What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-26 14:25:14 | Bug bounty program issued for Teams (lien direct) | Microsoft has recently started a brand new bug bounty program for their Teams desktop application. The bug bounty program is offering up to $30,000 as a reward for finding security vulnerabilities, with the highest payouts going to whoever has the ability to expose the most Teams user data. The program manager, Lynn Miyashita, said, “The […] | |||
|
2021-03-26 12:31:48 | Mamba ransomware weakness exposed by the FBI (lien direct) | The U.S. Federal Bureau of Investigation (FBI) has issued a statement about the Mamba ransomware, also known as HDDCryptor, as a weakness has been found in the ransomware’s encryption process. This weakness means that organisations targeted by the ransomware can recover from an attack without having to pay the ransom. The weakness has been found in […] | Ransomware | ||
|
2021-03-25 17:11:56 | Popular Android Apps Putting Consumer Privacy and Security At Risk (lien direct) | An information leakage can result in grave consequences. Consider the recent SolarWinds supply chain attack which transpired from the exposure of a critical, and inanely simple, internal password (solarwinds123). In this way, making the recent findings by the Synopsys Cybersecurity Research Center (CyRC) especially troubling. The analysis of over 3,000 popular Android mobile apps showed […] | |||
|
2021-03-25 16:16:38 | DevSecOps as a culture – What you need to know (lien direct) | RosRed orange. Lemon yellow. #ff4500. #6699cc. Whether using pigment or light, when it comes to creating colours, the second word in the colour is the primary colour, and the first word is the descriptor. In “red orange,” it's an orange colour with red; “#6699cc” is a grey with blue added. It's the same idea when […] | |||
|
2021-03-25 14:46:33 | Attackers exploiting recently-patched vulnerabilities (lien direct) | Two vulnerabilities were discovered across the Legacy Themes and plugins in the popular suite of tools for WordPress websites from the marketing platform Thrive Themes. The purpose of Thrive Themes is to help WordPress websites “convert visitors into leads and customers.” The suite of products affected is called Thrive Suite, in which the Legacy Themes […] | Guideline | ||
|
2021-03-25 14:33:26 | Engineer punished for reporting data leak (lien direct) | Security engineer Rob Dyke recently reported a data leak to the Apperta Foundation, which is a non-profit, supported by NHS England and NHS Digital. The organisation thanked him for responsible reporting, however later ‘thanked him’ with legal correspondence and police intervention. Dyke discovered an exposed GitHub repository earlier this month, which was exposing passwords, API […] | |||
|
2021-03-25 12:33:19 | Facebook stops Chinese hackers spying on Uighurs living abroad (lien direct) | On Wednesday, Facebook revealed that it has blocked a group of hackers based in China, known as Evil Eye or Earth Empusa, from using the platform to spy on Uighurs living abroad. The hackers were using Facebook to trick Uighurs into clicking on links infected with malware which enabled them to spy on the victim’s […] | Malware | ||
|
2021-03-25 12:23:12 | FatFace hit by cyberattack, only informing customers two months later (lien direct) | FatFace, a British fashion retailer, suffered a cyber attack in January which may have resulted in both employees’ and customers’ data being compromised. Yesterday FatFace sent customers an email informing them that their personal data could have possibly been compromised in the hack. In the email FatFace also asked customers to keep the details of […] | |||
|
2021-03-25 08:00:32 | Decision diversity: more equals better for the sake of a more secure organisation (lien direct) | The events of 2020 from a cybersecurity perspective have brought to light the significance of diversity for businesses of all sizes. Facing a more diverse range of challenges than most will have experienced before required an equally diverse range of coping mechanisms and responses to navigate accelerated digital transitions. The move to remote working placed […] | |||
|
2021-03-24 11:32:36 | (Déjà vu) Microsoft: Phishing attacks abuse legitimate services (lien direct) | The new attacks are part of an ongoing phishing operation, dubbed the “Compact” Campaign, which has been active since early 2020. The campaign, which has already stolen an estimated 400,000 OWA and Office 365 credentials has now begun abusing new legitimate services in an effort to bypass secure email gateways (SEGs). As a result, Microsoft […] | |||
|
2021-03-24 11:23:09 | Financial Risk Management Platform Feedzai becomes Portugal\'s first tech unicorn (lien direct) | Feedzai, the cloud-based financial risk management platform, today announced a $200 million Series D investment round led by leading global investment firm KKR, with participation from existing investors Sapphire Ventures, and Citi Ventures. The company states that the new investment will be used to accelerate its global expansion, further develop its product offerings, and boost […] | Guideline | ||
