and 2 abstentions. [...] | |||
|
2021-12-14 11:25:04 | Anubis Android malware returns to target 394 financial apps (lien direct) | The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign. [...] | Malware | ||
|
2021-12-14 10:35:32 | Cyberattack on BHG opioid treatment network disrupts patient care (lien direct) | Opioid treatment network Behavioral Health Group suffered a cyberattack that led to an almost week-long disruption of IT systems and patient care. [...] | |||
|
2021-12-14 09:46:36 | CISA orders federal agencies to patch Log4Shell by December 24th (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch systems against the critical Log4Shell remote code execution vulnerability and released mitigation guidance in response to active exploitation. [...] | |||
|
2021-12-14 02:46:48 | Log4j: List of vulnerable products and vendor advisories (lien direct) | News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday. [...] | Vulnerability | ||
|
2021-12-13 17:31:38 | Google pushes emergency Chrome update to fix zero-day used in attacks (lien direct) | Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild. [...] | |||
|
2021-12-13 16:22:11 | (Déjà vu) TinyNuke info-stealing malware is again attacking French users (lien direct) | The info-stealing malware TinyNuke has re-emerged in a new campaign targeting French users with invoice-themed lures in emails sent to corporate addresses and individuals working in manufacturing, technology, construction, and business services. [...] | Malware | ||
|
2021-12-13 15:49:11 | Phishing campaign uses PowerPoint macros to drop Agent Tesla (lien direct) | A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. [...] | Malware | ||
|
2021-12-13 15:21:59 | Dell driver fix still allows Windows Kernel-level attacks (lien direct) | Dell's driver fix of the CVE-2021-21551 vulnerability leaves margin for catastrophic BYOVD attacks resulting in Windows kernel driver code execution. [...] | Vulnerability | ||
|
2021-12-13 12:57:29 | Kronos ransomware attack may cause weeks of HR solutions downtime (lien direct) | Workforce management solutions provider Kronos has suffered a ransomware attack that will likely disrupt many of their cloud-based solutions for weeks. [...] | Ransomware | ||
|
2021-12-13 12:05:13 | Attackers can get root by crashing Ubuntu\'s AccountsService (lien direct) | A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component. [...] | Vulnerability | ||
|
2021-12-13 11:04:44 | Bugs in billions of WiFi, Bluetooth chips allow password, data theft (lien direct) | Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component. [...] | |||
|
2021-12-13 09:09:02 | Ukraine arrests 51 for selling data of 300 million people in US, EU (lien direct) | Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe. [...] | |||
|
2021-12-13 07:51:05 | Police arrests ransomware affiliate behind high-profile attacks (lien direct) | Romanian law enforcement authorities arrested a ransomware affiliate suspected of hacking and stealing sensitive info from the networks of multiple high-profile companies worldwide, including a large Romanian IT company with clients from the retail, energy, and utilities sectors. [...] | Ransomware | ||
|
2021-12-13 06:54:54 | Malicious PyPI packages with over 10,000 downloads taken down (lien direct) | The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious packages are estimated to have generated over 10,000 downloads and mirrors put together, according to the researchers' report. [...] | |||
|
2021-12-12 18:07:20 | Hackers start pushing malware in worldwide Log4Shell attacks (lien direct) | Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we compiled the known payloads, scans, and attacks using the Log4j vulnerability. [...] | Malware Vulnerability Threat | ||
|
2021-12-12 10:00:00 | FTC: Americans lost $148 million to gift card scams this year (lien direct) | The US Federal Trade Commission (FTC) said Americans reported losing $148 million to gift card scams during the first nine months of 2021 following a major increase compared to last year. [...] | |||
|
2021-12-11 11:12:06 | Microsoft: These are the building blocks of QBot malware attacks (lien direct) | As QBot campaigns increase in size and frequency, researchers are looking into ways to break the trojan's distribution chain and tackle the threat. [...] | Malware | ||
|
2021-12-11 10:00:00 | Amazon explains the cause behind Tuesday\'s massive AWS outage (lien direct) | Amazon has published a post-event summary to shed some light on the root cause behind this week's massive AWS outage that took down a long list of high-profile sites and online services, including Ring, Netflix, Amazon Prime Video, and Roku. [...] | |||
|
2021-12-10 20:58:47 | Researchers release \'vaccine\' for critical Log4Shell vulnerability (lien direct) | Researchers from cybersecurity firm Cybereason has released a "vaccine" that can be used to remotely mitigate the critical 'Log4Shell' Apache Log4j code execution vulnerability running rampant through the Internet. [...] | Vulnerability | ||
|
2021-12-10 19:37:35 | The Week in Ransomware - December 10th 2021 - Project CODA (lien direct) | This week has quite a bit of ransomware news, including arrests, a new and sophisticated ransomware, and an attack bringing down 300 supermarkets in England. [...] | Ransomware | ||
