What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-09 21:15:11 | Python Package Index found stuffed with AWS keys and malware (lien direct) | British developer uses homegrown scanning tool to check for risks The Python Package Index, or PyPI, continues to surprise and not in a good way.… | Malware Tool | ★★ | |
|
2023-01-09 20:30:12 | US Supremes deny Pegasus spyware maker\'s immunity claim (lien direct) | NSO maintains that it's all legit The US Supreme Court has quashed spyware maker NSO Group's argument that it cannot be held legally responsible for using WhatsApp technology to deploy its Pegasus snoop-ware on users' phones.… | ★★ | ||
|
2023-01-06 15:30:06 | Dridex malware pops back up and turns its attention to macOS (lien direct) | Malware testers spot attempt to attack Macs. But (try not to weep for the bad guys) there are still compatibility issues with MS exe files A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents.… | Malware | ★★★ | |
|
2023-01-05 23:40:42 | Rackspace blames ransomware woes on zero-day attack (lien direct) | Play gang blamed, ProxyNotShell cleared and hosted Exchange doomed Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack.… | Ransomware | ★★ | |
|
2023-01-05 20:45:05 | FCC suggests licensing 5GHz spectrum to drone operators (lien direct) | What's the WiFly password again? The US Federal Communications Commission (FCC) is considering opening a swath of 5GHz spectrum up for use by the growing number of unmanned aerial vehicles and drones.… | ★ | ||
|
2023-01-05 17:45:08 | Lenovo adds rugged ThinkPhone to appeal to ThinkPad users (lien direct) | Gorilla Glass-plated Android gadget for the biz crowd but it won't be cheap... CES Lenovo has unveiled the ThinkPhone, an Android smartphone the company is positioning as a business device alongside its ThinkPad laptops, with a number of features designed to make the two devices work better together.… | ★★ | ||
|
2023-01-05 12:30:11 | Twitter whistleblower Peiter \'Mudge\' Zatko lands new gig at Rapid7 (lien direct) | A long way from password crackers for Windows NT for former L0pht legend Former Twitter security chief and whistleblower Peiter "Mudge" Zatko has landed his first official role since he left the company, a part-time job as "executive in residence" with cybersecurity firm Rapid7.… | ★★ | ||
|
2023-01-04 20:00:11 | The Guardian ransomware attack hits week two as staff told to work from home (lien direct) | UK data watchdog would like a word over failure to systems Long-standing British broadsheet The Guardian has told staff to continue working from home and notified the UK's data privacy watchdog about the security breach following a suspected ransomware attack before Christmas.… | Ransomware | ★★★ | |
|
2023-01-04 14:00:13 | PyTorch dependency poisoned with malicious code (lien direct) | System data was exfiltrated during attack, but an anonymous person says it was a research project gone wrong An unknown attacker used the PyPI code repository to get developers to download a compromised PyTorch dependency that included malicious code designed to steal system data.… | ★★ | ||
|
2023-01-04 00:59:55 | LockBit: Sorry about the SickKids ransomware, not sorry about the rest (lien direct) | Blame it on the affiliate Notorious ransomware gang LockBit "formally apologized" for an extortion attack against Canada's largest children's hospital that the criminals blamed on a now-blocked affiliate group, and said it published a free decryptor for the victim to recover the files.… | Ransomware | ★★ | |
|
2022-12-30 01:50:37 | NASA may tap SpaceX to rescue ISS \'nauts after Soyuz leak (lien direct) | And Elon's still distracted by Twitter, yes? OK, that's probably for the best NASA is considering using SpaceX to bring three astronauts back to Earth from the International Space Station after the Russian spacecraft due to return the crew suffered a significant coolant leak. … | ★★ | ||
|
2022-12-23 20:00:07 | TikTok confirms it tracked journalists\' locations as part of leak investigation (lien direct) | As if you needed another reason to delete the app right now Video sharing platform TikTok and its parent company Bytedance are leakier than a sieve – and it has emerged that in an attempt to plug the holes, members of Bytedance's internal audit team tracked the physical location of journalists via their IP addresses.… | ★★★★ | ||
|
