What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-04 11:38:10 | Spanish energy giant hit by data breach (lien direct) | Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID […] | Data Breach | ||
|
2022-04-04 10:59:39 | Trezor customers phished following MailChimp breach (lien direct) | Trezor, who manufacture hardware devices designed to store digital currency, has warned its customers not to reply to official-looking emails after identifying a convincing phishing campaign. Several customers complained to Trezor’s twitter account over the weekend to complain about a scam email claiming that a data breach had hit over 100,000 customers. The email reportedly […] | Data Breach | ||
|
2022-04-01 10:59:57 | Majority of data security incidents caused by insiders (lien direct) | New research from Imperva has revealed that 70% of EMEA organisations have no insider risk strategy, despite 59% of data security incidents being caused by employees. The shocking revelation comes as part of a wider study carried out by Forrester: Insider Threats Drive Data Protection Improvements. The study involved interviewing 150 security and IT professionals in EMEA. […] | ★★★ | ||
|
2022-04-01 10:42:13 | UK spy chief praises fake news counter cell (lien direct) | Jeremy Fleming, the head of GCHQ, has praised the new government counter-disinformation cell focused on Kremlin propaganda. Fleming spoke at the Australian National University in Canberra yesterday, arguing that President Putin had massively miscalculated his invasion Ukraine. He revealed that Russian soldiers are “refusing to carry out orders, sabotaging their own equipment and even accidentally […] | |||
|
2022-03-31 10:14:16 | 820,000 NYC students have their personal data exposed (lien direct) | Hackers breached the IT systems of Illuminate Education in January, gaining access to the personal data of around 820,000 current and former New York City public school students. Illuminate Education is a taxpayer funded software based in California. It is best known for creating the widely-used IO classroom,Skedula and PupilPath platforms, current used by New York City’s […] | |||
|
2022-03-31 09:22:59 | Unpatched SpringShell bug threatens web app security (lien direct) | A new critical remote code execution bug, dubbed “SpringShell” by some in the community, has been identified by security researchers. The vulnerability impacts the spring-core artifact, a popular framework used extensively in Java applications, specifically with JKD9 or newer. Sonatype explained, “the vulnerability affects anyone using spring-core, a core part of the Spring Framework, to […] | Vulnerability | ||
|
2022-03-31 09:11:22 | NHS 111 urgent care provider leads the way in secure and flexible workforce identity and access management with My1Login (lien direct) | My1Login has announced it has been hired by London Central & West Unscheduled Care Collaborative, a leading provider of urgent healthcare to the NHS 111 service, to overhaul its staff identity access through My1Login's Identity-as-a-Service (IDaaS) solution. The platform integrates with their existing computer login and removes the need for users to manage any […] | Guideline | ||
|
2022-03-30 11:33:24 | A third of malware infections use Log4Shell (lien direct) | Researchers at Lacework have revealed that the Log4Shell vulnerability was exploited as an initial attack vector in 31% of cases monitored by the company over the past six months. The software vendor's latest Lacework Cloud Threat Report highlights typical risks in today’s digital landscape. The findings confirm what security experts suspected, that the Log4j bug was used […] | Malware Vulnerability Threat | ★★ | |
|
2022-03-30 10:35:19 | Ronin blockchain hit with $620 million crypto heist (lien direct) | Sky Mavis’ Ronin Network, which supports its Axie Infinity game, has suffered the largest cryptocurrency theft in history. The organisation announced yesterday that the Ronin network had been hacked to the tune of 173,000 Ethereum, or roughly $594 million, and $25 million in US dollars. Comparitech has ranked the incident as the largest crypto-heist of […] | |||
|
2022-03-29 10:16:41 | 86% of organisations believe they have suffered a nation-state cyberattack (lien direct) | A new study by Trellix and the Center for Strategic and International Studies (CSIS) has revealed that 86% of organisations believe they have fallen victim to a nation-state cyberattack. The research surveyed 800 IT decision-makers in Australia, France, Germany, India, Japan, the UK and US. It has also been revealed that 92% of respondents have faced, or suspect they […] | Studies | ||
|
