SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-03-30 16:56:49	Utilisez-vous des logiciels Comms à partir de 3CX?Que faire ensuite après un coup de fouet dans l'attaque de la chaîne d'approvisionnement [Do you use comms software from 3CX? What to do next after biz hit in supply chain attack] (lien direct)	Les mécréants ont frappé les clients en aval avec les infostelleurs Deux sociétés de sécurité ont trouvé ce qu'ils croient être une attaque en chaîne d'approvisionnement contre le fabricant de logiciels de communication 3CX & # 8211;et le boss du fournisseur \\ conseille aux utilisateurs de passer à l'application Web progressive jusqu'à ce que le client de bureau 3CX soit mis à jour.… Miscreants hit downstream customers with infostealers Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX – and the vendor\'s boss is advising users to switch to the progressive web app until the 3CX desktop client is updated.…			★★
	2023-03-30 06:29:13	AVERTISSEMENT: Vos réseaux sans fil peuvent divulguer des données grâce à l'ambiguïté des spécifications Wi-Fi [Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity] (lien direct)	comment quelqu'un peut faire tamponner des informations, par Hook ou par KR00K l'ambiguïté dans la spécification Wi-Fi a laissé les piles de réseautage sans fil dans divers systèmes d'exploitation vulnérables à plusieurs attaques qui ont le potentiel d'exposer le réseautrafic.… How someone can nab buffered info, by hook or by kr00k Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic.…	Vulnerability		★★
	2023-03-30 05:33:05	Google (en quelque sorte) perd dans l'appel antitrust indien [Google (sort of) loses in Indian antitrust appeal] (lien direct)	161 millions de dollars amende de gifles sur les étapes, mais les restrictions majeures sont atténuées l'appel de Google à un tribunal indien concernant l'abus présumé de la position dominante de la Chocolate Factory \\Dans le marché Android, a entraîné la suppression de certaines directives antitrust, mais n'a apporté aucun soulagement d'une amende de 161 millions de dollars… $161 million slap-on-the-wrist fine stands, but major restrictions are eased Google\'s appeal to an Indian tribunal regarding alleged abuse of the Chocolate Factory\'s dominant position in the Android market resulted in the removal of some antitrust directives, but brought no relief from a $161 million fine.…	Legislation		★★★
	2023-03-30 04:40:47	Une autre année, un autre gang nord-coréen dépassant les logiciels malveillants et crypto-vole nommé [Another year, another North Korean malware-spreading, crypto-stealing gang named] (lien direct)	mandiant identifie \\ 'modérément sophistiqué \' mais \\ 'prolifique \' apt43 comme la menace mondiale la tenue de sécurité récemment acquise de Google Cloud \\ a nommé un nouveau méchant de NorthCorée: un gang de cybercriminalité, il appelle APT43 et accuse un déchaînement de cinq ans.… Mandiant identifies \'moderately sophisticated\' but \'prolific\' APT43 as global menace Google Cloud\'s recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage.…	Studies Prediction	APT 43	★★
	2023-03-30 01:30:14	Malware déguisé en Browser Tor vole 400 000 $ en cryptocoque [Malware disguised as Tor browser steals $400k in cryptocash] (lien direct)	Méfiez-vous des téléchargements tiers Le malware d'injecteur de presse-papiers déguisé en installateurs de navigateur Tor a été utilisé pour voler environ 400 000 $ en crypto-monnaie de près de 16 000 utilisateurs dans le monde jusqu'à présent en 2023, selon les chercheurs de Kaspersky.… Beware of third party downloads Clipboard-injector malware disguised as Tor browser installers has been used to steal about $400,000 in cryptocurrency from nearly 16,000 users worldwide so far in 2023, according to Kaspersky researchers.…	Malware		★★
	2023-03-29 00:44:08	US Cyber Spymaster appelle Tiktok China \\ 'S \\' Trojan Horse \\ ' [US cyber spymaster calls TikTok China\\'s \\'Trojan horse\\'] (lien direct)	Ce n'est pas un pistolet fumant, il \\ 's \' un pistolet chargé \\ 'suggère que Rob Joyce Tiktok est la Chine \' s "Trojan Horse, "Selon Rob Joyce, qui dirige l'unité de cybersécurité de l'Agence de sécurité nationale d'Amérique.… It\'s not a smoking gun, it\'s \'a loaded gun\' suggests NSA\'s Rob Joyce TikTok is China\'s "Trojan horse," according to Rob Joyce, who heads the cyber security unit of America\'s National Security Agency. …			★★
