What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-11 13:00:12 | US military contractor moves to buy Israeli spy-tech company NSO Group (lien direct) | Biden blacklist a stumbling block for any possible deal US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports.… | |||
|
2022-07-11 12:15:05 | Microsoft resorts to Registry hack to keep Outlook from using Windows 11 search (lien direct) | Only a short-term solution to prevent the OS interfering with email results Microsoft has identified Windows Indexing as the culprit for broken Outlook Search results in Windows 11.… | Hack | ||
|
2022-07-11 06:45:08 | Leaked Uber docs reveal frequent use of \'kill switch\' to deactivate tech, thwart investigators (lien direct) | Staff told to tell cops that the IT team was in San Francisco, asleep, and couldn't restore systems A data leak from ride-sharing app Uber revealed activities allegedly geared to avoid regulation and law enforcement – including a "kill switch" that would remotely cut computer access to servers at its headquarters in San Francisco in case of a raid – according to weekend media.… | Uber Uber | ||
|
2022-07-07 13:45:11 | Microsoft cloud exec accused of verbal attack on staff exits (lien direct) | Tom Keane helped Redmond win JEDI deal, respond to GDPR, and ran Azure datacenter infrastructure worldwide Microsoft cloud lieutenant Tom Keane is departing the megacorp where he has spent the past 21 years in various senior roles. He is heading for the exit a month after featuring in a report about the toxic culture among company execs.… | |||
|
2022-07-06 22:51:04 | Here today, gone to Maui: That\'s your data captured by North Korean ransomware (lien direct) | CISA, FBI, US Treasury warn Kim Jong-un's latest malware has hit healthcare orgs For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday.… | Ransomware Malware | ||
|
2022-07-06 17:50:04 | Hive ransomware gang rapidly evolves with complex encryption, Rust code (lien direct) | RaaS malware devs have been busy bees The Hive group, which has become one of the most prolific ransomware-as-a-service (RaaS) operators, has significantly changed its malware, including migrating the code to the Rust programming language and using a more complex encryption technique.… | Ransomware Malware | ||
|
2022-07-06 14:30:06 | Typo-squatting NPM software supply chain attack uncovered (lien direct) | Beawre teh mizpelled pakcage naem Researchers at ReversingLabs have uncovered evidence of a widespread software supply chain attack through malicious JavaScript packages picked up via NPM.… | |||
|
2022-07-06 14:00:13 | Marriott Hotels admits to third data breach in 4 years (lien direct) | Digital thieves made off with 20GB of internal documents and customer data Marriott Hotels has leaked data to attackers again and this time the culprits made off with 20GB of information, which reportedly included credit card info and internal company documents. … | Data Breach | ||
|
2022-07-06 05:27:10 | Near-undetectable malware linked to Russia\'s Cozy Bear (lien direct) | The fun folk who attacked Solar Winds using a poisoned CV and tools from the murky world of commercial hackware Palo Alto Networks' Unit 42 threat intelligence team has claimed that a piece of malware that 56 antivirus products were unable to detect is evidence that state-backed attackers have found new ways to go about the evil business.… | Malware Tool Threat | APT 29 | |
|
2022-07-05 20:06:42 | Pentagon: We\'ll pay you if you can find a way to hack us (lien direct) | DoD puts money behind bug bounty program after reward-free pilot The US Department of Defense has created a broad but short bug bounty program for vulnerabilities in public-facing systems and applications.… | Hack | ||
|
2022-07-05 07:46:32 | Dutch University retrieves Bitcoin ransomware payment and makes a profit (lien direct) | Promises funds will be used to support struggling students The Netherlands' Maastricht University has managed to recoup the Bitcoin ransom it paid to ransomware scum in 2019 – and has made a tidy profit on the deal.… | Ransomware | ||
|
2022-07-05 06:04:18 | Billion-record stolen Chinese database for sale on breach forum (lien direct) | Appears to have leaked from a cloud thanks to sloppy coding A threat actor has taken to a forum for news and discussion of data breaches with an offer to sell what they assert is a database containing records of over a billion Chinese civilians – allegedly stolen from the Shanghai Police.… | Threat | ||
|
2022-07-04 06:58:10 | Microsoft teases Outlook Lite for Android (lien direct) | What are the 'main benefits' of Outlook? Whatever they are, that's all you'll get Microsoft is readying a "Lite" version of its flagship messaging and calendar app for Android.… | |||
|
2022-07-04 01:07:07 | British Army\'s Twitter and YouTube feeds hijacked by crypto-promos (lien direct) | If you can't defend against crypto bros … The British Army has apologised after its Twitter and YouTube accounts were compromised by entities that used them to promote NFT.… | |||
|
2022-07-02 10:07:09 | The App Gap and supply chains: Purism CEO on what\'s ahead for the Librem 5 USA (lien direct) | Freedoms eroded, iOS-Android duopoly under fire, chip sources questioned – it's all an opportunity for this phone Interview In June, Purism began shipping a privacy-focused smartphone called Librem 5 USA that runs on a version of Linux called PureOS rather than Android or iOS. As the name suggests, it's made in America – all the electronics are assembled in its Carlsbad, California facility, using as many US-fabricated parts as possible.… | |||
