Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-06-22 18:40:00 |
New privacy and security features announced at Apple\'s WWDC 2020 (lien direct) |
Proxy location sharing, new app privacy disclosure prompts, new webcam and microphone indicator in the iOS status bar. |
|
|
|
|
2020-06-22 08:54:00 |
BlueLeaks: Data from 200 US police departments & fusion centers published online (lien direct) |
Activist group DDoSecrets published 296 GB of police data on Friday, June 19. |
|
|
|
|
2020-06-20 09:10:04 |
Adobe wants users to uninstall Flash Player by the end of the year (lien direct) |
Adobe Flash Player will reach End-Of-Life on December 31, 2020. |
|
|
|
|
2020-06-20 06:00:05 |
AMD says it will fix new CPU bugs by the end of June 2020 (lien direct) |
AMD Accelerated Processing Unit (APU) processors released between 2016 and 2019 impacted by new "SMM Callout" bugs. |
|
|
|
|
2020-06-19 17:31:15 |
Academics studied DDoS takedowns and said they\'re ineffective, recommend patching vulnerable servers (lien direct) |
The volume of DDoS traffic to victims remained the same. The number of DDoS-for-hire domains went up. |
Patching
|
|
|
|
2020-06-19 13:46:00 |
Elon Musk Bitcoin vanity addresses used to scam users out of $2 million (lien direct) |
While Bitcoin giveaway scams have been around for more than two years, new trick helps scammers net massive profits. |
|
|
|
|
2020-06-18 21:29:00 |
Mozilla to launch VPN product \'in the next few weeks\' (lien direct) |
Mozilla VPN to exit beta this summer. Future plans include launching a Mac client. Currently only available on Windows, Android, iOS, and Firefox extension. |
|
|
|
|
2020-06-18 18:55:46 |
Facebook sues websites that sold Instagram likes and scraped Facebook user data (lien direct) |
Facebook files lawsuits against MGP25 Cyberint Services in Spain and against Massroot8 in the US. |
|
|
|
|
2020-06-18 16:49:14 |
Russia unbans Telegram (lien direct) |
Russia's media watchdog Roskomnadzor said Telegram has agreed to help Russian law enforcement fight against extremist and terrorist content shared on its platform. |
|
|
|
|
2020-06-18 15:09:00 |
Google removes 106 Chrome extensions for collecting sensitive user data (lien direct) |
Security firm identifies 111 malicious Chrome extensions collecting user keystrokes, clipboard content, cookies, more. |
|
|
|
|
2020-06-18 07:10:28 |
Microsoft: COVID-19 malware attacks were barely a blip in total malware volume (lien direct) |
COVID-19-themed malware attacks began in February, peaked in March, and are slowly dying out. |
Malware
|
|
|
|
2020-06-17 17:33:00 |
Zoom backtracks and plans to offer end-to-end encryption to all users (lien direct) |
E2EE calls were initially planned for Zoom paying customers only, but the company has reconsidered following the public's outcry. |
|
|
|
|
2020-06-17 16:03:00 |
AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever (lien direct) |
The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018. |
|
|
|
|
2020-06-17 09:30:00 |
North Korea\'s state hackers caught engaging in BEC scams (lien direct) |
ESET researchers said they spotted North Korean state-sponsored hackers attempting to steal money from targets they initially breached for cyber-espionage purposes. |
|
|
|
|
2020-06-16 18:19:00 |
Super secretive Russian disinfo operation discovered dating back to 2014 (lien direct) |
Researchers uncover six-years-worth of Russian attempts to mold international politics using fake news and forged documents. |
|
|
|
|
2020-06-16 14:54:15 |
Avon recovering after mysterious cyber-security incident (lien direct) |
Parts of the Avon It network has been down since last week, according to SEC documents. |
|
|
|
|
2020-06-16 13:00:00 |
Ripple20 vulnerabilities will haunt the IoT landscape for years to come (lien direct) |
Security researchers disclose 19 vulnerabilities impacting a TCP/IP library found at the base of many IoT products. |
|
|
|
|
2020-06-15 23:22:07 |
Old GTP protocol vulnerabilities will also impact future 5G networks (lien direct) |
Bugs allow denial-of-service, user impersonation, user tracking, and fraud attacks, two separate reports warn. |
|
|
|
|
2020-06-15 14:40:00 |
South African bank to replace 12m cards after employees stole master key (lien direct) |
Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million. |
|
|
|
|
2020-06-15 13:00:06 |
Intel brings novel CET technology to Tiger Lake mobile CPUs (lien direct) |
Intel says CET can protect against ROP/JOP/COP malware. |
|
|
|
|
2020-06-15 08:01:00 |
Web skimmers found on the websites of Intersport, Claire\'s, and Icing (lien direct) |
The malicious code has now been removed from all stores, but users are advised to review card statements for suspicious transactions. |
|
|
|
|
2020-06-13 17:45:06 |
Lamphone attack lets threat actors recover conversations from your light bulb (lien direct) |
Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away. |
Threat
|
|
|
|
2020-06-12 14:36:52 |
Russia says Germany has not provided any evidence of Bundestag hack (lien direct) |
Germany may seek to impose sanctions on Russia, rather than actually trial the hacker. |
Hack
|
|
|
|
2020-06-12 12:07:18 |
Stalkerware detection rates are improving across antivirus products (lien direct) |
Between November 2019 and May 2020, Android and Windows antivirus software got better at detecting stalkerware. |
|
|
|
|
2020-06-12 08:52:00 |
Italian company exposed as a front for malware operations (lien direct) |
Italian company CloudEyE is believed to have made more than $500,000 from selling its binary crypter to malware gangs. |
Malware
|
|
|
|
2020-06-11 21:44:00 |
Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda (lien direct) |
All three networks targeted local users for the benefit of the ruling political party. |
|
|
|
|
2020-06-11 20:22:37 |
Knoxville shuts down IT network following ransomware attack (lien direct) |
Knoxville joins a list that also includes Atlanta, Baltimore, Denver, and New Orleans. |
Ransomware
|
|
|
|
2020-06-11 17:41:00 |
Congress wants to know what commercial spyware other countries are using (lien direct) |
Intelligence funding bill for 2021 to mandate DNI to submit report to Congress about surveillance vendors and the countries that use spyware. |
|
|
|
|
2020-06-11 10:35:58 |
Hackers breached A1 Telekom, Austria\'s largest ISP (lien direct) |
A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers. |
|
|
|
|
2020-06-11 07:55:00 |
Microsoft discovers cryptomining gang hijacking ML-focused Kubernetes clusters (lien direct) |
Attacks targeted Kubeflow servers that left their administration panel exposed on the internet. |
|
Uber
|
|
|
2020-06-10 22:45:00 |
(Déjà vu) Congress asks Juniper for the results of its 2015 NSA backdoor investigation (lien direct) |
Thirteen US government officials ask Juniper to publish the findings of its 2015 investigation. |
|
|
|
|
2020-06-10 22:45:00 |
Senators ask Juniper for the results of its 2015 NSA backdoor investigation (lien direct) |
Thirteen US senators ask Juniper to publish the findings of its 2015 investigation. |
|
|
|
|
2020-06-10 16:43:06 |
Slovak police seize wiretapping devices connected to government network (lien direct) |
Slovak police also arrest four people, including the head of the government agency responsible for managing the government network. |
|
|
|
|
2020-06-10 04:30:06 |
Arm CPUs impacted by rare side-channel attack (lien direct) |
Arm issues guidance to developers to mitigate new "straight-line speculation" attack. |
|
|
|
|
2020-06-09 19:27:00 |
New CrossTalk attack impacts Intel\'s mobile, desktop, and server CPUs (lien direct) |
Academics detail a new vulnerability named CrossTalk that can be used to leak data across Intel CPU cores. |
Vulnerability
|
|
★★★
|
|
2020-06-09 17:43:00 |
Microsoft June 2020 Patch Tuesday fixes 129 vulnerabilities (lien direct) |
This month's updates have started rolling out earlier today. |
|
|
|
|
2020-06-09 13:00:11 |
KingMiner botnet brute-forces MSSQL databases to install cryptocurrency miner (lien direct) |
The KingMiner gang is brute-forcing the "sa" user, the highest-privileged account on a MSSQL database. |
|
|
|
|
2020-06-09 12:46:26 |
Malicious Android apps deactivated fraud code to bypass Google\'s security scans (lien direct) |
Trick didn't work. Google banned them anyway. |
|
|
|
|
2020-06-08 19:51:00 |
CallStranger vulnerability lets attacks bypass security systems and scan LANs (lien direct) |
The CallStranger vulnerability can also be used to launch major DDoS attacks. |
Vulnerability
|
|
★★★★★
|
|
2020-06-08 13:00:00 |
Vulnerabilities in popular open source projects doubled in 2019 (lien direct) |
Jenkins and MySQL vulnerabilities have had the most weaponized vulnerabilities in the past five years. |
|
|
|
|
2020-06-06 00:56:51 |
Apple publishes free resources to improve password security (lien direct) |
The new tools are meant to help the developers of password managers and Apple hopes the tools will reduce the instances where users chose their own password rather than rely on the password manager. |
|
|
|
|
2020-06-05 16:50:27 |
QNAP NAS devices targeted in another wave of ransomware attacks (lien direct) |
eCh0raix ransomware gang returns with a new wave of attacks against QNAP NAS devices. |
Ransomware
|
|
|
|
2020-06-05 03:55:50 |
China, Iran, and Russia worked together to call out US hypocrisy on BLM protests (lien direct) |
Report from social media research group shows foreign diplomats and state-controlled media pounced on the US' abysmal handling of the BLM protests to attack the US as a beacon of freedom and further their own political goals. |
|
|
|
|
2020-06-04 17:28:48 |
Trump and Biden campaign staffers targeted by Iranian and Chinese hackers (lien direct) |
Google's TAG team says foreign nation-state hackers are going after the two US presidential candidates. |
|
|
|
|
2020-06-04 17:28:00 |
Google: Chinese and Iranian hackers targeted Biden and Trump campaign staffers (lien direct) |
Google's TAG team said phishing attacks against Biden and Trump campaign staffers were unsuccessful. |
|
|
|
|
2020-06-04 04:15:07 |
Incognito mode detection still works in Chrome despite promise to fix (lien direct) |
Google said last year that it would fix a bug that allowed sites to detect incognito mode, but no fix ever came. |
|
|
|
|
2020-06-03 22:41:31 |
Hackers hijack one of Coincheck\'s domains for spear-phishing attacks (lien direct) |
Hackers hijacked Coincheck's domain registrar account and then changed DNS settings. |
|
|
|
|
2020-06-03 18:00:14 |
Google apps and websites get support for more security keys on iOS devices (lien direct) |
You can now use hardware security keys to access Google apps and services running on iOS devices. |
|
|
|
|
2020-06-03 16:14:09 |
Large-scale attack tries to steal configuration files from WordPress sites (lien direct) |
Attackers tried to download configuration files from WordPress sites so they could steal database credentials. |
|
|
|
|
2020-06-03 11:27:00 |
Facebook software engineer resigns with scathing criticism of the network\'s refusal to act on \'weaponized hatred\' (lien direct) |
The former Facebook employee accuses the social network of allowing “politicians to radicalize individuals and glorify violence.” |
|
|
|