	2023-03-28 22:38:57	Apple corrige tous les ithings, y compris l'attaque iOS 15 sous attaque en ce moment [Apple patches all the iThings, including iOS 15 hole under attack right now] (lien direct)	Numéro identifié en février, mais les propriétaires de l'ancien kit n'étaient pas avertis Happy Patch tarteUne vulnérabilité dans les périphériques iOS plus anciens que Igiant croit en attaque dès maintenant.…	Vulnerability		★★★
	2023-03-28 20:31:44	Google à nouveau accusé de détruire volontairement des preuves dans Android Antitrust Battle [Google again accused of willfully destroying evidence in Android antitrust battle] (lien direct)	Vous commencez à voir un modèle ici?Le juge semble le penser les histoires de chat Google remises par le géant du Web dans le litige antitrust Android en cours révèlent que le BIZ a systématiquement détruit les preuves, selon ceux qui poursuivent le Big G.… Starting to see a pattern here? Judge seems to think so Google Chat histories handed over by the web giant in ongoing Android antitrust litigation reveal the biz has been systematically destroying evidence, according to those suing the big G.…			★★
	2023-03-28 02:45:07	Le président américain Biden Biden interdit principalement les logiciels espions commerciaux [US president Biden kind of mostly bans commercial spyware] (lien direct)	L'ordre exécutif a des lacunes pour les logiciels espions du gouvernement ou les logiciels espions commerciaux de fabrication américaine Le président américain Joe Biden a publié lundi un décret exécutif sur l'interdiction d'utiliser le gouvernement américain de logiciels espions commerciaux qui présente des risques pour la sécurité nationale & # 8211;Un titre qui n'est pas aussi simple qu'il semble.… Executive Order has loopholes for government spyware or American-made commercial spyware US president Joe Biden on Monday issued an Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security – a title that is not quite as simple it seems.…			★
	2023-03-24 01:05:10	Oncle Sam révèle qu'il a envoyé des cyber-soldateurs en Albanie pour chasser les menaces iraniennes [Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats] (lien direct)	\\ 'Hunt Forward \' Teams de ce tri aide à la défense et découvrez comment les attaquants comme Téhéran opèrent Les cyber-opérateurs américains ont confirmé avoir effectué une mission défensive en ligne en Albanie, en réponseà l'an dernier, les cyberattaques de \\ contre le gouvernement local… \'Hunt forward\' teams of this sort aid with defense and learn how attackers like Tehran operate US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year\'s cyber attacks against the local government.…	Threat General Information Legislation		★★★
	2023-03-23 09:02:06	Les attaquants ont frappé Bitcoin ATM pour voler 1,5 million de dollars en espèces crypto [Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash] (lien direct)	Le fabricant de terminaux généraux octets ferme ses activités cloud après la deuxième violation en sept mois Les mécréants non identifiés ont siphoné la crypto-monnaie évaluée à plus de 1,5 million de dollars de bitcoin ATM en exploitant une faille inconnue dans les systèmes de livraison de Digicash.…	General Information Cloud		★★
	2023-03-23 02:29:11	La Corée du Sud amende McDonald \\ pour la fuite de données de la part de SMB brute [South Korea fines McDonald\\'s for data leak from raw SMB share] (lien direct)	Le tabac britannique américain, Samsung, a également borgé sa Commission de protection de l'information personnelle de l'infosec de la Corée du Sud a infligé une amende à McDonald \\, British American Tobacco et Samsung pour les violations de confidentialité.…	Data Breach		★★★
	2023-03-22 07:32:10	Les acteurs inconnus déploient des logiciels malveillants pour voler des données dans les régions occupées de l'Ukraine [Unknown actors deploy malware to steal data in occupied regions of Ukraine] (lien direct)	Si c'est le travail de Kyiv \\, la Russie peut Crimea River Une campagne de cyber-espionnage ciblant les organisations dans les régions occupées par Russie de l'Ukraine utilise de nouveaux logiciels malveillants pour voler des données, selon la RussieVendeur logiciel infosec Kaspersky.…	Malware		★★★
	2023-03-21 05:58:12	Google suspends top Chinese shopping app Pinduoduo (lien direct)	allègue qu'il est infecté par des logiciels malveillants & # 8211;Mais pas la version dans son propre bazar Tat Digital Google a suspendu l'application de shopping chinoise Pinduoduo depuis son Play Store parce que les versions du logiciel trouvé ailleurs ont inclus des logiciels malveillants.…	Malware		★★★★
