Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-07-16 10:05:00 |
Iranian cyberspies leave training videos exposed online (lien direct) |
Cyber-security firm IBM X-Force finds video recordings used to train Iranian state hackers. |
|
|
|
|
2020-07-16 09:30:08 |
Mac users trying to trade cryptocurrencies targeted by Gmera Trojan operators (lien direct) |
Wallets are being plundered by apps infected with Gmera malware. |
|
|
|
|
2020-07-16 07:00:08 |
New BlackRock Android malware can steal passwords and card data from 337 apps (lien direct) |
Android apps targeted by this new trojan include banking, dating, social media, and instant messaging apps. |
Malware
|
|
|
|
2020-07-16 04:00:08 |
Bazar backdoor linked to Trickbot banking Trojan campaigns (lien direct) |
Cybercriminals are taking advantage of the coronavirus pandemic to spread the new malware. |
|
|
|
|
2020-07-15 21:50:19 |
Chinese state hackers target Hong Kong Catholic Church (lien direct) |
EXCLUSIVE: Spear-phishing operation targets members of the Hong Kong Catholic Church. |
|
|
|
|
2020-07-15 15:37:10 |
Firefox on Android: Camera remains active when phone is locked or the user switches apps (lien direct) |
Mozilla says it will fix the bug later this year, in October. |
|
|
|
|
2020-07-15 13:07:00 |
(Déjà vu) Report: CIA received more offensive hacking powers in 2018 (lien direct) |
In 2018, US President Trump gave the CIA more powers to carry out covert cyber operations resulting in several hacks and data dumps from Iranian and Russian spy agencies. |
|
|
|
|
2020-07-15 13:07:00 |
(Déjà vu) Report: CIA most likely behind APT34 and FSB hacks and data dumps (lien direct) |
In 2018, US President Trump gave the CIA more powers to carry out covert cyber operations resulting in several hacks and data dumps from Iranian and Russian spy agencies. |
|
APT 34
|
|
|
2020-07-15 13:07:00 |
Report: CIA behind APT34 and FSB hacks and data dumps (lien direct) |
In 2018, US President Trump gave the CIA more powers to carry out covert cyber operations resulting in several hacks and data dumps from Iranian and Russian spy agencies. |
|
APT 34
|
|
|
2020-07-14 20:35:00 |
Chrome 84 released with support for blocking notification popups on spammy sites (lien direct) |
Other new features that shipped with Chrome 84 include a new animations engine and a one-tap system for importing SMS passcodes into Chrome web forms. |
|
|
|
|
2020-07-14 17:51:00 |
Microsoft July 2020 Patch Tuesday fixes 123 vulnerabilities (lien direct) |
This month's patches fix a major wormable bug in the Windows Server DNS component. |
|
|
|
|
2020-07-14 17:43:00 |
SigRed: A 17-year-old \'wormable\' vulnerability for hijacking Microsoft Windows Server (lien direct) |
The vulnerability, fixed in Microsoft's Patch Tuesday, has been awarded a severity rating of 10.0. |
Vulnerability
|
|
|
|
2020-07-14 09:32:13 |
EFF\'s new database reveals what tech local police are using to spy on you (lien direct) |
An interactive map shows you everything from Ring partnerships to predictive policing. |
|
|
|
|
2020-07-14 02:15:29 |
RECON bug lets hackers create admin accounts on SAP servers (lien direct) |
SAP patches bug impacting most of its apps and customer base. |
|
|
|
|
2020-07-14 01:49:24 |
A hacker is selling details of 142 million MGM hotel guests on the dark web (lien direct) |
EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported. |
Data Breach
|
|
|
|
2020-07-13 20:05:29 |
Google Meet adds zoombombing protection for education customers (lien direct) |
Google will block anonymous users from joining Google Meet video conferences organized by G Suite for Education customers. |
|
|
|
|
2020-07-13 02:53:00 |
Hacker breaches security firm in act of revenge (lien direct) |
Hacker claims to have stolen more than 8,200 databases from a security firm's data leak monitoring service. |
|
|
|
|
2020-07-11 08:24:15 |
Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches (lien direct) |
Sentencing scheduled for September 2020. |
|
|
|
|
2020-07-11 00:05:29 |
Researchers create magstripe versions from EMV and contactless cards (lien direct) |
Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today. |
|
|
|
|
2020-07-10 18:25:34 |
Amazon tells employees to remove TikTok from their phones due to security risk (lien direct) |
Accessing the TikTok website from work laptops is still allowed, according to an internal email Amazon sent to employees today. |
|
|
|
|
2020-07-10 11:30:00 |
Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data (lien direct) |
The backdoor accounts grant access to a secret Telnet admin account running on the devices' external WAN interface. |
|
|
|
|
2020-07-10 09:53:20 |
Smartwatch tracker for the vulnerable can be hacked to send medication alerts (lien direct) |
API issues could be exploited to make calls, spy on users, send fake messages, and more. |
|
|
|
|
2020-07-10 07:08:38 |
KingComposer patches XSS flaw impacting 100,000 WordPress websites (lien direct) |
The vulnerability could be exploited to execute malicious payloads in visitor browsers. |
Vulnerability
|
|
|
|
2020-07-09 21:36:54 |
Google bans stalkerware ads (lien direct) |
New Google Ads policy that bans stalkerware enters into effect on August 11. |
|
|
|
|
2020-07-09 18:00:00 |
Zoom working on patching zero-day disclosed in Windows client (lien direct) |
Security firm has disclosed today a zero-day vulnerability in Zoom's Windows client. |