2022-12-23 06:35:07 | LastPass admits attackers have a copy of customers\' password vaults (lien direct) | Thankfully a well encrypted copy that could take an eon to crack, unless users practiced bad password hygiene Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contains the passwords to their accounts.… | LastPass | ★★ | |
|
2022-12-23 00:27:51 | Crooks copy source code from Okta\'s GitHub repository (lien direct) | The hack wraps up a year of bad security incidents for identity Intruders copied source code belonging to Okta after breaching the identity management company's GitHub repositories.… | Hack | ★★ | |
|
2022-12-22 18:34:52 | Zerobot malware now shooting for Apache systems (lien direct) | Upgraded threat, time to patch The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things (IoT) devices it can compromise by going after Apache systems.… | Malware | ★★★ | |
|
2022-12-22 02:20:36 | Godfather malware makes banking apps an offer they can\'t refuse (lien direct) | No horse heads in beds...that we know of Crooks are using an Android banking Trojan dubbed Godfather to steal from banking and cryptocurrency exchange app users in 16 countries, according to Group-IB security researchers… | Malware | ★★★ | |
|
2022-12-21 15:40:06 | UK\'s Guardian newspaper breaks news of ransomware attack on itself (lien direct) | Reporters work from home as publication promises Thursday's print edition will hit newstands on time UK broadsheet media outlet The Guardian has become the victim of a ransomware attack which seems to have take out a large chunk of office-based systems.… | Ransomware | ★★ | |
|
2022-12-21 09:45:12 | Malicious PyPI package found posing as a SentinelOne SDK (lien direct) | Security firm tagged with malware misrepresentation Threat researchers have found a rapidly updated malicious Python package on PyPI masquerading as a legitimate software-development kit (SDK) from cybersecurity firm SentinelOne, but actually contains malware designed to exfiltrate data from infected systems.… | Malware | ★★ | |
|
2022-12-21 03:00:06 | Parental control apps prove easy to beat by kids and crims (lien direct) | 20m downloads can't be wrong? Or can they? Parental control apps may do more harm than good, according to researchers who found 18 bugs in eight Android apps with more than 20 million total downloads that could be exploited to, among many nefarious acts, control other devices on the parents' network.… | ★★★ | ||
|
2022-12-21 00:08:12 | Cisco\'s Talos security bods predict new wave of Excel Hell (lien direct) | Criminals have noticed that spreadsheet's XLL files add custom functionality - including malware It took a few years and one temporary halt, but in July Microsoft finally began blocking certain macros by default in Word, Excel, and PowerPoint, cutting off a popular attack vector for those who target users of Microsoft's Windows OS and Office suite.… | Prediction | ★★★ | |
|
2022-12-20 19:30:10 | Microsoft reports macOS Gatekeeper has an \'Achilles\' heel (lien direct) | Insert your Trojan joke here Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple's Gatekeeper security software "for initial access by malware and other threats." … | Malware | ★★ | |
|
2022-12-20 05:28:09 | Google integrates Indian government\'s cloud services into Android (lien direct) | Collab obviously goes deep – accessing DigiLocker requires use of national identity service Google has integrated the Indian government's cloud storage service into Android – a feat that weaves the national ID system and government documents deeply into the search giant's OS.… | ★★ | ||
|
2022-12-15 06:30:14 | Soyuz leak puts a stop to planned ISS spacewalk and work on Nauka module (lien direct) | Королёв, we have a problem … We don't mean to alarm you, but a Russian Soyuz vehicle docked at the International Space Station (ISS) is leaking a "significant" amount of something, resulting in the cancellation of a spacewalk.… | ★ | ||
|
2022-12-15 02:35:09 | Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs (lien direct) | If you get email from 'Samantha Wolf', congrats: you're important enough to make a decent target An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure and medical researchers – according to email security vendor Proofpoint.… | Medical | APT 35 | ★ |
|
