What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-14 00:57:37 | Ransomware gang threatens 1m-plus medical record leak (lien direct) | Criminals continue to target some of the most vulnerable Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.… | Ransomware | ||
|
2022-09-13 07:30:11 | Cisco: Yes, Yanluowang leaked our data. No, it\'s not serious (lien direct) | Everything's fine! The Yanluowang ransomware group behind the May attack on Cisco Systems has publicly leaked the stolen files on the dark web over the weekend, but the networking giant says there's nothing to worry about.… | Ransomware | ||
|
2022-09-13 05:30:08 | Chinese-linked cyber crims nab $529 million from Indian nationals (lien direct) | Authorities also bust a shell company scam operation with links to the Middle Kingdom Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh.… | |||
|
2022-09-12 23:07:44 | Apple patches iPhone and macOS flaws under active attack (lien direct) | High-value targets tend to get hit Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited.… | |||
|
2022-09-10 11:00:07 | Shape-shifting cryptominer savaging Linux endpoints and IoT (lien direct) | Also, Authorities seize WT1SHOP selling 5.8m sets of PII, The North Face users face tough secuirty hike In brief AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones.… | Malware | ||
|
2022-09-08 12:00:09 | Lazarus Group unleashed a MagicRAT to spy on energy providers (lien direct) | Cisco finds custom malware in North Korea's latest cyberespionage effort The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos.… | Malware Medical | APT 38 | |
|
2022-09-07 12:34:49 | Cybercriminals target games popular with kids to distribute malware (lien direct) | Kaspersky research finds Minecraft and Roblox have the most malicious files associated with them With 3 billion players globally, the $200 billion gaming market is an increasingly ripe target for cybercriminals – with the perennially popular Minecraft one of the most targeted lures.… | Malware | ||
|
2022-09-07 05:15:14 | As Cybersecurity Week begins, Beijing claims US attacked Uni doing military research (lien direct) | National Security Agency apparently has tools that crack Solaris boxes China has accused the United States of a savage cyber attack on a university famed for conducting aerospace research and linked to China's military.… | |||
|
2022-09-06 17:45:09 | (Déjà vu) Ransomware gang hits second-largest US school district (lien direct) | FBI and CISA on-site to assist with incident response over Labor Day weekend Cybercriminals hit the Los Angeles Unified School District (LAUSD) over the holiday weekend with a ransomware attack that temporarily shut down email, computer systems, and applications.… | Ransomware | ||
|
2022-09-06 16:15:14 | Newly discovered cyberspy crew targets Asian governments and corporations (lien direct) | Worok uses mix of publicly available tools, custom malware to steal info, gang active since 2020 A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access.… | Malware | ||
|
2022-09-06 13:30:10 | Unhappy about excluding nation-state attacks from cyberinsurance? Get ready to pay (lien direct) | Lloyd's defends stance as critics say policy tweaks make it less worthwhile to spend on premiums Critics unhappy about insurers excluding certain nation-state attacks from cyber policies should consider the alternative: higher prices, according to Lloyd's of London.… | |||
|
2022-09-05 06:57:12 | Microsoft mistakenly rated Chromium, Electron, as malware (lien direct) | Windows Defender update fixed the mess after a weekend of false positive weirdness Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them.… | Malware | ||
|
2022-09-02 01:11:24 | Ex-NSA trio who spied on Americans for UAE now banned from arms exports (lien direct) | From hero to zero-day ... to plain zero Three former US government cyber-spies who, among other things, illicitly compromised and snooped on Americans' devices for the United Arab Emirates government have been banned from participating in international arms exports under a deal reached with Uncle Sam.… | |||
|
2022-09-01 07:04:15 | Oh no, that James Webb Space Telescope snap might actually contain malware (lien direct) | Is nothing sacred? Scumbags are using a photo from the James Webb Space Telescope to smuggle Windows malware onto victims' computers – albeit in a roundabout way.… | Malware | ||
|
2022-08-31 05:02:05 | China-linked APT40 gang targets wind farms, Australian government (lien direct) | ScanBox installed after victims lured to fake Murdoch news sites with phishing emails Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site.… | APT 40 | ||
|
2022-08-30 22:58:05 | Find a security hole in Google\'s open source and you could bag a $31,337 reward (lien direct) | Will it be enough to prevent the next software supply-chain attack? Google has created a bug bounty program that will reward those who find and report vulnerabilities in its open-source projects, thereby hopefully strengthening software supply-chain security.… | ★★★★★ | ||
|