2022-03-29 09:47:29 | US proposes healthcare cybersecurity bill (lien direct) | A new bill with bipartisan support has been proposed by US lawmakers, with the intention of enhancing the cybersecurity of America’s healthcare and public health (HPH) sector. The Healthcare Cybersecurity Act (S.3904) was proposed by US senators Jacky Rosen and Bill Cassidy on Thursday. The proposal is likely a reaction to the White House warning […] | ★★★★ | ||
|
2022-03-29 09:24:28 | Critically Exposed Web Apps Discovered Across Europe\'s Top Chemical Manufacturers (lien direct) | New research has revealed the top Chemical Manufacturers in the EU all have concerning levels of vulnerabilities and weak spots in their attack surface. According to the 2022 Web Application Security for Manufacturers report by Outpost24, 60% of European Chemical Manufacturers had vulnerabilities that are critically exposed and open to attacks. This new industry threat […] | Threat | ★★★★ | |
|
2022-03-29 09:08:22 | EU and US confirm transatlantic data flow (lien direct) | The new Trans-Atlantic Data Privacy Framework, announced over the weekend by the EU and the US, signals incoming clarification as to what data flows are allowed. The announcement comes after a European court struck down the EU-US Privacy Shield one and a half years ago. The Privacy Shield agreement, which set the terms for transatlantic transfers […] | ★★★ | ||
|
2022-03-28 10:31:18 | (Déjà vu) Major League Baseball players\' personal data stolen (lien direct) | A third-party vendor of American Major League Baseball has been hit with a cyber-attack, resulting in the personal information of players and their family members being stolen. Horizon Actuarial Services LLC, a consulting firm based in Maryland, suffered a ransomware attack in November of last year. The company recently released a data incident notice, revealing […] | Ransomware | ||
|
2022-03-28 10:02:02 | One tenth of UK staff bypass corporate security (lien direct) | A new study from Cisco has found that a tenth of UK employees actively circumvent their organisation’s security measures. The network technology company polled over 1000 UK professionals working for organisations that allow hybrid working, in order to better understand the potential security risks of the modern, flexible workplace. The research has revealed that many […] | |||
|
2022-03-25 16:39:11 | Russia preparing to conduct cyberattacks, White House warns (lien direct) | The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future, BleepingComputer reported this week. With the U.S. imposing strict sanctions against Russia and aiding Ukraine in the war, the White House is expecting the Kremlin to retaliate […] | |||
|
2022-03-25 16:33:36 | Strong Customer Authentication (SCA): what to expect (lien direct) | SCA is a new set of rules from the Financial Conduct Authority (FCA) to help protect customers from fraud when they are shopping online, UK Finance explains. With increasing amounts of purchases being made online, these new rules will help to ensure that customers are safe when shopping and their money is better protected. The changes […] | |||
|
2022-03-25 10:43:26 | Honda bug allows hackers to unlock and start your car (lien direct) | Multiple researchers disclosed a vulnerability this week that would allow nearby attackers to unlock and even start some Honda and Acura cars. To carry out the attack, threat actors would capture the R signals sent from a key fob to a car, then resending these signals to unlock the car and even start the engine […] | Vulnerability Threat | ||
|
2022-03-24 11:29:18 | Ransomware payments peaked in 2021 (lien direct) | Ransomware payments reached all-time highs last year, with related data leaks and ransom demands also surging, according to Palo Alto Networks. The stats were compiled from cases worked on by the security vendor’s Unit 42 security consulting business. The 2022 Unit 42 Ransomware Threat Report published by Palo Alto Networks today claimed the average ransomware payment reached […] | Ransomware Threat | ★★ | |
|
2022-03-24 11:02:33 | Researchers trace LAPSUS$ hacks to English teenager (lien direct) | Cybersecurity researchers investigating the ultra-prolific LAPSUS$ group have traced the attacks to a 16 year old living at his mother’s house near Oxford, England. In a shocking turn of events, the four researchers investigating the attacks have said they believe the teenager is the mastermind behind the operation. LAPSUS$ has gained significant notoriety in the […] | ★★ | ||
|