	2023-03-21 03:58:05	Australian FinTech takes itself offline to deal with cyber incident that caused data leak (lien direct)	Latitude blâme un vendeur majeur \\ 'pour ses malheurs.Est-ce un vendeur?Un nuage?Qui qu'ils soient, ils sont en difficulté Latitude Financial a blâmé un fournisseur pour des créances de créances qui ont provoqué une vaste étiquette australienne de la fuite de la Latitude Financial se sont hors ligne, et ont même cessé de servir les clients, alors qu'il essaiePour nettoyer une attaque sur ses systèmes.… Latitude blames a \'major vendor\' for its woes. Is that a vendor? A cloud? Whoever they are, they\'re in trouble Latitude Financial has blamed a supplier for leaking creds that caused vast PII leak Australian outfit Latitude Financial has taken itself offline, and even stopped serving customers, while it tries to clean up an attack on its systems.…			★★
	2023-03-17 20:35:03	Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs (lien direct)	Four flaws open mobiles, cars to remote-control at baseband level with just a phone number Google security analysts have warned Android device users that several zero-day vulnerabilities in some Samsung chipsets could allow an attacker to completely hijack and remote-control their handsets knowing just the phone number.…	Vulnerability		★★★
	2023-03-17 01:00:06	Here\'s how Chinese cyber spies exploited a critical Fortinet bug (lien direct)	Looks to be the same baddies attacking VMware hypervisors last year Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers.…	Malware		★★
	2023-03-16 16:31:10	ReMarkable emits Type Folio keyboard cover for e-paper tablet (lien direct)	Distraction-free long-life e-ink handheld writing tool becomes a typing tool too... but leaves us conflicted Norwegian e-ink tablet maker reMarkable has launched the Type Folio, a keyboard cover, causing one Reg hack to feel strangely conflicted.…	Hack Tool		★★
	2023-03-14 00:00:26	LockBit brags: We\'ll leak thousands of SpaceX blueprints stolen from supplier (lien direct)	And also, Ring hit with ransomware, too? Ransomware gang Lockbit has boasted it broke into Maximum Industries, which makes parts for SpaceX, and stole 3,000 proprietary schematics developed by Elon Musk's rocketeers.…	Threat		★★★
	2023-03-10 03:45:46	Data protection vendor Acronis admits to 12GB data leak (lien direct)	Company CISO acknowledges compromise of a single customer's creds, says incident is contained The CISO of Swiss cybersecurity firm Acronis has acknowledged a breach of the company's systems but stated the incident only impacted a single customer and that all other data remains safe.…			★★
	2023-03-10 01:33:05	FBI and international cops catch a NetWire RAT (lien direct)	Malware-seekers were diverted to the Feds, severing a Croatian connection International law enforcement agencies have claimed another victory over cyber criminals, after seizing the website, and taking down the infrastructure operated by crims linked to the NetWire remote access trojan (RAT).…			★★★
	2023-03-09 21:27:12	US House reps, staff health data swiped in cyber-heist (lien direct)	Data for sale via dark web, Senate in line of fire, too Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now up for sale on the dark web.…			★★
	2023-03-09 18:27:06	Refreshed from its holiday, Emotet has gone phishing (lien direct)	Notorious botnet starts spamming again after a three-month pause Emotet is back. After another months-long lull since a spate of attacks in November 2022, the notorious malware operation that has already survived a law enforcement takedown and various periods of inactivity began sending out malicious emails on Tuesday morning.…	Malware		★★
	2023-03-09 02:26:12	Suspected Chinese cyber spies target unpatched SonicWall devices (lien direct)	They've been lurking in networks since at least 2021 Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.…	Malware		★★★
	2023-03-08 00:01:13	These DrayTek routers are under actual attack – and there\'s no patch (lien direct)	Workaround: Throw away kit? If you're still running post-support DrayTek Vigor routers it may be time to junk them, or come up with some other workaround, as a cunning malware variant is setting up shop in the kit.…	Malware		★★
