Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-01-25 08:00:07 |
Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks (lien direct) |
Mozilla's security staff is cracking down on malicious Firefox add-ons. |
|
|
|
|
2020-01-24 20:51:09 |
Trend Micro antivirus zero-day used in Mitsubishi Electric hack (lien direct) |
Hackers exploited a Trend Micro OfficeScan zero-day to plant malicious files on Mitsubishi Electric servers. |
Hack
|
|
|
|
2020-01-24 17:05:00 |
Class-action lawsuit filed against controversial Clearview AI startup (lien direct) |
Plaintiffs claim New York startup broke Illinois privacy laws regarding the use of residents' biometrics data. |
|
|
|
|
2020-01-24 14:10:00 |
Hackers target unpatched Citrix servers to deploy ransomware (lien direct) |
REvil ransomware gang has been spotted abusing Citrix bug to infect victims. |
Ransomware
|
|
|
|
2020-01-24 13:39:30 |
Privacy worries cited as possible reason for DNA test firm 23andMe\'s sales downturn (lien direct) |
It may be no surprise considering US law enforcement was recently granted permission to plunder DNA databases. |
|
|
|
|
2020-01-24 11:58:50 |
Citrix releases new patches to plug critical server vulnerability (lien direct) |
Additional versions of Citrix ADC and Citrix Gateway can now be protected against the severe security issue. |
Vulnerability
|
|
|
|
2020-01-24 10:47:00 |
Owner of stolen data marketplace Cardplanet pleads guilty (lien direct) |
The trading post was a hotbed of stolen US credit card information. |
|
|
|
|
2020-01-23 21:26:18 |
New York state wants to ban government agencies from paying ransomware demands (lien direct) |
Another NY Senate bill would create a cyber security enhancement fund and restricting the use of taxpayer moneys in paying ransoms |
Ransomware
|
|
|
|
2020-01-23 18:34:00 |
MDhex vulnerabilities impact GE patient vital signs monitoring devices (lien direct) |
GE Healthcare plans to release patches in Q2 2020. |
|
|
|
|
2020-01-23 17:57:00 |
Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus (lien direct) |
Malware analysts believe someone has hijacked the Phorpiex botnet from its creator and is sabotaging its operations by alerting users they've been infected. |
Malware
|
|
|
|
2020-01-22 21:23:00 |
A timeline of events surrounding the Bezos phone hack (lien direct) |
Bezos hack connected to Khashoggi murder and the Washington Post's subsequent media coverage. |
Hack
|
|
|
|
2020-01-22 14:55:08 |
Microsoft to forcibly install Bing search extension in Chrome for Office 365 ProPlus users (lien direct) |
Microsoft will change the default search engine in Chrome from Google to Bing for its Office 365 ProPlus customers starting mid-February. |
|
|
|
|
2020-01-22 14:00:06 |
Coalition acquires IoT search engine BinaryEdge (lien direct) |
US cyber-insurer Coalition buys BinaryEdge for undisclosed sum to boost its cyber insurance policy offering. |
|
|
|
|
2020-01-22 13:28:00 |
Microsoft discloses security breach of customer support database (lien direct) |
Five servers storing customer support analytics were accidentally exposed online in December 2019. |
|
|
|
|
2020-01-22 13:00:06 |
Data leak strikes US cannabis users, sensitive information exposed (lien direct) |
A database backing point-of-sale systems used in medical and recreational marijuana dispensaries has been compromised. |
|
|
|
|
2020-01-22 12:28:48 |
ProtonVPN apps handed to open source community in transparency push (lien direct) |
The code backing ProtonVPN apps on all platforms can now be examined at leisure. |
|
|
|
|
2020-01-22 10:42:59 |
In enterprise attack wave, NetWire Trojan now buries itself in disk image files (lien direct) |
Enterprise companies are being targeted by a business email scam harnessing the Trojan. |
|
|
|
|
2020-01-22 08:28:01 |
German government to pay €800,000 in Windows 7 ESU fees this year (lien direct) |
The sum represents ESU fees for over 33,000 government workstations that are still running Windows 7, allowing German government systems to receive security updates for one more year. |
|
|
|
|
2020-01-21 20:27:10 |
Microsoft discovers new sLoad 2.0 (Starslord) malware (lien direct) |
sLoad malware gangs makes a comeback after having operations exposed last month. |
Malware
|
|
|
|
2020-01-21 16:53:00 |
US Cyber Command was not prepared to handle the amount of data it hacked from ISIS (lien direct) |
Operation Glowing Symphony was a success, but Cyber Command operators were not prepared for the amount of data they found in hacked ISIS accounts and servers. |
|
|
|
|
2020-01-21 14:19:32 |
FTCODE ransomware is now armed with browser, email password stealing features (lien direct) |
Encrypting your PC isn't enough -- hackers want your email passwords, too. |
Ransomware
|
|
|
|
2020-01-21 14:00:03 |
Did you really \'like\' that? How Chameleon attacks spring in Facebook, Twitter, LinkedIn (lien direct) |
Social networks impacted seem to disagree on the scope of the attack. |
|
|
|
|
2020-01-21 12:56:20 |
14% of Android app privacy policies contain contradictions about data collection (lien direct) |
An analysis of 11,430 Play Store apps found that 14.2% used a privacy policy with contradicting statements about user data collection practices. |
|
|
|
|
2020-01-21 12:15:14 |
UK\'s HMRC tax authority seeks tools to track down cryptocurrency criminals (lien direct) |
The project bid could also indicate the desire to monitor the cryptocurrency assets of taxpayers. |
|
|
|
|
2020-01-21 11:00:07 |
