Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-12-07 12:45:13 |
Credit card stealer discovered in social media buttons (lien direct) |
Web skimmer (Magecart) gangs find a new ways to attack e-commerce stores and online shoppers. |
|
|
|
|
2020-12-07 11:00:38 |
Italian police arrest suspects in Leonardo military, defense data theft (lien direct) |
A former employee and collaborator are accused of siphoning off sensitive information for almost two years. |
|
|
|
|
2020-12-07 08:07:00 |
NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability (lien direct) |
Russian hackers are using a VMWare bug to plant web shells inside hacked networks and pivot to Microsoft ADFS servers from where they steal sensitive data. |
Vulnerability
|
|
|
|
2020-12-07 00:58:04 |
Hackers leak data from Embraer, world\'s third-largest airplane maker (lien direct) |
The Brazilian company was the victim of a ransomware attack last month, in November. |
Ransomware
|
|
|
|
2020-12-06 15:46:33 |
Kazakhstan government is intercepting HTTPS traffic in its capital (lien direct) |
This marks the third time since 2015 that the Kazakh government is mandating the installation of a root certificate on its citizens' devices. |
|
|
|
|
2020-12-05 07:15:02 |
Ransomware hits helicopter maker Kopter (lien direct) |
Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web. |
Ransomware
|
|
|
|
2020-12-05 01:37:29 |
Ransomware gangs are now cold-calling victims if they restore from backups without paying (lien direct) |
Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk. |
Ransomware
|
|
|
|
2020-12-04 20:33:58 |
Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day (lien direct) |
Johnson & Johnson is one of six COVID-19 research companies that have been recently targeted by North Korean state-sponsored hackers. |
|
|
|
|
2020-12-04 07:39:03 |
Ransomware attack cripples Vancouver public transportation agency (lien direct) |
TransLink customers left unable to use the agency's public ticketing kiosks and cards for two days. |
Ransomware
|
|
|
|
2020-12-04 00:31:47 |
Edward Snowden asks Trump to pardon Wikileaks founder Julian Assange (lien direct) |
Snowden claims the pardon would save Assange's life. |
|
|
|
|
2020-12-03 18:25:00 |
Dell announces new protections for its PC and server supply chain (lien direct) |
Dell to start using tamper-evident seals during physical transport and provide a software reset feature to wipe hard-drives before customer deployment. |
|
|
|
|
2020-12-03 14:17:08 |
Data of 243 million Brazilians exposed online via website source code (lien direct) |
The password to access a highly sensitive Ministry of Health database was stored inside a government site's source code. |
|
|
|
|
2020-12-03 11:00:05 |
Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain (lien direct) |
Targets include EU directorates, companies making vaccine shipping containers, a website development firm linked to vaccine supply chains. |
|
|
|
|
2020-12-03 11:00:04 |
8% of all Google Play apps vulnerable to old security bug (lien direct) |
Devs have not updated a crucial library inside their apps, leaving users exposed to dangerous attacks. Some of the vulnerable apps include Microsoft's Edge browser, Grindr, OKCupid, and Cisco Teams. |
|
|
|
|
2020-12-03 11:00:03 |
New TrickBot version can tamper with UEFI/BIOS firmware (lien direct) |
New TrickBot feature scares security researchers. |
|
|
|
|
2020-12-03 11:00:00 |
This phishing group is targeting COVID-19 vaccine supply chains (lien direct) |
Clues indicate state-sponsored hackers may be to blame. |
|
|
|
|
2020-12-03 10:49:47 |
Compounder Finance DeFi project allegedly pulls the rug from under investors, $11 million stolen (lien direct) |
One investor is offering a $100,000 bounty leading to the unmasking of the thief, or thieves, involved. |
Guideline
|
|
|
|
2020-12-02 14:00:02 |
Open source software security vulnerabilities exist for over four years before detection (lien direct) |
GitHub research suggests there is a need to reduce the time between bug detection and fixes. |
|
|
|
|
2020-12-02 11:52:18 |
Absa bank embroiled in data leak, rogue employee accused of theft (lien direct) |
Personal information belonging to banking customers was compromised. |
|
|
|
|
2020-12-02 09:30:05 |
Ivanti announces double acquisition of MobileIron, Pulse Secure in zero-trust security push (lien direct) |
Ivanti says the deals strengthen the company in the mobile zero-trust security space. |
|
|
|
|
2020-12-01 19:00:00 |
Malicious npm packages caught installing remote access trojans (lien direct) |
JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware. |
|
|
|
|
2020-12-01 17:55:51 |
FBI warns of email forwarding rules being abused in recent hacks (lien direct) |
FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators." |
|
|
|
|
2020-12-01 15:53:43 |
Microsoft removes 18 malicious Edge extensions for injecting ads into web pages (lien direct) |
Some extensions mimicked official apps while others copied popular Chrome extensions. |
|
|
|
|
2020-12-01 09:54:40 |
\'Hacker_R_US\' gets eight years in prison for bomb threats and DDoS extortion (lien direct) |
'Hacker_R_US' was one of the two members of the Apophis Squad hacker group. |
|
|
|
|
2020-12-01 09:00:03 |
2020\'s worst cryptocurrency breaches, thefts, and exit scams (lien direct) |
Cryptocurrency exchanges have felt the impact of everything from vulnerability exploit to social engineering scams over this year. |