2022-12-14 06:57:13 | Citrix patches critical ADC flaw the NSA says is already under attack from China (lien direct) | Yet more pain for the software formerly known as NetScaler The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller (ADC) and Gateway products that the vendor patched today.… | APT 5 | ★★★ | |
|
2022-12-13 23:30:11 | LockBit threatens to leak confidential info stolen from California\'s beancounters (lien direct) | Databases, details of 'sexual proceedings in court' and more apparently pilfered from finance IT LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion.… | ★★ | ||
|
2022-12-13 22:46:56 | Uber staff info leaks after IT supply chain attack (lien direct) | Records swiped from pwned supplier Teqtivity, dumped online Uber, which has suffered a few data thefts in its time, is this week dealing with the fallout from more information being stolen, this time through one of its technology suppliers.… | Uber Uber | ★★ | |
|
2022-12-13 08:32:10 | Researchers smell a cryptomining Chaos RAT targeting Linux systems (lien direct) | Smells like Russian miscreants A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems.… | Malware | ★★★ | |
|
2022-12-12 07:30:13 | IT security teams, business execs still not on same page (lien direct) | Also: Guri the air-gap guru strikes again, while pro-Ukraine hackers set up a proxy network in Russia In brief Let's start with the good news: according to a survey of security and business leaders, executives have become far more aware of the importance of cyber security in the past two years, better aligning security teams and leadership. … | Guideline | ★★ | |
|
2022-12-11 23:06:05 | Japan, Australia, to bolster cyber-defenses, maybe offensive capacity too (lien direct) | FTX Japan payment promise evaporates; VR/AR to boom across APAC; Google wins privacy case Asia In Brief Australia's home affairs and cybersecurity minister Clare O'Neill has given the nation a goal of becoming the world's most cyber secure nation by 2030.… | ★★ | ||
|
2022-12-09 22:00:08 | Legit Android apps poisoned by sticky \'Zombinder\' malware (lien direct) | Sure, go ahead and load APKs instead of using an app store. You won't enjoy the results Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect.… | Malware | ★★★ | |
|
2022-12-08 21:35:09 | REvil-hit Medibank to pull plug on IT, shore up defenses (lien direct) | If safety regulations are written in blood, what are security policies written in? Sweat and cursing? Australian health insurance company Medibank will take all of its IT systems offline and close its branches over the weekend as part of its ongoing efforts to improve security and recover from a massive data security breach in October.… | ★★★ | ||
|
2022-12-07 12:47:17 | Victims of IT scandal in UK postal service will get fresh compensation (lien direct) | Move follows award swallowed up by legal fees The British government has announced a fresh scheme to compensate victims of the Post Office Horizon IT scandal, which saw sub-postmasters wrongfully prosecuted for theft, false accounting and fraud because of errors in a Fujitsu-built finance system.… | ★★★ | ||
|
2022-12-07 07:25:11 | Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank (lien direct) | Where's the Night's Watch when you need them? Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations – including the country's second-largest bank.… | ★★★ | ||
|
2022-12-07 04:29:09 | Amnesty International Canada claims attack by China-backed forces (lien direct) | Threat actors allegedly looking for contacts and monitoring org's future plans The Canadian branch of Amnesty International was the target of an attack it has pinned on a Chinese state-sponsored actor.… | ★ | ||
|
2022-12-06 22:45:06 | Rackspace confirms ransomware attack behind days-long email outage (lien direct) | Hope the name Hackspace doesn't stick Updated Rackspace has admitted a ransomware infection was to blame for the days-long email outage that disrupted services for customers. … | Ransomware | ★★★ | |
|
2022-12-06 15:30:10 | Want to detect Cobalt Strike on the network? Look to process memory (lien direct) | Security analysts have tools to spot hard-to-find threat, Unit 42 says Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit.… | Malware Threat | ★★★ | |
|
2022-12-05 22:30:13 | Google warns stolen Android keys used to sign info-stealing malware (lien direct) | OEMs including Samsung, LG and Mediatek named and shamed Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties.… | Malware | ★★★ | |
