What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-04 16:17:40 | KeyBank: Hackers of Third-Party Provider Stole Customer Data (lien direct) | Hackers stole personal data including Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank, the bank reports, in the breach of a third-party vendor that serves multiple corporate clients. | ★★★★ | ||
|
2022-09-01 14:55:16 | Cyber Safety for Summer Vacation (lien direct) | Let's get back to summer travel. My original title for this byline was “Hack for the Holidays,” but I decided that my ever-friendly content editor would likely reject the thought – however, the statement does highlight an area we should all consider. | |||
|
2022-09-01 14:29:19 | Hardcoded AWS Credentials in 1,800 Mobile Apps Highlight Supply Chain Issues (lien direct) | Symantec has discovered hardcoded AWS credentials in more than 1,800 mobile applications and warned of the potential risks associated with poor security practices. While Symantec's threat hunting team has looked at both Android and iOS apps, nearly all of the applications containing hardcoded credentials were developed for iOS. | Threat | ||
|
2022-09-01 12:59:12 | Ransomware Gang Claims Customer Data Stolen in TAP Air Portugal Hack (lien direct) | The Ragnar Locker ransomware gang says it has exfiltrated customer data in a cyberattack on Portuguese state-owned flag carrier airline TAP Air Portugal. The incident was initially disclosed on August 26, when TAP announced on Twitter that it managed to foil the cyberattack before the threat actor could access any customer data. | Ransomware Hack Threat | ||
|
2022-08-31 16:26:49 | FBI\'s Team to Investigate Massive Cyberattack in Montenegro (lien direct) | A rapid deployment team of FBI cyber experts is heading to Montenegro to investigate a massive and coordinated attack on the tiny Balkan nation's government and its services, the country's Ministry of Internal Affairs announced Wednesday. | |||
|
2022-08-31 10:52:29 | Cybercriminals Apparently Involved in Russia-Linked Attack on Montenegro Government (lien direct) | Montenegro has been targeted in a disruptive cyberattack blamed on Russian hackers, and a known ransomware group may have been involved. The country's Agency for National Security announced last week that government servers had been targeted in an ongoing attack that was described as massive and coordinated. | Ransomware | ||
|
2022-08-30 14:51:39 | How Technology Can Think Globally and Act Locally to Inform Global Cyber Policies (lien direct) | As a cybersecurity professional, I appreciate the impact that cyber policy can have on the adoption of and effective utilization of technology. We see this working today in very advanced, mature industries. In the automotive industry, policies around safety for instance, have done wonders to reduce the number of injuries resulting from an accident. Likewise, policies for manufacturing and chemical production help reduce the risk associated with handling dangerous chemicals. | |||
|
2022-08-30 13:22:35 | 2.5 Million Impacted by Data Breach at Nelnet Servicing (lien direct) | The data of more than 2.5 million individuals was compromised in a recent data breach at technology services provider Nelnet Servicing. The impacted individuals have taken student loans from Edfinancial and OSLA, which have contracted Nelnet for various services, including an online portal that student loan borrowers can use to access their accounts. | Data Breach | ||
|
2022-08-30 11:20:14 | Google Launches Bug Bounty Program for Open Source Projects (lien direct) | Google today introduced a new bug bounty program to reward security researchers who discover and report vulnerabilities in the company's open source projects. As part of the new Open Source Software Vulnerability Rewards Program (OSS VRP), Google is offering bug bounty payouts of up to $31,337. The lowest vulnerability reward will be $100. | Vulnerability | ||
|
2022-08-27 17:54:19 | Facebook Parent Settles Suit in Cambridge Analytica Scandal (lien direct) | Facebook's corporate parent has reached a tentative settlement in a lawsuit alleging the world's largest social network service allowed millions of its users' personal information to be fed to Cambridge Analytica, a firm that supported Donald Trump's victorious presidential campaign in 2016. | |||
|
2022-08-26 14:40:34 | DoorDash Data Compromised Following Twilio Hack (lien direct) | Food delivery company DoorDash revealed on Thursday that customer and employee data has been exposed as a result of a recent breach at a third-party vendor. DoorDash said hackers abused a third-party vendor's access to its systems. The attacker abused DoorDash's internal tools and gained access to the information of 'a small percentage of individuals'. | Hack | ★★★★★ | |
|
2022-08-25 20:05:19 | LastPass Says Source Code Stolen in Data Breach (lien direct) | Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information. | Data Breach | LastPass | |
|
2022-08-25 16:02:56 | Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million (lien direct) | Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for €8 million (roughly $8 million). | |||
|
2022-08-25 10:16:06 | Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies (lien direct) | Microsoft this week published technical details on 'MagicWeb', a new post-exploitation tool used by Russia-linked cyberespionage group APT29. | Malware Tool | APT 29 | |
|