|
2021-03-24 11:13:16 | California Controller\'s Office employee falls for phishing link (lien direct) | A California State Controller’s Office employee fell for a phishing link, leading to a data breach that resulted in the theft of around 9,000 records. The employee, who worked in the Unclaimed Property division clicked on a phishing link received in an email and then proceeded to enter a user ID and password. This gave […] | Data Breach Guideline | ||
|
2021-03-23 11:24:05 | IT Admin sentenced after mass-deleting company accounts (lien direct) | Deepanshu Kher has been sentenced to two years in prison after hacking into the network of a Carlsbad, California-based firm. The former IT contractor worked for the IT consultancy firm for around 1 year in 2017, helping a client with migration to a Microsoft 365 Office environment. The client was not satisfied with Kher’s work, […] | ★★★ | ||
|
2021-03-23 11:01:27 | Michigan Bank loses Customers\' SNNs (lien direct) | The Michigan based bank Flagstar, has contacted its customers informing them of a data breach during which hackers accessed their SSNs. The bank finally admitted that the attack resulted in the loss of customers’ Social Security Numbers, home addresses, full name and phone numbers – a detail that was not publicly disclosed when the data […] | Data Breach | ||
|
2021-03-23 10:25:45 | Microsoft Exchange servers attacked by BlackKingdom ransomware (lien direct) | The ransomware campaign, BlackKingdom, has been attacking Microsoft Exchange Server by exploiting ProxyLogon vulnerabilities in order to deploy ransomware on vulnerable servers. The attacks were discovered by Marcus Hutchins, a security researcher from MalwareTechBlog who revealed in a series of tweets on Sunday that he left honeypots on his Exchange servers which lured in attackers […] | Ransomware | ||
|
2021-03-22 14:24:27 | Remote Working Security Survival Guide (lien direct) | In the last year, the vast majority of us were compelled to reimagine the conventional office space; transforming dining room tables and ironing boards into desks, and sofas into our go-to spot for conference calls. Like dominoes, one company after another has announced their intention to adopt long-term, or permanent, remote working. There are, undoubtedly, […] | |||
|
2021-03-22 13:02:06 | Big boost for UK\'s Performanta with significant investment from Beech Tree Private Equity (lien direct) | Beech Tree Private Equity has announced a significant investment in Performanta, a fast-growing global provider of managed cyber security services to enterprise customers. Performanta provides an end-to-end security solution for customers, advising on security strategies as well as monitoring their environments 24/7 – including full Managed Detection and Response (MDR) and Incident Response services. Beech […] | |||
|
2021-03-19 16:17:12 | How can SMEs stay secure into 2021 and beyond (lien direct) | For the average SME, cybersecurity can be a scary thing to think about. Without the funding, expertise or staff to throw a dedicated cybersecurity team at the problem, it is incredibly common for security to fall through the cracks when businesses are developing and growing at lightning speed. Small businesses often don't see themselves as […] | |||
|
2021-03-19 16:08:28 | Cybercrime has cost organisations and individuals over $ 4 billion in 2020 (lien direct) | A new report released by the FBI has revealed that Americans had over $4 billion stolen due to cybercrime in 2020. Also found in the 2020 Internet Crime Report was the fact that the Internet Crime Complaint Center (IC3) saw an increase of 69% compared to what was reported 2019. Further research has shown that […] | |||
|
2021-03-18 12:47:59 | SolarWinds attackers stole Mimecast source code (lien direct) | In January, Mimecast reported that a certificate compromise took place following the SolarWinds espionage campaign. However, Mimecast has recently confirmed that the firm's source code repositories were also stolen during the attack. Initially, it was thought that the SolarWinds attackers had only stolen a small amount of Mimecast’s customers’ personal data, such as email addresses […] | |||
|
2021-03-18 12:36:25 | FBI annual report claims $4.2 billion was lost to cybercrime in 2020 (lien direct) | The FBI has recently released their annual report on cybercrime in the US for 2020. The report has revealed that there has been a rise in complaints and financial losses due to cybercrime in 2020. The Internet Crime Complaint Center (IC3) has seen an increase of 69% in complaints relating to cybercrime since 2019, with 791,790 […] | |||
|
