Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-26 15:42:17 |
Synology: Multiple products impacted by OpenSSL RCE vulnerability (lien direct) |
Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-26 14:28:38 |
FBI shares technical details for Hive ransomware (lien direct) |
The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-26 13:17:28 |
Western Digital confirms speed crippling SN550 SSD flash change (lien direct) |
Western Digital has confirmed that it changed the NAND flash memory in one of its most popular M.2 NVMe SSD models, the WD Blue SN550, which crippled writing speeds according to several reports, leading to a 50% performance hit. [...] |
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-26 11:27:22 |
Microsoft and Google to invest billions to bolster US cybersecurity (lien direct) |
Executives and leaders from big tech, education, the finance sector, and infrastructure have committed to bolstering US interests' security during yesterday's White House cybersecurity summit. [...] |
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-26 11:10:48 |
Kaseya patches Unitrends server zero-days, issues client mitigations (lien direct) |
American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-26 09:05:41 |
Microsoft accidentally lowers OneDrive for Business storage limits (lien direct) |
Microsoft is investigating an ongoing issue impacting OneDrive for Business customers and causing their storage space to shrink down to the default setting or switching them to read-only mode, forcing some to delete files to free up space to work on their projects. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-25 16:19:51 |
(Déjà vu) Microsoft: ProxyShell bugs “might be exploited,” patch servers now! (lien direct) |
Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-25 15:15:00 |
Microsoft will add secure preview for Office 365 quarantined emails (lien direct) |
Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-25 14:58:35 |
Critical F5 BIG-IP bug impacts customers in sensitive sectors (lien direct) |
BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-25 12:54:49 |
New Hampshire town loses $2.3 million to overseas scammers (lien direct) |
Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-25 11:02:59 |
Ethereum urges Go devs to fix severe chain-split vulnerability (lien direct) |
Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-25 09:00:00 |
FIN8 cybercrime gang backdoors US orgs with new Sardonic malware (lien direct) |
A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-24 19:46:32 |
Fake OpenSea support staff are stealing cryptowallets and NFTs (lien direct) |
OpenSea users are being targeted in an ongoing and aggressive Discord phishing attack to steal cryptocurrency funds and NFTs. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-24 18:32:03 |
Windows 10 KB5005932 fixes devices that can\'t install new updates (lien direct) |
Microsoft has released the Windows 10 KB5005932 setup update to fix '"PSFX_E_MATCHING_BINARY_MISSING" errors when attempting to install the latest cumulative updates. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-24 16:28:41 |
Samsung can remotely disable their TVs worldwide using TV Block (lien direct) |
Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-24 14:54:17 |
(Déjà vu) SteelSeries bug gives Windows 10 admin rights by plugging in a device (lien direct) |
The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-24 14:54:17 |
SteelSeries software makes you Windows 10 admin with or without a real device (lien direct) |
The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-24 14:16:16 |
Ransomware gang\'s script shows exactly the files they\'re after (lien direct) |
A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-24 13:12:34 |
Malicious WhatsApp mod infects Android devices with malware (lien direct) |
A malicious version of the FMWhatsappWhatsApp mod delivers a Triadatrojan payload, a nasty surprise that infects their devices with additional malware, including the very hard-to-remove xHelper trojan. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-24 09:23:35 |
New zero-click iPhone exploit used to deploy NSO spyware (lien direct) |
Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-23 18:17:49 |
FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020 (lien direct) |
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. [...] |
Ransomware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-23 17:17:23 |
Phishing campaign uses UPS.com XSS vuln to distribute malware (lien direct) |
A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [...] |
Malware
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-23 16:14:20 |
Botnet targets hundreds of thousands of devices using Realtek SDK (lien direct) |
A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-23 15:30:59 |
Hacker gets 500K reward for returning stolen cryptocurrency (lien direct) |
The saga of what has been dubbed the biggest hack in the world of decentralized finance appears to be over as Poly Network recovered more than $610 million in cryptocurrency assets it lost two weeks ago and the hacker received a $500,000 bounty for returning the money. [...] |
Hack
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-23 12:16:54 |
Nokia subsidiary discloses data breach after Conti ransomware attack (lien direct) |
SAC Wireless, a US-based and independently-operating Nokia company subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. [...] |
Ransomware
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-23 10:49:35 |
CISA warns admins to urgently patch Exchange ProxyShell bugs (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-22 18:56:47 |
How to customize Windows 11 appearance with these tools (lien direct) |
Windows 11 is arriving later this year and it's currently available to testers in the Windows Insider program. If you've already installed the new operating system and you want to get the most out of Windows 11, you can try the third-party programs highlighted in this article. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-22 12:40:59 |
