What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-18 17:42:56 | Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign (lien direct) | Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud.
Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud. |
★★ | ||
|
2024-12-18 17:24:00 | Manufacturers Lose Azure Creds to HubSpot Phishing Attack (lien direct) | Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.
Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe. |
Cloud | ★★ | |
|
2024-12-18 16:46:53 | Wallarm Releases API Honeypot Report Highlighting API Attack Trends (lien direct) | Pas de details / No more details | ★★★ | ||
|
2024-12-18 15:00:00 | The Importance of Empowering CFOs Against Cyber Threats (lien direct) | Working closely with CISOs, chief financial officers can become key players in protecting their organizations\' critical assets and ensuring long-term financial stability.
Working closely with CISOs, chief financial officers can become key players in protecting their organizations\' critical assets and ensuring long-term financial stability. |
★★ | ||
|
2024-12-18 14:17:28 | Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets (lien direct) | The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity.
The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity. |
Tool | ★★ | |
|
2024-12-18 02:00:00 | Thai Police Systems Under Fire From \\'Yokai\\' Backdoor (lien direct) | Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.
Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness. |
Malware Legislation | ★★ | |
|
2024-12-17 20:03:27 | Texas Tech Fumbles Medical Data in Massive Breach (lien direct) | The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks.
The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks. |
Medical | ★★ | |
|
2024-12-17 18:20:08 | CISA Directs Federal Agencies to Secure Cloud Environments (lien direct) | Actions direct agencies to deploy specific security configurations to reduce cyber-risk.
Actions direct agencies to deploy specific security configurations to reduce cyber-risk. |
Cloud | ★★ | |
|
2024-12-17 17:35:22 | Delinea Joins CVE Numbering Authority Program (lien direct) | Pas de details / No more details | ★★ | ||
|
2024-12-17 16:21:38 | Azure Data Factory Bugs Expose Cloud Infrastructure (lien direct) | Three vulnerabilities in the service\'s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.
Three vulnerabilities in the service\'s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware. |
Malware Vulnerability Cloud | ★★ | |
|
2024-12-17 15:09:02 | CompTIA Xpert Series Expands With SecurityX Professional Certification (lien direct) | Program designed to validate and sharpen cybersecurity skills for working professionals.
Program designed to validate and sharpen cybersecurity skills for working professionals. |
★ | ||
|
2024-12-17 15:00:00 | To Defeat Cybercriminals, Understand How They Think (lien direct) | Getting inside the mind of a threat actor can help security pros understand how they operate and what they\'re looking for - in essence, what makes a soft target.
Getting inside the mind of a threat actor can help security pros understand how they operate and what they\'re looking for - in essence, what makes a soft target. |
Threat | ★★ | |
|
2024-12-17 14:19:29 | Wald.ai Launches Data Loss Protection for AI Platforms (lien direct) | The cybersecurity startup\'s data loss protection platform uses contextual redaction to help organizations safely use private business information across AI platforms.
The cybersecurity startup\'s data loss protection platform uses contextual redaction to help organizations safely use private business information across AI platforms. |
★★★ | ||
|
2024-12-16 22:48:01 | BlackBerry to Sell Cylance to Arctic Wolf (lien direct) | Arctic Wolf plans to integrate Cylance\'s EDR technology into its XDR platform.
Arctic Wolf plans to integrate Cylance\'s EDR technology into its XDR platform. |
★★ | ||
|
2024-12-16 20:33:16 | Does Desktop AI Come With a Side of Risk? (lien direct) | Artificial intelligence capabilities are coming to a desktop near you - with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?
Artificial intelligence capabilities are coming to a desktop near you - with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks? |
★★ | ||
|
2024-12-16 20:08:54 | Citizen Development Moves Too Fast for Its Own Good (lien direct) | While low-code/no-code tools can speed up application development, sometimes it\'s worth taking a slower approach for a safer product.