|
2022-06-30 21:20:11 | OpenSea phishing threat after rogue insider leaks customer email addresses (lien direct) | Worse, imagine someone finding out you bought one of its NFTs The choppy waters continue at OpenSea, whose security boss this week disclosed the NFT marketplace suffered an insider attack that could lead to hundreds of thousands of people fending off phishing attempts.… | Threat Guideline | ||
|
2022-06-30 16:00:08 | Google battles bots, puts Workspace admins on alert (lien direct) | No security alert fatigue here Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.… | Tool | ||
|
2022-06-30 02:15:11 | Israel plans \'Cyber-Dome\' to defeat digital attacks from Iran and others (lien direct) | Already has 'Iron Dome' – does it need another hero? The new head of Israel's National Cyber Directorate (INCD) has announced the nation intends to build a "Cyber-Dome" – a national defense system to fend off digital attacks.… | |||
|
2022-06-29 14:05:08 | Ex-Uber security chief accused of hushing database breach must face fraud charges (lien direct) | Company execs and their lawyers are paying close attention to this one A US judge yesterday threw out an attempt to dismiss wire fraud charges against a former Uber employee accused of trying to cover up a computer crime.… | Uber Uber | ||
|
2022-06-28 14:01:44 | AMD targeted by RansomHouse, cybercrims claim to have \'450Gb\' in stolen data (lien direct) | Relatively cybercrime newbies not clear on whether it's alleging to have gigabits or gigabytes of chip biz's data If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year.… | |||
|
2022-06-28 08:52:09 | Running DOS on 64-bit Windows and Linux: Just because you can (lien direct) | DOS isn't dead. You can still run it and its apps, even now FOSS Fest There are still ways to run DOS apps under 64-bit Windows and Linux, and a lot of free apps to choose from.… | |||
|
2022-06-28 04:31:13 | Tencent admits to poisoned QR code attack on QQ chat platform (lien direct) | Could it be Beijing was right about games being bad for China? Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform.… | |||
|
2022-06-28 02:58:12 | Carnival Cruises torpedoed by US states, agrees to pay $6m after waves of cyber attacks (lien direct) | Now those are some phishing boats Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive personal information on customers and employees was accessed in a string of cyber attacks.… | |||
|
2022-06-24 10:46:09 | Google: How we tackled this iPhone, Android spyware (lien direct) | Watching people's every move and collecting their info – not on our watch, says web ads giant Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan - in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).… | Threat | ||
|
2022-06-24 00:45:50 | ZTE intros \'cloud laptop\' that draws just five watts of power (lien direct) | The catch: It hooks up to desktop-as-a-service and runs Android – so while it looks like a laptop ... Chinese telecom equipment maker ZTE has announced what it claims is the first "cloud laptop" – an Android-powered device that the consumes just five watts and links to its cloud desktop-as-a-service.… | |||
|
2022-06-22 20:58:14 | Mega\'s unbreakable encryption proves to be anything but (lien direct) | Boffins devise five attacks to expose private files Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.… | |||
|
2022-06-22 07:58:06 | Okta says Lapsus$ incident was actually a brilliant zero trust demonstration (lien direct) | Once former supplier Sitel coughed up its logs, it became apparent the attacker was hemmed in Okta has completed its analysis of the March 2022 incident that saw The Lapsus$ extortion crew get a glimpse at some customer information, and concluded that its implementation of zero trust techniques foiled the attack – and that its (former) outsourced customer service provider Sitel was largely to blame for the confusion surrounding the incident.… | |||
|
2022-06-21 15:30:05 | NASA tricks Artemis launch computer by masking data showing a leak (lien direct) | Plus it aborts ISS reboost. Not the greatest start to the week, was it? NASA engineers had to work fast to avoid another leak affecting the latest Artemis dry run, just hours after an attempt to reboost the International Space Station (ISS) via the Cygnus freighter was aborted following a few short seconds.… | |||
|
2022-06-20 03:32:08 | Indian government issues confidential infosec guidance to staff – who leak it (lien direct) | Bans VPNs, Dropbox, and more India's government last week issued confidential information security guidelines to the 30 million plus workers it employs – and as if to prove a point, the document quickly leaked on a government website.… | |||
|
2022-06-18 00:48:00 | DeadBolt ransomware takes another shot at QNAP storage (lien direct) | Keep boxes updated and protected to avoid a NAS-ty shock QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.… | Ransomware | ||
|
2022-06-17 21:34:06 | Inverse Finance stung for $1.2 million via flash loan attack (lien direct) | Just cryptocurrency things A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.… | |||
|
2022-06-17 19:38:06 | International operation takes down Russian RSOCKS botnet (lien direct) | $200 a day buys you 90,000 victims A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.… | |||