|
2021-12-10 14:10:05 | Phishing attacks use QR codes to steal banking credentials (lien direct) | A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process. [...] | |||
|
2021-12-10 13:07:13 | Volvo Cars discloses security breach leading to R&D data theft (lien direct) | Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers. [...] | |||
|
2021-12-10 11:20:06 | Minecraft rushes out patch for critical Log4j vulnerability (lien direct) | Swedish video game developer Mojang Studios has released an emergency Minecraft security update to address a critical bug in the Apache Log4j Java logging library used by the game's Java Edition client and multiplayer servers. [...] | Vulnerability | ||
|
2021-12-10 09:12:25 | Australian govt raises alarm over Conti ransomware attacks (lien direct) | The Australian Cyber Security Centre (ACSC) says Conti ransomware attacks have targeted multiple Australian organizations from various industry verticals since November. [...] | Ransomware | ||
|
2021-12-10 06:00:00 | New \'Karakurt\' hacking group focuses on data theft and extortion (lien direct) | A sophisticated cybercrime group known as 'Karakurt' who has been quietly working from the shadows has had its tactics and procedures exposed by researchers who tracked recent cyberattacks conducted by the hackers. [...] | |||
|
2021-12-10 05:17:35 | Data breach impacts 80,000 South Australian govt employees (lien direct) | The South Australian government has admitted that the personal details of tens of thousands of its employees were compromised following a cyber-attack on an external payroll software provider. [...] | |||
|
2021-12-10 04:59:23 | New zero-day exploit for Log4j Java library is an enterprise nightmare (lien direct) | Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to remote code execution attacks. [...] | Vulnerability | ||
|
2021-12-10 03:29:43 | Massive attack against 1.6 million WordPress sites underway (lien direct) | Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. [...] | |||
|
2021-12-09 17:58:02 | Kali Linux 2021.4 released with 9 new tools, further Apple M1 support (lien direct) | Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktop. [...] | |||
|
2021-12-09 16:47:28 | ALPHV BlackCat - This year\'s most sophisticated ransomware (lien direct) | The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments. [...] | Ransomware | ||
|
2021-12-09 12:34:17 | Malicious Notepad++ installers push StrongPity malware (lien direct) | The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware. [...] | Malware | ||
|
2021-12-09 12:14:16 | Dark Mirai botnet targeting RCE on popular TP-Link router (lien direct) | The botnet known as Dark Mirai (aka MANGA) has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017. [...] | Vulnerability | ||
|
2021-12-09 11:21:47 | Microsoft, Google OAuth flaws can be abused in phishing attacks (lien direct) | Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. [...] | |||
|
2021-12-09 10:36:36 | Microsoft previews new endpoint security solution for SMBs (lien direct) | Microsoft Defender for Business, a new endpoint security solution specially built for small and medium-sized businesses (SMBs), is now rolling out in preview worldwide. [...] | |||
|
2021-12-09 08:58:50 | Cox discloses data breach after hacker impersonates support agent (lien direct) | Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers' personal information. [...] | Data Breach | ||
|
2021-12-09 08:40:09 | SanDisk SecureAccess bug allows brute forcing vault passwords (lien direct) | Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users' protected files. [...] | Vulnerability | ||
|
2021-12-09 07:47:15 | Fujitsu pins Japanese govt data breach on stolen ProjectWEB accounts (lien direct) | Fujitsu says the attackers behind the May data breach used a vulnerability in the company's ProjectWEB information-sharing tool to steal accounts from legitimate users and access proprietary data belonging to multiple Japanese government agencies. [...] | Data Breach Tool Vulnerability | ||
|
2021-12-09 06:00:00 | Hundreds of thousands of MikroTik devices still vulnerable to botnets (lien direct) | Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. [...] | Malware | ||
|
2021-12-09 03:22:11 | Windows \'InstallerFileTakeOver\' zero-day bug gets free micropatch (lien direct) | An unofficial patch is available for a zero-day vulnerability that is actively exploited in the wild to gain administrator privileges. [...] | Vulnerability | ||
|
2021-12-08 17:17:19 | Amazon is shutting down web ranking site Alexa.com (lien direct) | Amazon announced on Wednesday plans to shut down its global website ranking system and competitor analysis tool "Alexa.com", which has been available for 25 years. [...] | Tool | ||
|
2021-12-08 15:43:36 | New Windows 11 Voice Access lets you control the OS with your voice (lien direct) | Windows 11 is getting a new "Voice Access" feature to control the operating system using your voice and a microphone. [...] | |||
|
2021-12-08 15:18:44 | Windows 11 can now install WSL from the Microsoft Store (lien direct) | Microsoft has added the Windows Subsystem for Linux (WSL) as a separate app to the Microsoft Store with the release of Windows 11 Insider Preview Build 22518 to the Dev Channel. [...] |
To see everything:
Our RSS (filtrered)
