Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-27 10:47:08 |
Twitter will soon let you log in with your Google account (lien direct) |
Twitter has started testing a new feature that allows users to sign up for an account using their existing Google account. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-27 09:31:47 |
Google launches new Bug Hunters vulnerability rewards platform (lien direct) |
Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-27 08:25:48 |
Microsoft Teams now automatically blocks phishing attempts (lien direct) |
Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-26 17:21:00 |
Microsoft Defender ATP now secures removable storage, printers (lien direct) |
Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-26 15:41:30 |
Apple fixes zero-day affecting iPhones and Macs, exploited in the wild (lien direct) |
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-26 13:02:42 |
(Déjà vu) Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities (lien direct) |
Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-26 13:02:42 |
Researchers warn of unpatched Kaseya Unitrend backup vulnerabilities (lien direct) |
Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrend service and advise users not to expose the service to the Internet. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-26 09:24:59 |
No More Ransom saves almost €1 billion in ransomware payments in 5 years (lien direct) |
The No More Ransom project celebrates its fifth anniversary today after helping over six million ransomware victims recover their files and saving them almost €1 billion in ransomware payments. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-26 08:51:45 |
Signal fixes bug that sent random images to wrong contacts (lien direct) |
Signal has fixed a serious bug in its Android app that, in some cases, sent random unintended pictures to contacts without an obvious explanation. Although the issue was reported in December 2020, given the difficulty of reproducing the bug, it isn't until this month that a fix was pushed out. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-25 17:48:49 |
A closer look at Windows 11\'s recent changes (lien direct) |
Windows 11 was officially announced last month with a redesigned Start, taskbar and Action Center experience. At the moment, Windows 11 is available to testers in the Dev Channel of the Insider program. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-25 10:00:00 |
Microsoft 365 drops support for Internet Explorer 11 in August (lien direct) |
Microsoft has reminded customers that Microsoft 365 apps and services will drop support for the legacy Internet Explorer 11 (IE11) web browser next month, on August 17, 2021. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-24 19:38:49 |
(Déjà vu) Microsoft shares mitigations for new PetitPotam NTLM relay attack (lien direct) |
Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-24 19:38:49 |
Microsoft shares mitigations for new PetitPotam NTML relay attack (lien direct) |
Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-24 16:53:59 |
Microsoft\'s fix for Windows 10 gaming issues is coming soon (lien direct) |
With this release of Windows 10's March 2021 updates and subsequent updates, some users have been experiencing performance issues when playing games. These gaming issues include decreased frame rate, stuttering in certain games, and flickering textures. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-24 10:00:00 |
Windows 10 July security updates break printing on some systems (lien direct) |
Microsoft says customers may experience printing and scanning issues on devices using smart card (PIV) authentication after installing July 2021 Windows 10 security updates on a domain controller (DC). [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 16:54:03 |
New PetitPotam attack allows take over of Windows domains (lien direct) |
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 16:06:46 |
Fake Windows 11 installers now used to infect you with malware (lien direct) |
Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 15:29:55 |
MacOS malware steals Telegram accounts, Google Chrome data (lien direct) |
Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 14:33:18 |
The Week in Ransomware - July 23rd 2021 - Kaseya decrypted (lien direct) |
This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key. [...] |
Ransomware
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 14:18:52 |
Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots (lien direct) |
Apple has rolled out iOS 14.7 earlier this week with security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution. [...] |
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 14:00:44 |
Microsoft backtracks on Windows 11 using dark mode by default (lien direct) |
During the Inspire event, Microsoft announced that it would ship commercial Windows 11 SKUs in dark mode by default to support remote work. A week later, the company is backtracking on this decision. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 11:27:27 |
Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows (lien direct) |
Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes (K8s) clusters. [...] |
Threat
|
Uber
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 08:06:55 |
Twitter reveals surprisingly low two-factor auth (2FA) adoption rate (lien direct) |
Twitter has revealed in its latest transparency report that only 2.3% of all active accounts have enabled at least one method of two-factor authentication (2FA) between July and December 2020. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-23 02:22:27 |
Major news sites serve porn after vid.me domain takeover (lien direct) |
Major news sites including The Washington Post, New York Magazine, and HuffPost, saw their stories now displaying porn videos instead of the once-embedded intended ones. The fiasco happened as prominent websites relied on the now-defunct domain vid.me to embed streaming videos in their articles. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-22 17:38:43 |