2022-03-23 11:19:03 | Anonymous leaks 10GB of Nestle Data (lien direct) | The hacktivist and activist group known as Anonymous has released Nestle’s database. The move comes days after the Ukrainian President Zelensky called out the world’s largest food company for its continued relationship with Russia. Anonymous announced the breach in a tweet on Tuesday: “Hacker group Anonymous has released 10 GB of data from Swiss company […] | ★★★★★ | ||
|
2022-03-23 09:51:14 | Okta confirms hack, 2.5% of customers affected (lien direct) | Okta has confirmed that they were hacked by LAPSUS$ ransomware group. LAPSUS$ ransomware posted screenshots which they claimed were of Okta’s internal company environment yesterday. Today, the authentication services provider has updated a blog post confirming the breach: “After a thorough analysis of these claims, we have concluded that a small percentage of customers — […] | Ransomware | ||
|
2022-03-22 10:49:09 | AvosLocker ransomware hits critical infrastructure (lien direct) | Several US authorities issued an alert warning of the threat to critical national infrastructure (CNI) providers from the AvosLocker ransomware group. The group is a ransomware-as-a-service affiliate operation known for targeting financial services, manufacturing and government entities, as well as other sectors, the report indicated. AvosLocker seems to be geographically indiscriminate, with some victims hailing […] | Ransomware Threat | ||
|
2022-03-22 10:29:21 | LAPSUS$ claims to have breached Okta (lien direct) | The ultra-prolific ransomware group LAPSUS$ are now claiming to have breached Okta, an authentication services provider. The report comes after the hackers posted what they claim to be screenshots of Okta’s internal company environment. Thousands of companies rely on Okta to manage access to their networks and applications, making the possibility of a breach especially […] | Ransomware | ||
|
2022-03-21 10:44:05 | Hackers target luxury hotels in Macau (lien direct) | Luxury hotels in Macau were the target of malicious spear-phishing campaigns for nearly 3 months, according to research from security researchers at Trellix. The cybersecurity firm has attributed the campaign to the aptly named DarkHotel group, building on research published by Zscaler in December 2021. DarkHotel is believed to have been access since 2007, with […] | |||
|
2022-03-21 10:28:15 | Hubspot breach spreads to BlockFi, Swan Bitcoin (lien direct) | Hubspot, a widely used Customer Relationship Management (CRM) platform, was hacked on Friday by a threat actor accessing an employee account. The hacker then used the account to target 30 as yet unnamed cryptocurrency stakeholders, with BlockFi and Swan Bitcoin confirming that they suffered a breach. As Hubspot is a third party vendor, the hacker […] | Threat | ||
|
2022-03-21 09:57:32 | More Conti group source code leaked (lien direct) | A Ukrainian security researcher has released further source code from the Conti ransomware group in retaliation for their siding with Russia over the ongoing Russia-Ukraine conflict. Conti is a prolific ransomware operation run by Russia-based threat actors. The group has been involved in developing numerous malware families, and is considered one of the most active […] | Ransomware Malware Threat | ||
|
2022-03-18 11:39:44 | 76,000 scams taken down through email reporting (lien direct) | The National Cyber Security Centres’s (NCSC) Suspicious Email Reporting Service is proving successful. Over 10 million emails have been reported to the service, leading to 76,000 online scams being taken down. The service has been operating for almost two years, enabling members of the public to alert the authorities regarding potential cyberattacks and scams. Scams […] | Guideline | ||
|
2022-03-18 11:25:52 | (Déjà vu) New “initial access broker” working with Conti gang (lien direct) | Google’s Threat Analysis Group (TAG) has new initial access broker that it alleges is closely affiliated to a Russian cyber-crime gang infamous for its Conti and Diavol ransomware operations. The financially motivated threat actor, dubbed Exotic Lily, has been detected exploiting a recently patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444). The exploit […] | Ransomware Threat | ||
|
2022-03-18 09:50:50 | Phishers exploit Ukraine conflict to solicit crypto (lien direct) | In the wake of the Ukraine-Russia conflict, cyber-criminals have begun to impersonate legitimate aid organisations in order to steal financial donations intended for the Ukrainian people. The discovery comes from new research by managed detection and response provider, Expel. The company’s security operations centre (SOC) analysed attack vectors and incident trends for its February Attack […] | |||
|