	2023-03-07 02:04:40	EPA orders US states to check cyber security of public water supplies (lien direct)	Don't let miscreants poison the wells The US government is requiring states to assess the cyber security capabilities of their drinking water systems, part of the White House's broader efforts to protect the nation's critical infrastructure from attacks by nation-states and other cyber threats.…			★★★
	2023-03-06 21:45:08	DoppelPaymer ransomware suspects cuffed, alleged ringleaders escape (lien direct)	Millions extorted from victims, one attack left hospital patient dead German and Ukrainian cops have arrested suspected members of the DoppelPaymer ransomware crew and issued warrants for three other "masterminds" behind the global operation that extorted tens of millions of dollars and may have led to the death of a hospital patient.…	Ransomware		★★
	2023-03-06 03:01:08	Where are the women in cyber security? On the dark side, study suggests (lien direct)	Also, Royal ransomware metastasizes to other critical sectors, and this week's critical vulnerabilities In Brief If you can't join them, then you may as well try to beat them – at least if you're a talented security engineer looking for a job and you happen to be a woman. …	Ransomware		★★★
	2023-03-03 18:30:40	Frankenstein malware stitched together from code of others disguised as PyPI package (lien direct)	Crime-as-a-service vendors mix and match components as needed by client A malicious package discovered in the Python Package Index (PyPI) is the latest example of what threat hunters from Kroll called the continued "democratization of cybercrime," with the bad guys creating malware variants from the code of others.…	Malware Threat		★★
	2023-03-03 17:00:27	Can we interest you in a $10 pocket calculator powered by Android 9? (lien direct)	Beware, it only has 3GB free and may go up to – yikes! – $23 A Chinese vendor is offering a pocket calculator that runs a full copy of Android 9 – complete with Wi-Fi. It costs ¥69, about 10 bucks.…			★★
	2023-03-03 11:33:13	Warning on SolarWinds-like supply-chain attacks: \'They\'re just getting bigger\' (lien direct)	Industry hasn't 'improved much at all' SCSW Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel.…	Hack		★★★
	2023-03-03 00:32:15	Crappy insecure software in Biden\'s crosshairs (lien direct)	Just-revealed US cybersecurity strategy 'has fangs' for catching crafty criminals and crummy coders Analysis Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other illicit activities, under the Biden administration's computer security plan announced on Thursday.…	Ransomware		★★★
	2023-03-02 13:27:00	Intruder alert: UK retailer WH Smith hit by another data leak (lien direct)	Less than a year after Funky Pigeon sprayed details of greetings cards biz Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems.…			★★
	2023-03-01 21:30:06	It\'s official: BlackLotus malware can bypass Secure Boot on Windows machines (lien direct)	The myth 'is now a reality' BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.…	Malware		★★
	2023-02-28 06:59:07	US Marshals Service leaks \'law enforcement sensitive information\' in ransomware incident (lien direct)	It's not just another data breach when the victim oversees witness protection programs The US Marshals Service, the enforcement branch of the nation's federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection and exfiltration of “law-enforcement sensitive information”.…	Ransomware Data Breach		★
	2023-02-27 04:59:09	Global finance wonks worry financial services too invested in outsourcers, Big Tech (lien direct)	Not keen on crypto, either – and looking forward to consistent language on cyber incidents Finance ministers from the G20 bloc have put their names to a document that expresses concern financial services industries have become worryingly reliant on Big Tech, and their resilience could suffer as a result.…			★★
	2023-02-24 15:30:11	Rugged satellite messaging phone Bullitt fired out ahead of MWC (lien direct)	Plus Bluetooth gadget that gives your Android or iPhone the same ability MWC Ruggedized handset maker Bullitt Group has lifted the lid on its first smartphone with satellite messaging ahead of MWC next week, as well as a Bluetooth dongle from Motorola that provides the same capability for any iOS or Android phone.…			★★★
	2023-02-24 07:27:08	European Commission bans TikTok from staff gadgets (lien direct)	Cyber Europe cyber worried about cyber threats, doesn't cyber use the other C word (China) The European Commission on Thursday banned the use of the TikTok short video app on corporate devices and on the personal devices of employees enrolled in the commission's mobile device management service.…			★★