|
2022-06-16 19:37:54 | Oracle sued by one of its own gold-level Partners of the Year over government IT contract (lien direct) | We want $56 million, systems integrator tells court Oracle has been sued by Plexada System Integrators in Nigeria for alleged breach of contract and failure to pay millions of dollars said to be owed for assisting with a Lagos State Government IT contract.… | |||
|
2022-06-16 08:13:12 | Elasticsearch server with no password or encryption leaks a million records (lien direct) | POS and online ordering vendor StoreHub offered free Asian info takeaways Researchers at security product recommendation service Safety Detectives claim they've found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.… | |||
|
2022-06-15 11:00:12 | End-of-life smartphone? Penguins at postmarketOS aim to revive it (lien direct) | Alpine-based distro runs on old mobiles abandoned by Android and their manufacturers A Linux distro for smartphones abandoned by their manufacturers, postmarketOS, has introduced in-place upgrades.… | |||
|
2022-06-15 04:44:09 | Malaysia-linked DragonForce hacktivists attack Indian targets (lien direct) | Just what we needed: a threat to rival Anonymous A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.… | Threat | ||
|
2022-06-14 23:44:10 | Cloudflare says it thwarted record-breaking HTTPS DDoS flood (lien direct) | 26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.… | |||
|
2022-06-13 17:30:09 | HelloXD ransomware bulked up with better encryption, nastier payload (lien direct) | Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it. Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.… | Ransomware Threat | ||
|
2022-06-10 20:57:06 | OVHcloud datacenter fire last year possibly due to water leak (lien direct) | French investigative report draws no conclusion but hints at inverter malfunction Late last month, France's BEA-RI, or Bureau of Investigation and Analysis on industrial risks, issued its technical report on the March 10th, 2021 fire at the OVH datacenter in Strasbourg.… | |||
|
2022-06-10 14:50:38 | Symbiote Linux malware spotted, and infections are \'very hard to detect\' (lien direct) | 'Performing live forensics on an infected machine may not turn anything up' warn researchers Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.… | Malware Threat | ||
|
2022-06-10 11:00:08 | Apple M1 chip contains hardware vulnerability that bypasses memory defense (lien direct) | MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success.… | Vulnerability | ||
|
2022-06-10 07:57:06 | Emotet malware gang re-emerges with Chrome-based credit card heistware (lien direct) | Crimeware groups are re-inventing themselves The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.… | Malware | ||
|
2022-06-10 04:58:05 | Chinese \'Aoqin Dragon\' gang runs undetected ten-year espionage spree (lien direct) | Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval Threat researcher Joey Chen of Sentinel Labs says he's spotted a decade worth of cyber attacks he's happy to attribute to a single Chinese gang.… | |||
|
2022-06-09 11:45:09 | Symantec: More malware operators moving in to exploit Follina (lien direct) | Meanwhile Microsoft still hasn't patched the fatal flaw While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.… | Malware Vulnerability | ||
|
2022-06-09 02:30:12 | Supply chain attacks will get worse: Microsoft Security Response Center boss (lien direct) | Do you know all of your software dependencies? Spoiler alert: hardly anybody is on top of it RSA Conference Major supply-chain attacks of recent years – we're talking about SolarWinds, Kaseya and Log4j to name a few – are "just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center.… | Guideline | ★★★★★ | |
|
2022-06-09 00:29:36 | Now Windows Follina zero-day exploited to infect PCs with Qbot (lien direct) | Data-stealing malware also paired with Black Basta ransomware gang Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.… | Ransomware Malware | ||
|
2022-06-08 07:56:06 | Beijing-backed baddies target unpatched networking kit to attack telcos (lien direct) | NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.… | |||
|
2022-06-08 05:15:07 | Ukraine\'s secret cyber-defense that blunts Russian attacks: excellent backups (lien direct) | This is why the Viasat attack – rated one of the biggest ever – had little impact RSA Conference The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was "one of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare," according to Dmitri Alperovitch, a co-founder of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator.… | |||
|
2022-06-07 01:30:09 | IBM buys Randori to address multicloud security messes (lien direct) | Big Blue joins the hot market for infosec investment RSA Conference IBM has expanded its extensive cybersecurity portfolio by acquiring Randori – a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets.… | |||
|
2022-06-04 07:49:05 | Feeling highly stressed about your job? You must be a CISO (lien direct) | 'The attack surface has expanded exponentially' during the work-from-home pandemic, says one Almost all cybersecurity professionals are stressed, and nearly half (46 percent) have considered leaving the industry altogether, according to a DeepInstinct survey.… |
To see everything:
Our RSS (filtrered)