While low-code/no-code tools can speed up application development, sometimes it\'s worth taking a slower approach for a safer product. |
Tool | ★★★ | |
|
2024-12-16 19:00:00 | The Education Industry: Why Its Data Must Be Protected (lien direct) | The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment.
The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment. |
Threat | ★★ | |
|
2024-12-16 10:22:25 | Microsoft Teams Vishing Spreads DarkGate RAT (lien direct) | A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning.
A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning. |
Malware Threat | ★★ | |
|
2024-12-13 22:32:53 | Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs (lien direct) | Pas de details / No more details | Cloud | ★★ | |
|
2024-12-13 22:22:39 | Versa Introduces Integrated Endpoint Data Loss Prevention in SASE Solution (lien direct) | Pas de details / No more details | ★★ | ||
|
2024-12-13 21:56:35 | Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn (lien direct) | Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.
Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued. |
Ransomware Vulnerability Threat Patching | ★★ | |
|
2024-12-13 21:44:17 | Generative AI Security Tools Go Open Source (lien direct) | Businesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security.
Businesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security. |
Tool | ★★ | |
|
2024-12-13 21:34:21 | With \\'TPUXtract,\\' Attackers Can Steal Orgs\\' AI Models (lien direct) | A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network - meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves.
A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network - meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves. |
★★ | ||
|
2024-12-13 21:03:41 | Test Your Cyber Skills With the SANS Holiday Hack Challenge (lien direct) | Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition is set in the world of Santa, elves, and Christmas mayhem.
Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition is set in the world of Santa, elves, and Christmas mayhem. |
Hack | ★★ | |
|
2024-12-13 15:00:00 | OData Injection Risk in Low-Code/No-Code Environments (lien direct) | As the adoption of LCNC grows, so will the complexity of the threats organizations face.
As the adoption of LCNC grows, so will the complexity of the threats organizations face. |
★★ | ||
|
2024-12-13 07:00:00 | \\'Dubai Police\\' Lures Anchor Wave of UAE Mobile Attacks (lien direct) | A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.
A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore. |
Legislation Mobile | ★★★ | |
|
2024-12-12 23:01:13 | Lloyd\\'s of London Launches New Cyber Insurance Consortium (lien direct) | Under the program, HITRUST-certified organizations gain access to exclusive coverage and rates.
Under the program, HITRUST-certified organizations gain access to exclusive coverage and rates. |
★★ | ||
|
2024-12-12 21:45:35 | 336K Prometheus Instances Exposed to DoS, \\'Repojacking\\' (lien direct) | Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.
Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations. |
★★★ | ||
|
2024-12-12 21:21:31 | Chinese Cops Caught Using Android Spyware to Track Mobile Devices (lien direct) | Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.
Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows. |
Tool Legislation Mobile | ★★★ | |
|
2024-12-12 20:47:27 | IoT Cloud Cracked by \\'Open Sesame\\' Over-the-Air Attack (lien direct) | Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.
Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device. |
Hack Cloud | ★★ | |
|
2024-12-12 19:57:24 | Europol Cracks Down on Holiday DDoS Attacks (lien direct) | In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts.
In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts. |
★★★ | ||
|
2024-12-12 18:51:21 | Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat (lien direct) | The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn\'t enforced them. It\'s unclear if they will help.
The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn\'t enforced them. It\'s unclear if they will help. |
★★★ | ||
|
2024-12-12 15:00:00 | Cultivating a Hacker Mindset in Cybersecurity Defense (lien direct) | Security isn\'t just about tools - it\'s about understanding how the enemy thinks and why they make certain choices.
Security isn\'t just about tools - it\'s about understanding how the enemy thinks and why they make certain choices. |
Tool | ★★★ | |
|
2024-12-11 22:47:17 | Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug (lien direct) | The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.
The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks. |
Vulnerability Threat | ★★★ | |
|
2024-12-11 22:13:51 | Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack (lien direct) | Threat actors punch holes in the company\'s online ordering systems, tripping up doughnut deliveries across the US after a late November breach.