Antivirus vendors push fixes for EFS ransomware attack method (lien direct) |
Signature-based software may not be enough to protect Microsoft's Windows EFS against evolving ransomware families. |
Ransomware
|
|
|
|
2020-01-20 20:03:05 |
Ubisoft sues operators of four DDoS-for-hire services (lien direct) |
Ubisoft delivers on threats it made in September 2019 and goes after website selling DDoS services that were used to launch attacks against Rainbow Six Siege servers. |
|
|
|
|
2020-01-20 10:27:47 |
Mitsubishi Electric discloses security breach, China is main suspect (lien direct) |
Mitsubishi Electric says hackers did not obtain sensitive information about defense contracts. |
|
|
|
|
2020-01-20 09:29:02 |
Betting companies given access to UK gov\'t information on millions of children (lien direct) |
Reports suggest a government database was misused for age verification purposes. |
|
|
|
|
2020-01-20 07:58:00 |
Citrix rolls out patches for critical ADC vulnerability exploited in the wild (lien direct) |
Citrix is racing to develop patches for software builds vulnerable to the severe bug. |
Vulnerability
|
|
|
|
2020-01-20 07:50:00 |
LastPass is in the midst of a major outage (lien direct) |
LastPass issue appears to impact users with accounts dating back to 2014 and earlier. |
|
LastPass
|
|
|
2020-01-19 11:32:25 |
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices (lien direct) |
The list was shared by the operator of a DDoS booter service. |
|
|
|
|
2020-01-17 22:59:00 |
Microsoft warns about Internet Explorer zero-day, but no patch yet (lien direct) |
IE zero-day connected to last week's Firefox zero-day. |
|
|
|
|
2020-01-17 19:29:16 |
Visa\'s plan against Magecart attacks: Devalue and disrupt (lien direct) |
Visa is actively going after Magecart groups, but also deploying new technologies to safeguard payment card data. |
|
|
|
|
2020-01-17 14:09:00 |
JhoneRAT exploits cloud services to attack Middle Eastern countries (lien direct) |
Google Drive, Twitter, ImgBB and Google Forms are being abused in the name of data theft. |
|
|
|
|
2020-01-17 13:10:22 |
WordPress plugin vulnerability can be exploited for total website takeover (lien direct) |
The “easily exploitable” bug in WP Database Reset has serious consequences for webmasters. |
Vulnerability
|
APT 19
|
|
|
2020-01-17 12:29:00 |
A hacker is patching Citrix servers to maintain exclusive access (lien direct) |
FireEye believes this is a bad guy hoarding Citrix servers, rather than a good-guy vigilante looking out for organizations. |
Patching
|
|
|
|
2020-01-17 11:56:10 |
EU considers banning facial recognition technology in public spaces (lien direct) |
A potential ban could last for five years to allow lawmakers to catch up. |
|
|
|
|
2020-01-17 09:13:00 |
FBI seizes WeLeakInfo, a website that sold access breached data (lien direct) |
WeLeakInfo website sold access to more than 12 billion user records that leaked from breaches at other online services. |
|
|
|
|
2020-01-16 21:22:01 |
FBI: Nation-state actors have breached two US municipalities (lien direct) |
The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaw |
Vulnerability
|
|
|
|
2020-01-16 08:32:00 |
Proof-of-concept exploits published for the Microsoft-NSA crypto bug (lien direct) |
Two proof-of-concept exploits published for the CurveBall (CVE-2020-0601) vulnerability. |
|
|
|
|
2020-01-16 00:01:00 |
Chinese man arrested after making $1.6 million from selling VPN services (lien direct) |
Chinese authorities continue their crackdown against unauthorized VPN services with what appears to be their biggest catch so far. |
|
|
|
|
2020-01-15 17:04:10 |
More than 600 million users installed Android \'fleeceware\' apps from the Play Store (lien direct) |
A new set of 25 Android apps caught illegally charging users at the end of a trial period. |
|
|
|
|
2020-01-15 14:26:33 |
Facebook to notify users of third-party app logins (lien direct) |
Facebook rolls out improved security notifications for logins with Facebook accounts on third-party apps and websites. |
|
|
|
|
2020-01-15 11:29:22 |
P&N Bank discloses data breach, customer account information, balances exposed (lien direct) |
The Australian bank says a cyberattack took place during a server upgrade. |
|
|
|
|
2020-01-15 10:48:25 |
You can now use an iPhone as a security key for Google accounts (lien direct) |
All iPhones running iOS 10 or later can now be used as hardware security keys for Google accounts. |
|
|
|
|
2020-01-15 10:37:00 |
Critical bugs in WordPress plugins InfiniteWP, WP Time Capsule expose 320,000 websites to attack (lien direct) |
If you use these plugins you should update immediately as firewall protection will not work. |
|
|
|
|
2020-01-15 09:11:00 |
Adobe\'s first 2020 security patch update fixes code execution vulnerabilities (lien direct) |
This month's security round is small but resolves some important bugs. |
|
|
|
|
2020-01-14 20:48:33 |
Microsoft January 2020 Patch Tuesday fixes 49 security bugs (lien direct) |
Today's patches also fix a major vulnerability in Windows' cryptographic library. |
Vulnerability
|
|
|
|
2020-01-14 18:31:00 |
Microsoft fixes Windows crypto bug reported by the NSA (lien direct) |
Fixes were released today part of the Microsoft's January 2020 Patch Tuesday. |
|
|
|
|
2020-01-14 16:33:00 |
Google to phase out user-agent strings in Chrome (lien direct) |
Chrome will move to a new technology called Client Hints, part of the newer Privacy Sandbox project. |
|
|
|