2022-08-24 15:39:43 | New Air Gap-Jumping Attack Uses Ultrasonic Tones and Smartphone Gyroscope (lien direct) | A researcher from the Ben-Gurion University of the Negev in Israel has shown how a threat actor could stealthily exfiltrate data from air-gapped computers using ultrasonic tones and smartphone gyroscopes. | Threat | ||
|
2022-08-24 14:56:27 | Plex Confirms Database Breach, Data Theft (lien direct) | Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords. | Hack | ||
|
2022-08-23 18:32:24 | Privilege Escalation Flaw Haunts VMware Tools (lien direct) | Virtualization technology software giant VMware on Tuesday released patches to fix an important-severity security flaw in the VMware Tools suite of utilities. The vulnerability, tracked as CVE-2022-31676, could be exploited by attackers to escalate privileges on a compromised system. | |||
|
2022-08-23 13:55:40 | Backdoors Found on Counterfeit Android Phones (lien direct) | Russian cybersecurity firm Doctor Web has identified multiple backdoors on the system partitions of several Android devices that are counterfeit versions of popular phones. | |||
|
2022-08-23 13:06:13 | LockBit Ransomware Site Hit by DDoS Attack as Hackers Start Leaking Entrust Data (lien direct) | The leak website of the LockBit ransomware operation has been taken offline by a distributed denial-of-service (DDoS) attack that appears to have been launched in response to the cybercriminals publishing data stolen from security company Entrust. | Ransomware | ||
|
2022-08-22 13:46:29 | Textile Company Sferra Discloses Data Breach (lien direct) | Textile company Sferra Fine Linens on Friday announced that it has started notifying individuals of a cybersecurity incident involving their personal information. Founded in 1891, Sferra designs and sells Italian-made luxury linen products, including luxury sheets, table linens, and bedding collections, as well as decorative home accessories. | Data Breach | ||
|
2022-08-22 12:18:15 | Lloyd\'s of London Introduces New War Exclusion Insurance Clauses (lien direct) | Lloyds of London, which describes itself as 'the world's leading insurance and reinsurance marketplace', has clarified its position on war exclusions and cyberattack cover. It will require its underwriters to include such an exclusion based on its definition of cyberwar in future cyber insurance policies. | Guideline | ||
|
2022-08-22 11:05:44 | CEO of Israeli Pegasus Spyware Firm to Step Down (lien direct) | Israel's NSO Group, which makes Pegasus spyware that is controversial worldwide, said Sunday its CEO was leaving his post as part of a reorganisation. The indebted, privately owned company also said it would focus sales on countries belonging to the NATO alliance. | |||
|
2022-08-19 14:55:07 | Ring Camera Recordings Exposed Due to Vulnerability in Android App (lien direct) | A vulnerability patched recently by Amazon in the Android app for its Ring surveillance cameras exposed user data and video recordings, according to cybersecurity firm Checkmarx, whose researchers identified the flaw. | Vulnerability | ||
|
2022-08-19 13:44:03 | China\'s Winnti Group Hacked at Least 13 Organizations in 2021: Security Firm (lien direct) | Chinese state-sponsored threat group Winnti compromised at least 13 organizations globally in 2021, spanning across multiple sectors, cybersecurity firm Group-IB says. | Threat | ||
|
2022-08-19 13:08:25 | Ransomware Group Threatens to Leak Data Stolen From Security Firm Entrust (lien direct) | LockBit ransomware threat actors have taken credit for the recent attack on cybersecurity firm Entrust and they are threatening to leak the stolen files. | Ransomware Threat | ||
|
2022-08-19 11:31:55 | Google Blocks Record-Setting DDoS Attack That Peaked at 46 Million RPS (lien direct) | In June 2022, Google mitigated a Layer 7 distributed denial-of-service (DDoS) attack that peaked at 46 million requests per second (RPS). Disclosed this week, this is the third HTTPS attack this year to reach tens of millions of RPS, after two lower-volume assaults were mitigated by Cloudflare. | |||
|
2022-08-18 16:09:59 | Estonia Blocks Cyberattacks Claimed by Russian Hackers (lien direct) | Estonia on Thursday said it had thwarted a major wave of cyber attacks against public and private institutions, as Russian hackers claimed responsibility. "Yesterday, Estonia was subject to the most extensive cyber attacks it has faced since 2007," Undersecretary for Digital Transformation Luukas Ilves said on Twitter. | |||
|
2022-08-18 14:49:49 | Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West (lien direct) | 
|
Threat | ||
|
2022-08-18 12:54:17 | North Korean Hackers Use Fake Job Offers to Deliver New macOS Malware (lien direct) | Researchers with cybersecurity company ESET have observed a new macOS malware sample developed by the infamous North Korean advanced persistent threat (APT) actor Lazarus. | Malware Threat | APT 38 | |
|
2022-08-18 11:41:44 | Evasive \'DarkTortilla\' Crypter Delivers RATs, Targeted Malware (lien direct) | Secureworks security researchers have analyzed 'DarkTortilla', a .NET-based crypter used to deliver both popular malware and targeted payloads. | Malware | ||
|
2022-08-17 14:25:29 | 81% of Malware Seen on USB Drives in Industrial Facilities Can Disrupt ICS: Honeywell (lien direct) | 
|
Malware | ||
|
2022-08-16 13:53:13 | Ransomware Group Claims Access to SCADA in Confusing UK Water Company Hack (lien direct) | A ransomware group has hit at least one water company in the United Kingdom, but there is some confusion over whose systems were actually breached. | Ransomware Hack | ||
