Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-08-10 21:16:00 |
Security researcher publishes details and exploit code for a vBulletin zero-day (lien direct) |
Proof-of-concept exploit code available in Bash, Python, and Ruby. |
|
|
|
|
2020-08-10 19:18:35 |
A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks (lien direct) |
At one point, the group ran almost a quarter of all Tor exit nodes. Group still controls 10% of all Tor exit nodes today. |
|
|
|
|
2020-08-10 10:52:54 |
Have I Been Pwned to release code base to the open source community (lien direct) |
Troy Hunt has made the decision following an unsuccessful attempt to have the platform acquired. |
|
|
|
|
2020-08-10 03:04:00 |
FBI says an Iranian hacking group is attacking F5 networking devices (lien direct) |
Sources: Attacks linked to a hacker group known as Fox Kitten (or Parasite), considered Iran's "spear tip" when it comes to cyber-attacks. |
|
|
|
|
2020-08-08 18:04:31 |
China is now blocking all encrypted HTTPS traffic using TLS 1.3 and ESNI (lien direct) |
Block was put in place at the end of July and is enforced via China's Great Firewall internet surveillance technology. |
|
|
|
|
2020-08-08 07:00:08 |
DEF CON: New tool brings back \'domain fronting\' as \'domain hiding\' (lien direct) |
After Amazon and Google stopped supporting the censorship-evading domain fronting technique on their clouds in 2018, new Noctilucent toolkit aims to bring it back in a new form as "domain hiding." |
Tool
|
|
|
|
2020-08-07 17:37:00 |
Hackers are defacing Reddit with pro-Trump messages (lien direct) |
BREAKING: Massive hack hits Reddit. |
Hack
|
|
|
|
2020-08-07 16:30:00 |
Bulgarian police arrest hacker Instakilla (lien direct) |
Hacker accused of hacking and extorting companies, selling stolen data online. |
|
|
|
|
2020-08-07 16:00:00 |
Facebook open-sources one of Instagram\'s security tools (lien direct) |
In the first half of 2020, Pysa detected 44% of all security bugs in Instagram's server-side Python code. |
|
|
|
|
2020-08-07 11:02:30 |
Canon suffers ransomware attack, Maze claims responsibility (lien direct) |
Reports based on an internal memo suggest an external security firm has been hired to investigate. |
Ransomware
|
|
|
|
2020-08-07 09:34:46 |
Magecart group uses homoglyph attacks to fool you into visiting malicious websites (lien direct) |
A new campaign is utilizing the Inter kit and favicons to hide skimming activities. |
|
|
|
|
2020-08-06 21:59:12 |
Black Hat: Hackers are using skeleton keys to target chip vendors (lien direct) |
Operation Chimera focuses on the theft of valuable intellectual property and semiconductor designs. |
|
|
|
|
2020-08-06 19:23:28 |
Intel investigating breach after 20GB of internal documents leak online (lien direct) |
EXCLUSIVE: Data was leaked online today by a Swiss security researcher after receiving it from an anonymous hacker. |
|
|
|
|
2020-08-06 18:30:06 |
Black Hat: Entropy - the solution to malvertising and malspam? (lien direct) |
A researcher explores how entropy could be used to flag suspicious images and documents hiding malicious secrets. |
|
|
|
|
2020-08-06 17:31:00 |
Capital One fined $80 million for 2019 hack (lien direct) |
Office of the Comptroller of the Currency imposes mammoth fine for the bank's failure to secure its data in the cloud. |
Hack
|
|
|
|
2020-08-06 11:42:00 |
Firefox gets fix for evil cursor attack (lien direct) |
Tech support scam group found a way to abuse Firefox's previous evil cursor patch to enable new attacks. |
|
|
|
|
2020-08-06 08:45:12 |
(Déjà vu) Smart locks can be opened with nothing more than a MAC address (lien direct) |
Researchers demonstrated how remote attackers can steal UltraLoq digital keys with minimal effort. |
|
|
|
|
2020-08-06 08:45:00 |
Smart locks opened with nothing more than a MAC address (lien direct) |
Researchers demonstrated how remote attackers could steal UltraLoq digital keys with minimal effort. |
|
|
|
|
2020-08-06 04:01:05 |
Black Hat: Hackers can remotely hijack enterprise, healthcare Temi robots (lien direct) |
Temi's interactive assistance robots are remotely exploitable with little more than a phone number. |
|
|
|
|
2020-08-06 00:33:00 |
Google said it took down ten influence operation campaigns in Q2 2020 (lien direct) |
Google said the influence ops were traced back to China, Russia, Iran, and Tunisia. |
|
|
|
|
2020-08-05 21:17:00 |
US offers $10 million reward for hackers meddling in US elections (lien direct) |
This includes attacks against US election officials, election infrastructure, voting machines, but also candidates and their staff. |
|
|
|
|
2020-08-05 20:30:37 |
Black Hat: When penetration testing earns you a felony arrest record (lien direct) |
Coalfire takes us through the story of security professionals arrested at a courthouse while conducting tests on behalf of the state. |
|
|
|
|
2020-08-05 18:30:28 |
Black Hat: How hackers gain root access to SAP enterprise servers through SolMan (lien direct) |
Researchers demonstrated how the SAP Solution Manager could provide a bridge to full server access. |
|
|
|
|
2020-08-05 18:03:08 |
Twitter patches Android app to prevent exploitation of bug that can grant access to DMs (lien direct) |
Actual bug resided in the Android 8 and Android 9 operating systems. Twitter updated its Android app to prevent exploitation. |
|
|
|
|
2020-08-05 17:26:55 |