Razer bug lets you become a Windows 10 admin by plugging in a mouse (lien direct) |
A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-22 10:00:00 |
Microsoft shares guidance on securing Windows 365 Cloud PCs (lien direct) |
Microsoft has shared guidance on securing Windows 365 Cloud PCs and more info on their built-in security capabilities. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-21 11:45:26 |
Microsoft now offers Windows 11 preview on Azure Virtual Desktop (lien direct) |
Starting this week, Microsoft customers can use the Azure Virtual Desktop (formerly Windows Virtual Desktop) to virtualize a Windows 11 preview desktop on Azure virtual machines. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-21 11:05:27 |
(Déjà vu) Microsoft Exchange servers being hacked by new LockFile ransomware (lien direct) |
A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-21 11:05:27 |
LockFile ransomware attacks Microsoft Exchange with ProxyShell exploits (lien direct) |
A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-21 09:47:11 |
How to download the Windows 11 ISO from Microsoft (lien direct) |
Microsoft has released Windows 11 ISO images this week, and as it's always smart to have a copy of the operating system media to resolve critical problems, we will explain how you can download the Windows 11 ISO directly from Microsoft. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 18:42:24 |
The Week in Ransomware - August 20th 2021 - Exploiting Windows (lien direct) |
Ransomware gangs continue to attack schools, companies, and even hospitals worldwide with little sign of letting up. Below we have tracked some of the ransomware stories that we are following this week. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 16:33:29 |
Hands on with the new Windows 11 Focus Sessions feature (lien direct) |
As people continue to work remotely, staying focused on the task at hand can be challenging, especially when working at home. This article goes hands-on with a new Windows 11 feature called 'Focus Sessions' that aims to keep people focused while performing a particular task. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 15:07:51 |
LockFile ransomware uses PetitPotam attack to hijack Windows domains (lien direct) |
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. [...] |
Ransomware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 14:02:45 |
SynAck ransomware decryptor lets victims recover files for free (lien direct) |
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 12:50:05 |
HTTP DDoS attacks reach unprecedented 17 million requests per second (lien direct) |
A distributed denial-of-service (DDoS) attack earlier this year takes the top spot for the largest such incident, peaking at 17.2 million requests per second (rps). [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 12:30:05 |
T-Mobile data breach just got worse - now at 54 million customers (lien direct) |
The T-Mobile data breach keeps getting worse as an update to their investigation now reveals that cyberattack exposed over 54 million individuals' data. [...] |
Data Breach
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 11:06:07 |
Pegasus iPhone hacks used as lure in extortion scheme (lien direct) |
A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 09:43:40 |
AT&T denies data breach after hacker auctions 70 million user database (lien direct) |
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [...] |
Data Breach
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-20 03:29:33 |
Social account thief goes to prison for stealing, trading nude photos (lien direct) |
A New York man received a three year sentence in federal prison for hacking social media accounts of dozens of female college students and stealing nude photos and videos of them. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-19 15:32:48 |
CEO tried funding his startup by asking insiders to deploy ransomware (lien direct) |
Likely inspired by the LockBit ransomware gang, a Nigerian threat actor tried their luck with a $1 million payment lure to recruit an insider to detonate a ransomware payload on the company servers. [...] |
Ransomware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-19 14:30:33 |
New unofficial Windows patch fixes more PetitPotam attack vectors (lien direct) |
A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsoft's official security update. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-19 13:57:48 |
(Déjà vu) Microsoft releases the first official Windows 11 ISOs (lien direct) |
Microsoft has finally released the first official ISOs for Windows 11, allowing users to perform clean installs of the new operating system. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-19 13:57:48 |
Microsoft releases the first official Window 11 ISOs (lien direct) |
Microsoft has finally released the first official ISOs for Windows 11, allowing users to perform clean installs of the new operating system. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-19 13:30:00 |
Hackers can bypass Cisco security products in data theft attacks (lien direct) |
Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-19 12:52:06 |
You can post LinkedIn jobs as almost ANY employer - so can attackers (lien direct) |
Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer-no verification needed. And worse, the employer cannot easily take these down. [...] |
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-19 12:52:06 |
You can post LinkedIn jobs as ANY employer - so can attackers (lien direct) |
Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer-no verification needed. Now, that might be nothing new, the feature and lax verification on career websites pave the ways for attackers to post bogus listings for malicious purposes. [...] |
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-08-19 08:00:00 |
CISA shares guidance on how to prevent ransomware data breaches (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [...] |
Ransomware
|
|
|