Vulnerability
Patching
|
|
|
|
2020-07-09 09:30:00 |
Researchers connect Evilnum hacking group to cyberattacks against Fintech firms (lien direct) |
The APT is also a loyal customer of Golden Chickens, a Malware-as-a-Service outfit. |
|
|
|
|
2020-07-09 06:20:01 |
Google abandons Isolated Region cloud services project in China (lien direct) |
Google says the Isolated Region project was scrapped due to other services offering “better outcomes.” |
|
|
|
|
2020-07-09 04:40:30 |
More pre-installed malware has been found in budget US smartphones (lien direct) |
Cheap phones often have tradeoffs but researchers say this should never compromise user safety. |
Malware
|
|
|
|
2020-07-09 02:42:47 |
Nvidia fixes code execution vulnerability in GeForce Experience (lien direct) |
Security updates have also been released for the JetPack software development kit. |
Vulnerability
|
|
|
|
2020-07-09 02:42:00 |
Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption (lien direct) |
The Conti ransomware also abuses the Windows Restart Manager component to unlock apps and free up their data (for encryption). |
Ransomware
|
|
|
|
2020-07-08 23:09:37 |
Microsoft\'s new KDP tech blocks malware by making parts of the Windows kernel read-only (lien direct) |
New KDP security feature is currently being tested with Windows 10 Insider builds. |
Malware
|
|
|
|
2020-07-08 17:16:14 |
Google open-sources Tsunami vulnerability scanner (lien direct) |
Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible. |
Vulnerability
|
|
|
|
2020-07-08 12:09:07 |
Civil rights auditors slam Facebook stance on Trump, voter suppression (lien direct) |
Facebook has admitted there is still a “long way to go” to quell recent criticism of civil rights issue handling. |
|
|
|
|
2020-07-08 10:02:18 |
Fxmsp hacker indicted by feds for selling backdoor access to hundreds of companies (lien direct) |
Backdoors into government networks and corporations were allegedly sold to other criminal enterprises. |
|
|
|
|
2020-07-07 22:22:34 |
Mozilla suspends Firefox Send service while it addresses malware abuse (lien direct) |
Mozilla has temporarily suspended the Firefox Send file-sharing service while it adds a Report Abuse mechanism. |
Malware
|
|
|
|
2020-07-07 19:39:00 |
Free decryptor available for ThiefQuest ransomware victims (lien direct) |
ThiefQuest (EvilQuest) ransomware victims can now recover their encrypted files for free, without needing to pay the ransom demand. |
Ransomware
|
|
|
|
2020-07-07 17:38:00 |
German authorities seize \'BlueLeaks\' server that hosted data on US cops (lien direct) |
BlueLeaks portal is now down. The website hosted 296 GB of files stolen from more than 200 US police departments and fusion training centers. |
|
|
|
|
2020-07-07 16:00:00 |
Microsoft seizes six domains used in COVID-19 phishing operations (lien direct) |
Hackers used malicious Office 365 apps to gain access to customer accounts, which they later used to orchestrate BEC attacks. |
|
|
|
|
2020-07-07 14:00:00 |
\'Keeper\' hacking group behind hacks at 570 online stores (lien direct) |
Hackers also accidentally leaked more than 184,000 stolen cards through an improperly secured backend server. |
|
|
|
|
2020-07-07 13:13:37 |
Researchers learn how to pinpoint malicious drone operators (lien direct) |
With high accuracy, it is now possible to trace drone operators that could be ill-wishers near protected airspace. |
|
|
|
|
2020-07-07 11:39:43 |
Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed (lien direct) |
The energy firm denies the loss of customer data. Attackers claim to have stolen 10TB in business records. |
Ransomware
|
|
|
|
2020-07-07 10:28:32 |
Cerberus banking Trojan infiltrates Google Play (lien direct) |
The malware was found buried within a seemingly-innocent currency converter. |
Malware
|
|
|
|
2020-07-06 17:15:00 |
US Secret Service reports an increase in hacked managed service providers (MSPs) (lien direct) |
US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams. |
Ransomware
|
|
|
|
2020-07-06 11:51:56 |
VaultAge Solutions CEO goes into hiding to avoid cryptocurrency investors allegedly scammed out of $13 million (lien direct) |
Roughly 2,000 investors have been left out of pocket by the alleged misappropriation of funds. |
|
|
|
|
2020-07-06 10:53:40 |
Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn (lien direct) |
Hacker sentenced to five years probation, with home confinement condition. |
|
Yahoo
|
|
|
2020-07-06 06:00:05 |
North Korean hackers linked to web skimming (Magecart) attacks, report says (lien direct) |
After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores. |
|
|
|
|
2020-07-04 20:20:00 |
Hackers are trying to steal admin passwords from F5 BIG-IP devices (lien direct) |
Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed. |
Threat
|
|
|
|
2020-07-04 15:44:59 |
Infosec community disagrees with changing \'black hat\' term due to racial stereotyping (lien direct) |
A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term. |
|
|
|
|
2020-07-03 19:44:00 |
F5 patches vulnerability that received a CVSS 10 severity score (lien direct) |
Remote code execution in F5 BIG-IP devices exposes governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible intrusions. |
Vulnerability
|
|
|
|
2020-07-03 15:25:00 |
New Apple macOS Big Sur feature to hamper adware operations (lien direct) |
Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs. |
Malware
|
|
|