2022-08-30 10:27:12 | That \'clean\' Google Translate app is actually Windows crypto-mining malware (lien direct) | Ah, nothing like a classic Trojan horse Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.… | Malware | ||
|
2022-08-30 00:43:14 | Google Play to ban Android VPN apps from interfering with ads (lien direct) | Developers say this is not the privacy protection it's made out to be Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications.… | |||
|
2022-08-26 19:21:03 | PyPI warns of first-ever phishing campaign against its users (lien direct) | On the bright side, top devs are getting hardware security keys The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service.… | |||
|
2022-08-26 16:33:28 | Now Oktapus gets access to some DoorDash customer info via phishing attack (lien direct) | Double check who exactly you're sending your username and password to, eh? DoorDash has confirmed that "a small percentage" of its customers and delivery drivers' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were exposed as part of a broad phishing campaign dubbed Oktapus.… | |||
|
2022-08-25 18:01:53 | Crooks target top execs on Office 365 with MFA-bypass scheme (lien direct) | The 'widespread' campaign hunts for multimillion-dollar transactions A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication.… | |||
|
2022-08-25 09:24:07 | Shout-out to whoever went to Black Hat with North Korean malware on their PC (lien direct) | I am the one who NOCs The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.… | Malware | ||
|
2022-08-24 06:28:07 | Lloyd\'s to exclude certain nation-state attacks from cyber insurance policies (lien direct) | Kim Jong-un has entered the chat Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time.… | |||
|
2022-08-22 22:00:12 | Novant Health admits leak of 1.3m patients\' info to Facebook (lien direct) | But don't worry, Zuck would never misuse this type of sensitive data Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta.… | ★★★★ | ||
|
2022-08-22 21:00:08 | Hiding a phishing attack behind the AWS cloud (lien direct) | Scammers are using cloud services to create and host web pages that can be used to lure victims into handing over their credentials Criminals are slipping phishing emails past automated security scanners inside Amazon Web Services (AWS) to establish a launching pad for attacks.… | |||
|
2022-08-22 16:08:11 | LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data (lien direct) | Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. The high-profile gang is now apparently under a distributed denial-of-service (DDoS) because of it.… | Ransomware | ||
|
2022-08-22 06:20:10 | Zoom patches make-me-root security flaw, patches patch (lien direct) | Plus: See if in-app browsers are monitoring you, a novel industrial network attack technique, and more In brief Zoom fixed a pair of privilege escalation vulnerabilities, which were detailed at the Black Hat conference this month, but that patch was bypassed, necessitating yet another fix.… | |||
|
2022-08-22 05:01:10 | NSO Group CEO steps down, 100 employees let go too (lien direct) | Controversial Pegasus spyware maker to focus on NATO sales while battling various court cases Pegasus spyware-maker NSO Group announced on Sunday it will reorganize, replacing its CEO and letting go of around 100 workers.… | |||
|
2022-08-22 00:59:10 | Huawei dangles developer incentives to sell Harmony OS around the world (lien direct) | Plus: Indonesia's four-hour takedown demand; Peak Facebook in Korea?; Alibaba frees font; and more. Asia In Brief Huawei last week unveiled initiatives to encourage developers to work on its Harmony OS – the platform it created after US sanctions denied the Chinese giant access to Google's Android operating system.… | |||
|
2022-08-19 18:30:15 | Microsoft looks beyond the US with Windows Subsystem for Android (lien direct) | Realizes there's a big beautiful world out there and sets sail for Japan Microsoft has taken a tentative step to expand the Windows Subsystem for Android outside of the US by making the preview available in Japan.… | |||
|
2022-08-19 07:37:15 | Two years on, Apple iOS VPNs still leak IP addresses (lien direct) | Privacy, it's a useful marketing term *Offer does not apply in China Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there's no sign of a fix.… | Vulnerability | ||
|
2022-08-18 16:00:05 | Google blocks third record-breaking DDoS attack in as many months (lien direct) | 46 million requests per second network flood comes as attacks increase by more than 200% compared to last year Google says it has blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second.… | |||
|
2022-08-18 06:28:12 | Ransomware attack on UK water company clouded by confusion (lien direct) | Clop gang thought it hit Thames Water – but real victim was elsewhere A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.… | Ransomware | ||
|
2022-08-17 18:41:18 | After 7 years, long-term threat DarkTortilla crypter is still evolving (lien direct) | .NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to evolve rapidly, with almost 10,000 code samples being uploaded to VirusTotal over a 16-month period.… | Malware Threat | ||
|