Windows 11 update improves taskbar, Microsoft Store and more (lien direct) |
Microsoft has released a new build 22000.100 to Windows 11 Insiders in the Dev channel of the Windows Insider program. [...] |
|
|
★★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-22 13:46:59 |
Kaseya obtains universal decryptor for REvil ransomware victims (lien direct) |
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free. [...] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-22 12:39:24 |
Akamai DNS global outage takes down major websites, online services (lien direct) |
Akamai is investigating an ongoing outage affecting many major websites and online services including Steam, the PlayStation Network, Newegg, Cloudflare, AWS, Amazon, Google, and Salesforce. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-22 11:25:39 |
Ransomware gang breached CNA\'s network via fake browser update (lien direct) |
Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached its network, stole data, and deployed ransomware payloads in a ransomware attack that hit its network in March 2021. [...] |
Ransomware
Guideline
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-22 09:35:10 |
MITRE updates list of top 25 most dangerous software bugs (lien direct) |
MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-22 03:47:13 |
Atlassian asks customers to patch critical Jira vulnerability (lien direct) |
Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 17:17:53 |
TikTok, Snapchat account hijacker arrested for role in Twitter hack (lien direct) |
A fourth suspect has been arrested today for his role in the Twitter hack last year that gave attackers access to the company's internal network exposing high-profile accounts to hijacking. [...] |
Hack
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 14:42:16 |
CISA warns of stealthy malware found on hacked Pulse Secure devices (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 10:13:53 |
France warns of APT31 cyberspies targeting French organizations (lien direct) |
The French national cyber-security agency today warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 cyberespionage group. [...] |
|
APT 31
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 10:00:00 |
Chinese state hackers breached over a dozen US pipeline operators (lien direct) |
Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 09:00:00 |
NPM package steals Chrome passwords on Windows via recovery tool (lien direct) |
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access. [...] |
Malware
Tool
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 08:00:00 |
Google Chrome now comes with up to 50x faster phishing detection (lien direct) |
Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 06:20:41 |
XLoader malware steals logins from macOS and Windows systems (lien direct) |
A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 04:32:04 |
(Déjà vu) Microsoft shares workaround for Windows 10 SeriousSAM vulnerability (lien direct) |
Microsoft has shared a workaround for a Windows 10 zero-day vulnerability dubbed SeriousSAM that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-21 04:32:04 |
Microsoft shares workarounds for new Windows 10 zero-day bug (lien direct) |
Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-20 18:19:42 |
Microsoft Teams chat feature rolling out to Windows 11 (lien direct) |
With Windows 11, Microsoft is integrating the Microsoft Teams chatting feature into the Windows Taskbar. Microsoft Teams Chat feature is based on Microsoft Teams desktop client and Microsoft is basically extending Teams capability by bringing the dedicated button right to your taskbar. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-20 15:03:45 |
DuckDuckGo\'s new email privacy service forwards tracker-free messages (lien direct) |
DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-20 12:27:13 |
New Windows 10 vulnerability allows anyone to get admin privileges (lien direct) |
Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-20 12:21:46 |
New Linux kernel bug lets you get root on most modern distros (lien direct) |
Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-20 07:27:09 |
FBI: Threat actors may be targeting the 2020 Tokyo Summer Olympics (lien direct) |
The Federal Bureau of Investigation (FBI) warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered. [...] |
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-20 07:00:00 |
16-year-old bug in printer software gives hackers admin rights (lien direct) |
A 16-year-old security vulnerability found in HP, Xerox, and Samsung printers drivers allows attackers to gain admin rights on systems using the vulnerable driver software. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-20 06:47:16 |
Fortinet fixes bug letting unauthenticated hackers run code as root (lien direct) |
Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. [...] |
Vulnerability
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-20 04:00:00 |
New MosaicLoader malware targets software pirates via online ads (lien direct) |
An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates' systems. [...] |
Malware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-19 16:50:21 |
iPhone WiFi bug morphs into zero-click hacking, but there\'s a fix (lien direct) |
Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. [...] |
|
|
★★★★★
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-19 14:48:53 |
Microsoft takes down domains used to scam Office 365 users (lien direct) |
Microsoft's Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company's customers. [...] |
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2021-07-19 10:44:21 |
US indicts members of Chinese-backed hacking group APT40 (lien direct) |
Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. [...] |
Industrial
|
APT 40
|
|