|
2022-08-16 11:09:42 | Signal Discloses Impact From Twilio Hack (lien direct) | Secure communications services provider Signal on Monday disclosed impact from the recent Twilio hack, after threat actors attempted to re-register the phone numbers of some of its users to new devices. | Hack Threat | ||
|
2022-08-16 10:27:07 | Cyber Firm Darktrace Shares Surge on Possible Takeover (lien direct) | Shares in British cyber security firm Darktrace soared almost a fifth Tuesday, reflecting a possible takeover worth several billion pounds by a US private equity firm. | |||
|
2022-08-15 11:48:00 | Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities (lien direct) | Google is once again boosting the maximum bounty payouts for Linux vulnerabilities reported as part of its open-source Kubernetes-based capture-the-flag (CTF) vulnerability rewards program (VRP). | Vulnerability | Uber | |
|
2022-08-15 10:46:06 | Weaponized PLCs Can Hack Engineering Workstations in Attacks on Industrial Orgs (lien direct) | Researchers have shown how hackers could weaponize programmable logic controllers (PLCs) and use them to exploit engineering workstations running software from several major industrial automation companies. | Hack | ||
|
2022-08-15 09:59:25 | Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware (lien direct) | China-linked cyberespionage group Iron Tiger was observed using the compromised servers of a chat application for the delivery of malware to Windows and macOS systems, Trend Micro reports. | Malware | APT 27 | |
|
2022-08-12 17:23:32 | Killnet Releases \'Proof\' of its Attack Against Lockheed Martin (lien direct) | On August 1, Lockheed Martin was supposedly targeted with a DDoS attack delivered by the pro-Russian hacker group Killnet. The information came via the Moscow Times who reported Killnet's claim for responsibility. Newsweek added that Killnet claimed to have stolen Lockheed Martin employee data and threatened to share that data. | |||
|
2022-08-12 13:06:29 | Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year (lien direct) | Microsoft this week announced that, over the past 12 months alone, it paid out $13.7 million in rewards as part of its bug bounty programs. | |||
|
2022-08-12 10:43:09 | Zero-Day Vulnerability Exploited to Hack Over 1,000 Zimbra Email Servers (lien direct) | A new zero-day vulnerability affecting Zimbra has been exploited to hack more than 1,000 enterprise email servers, according to incident response firm Volexity. | Hack Vulnerability | ||
|
2022-08-11 17:44:56 | Cisco Patches High-Severity Vulnerability in Security Solutions (lien direct) | Cisco this week announced the release of patches for a high-severity vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow an unauthenticated attacker to leak an RSA private key. | Vulnerability Threat | ||
|
2022-08-11 10:58:37 | Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attack (lien direct) | Palo Alto Networks is working on fixes for a reflected amplification denial-of-service (DoS) vulnerability that impacts PAN-OS, the platform powering its next-gen firewalls. | Vulnerability | ||
|
2022-08-09 18:08:36 | Already Exploited Zero-Day Headlines Microsoft Patch Tuesday (lien direct) | Microsoft on Tuesday released a critical-severity bulletin to warn of a newly discovered zero-day attack exploiting a remote code execution vulnerability in its flagship Windows operating system. | Vulnerability | ||
|
2022-08-09 17:45:28 | ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected Data (lien direct) | A group of researchers from several universities and companies has disclosed a new Intel CPU attack method that could allow an attacker to obtain potentially sensitive information. | |||
|
2022-08-09 16:53:48 | AMD Processors Expose Sensitive Data to New \'SQUIP\' Attack (lien direct) | A group of academic researchers on Tuesday published a paper describing the first side-channel attack targeting the scheduler queues of modern processors. | |||
|
2022-08-08 14:29:31 | 7-Eleven Closes Stores in Denmark After Hacker Attack (lien direct) | US convenience store chain, 7-Eleven, said Monday that it had closed its outlets in Denmark after a suspected hacker attack knocked out their cash tills. | |||
|
2022-08-08 13:29:22 | Meta Disrupted Two Cyberespionage Operations in South Asia (lien direct) | Facebook's parent company Meta took action earlier this year against two cross-platform cyberespionage operations that relied on various online services for malware distribution. | Malware | ||
|
2022-08-08 11:17:56 | (Déjà vu) US, Australian Cybersecurity Agencies Publish List of 2021\'s Top Malware (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have published a joint advisory to detail the top malware strains of 2021. | Malware | ||
|
2022-08-06 10:11:49 | Twitter Breach Exposed Anonymous Account Owners (lien direct) | A vulnerability in Twitter's software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday. | Vulnerability | ||
|
2022-08-05 15:20:15 | Slack Forces Password Resets After Discovering Software Flaw (lien direct) | Workplace productivity software giant Slack on Friday forced password resets for a tiny fraction of its users after the discovery of a security flaw that exposed Slack credentials. Slack's security response team alerted users to the issue via email and followed up with a blog post warning about the risk of passwords leaking to a skilled attacker. |
To see everything:
Our RSS (filtrered)