Vulnerability
|
|
|
|
2020-12-01 06:00:03 |
The biggest hacks, data breaches of 2020 (lien direct) |
A pandemic is no reason for hackers to hold off cyberattacks against everything from government bodies to healthcare providers. |
|
|
|
|
2020-12-01 02:34:00 |
Microsoft links Vietnamese state hackers to crypto-mining malware campaign (lien direct) |
Vietnamese state hackers imitate Chinese groups and start making money on the side while spying for their government. |
Malware
|
|
|
|
2020-11-30 21:20:13 |
Docker malware is now common, so devs need to take Docker security seriously (lien direct) |
Three years after the first malware attacks targeting Docker, developers are still misconfiguring and exposing their Docker servers online. |
Malware
|
|
|
|
2020-11-30 13:36:00 |
Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up (lien direct) |
If Cloudflare, AWS, or GoDaddy go down, around 40% of the Alexa Top 100,000 websites will also go down with DNS resolution problems. |
|
|
|
|
2020-11-30 10:00:03 |
This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins (lien direct) |
The research highlights the potential dangers of new 'biohacking' techniques. |
|
|
|
|
2020-11-27 14:09:25 |
A hacker is selling access to the email accounts of hundreds of C-level executives (lien direct) |
Access is sold for $100 to $1500 per account, depending on the company size and exec role. |
|
|
|
|
2020-11-27 10:07:06 |
Networking equipment vendor Belden discloses data breach (lien direct) |
Belden says hackers accessed a limited number of company's file servers. |
Data Breach
|
|
|
|
2020-11-26 21:22:59 |
Personal data of 16 million Brazilian COVID-19 patients exposed online (lien direct) |
Among those affected by the leak are Brazil President Jair Bolsonaro, seven ministers, and 17 provincial governors. |
|
|
|
|
2020-11-26 09:31:21 |
Sophos notifies customers of data exposure after database misconfiguration (lien direct) |
Exclusive: Company says that only a small subset of customers were impacted. |
|
|
|
|
2020-11-25 23:34:00 |
Xbox bug could have allowed hackers to link gamer tags with players\' emails (lien direct) |
The bug could have been exploited by playing around in a browser's developer console and editing a cookie field. |
|
|
|
|
2020-11-25 20:46:28 |
Security researcher accidentally discovers Windows 7 and Windows Server 2008 zero-day (lien direct) |
The vulnerability was discovered while the security researcher was working on a Windows security tool. |
Vulnerability
|
|
|
|
2020-11-25 17:08:25 |
Three members of TMT cybercrime group arrested in Nigeria (lien direct) |
The TMT group has infected more than 50,000 organizations around the world with malware. |
|
|
|
|
2020-11-25 10:55:21 |
YouTube suspends OANN for allegedly peddling fake COVID-19 cures (lien direct) |
If the outlet wants to monetize videos in the future, it must reapply to YouTube's member program. |
|
|
|
|
2020-11-25 10:07:21 |
Home Depot agrees to $17.5 million settlement over 2014 data breach (lien direct) |
The US retailer's point-of-sale systems were infected with malware. |
Data Breach
|
|
|
|
2020-11-24 20:44:00 |
2FA bypass discovered in web hosting software cPanel (lien direct) |
More than 70 million sites are managed via cPanel software, according to the company. |
|
|
|
|
2020-11-24 15:00:04 |
Stantinko\'s Linux malware now poses as an Apache web server (lien direct) |
Eight-year-old Stantinko botnet updates its Linux malware. |
Malware
|
|
|
|
2020-11-24 13:18:14 |
Spotify launches \'rolling reset\' on customer accounts, passwords linked to data leak (lien direct) |
A third-party server containing Spotify credentials was uncovered by researchers. |
|
|
|
|
2020-11-24 12:22:43 |
Baidu\'s Android apps caught collecting sensitive user details (lien direct) |
Data collection issue identified in Baidu Maps and Baidu Search Box apps, both removed from the Play Store in October 2020. |
|
|
|
|
2020-11-24 11:00:00 |
New WAPDropper malware abuses Android devices for WAP fraud (lien direct) |
New WAPDropper malware signs up Android users to premium services provided by telecoms in Thailand and Malaysia. |
Malware
|
|
|
|
2020-11-24 10:29:05 |
SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire (lien direct) |
The agency claims that business deals were made up to lure investors into funding the startup. |
|
|
|
|
2020-11-24 10:27:00 |
Hacker leaks the user data of event management app Peatix (lien direct) |
More than 4.2 million user accounts have been made available for download online earlier this month. |
|
|
|
|
2020-11-23 17:37:13 |
Tesla Model X hacked and stolen in minutes using new key fob hack (lien direct) |
Tesla is rolling out over-the-air software updates this week to prevent the attack from hijacking owner key fobs. |
Hack
|
|
|
|
2020-11-23 15:10:12 |
Malware creates scam online stores on top of hacked WordPress sites (lien direct) |
The malware gang also poisoned the victims' XML sitemaps with thousands of scammy entries, lowering the sites' SERP ranking. |
Malware
|
|
|
|
2020-11-23 13:35:05 |
GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave (lien direct) |
The domain registrar has confirmed that employees became embroiled in wider attacks. |
|
|
|
|
2020-11-23 12:28:00 |
TikTok patches reflected XSS bug, one-click account takeover exploit (lien direct) |
The vulnerabilities impacted the video platform's website. |
|
|
|