|
2022-12-02 23:10:59 | Medibank prognosis gets worse after more stolen data leaked (lien direct) | Plus Australia launches an investigation into insurer's data privacy practices Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web. … | Data Breach | ★★ | |
|
2022-12-02 21:30:07 | Google says Android runs better when covered in Rust (lien direct) | Banishing memory safety bugs cuts critical vulnerabilities Google has been integrating code written in the Rust programming language into its Android operating system since 2019 and its efforts have paid off in the form of fewer vulnerabilities.… | ★★★ | ||
|
2022-12-02 09:30:51 | Mozilla, Microsoft drop TrustCor as root certificate authority (lien direct) | 'There is no evidence to suggest that TrustCor violated conduct, policy, or procedure' says biz Mozilla and Microsoft have taken action against a certificate authority accused of having close ties to a US military contractor that allegedly paid software developers to embed data-harvesting malware in mobile apps.… | Malware | ★★★★★ | |
|
2022-12-01 20:30:10 | Google warns about commercial Heliconia spyware hitting Chrome, Firefox and and Microsoft Defender (lien direct) | Meanwhile NSO faces new lawsuit over Pegasus flying onto journalists' phones Google's Threat Analysis Group (TAG) said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software.… | Threat | ★★★ | |
|
2022-11-29 20:00:12 | Criminals use trending TikTok challenge to make data-stealing malware invisible (lien direct) | PSA: Don't download unknown apps even if they promise naked people Malware-slinging miscreants are taking advantage of a trending TikTok challenge - and viewers' dirty minds - to spread data-stealing malware via a phony app that's had more than one million views so far.… | Malware | ★★ | |
|
2022-11-29 19:15:14 | Android users in 12 US states cleared to sue Google Play (lien direct) | Millions of people who bought apps since 2016 eligible for payout A California judge has cleared the way for a potentially massive class-action lawsuit against Google, which stands accused - again - of anticompetitive practices surrounding its Play store.… | ★★★ | ||
|
2022-11-29 17:45:15 | Lockheed Martin\'s Army cyber training platform goes civilian (lien direct) | Army civilian employees, that is, but aerospace biz says it could be used in the private sector, too Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities.… | ★★★★ | ||
|
2022-11-29 08:30:15 | Sandworm gang launches Monster ransomware attacks on Ukraine (lien direct) | The RansomBoggs campaign is the Russia-linked group's latest assault on the smaller country The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.… | Ransomware | ★★ | |
|
2022-11-22 23:30:09 | DraftKings gamblers lose $300,000 to credential stuffing attack (lien direct) | Users of the sports betting site rolled the dice on reusing passwords and lost A credential stuffing attack over the weekend that affected sports betting biz DraftKings resulted in as much as $300,000 being stolen from customer accounts.… | ★★★ | ||
|
2022-11-22 15:16:09 | Software company wins $154k for US Navy\'s licensing breach (lien direct) | Court lands on less than the millions asked for after sailors made copies of 3D modeling suite 'hundreds of thousands' of times In 2016, The Register highlighted the irony of the US Navy being accused of being pirates after it was sued for making "hundreds of thousands" of copies of 3D modeling software without purchasing licenses.… | ★★★ | ||
|
2022-11-22 11:32:13 | Watchdog warns UK health data platform could damage patients\' trust (lien direct) | 'This store of confidential data is a national treasure that must never be compromised or treated carelessly' As the UK government plans to launch the procurement for a national patient data store, the legal guardian of NHS data has issued a coded warning concerning trust and transparency in health data usage.… | ★★ | ||
|
2022-11-22 01:45:08 | Azure extends DDoS attack protection down to small business users, for a fee (lien direct) | Microsoft moves IP Protection into public preview An new Azure service aimed at protecting smaller businesses from the growing threat of distributed denial-of-service (DDoS) attacks is now in public preview, according to Microsoft.… | Threat | ★★ |
To see everything:
Our RSS (filtrered)