2022-03-17 17:18:54 | Forrester positions KnowBe4 as a leader in security awareness and training solutions (lien direct) | KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, has been positioned as a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022 report. Using a 30-criteria evaluation, The Forrester Wave report ranks 11 vendors in the security awareness and training market based on their current offering, […] | Guideline | ||
|
2022-03-17 12:01:27 | New ransomware threatens to wipe Windows PCs (lien direct) | A relatively new Ransomware, LokiLocker, uses the standard extortion-through-encryption racket but also incorporates disk-wiper functionality. Double extortion soared in popularity last year, with ransomware gangs stealing files before encrypting them to threaten victims with a sensitive data leak if they didn’t pay up. BlackBerry Threat Intelligence is warning that LokiLock, first seen in August 2021, […] | Ransomware Threat | ||
|
2022-03-17 10:58:58 | Your mobile apps are exposing your data (lien direct) | New research suggests that mobile applications boasting tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases, according to Check Point. Check Point’s three-month study began with a simple query on VirusTotal for mobile apps listed on the malware scanning service that communicates with the Firebase cloud database. […] | Malware | ||
|
2022-03-17 10:39:32 | Disability service provider suffers cyber-attack (lien direct) | The Rehab Group, one of the State's largest disability services provider, been hit with a cyber-attack. The organisation notified the Data Protection Commissioner (DPC) that some of its systems have been compromised. The group informed the Data Protection Commissioner (DPC) that some of its systems have been compromised by malware. In a statement, the group said: […] | |||
|
2022-03-16 10:42:22 | German government warns against using Kaspersky (lien direct) | The German BSI has warned against the use of Kaspersky antivirus security products as the company is headquartered in Russia. The BSI suggested moving away from any Kaspersky product to another vendor, as the company may be forced to carry out offensive cyber operations by the Russian state. The BBC translated the BSI announcement: “A […] | |||
|
2022-03-16 09:47:30 | Almost 300k cardiac patients have data exposed (lien direct) | A cyber attack on South Denver Cardiology Associates (SDCA) may have exposed the protected healthcare information (PHI) of thousands of cardiac patients. The healthcare provider issued a notice to its patients, disclosing that its network had been breached in January 2022. The perpetrator(s) are as yet unknown, gaining access to files containing information on 287,652 patients during […] | |||
|
2022-03-15 12:36:05 | A lack of diversity in cybersecurity puts organisations at risk (lien direct) | One week later and International Women’s Day is still fresh in our minds. There is still some way to go but every day that we challenge the stigma and bias that impact women in the workplace. Obrela Security Industries have launched a campaign to celebrate women in the cybersecurity industry. You can read their blog […] | |||
|
2022-03-15 10:20:42 | Ukrainian machines hit with another Malware variant (lien direct) | Security researchers have discovered the fourth destructive malware variant targeting Ukrainian machines so far this year. ESET claimed to have made the find yesterday, noting that the “CaddyWiper” malware was seen on a few dozen systems in a “limited number” of organizations. The malware erases user data and partitions information from attached drives. It also […] | Malware | ★★★★★ | |
|
2022-03-15 10:08:24 | Cybersecurity tops agenda in Asean boardrooms (lien direct) | Businesses in Asean have placed cybersecurity squarely on the agenda, with business leaders discussing plans to plug existing gaps and adopt next-generation capabilities. This focus has been prompted by 94% of organisations in the region reporting a climb in cyberattacks last year, with 24% seeing at least 50% increase in disruptive attacks. 92% of Asean […] | Guideline | ★★ | |
|
2022-03-15 09:45:39 | Ransomware groups target “enemies of Russia” (lien direct) | A new report Accenture suggests that cyber-criminals have split into pro-Ukraine and pro-Russia factions, with the latter focusing on western critical national infrastructure (CNI). The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm has warned that the recent ideological split could mean increased risk for Western organizations, as pro-Kremlin groups morph into quasi-activists. Government, media, […] | Threat | ||
|