Black Hat: How your pacemaker could become an insider threat to national security (lien direct) |
Implanted medical devices are an overlooked security challenge that is only going to increase over time. |
Threat
|
|
|
|
2020-08-05 16:52:00 |
New EtherOops attack takes advantage of faulty Ethernet cables (lien direct) |
EtherOops attack can be used to bypass network defenses and attack devices inside closed enterprise networks. |
|
|
|
|
2020-08-05 12:03:38 |
FBI issues warning over Windows 7 end-of-life (lien direct) |
The FBI says companies running Windows 7 systems are now in greater risk of getting hacked due to a lack of security updates. |
|
|
|
|
2020-08-05 02:19:58 |
Cluster of 295 Chrome extensions caught hijacking Google and Bing search results (lien direct) |
The malicious Chrome extensions have been installed by more than 80 million users. |
|
|
|
|
2020-08-04 22:44:00 |
Hacker leaks passwords for 900+ enterprise VPN servers (lien direct) |
EXCLUSIVE: The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs. |
Ransomware
|
|
|
|
2020-08-04 18:02:58 |
Firefox adds protections against redirect tracking (lien direct) |
New protection already active in Firefox 79; will roll out to all Firefox users in the next few weeks. |
|
|
|
|
2020-08-04 16:20:12 |
Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH) (lien direct) |
Kaspersky says Oilrig (APT34) group has been using DoH to silently exfiltrate data from hacked networks. |
|
APT 34
|
|
|
2020-08-04 02:46:53 |
Ransomware gang publishes tens of GBs of internal data from LG and Xerox (lien direct) |
Maze gang publishes internal data from LG and Xerox after failed extortion attempt. |
Ransomware
|
|
|
|
2020-08-03 23:08:46 |
Ahead of US election, Google bans ads linking to hacked political content (lien direct) |
New Google Ads policy to enter into effect on September 1, 2020. |
|
|
|
|
2020-08-03 17:35:27 |
CISA, DOD, FBI expose new Chinese malware strain named Taidoor (lien direct) |
US government agencies say the Taidoor remote access trojan (RAT) has been used as far back as 2008. |
Malware
|
|
|
|
2020-08-03 15:00:06 |
BlackBerry releases new security tool for reverse-engineering PE files (lien direct) |
BlackBerry open-sources PE Tree, a new malware reverse-engineering tool for analyzing Portable Executable (PE) files. |
Malware
Tool
|
|
|
|
2020-08-03 14:00:04 |
NetWalker ransomware gang has made $25 million since March 2020 (lien direct) |
The NetWalker gang has established itself as one of the most dangerous ransomware groups out there. |
Ransomware
|
|
|
|
2020-08-03 09:59:27 |
2gether hacked: €1.2m in cryptocurrency stolen, native tokens offered in exchange (lien direct) |
Almost a third of funds stored in cryptocurrency investment accounts have been taken. |
|
|
|
|
2020-08-03 04:40:05 |
GandCrab ransomware distributor arrested in Belarus (lien direct) |
Creator of the actual ransomware still at large. |
Ransomware
|
|
|
|
2020-08-02 19:18:30 |
Google: Eleven zero-days detected in the wild in the first half of 2020 (lien direct) |
A report from Google's Project Zero also looks at 2019 zero-day statistics and draws some interesting conclusions. |
|
|
|
|
2020-08-01 15:14:37 |
Phishing campaigns, from first to last victim, take 21h on average (lien direct) |
Most phishing victims experience a fraudulent transaction around 5 days after getting phished, new research shows. |
|
|
|
|
2020-08-01 10:00:27 |
Author of FastPOS malware revealed, pleads guilty (lien direct) |
A 30-year-old Moldovan man admitted this month to creating the FastPOS malware. |
Malware
|
|
|
|
2020-08-01 01:01:00 |
How the FBI tracked down the Twitter hackers (lien direct) |
A timeline of the Twitter hack composed from court documents published today. |
Hack
|
|
|
|
2020-07-31 19:21:00 |
Florida teen arrested for orchestrating Twitter hack (lien direct) |
Main suspect identified as Graham Ivan Clark, a 17-year-old teen from Tampa, Florida. |
Hack
|
|
★★★★
|
|
2020-07-31 13:07:31 |
BootHole fixes causing boot problems across multiple Linux distros (lien direct) |
Debian, Ubuntu, Red Hat, CentOS, Fedora users reports issues with booting or dual-booting their devices. |
|
|
|
|
2020-07-31 08:36:58 |
China arrests over 100 people suspected of involvement in PlusToken cryptocurrency scam (lien direct) |
Many of the alleged fraudsters had previously fled overseas. |
|
|
|
|
2020-07-31 07:25:31 |
Mimecast acquires communication security provider MessageControl (lien direct) |
The email and data security firm says the deal will help protect customers against phishing campaigns. |
|
|
|
|
2020-07-31 04:35:08 |
Theoretical technique to abuse EMV cards detected used in the real world (lien direct) |
Known as EMV-Bypass Cloning, a technique first described in 2008 has been seen abused in the wild this year. |
|
|
|
|
2020-07-30 18:37:00 |
EU sanctions China, Russia, and North Korea for past hacks (lien direct) |
The EU has imposed today its first-ever economical sanctions following cyber-attacks from foreign adversaries. |
|
|
|
|
2020-07-30 14:44:19 |
(Déjà vu) Two Tor zero-days disclosed, more to come (lien direct) |
A security researcher has published details about two Tor zero-days and promises to release three more. |
|
|
|
|
2020-07-30 14:44:00 |
Multiple Tor security issues disclosed, more to come (lien direct) |
A security researcher has published details about two Tor security issues and promises to release three more. |
|
|
★★
|