2022-08-17 12:25:09 | UK launches \'consultation\' with EU over exclusion from science programs (lien direct) | Billions in funding at stake as PM hopeful Liz Truss says bloc 'in breach of agreement' The UK government has launched formal consultations with the EU over the failure to secure its inclusion in the EU's €95.5 billion ($97.6 billion) research funding program since the island nation left the world's richest trading bloc.… | |||
|
2022-08-17 08:00:20 | Mozilla finds 18 of 25 popular reproductive health apps leak data (lien direct) | Scary in post-Roe America, and Poland, and far too many other places It's official: your period and/or pregnancy tracker will probably share your data with law enforcement. And they might even do it on purpose.… | |||
|
2022-08-17 03:01:05 | Open source VideoLAN media player asks why it\'s blocked in India (lien direct) | Rubbishes suggestions poisoned clones or ancient malware are worthy reasons for ban Developers of the open source VideoLAN media player have started sniping at India's government over an apparent block on the project's website.… | Malware | ||
|
2022-08-16 21:25:11 | SEC says brokerage accounts hijacked for $1.3m pump-and-dump scam (lien direct) | 18 people and businesses charged, one giant web of connections America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits.… | |||
|
2022-08-16 16:43:06 | PC store told it can\'t claim full cyber-crime insurance after social-engineering attack (lien direct) | Two different kinds of fraud, says judge while throwing out lawsuit against insurer A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.… | |||
|
2022-08-16 12:33:06 | 1,900 Signal users exposed: Twilio attacker \'explicitly\' looked for certain numbers (lien direct) | Bad guy also got SMS verification codes, and re-registered one of the numbers they searched for The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed.… | |||
|
2022-08-16 05:31:12 | Digital Ocean dumps Mailchimp after attack leaked customer email addresses (lien direct) | Somebody went after crypto-centric companies' outsourced email but the damage was felt in the cloud Junior cloud Digital Ocean has revealed that some of its clients' email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp.… | APT 32 | ||
|
2022-08-13 10:00:09 | Ukraine\'s cyber chief comes to Black Hat in surprise visit (lien direct) | Tl;DR - the news isn't good Black Hat In Brief Victor Zhora, Ukraine's lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country's conflict with Russia. The picture Zhora painted was bleak.… | Guideline | ||
|
2022-08-12 20:00:08 | Twitter unveils US midterm election integrity plans, upsets almost everyone (lien direct) | Don't feed the trolls? Users deem policy an attack on conservatives, dystopian, and election manipulation Twitter has announced its plans to fight misinformation during the 2022 US midterm elections, including activating its Civic Integrity Policy (CIP).… | |||
|
2022-08-12 19:30:13 | US reveals \'Target\' pic of Conti man with $10m reward offer (lien direct) | Fashion Police chipping in on the bounty related to costliest strain of ransomware on record The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew.… | Ransomware | ||
|
2022-08-12 18:00:13 | Microsoft trumps Google for 2021-22 bug bounty payouts (lien direct) | Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers.… | |||
|
2022-08-12 14:00:09 | Google fined $42.5m over misleading Android location settings in Australia (lien direct) | Ad behemoth committed to 'providing the most helpful products possible' Google is being ordered to pay A$60 million ($42.5 million) in penalties to Australia's competition and national consumer law regulator regarding the collection and use of location data on Android phones.… | |||
|
2022-08-12 13:06:23 | Emergency services call-handling provider: Ransomware forced it to pull servers offline (lien direct) | Advanced's infrastructure still down and out, recovery to take weeks or more Advanced, the MSP forced to shut down some of its servers last week after identifying an "issue" with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks.… | Ransomware | ||
|
2022-08-11 23:03:21 | Higher risks and premiums are creating critical gap in cyber insurance (lien direct) | Most organizations don't have the financial resources necessary to address ransomware and other cyberattacks, BlackBerry says Black Hat Many organizations are increasingly unprepared to deal with the skyrocketing costs of a ransomware attacks, at a time when the number of incidents and the payments demanded by cybercriminals are rising rapidly.… | Ransomware | ||
|
2022-08-11 21:30:10 | Russian invasion has dangerously destabilized cyber security norms (lien direct) | The inside scoop on the Ukrainian IT army, and what could happen next Black Hat The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms - and infrastructure security, according to journalist and author Kim Zetter.… | |||
|
2022-08-11 19:15:10 | Ex-CIA security boss predicts coming crackdown on spyware (lien direct) | Plus, spoiler alert: ransomware is gonna get a lot worse Black Hat It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.… | Ransomware |
To see everything:
Our RSS (filtrered)