2022-03-14 15:40:03 | RiskOps platform Feedzai grows +40% year-over-year (lien direct) | Today, RiskOps platform Feedzai announced that it ended its fiscal year with +40% year-over-year growth in exit annual recurring revenue (ARR). With a total of 24 tier one new logos across the globe, the company also recorded no churn on core customers. Additionally, extended contracts were signed with key clients like Citi Bank in North America, Lloyds […] | ★★ | ||
|
2022-03-14 10:32:49 | Malware hidden in fake Valorant aim-bot (lien direct) | Security analysts from Korea have detected a malware distribution campaign using Valorant cheat lures on YouTube in order to trick players into downloading RedLine, a powerful information stealer. This kind of lure is relatively common as threat actors can easily avoid YouTube’s new content submission reviews, or simply create new accounts when old ones are […] | Malware Threat | ||
|
2022-03-14 10:11:06 | (Déjà vu) UK announces digital identity security legislation (lien direct) | The UK government has announced plans to introduce new legislation, aiming to improve the security of digital identity solutions. The rules are designed to enhance trust in digital identities and scaling down reliance on physical documents such as passports and driving licenses. The UK's Department for Digital, Culture, Media and Sport (DCMS) made the announcement […] | |||
|
2022-03-14 09:45:27 | Ukraine\'s “IT Army” hit with info-stealing malware (lien direct) | Security researchers have warned pro-Ukrainian actors of employing DDoS tools to attack Russia, as they may be ridden with info-stealing malware. In late February, Ukrainian vice prime minister, Mykhailo Fedorov, called for a volunteer “IT army” of hackers to DDoS Russian targets. Cisco Talos has claimed that many cyber criminals are attempting to exploit the outpouring of […] | Malware | ||
|
2022-03-11 16:29:53 | High rates of known, exploitable vulnerabilities still found in the wild, report reveals (lien direct) | This week, smart vulnerability management provider Edgescan has published the findings of its 2022 Vulnerability Statistics Report, which for the 7th year running offers a comprehensive view of the state of vulnerability management globally. The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time […] | Vulnerability | ★★★★★ | |
|
2022-03-11 10:58:59 | Microsoft calls for more women in cyber (lien direct) | The tech giant Microsoft has claimed that encouraging women into cybersecurity jobs is “mission critical” to addressing the labour shortage in the cybersecurity industry. The company’s corporate vice president of security, compliance, identity and management, Vasu Jakkal argues that diversity is sorely needed in the industry in order to address the evolving threat landscape and […] | Threat | ||
|
2022-03-11 10:41:37 | Conti ransomware group spent millions in 2021 (lien direct) | The prolific Conti ransomware collective spent millions on salaries, tools and services throughout 2021. The recent leak of the pro-Russia group’s internal chats by a Ukrainian researcher, analysed by security vendor BreachQuest, has revealed fascinating insights into the workings of the operation. The group’s structure is not dissimilar to that of a legitimate business, with […] | Ransomware | ||
|
2022-03-10 10:56:54 | DSbD claims UK is on the path to “cyber disaster” (lien direct) | Professor John Goodacre, challenge director – Digital Security by Design, UKRI, and Professor of Computer Architectures, The University of Manchester, told attendees at the last leg of the DSbD roadshow in Wales that the UK is on the path to “cyber disaster”. He claimed that the current approach of discovering and patching vulnerabilities is growing […] | Patching | ||
|
2022-03-10 10:15:07 | Up to 30% of WordPress plugin bugs don\'t get patched (lien direct) | A global leader in WordPress security and threat intelligence, Patchstack, recently released a whitepaper highlighting the sorry state of WordPress security in 2021. Reported vulnerabilities grew 150% in 2021 from the previous year. Perhaps most alarmingly, 29% of the critical flaws in WordPress plugins never received an update. WordPress is used in 43.2% of websites […] | Threat Guideline | ||
|
2022-03-09 11:36:48 | US critical infrastructure hit by ransomware (lien direct) | A new FBI report has revealed that at least 52 critical national infrastructure (CNI) entities have been compromised by a ransomware variant. The FBI has claimed that organisations across 10 CNI sectors had been impact as of January this year.# Key sectors include manufacturing, financial services, government and IT. A prolific ransomware variant has compromised […] | Ransomware |
To see everything:
Our RSS (filtrered)