	2023-02-23 23:30:05	Suspected Russian NLBrute malware boss extradited to US (lien direct)	Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations that he used the tool to spawn a criminal empire.…	Malware Tool		★★★
	2023-02-22 23:59:24	Microsoft deploys AI search bot to Bing, Edge, and Skype mobile apps (lien direct)	Cap on daily interactions also lifted slightly – to 60 questions per day Microsoft is integrating its Bing chatbot into iOS and Android apps, allowing users to access AI-powered search features on mobile devices. …			★★
	2023-02-22 20:30:12	No, ChatGPT didn\'t win a hacking competition prize…yet (lien direct)	$20k Pwn2Own prize for the humans, zero for the AI It was bound to happen sooner or later. For the first time ever, bug hunters used ChatGPT in a successful Pwn2Own exploit, helping the researchers to hack software used in industrial applications and win $20,000.…	Hack Industrial	ChatGPT	★★★
	2023-02-21 05:14:22	APNIC calls in lawyers to handle election code of conduct breach allegations (lien direct)	Threats to voters also reported as vote for regional internet registry heats up Regional internet registry the Asia Pacific Network Information Centre (APNIC) has appointed external lawyers to consider allegations of multiple breaches of its election nominee code of conduct, including threats related to the election.…			★★
	2023-02-20 22:00:08	Humans strike back at Go-playing AI systems (lien direct)	Amateur fleshbag defeats synthetic in 14 of 15 games Think that puny humans don't stand a chance when playing strategy games against an AI? You may have to think again. One person in the US beat an AI at the ancient game of Go by simply distracting it from the attack he was making, a tactic that would be unlikely to work on another meatbag.…			★★
	2023-02-20 20:30:11	DNA testing biz vows to improve infosec after criminals break into database it forgot it had (lien direct)	Settles lawsuit with two states after wider leak that affected millions A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old "legacy" database the company forgot it had.…			★★
	2023-02-20 02:27:10	GoDaddy joins the dots and realizes it\'s been under attack for three years (lien direct)	Also: Russia may legalize hacking; Oakland declares ransomware emergency; the CVEs you should know about this week In brief Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020.…	Ransomware		★★★★
	2023-02-19 23:32:24	Toshiba COO dumped over entertainment expenses scandal (lien direct)	PLUS: Chinese province to buy four million servers; Google Cloud's nine-day APAC network glitch; and more Asia In Brief Amid an investigation into his entertainment expenses, the chief operating officer of scandal-ridden Japanese tech giant Toshiba, Goro Yanase, resigned last week.…			★★
	2023-02-19 09:00:07	If you\'re struggling to secure email forwarding, it\'s not you, it\'s ... the protocols (lien direct)	Eggheads prove they can mimic messages and bag bug bounty bucks Analysis Over the past two decades, efforts have been made to make email more secure. Alas, defensive protocols implemented during this period, such as SPF, DKIM, and DMARC, remain unable to deal with the complexity of email forwarding and differing standards, a study has concluded.…			★★
	2023-02-17 22:30:06	(Déjà vu) FBI contains \'isolated cyber incident\' on its network (lien direct)	Move along, totally nothing to see here The FBI has confirmed a cyber "incident" that reportedly involved computer systems being used to investigate child sexual exploitation.…			★★
	2023-02-17 22:30:06	FBI says its contained an \'isolated cyber incident\' on its network (lien direct)	Move along, nothing to see here The FBI confirmed a cyber "incident" that reportedly involved computer systems being used to investigate child sexual exploitation.…			★★
	2023-02-17 10:30:08	Cry Havoc and let slip dogs of war ... there\'s an upgraded malware server in town (lien direct)	ThreatLabz finds free alternative to Cobalt Strike and other tools used in the wild There's a fresh open-source command-and-control (C2) framework on the loose, dubbed Havoc, as an alternative to the popular Cobalt Strike, and other mostly legitimate tools, that have been abused to spread malware.…	Malware		★★

Last update at: 2024-05-03 02:07:39
See our sources.

To see everything: Our RSS (filtrered)