Threat actors punch holes in the company\'s online ordering systems, tripping up doughnut deliveries across the US after a late November breach. |
Threat | ★★★ | |
|
2024-12-11 21:09:31 | Symmetrical Cryptography Pioneer Targets the Post-Quantum Era (lien direct) | Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can\'t gain enough information to breach.
Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can\'t gain enough information to breach. |
Threat | ★★★ | |
|
2024-12-11 20:47:50 | Researchers Crack Microsoft Azure MFA in an Hour (lien direct) | A critical flaw in the company\'s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.
A critical flaw in the company\'s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. |
Cloud | ★★★★ | |
|
2024-12-11 15:50:59 | Cybersecurity Lessons From 3 Public Breaches (lien direct) | High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others\' mistakes.
High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others\' mistakes. |
Vulnerability | ★★★ | |
|
2024-12-11 15:00:00 | Tips for Preventing Breaches in 2025 (lien direct) | Hackers are constantly evolving, and so too should our security protocols.
Hackers are constantly evolving, and so too should our security protocols. |
★★★ | ||
|
2024-12-11 07:00:00 | Governments, Telcos Ward Off China\\'s Hacking Typhoons (lien direct) | Infiltrating other nations\' telecom networks is a cornerstone of China\'s geopolitical strategy, and it\'s having the unintended consequence of driving the uptake of encrypted communications.
Infiltrating other nations\' telecom networks is a cornerstone of China\'s geopolitical strategy, and it\'s having the unintended consequence of driving the uptake of encrypted communications. |
★★ | ||
|
2024-12-10 23:11:53 | Snowflake Rolls Out Mandatory MFA Plan (lien direct) | As part of the commitment to CISA\'s Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.
As part of the commitment to CISA\'s Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year. |
★★ | ||
|
2024-12-10 22:30:34 | FCC Proposes New Cybersecurity Rules for Telecoms (lien direct) | FCC Chairwoman Jessica Rosenworcel proposed "urgent action" to safeguard the nation\'s communications systems from real and present cybersecurity threats.
FCC Chairwoman Jessica Rosenworcel proposed "urgent action" to safeguard the nation\'s communications systems from real and present cybersecurity threats. |
★★★ | ||
|
2024-12-10 22:21:02 | Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday (lien direct) | The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season. |
Vulnerability Threat | ★★★ | |
|
2024-12-10 21:03:08 | \\'Termite\\' Ransomware Likely Behind Cleo Zero-Day Attacks (lien direct) | The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.
The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks. |
Ransomware Vulnerability Threat | ★★ | |
|
2024-12-10 17:51:18 | Scottish Parliament TV at Risk From Deepfakes (lien direct) | Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.
Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams. |
★★★★ | ||
|
2024-12-10 16:12:01 | Cybercrime Gangs Abscond With Thousands of AWS Credentials (lien direct) | The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.
The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing. |
Cloud | ★★ | |
|
2024-12-10 15:00:01 | Lessons From the Largest Software Supply Chain Incidents (lien direct) | The software supply chain is a growing target, and organizations need to take special care to safeguard it.
The software supply chain is a growing target, and organizations need to take special care to safeguard it. |
★★★ | ||
|
2024-12-10 11:00:00 | Sprawling \\'Operation Digital Eye\\' Attack Targets European IT Orgs (lien direct) | A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.
A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack. |
Threat | ★★ | |
|
2024-12-09 22:42:00 | Microsoft NTLM Zero-Day to Remain Unpatched Until April (lien direct) | The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.
The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice. |
Vulnerability Threat | ★★★ | |
|
2024-12-09 21:21:48 | Millionaire Airbnb Phishing Ring Busted Up by Police (lien direct) | Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.
Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement. |
Legislation | ★★★ |
To see everything:
Our RSS (filtrered)