2021-03-18 12:01:46 | Feedzai introduces Fairband, the world\'s most advanced framework for fairness in AI (lien direct) | Feedzai, a cloud-based financial risk management platform, has announced Feedzai Fairband, the world’s most advanced AI fairness framework. The new AutoML algorithm automatically discovers machine learning models with zero additional model training cost while increasing model fairness by up to 93%, on average. With this new technology, Feedzai allows financial institutions across the world to […] | |||
|
2021-03-18 11:47:12 | Eastern Health temporarily suspends IT-systems (lien direct) | Eastern Health has temporarily taken down its IT systems following a cyber incident earlier this week. The measures have been taken as a precaution, while the healthcare group attempts to understand and rectify the situation. It has also reassured the public that patient safety had not been compromised. The Incident has affected the healthcare provider’s […] | |||
|
2021-03-18 11:16:09 | OCBC Bank enables face verification at ATMs (lien direct) | OCBC Bank in Singapore has turned on a face recognition feature at eight ATMs across the country. This bypasses the need for ATM cards, although access is still limited to viewing balance. There are plans to add cash withdrawals “progressively” at a future stage, with no specific timeline as to when this would be. Only […] | |||
|
2021-03-17 10:55:04 | Google accused of spying on users by DuckDuckGo (lien direct) | Google has been accused by DuckDuckGo, a privacy-focused web browser, of spying on its users after Google published details of the personal data it has gathers from it’s customers. A number of technology companies have been adding App Privacy labels to their apps, outlining what data they gather from their users in accordance with Apple's […] | ★★ | ||
|
2021-03-17 10:53:39 | Defunct WeLeakInfo site suffered own data breach (lien direct) | A threat actor has leaked data from the now-defunct WeLeakInfo data breach site, including payment and customer information. Last Thursday, the hacker published am archive of payment processing data used by the strip of a hacking forum known as RaidForums. The WeLeakInfo site offered paid subscriptions to users for searchable access to a database, which […] | Data Breach Threat | ||
|
2021-03-17 09:35:52 | (Déjà vu) Vodafone Spain hit with highest ever fine (lien direct) | The Spanish Data Protection Agency (AEPD) issued Vodafone Spain with the highest ever fine for failing to protect user data and using aggressive telemarketing tactics. Two of the fines relate to the EU’s General Data Protection Regulation (GDPR), the third for breaching Spanish laws on digital rights and telecommunications and the fourth for violations of […] | ★★★★ | ||
|
2021-03-16 16:37:31 | First trustees announced for the UK Cyber Security Council (lien direct) | The UK Cyber Security Council – the independent 'umbrella' organisation for the UK cyber security profession – has introduced its first four trustees, which it says is a key milestone in its formation. The four initial trustees that form the inaugural leadership of the Council are: Dr Claudia Natanson (chair): Dr Claudia Natanson is […] | Guideline | ★★★★★ | |
|
2021-03-16 15:57:19 | Google continues to track data in \'Incognito Mode\' (lien direct) | Google is being accused of collecting data from users who are browsing in “incognito mode”. The lawsuit, brought against the tech giant in 2020, is said to go ahead and alleges that users’ data was still being gathered by Google tools; even with the data collection turned off. A complaint claimed that: “Google tracks and […] | |||
|
2021-03-16 14:46:57 | Former Australian caseworker accessed data of children (lien direct) | A former caseworker, contracted by Victoria’s Department of Health and Human Services (DHHS) between April 2016 and September 2017, had access to the sensitive data of vulnerable children for a year after leaving their job. A report filed by OVIC (Office of the Victorian Information Commissioner) found that throughout their employ at DHSS the caseworker […] | |||
|
2021-03-16 10:42:26 | Google disclose another Chrome zero-day flaw (lien direct) | Google is warning Mac, Window and Linux users of a third zero-day flaw that has been found in Google Chrome. This is the third Google Chrome zero-day vulnerability to be disclosed in the past three months. The flaw, tracked as CVE-2021-21193, has a rating of 8.8 out of 10 on the CVSS vulnerability-rating scale, classifying […] | Vulnerability | ||
|
2021-03-16 10:11:28 | NCSC issue first official cyber-attack warning for nurseries (lien direct) | The government’s National Cyber Security Centre (NCSC) has issued warnings and guidance to nurseries and childminders about the increase of cyberattacks. This is the first time that the NCSC has issued guidance for industries caring for children in this age group. The NCSC’s warning has encouraged nurseries and childminders to use password protection for personal […] | |||
|
2021-03-15 17:45:51 | Lookout Acquires CipherCloud to Deliver Security from Endpoint to Cloud (lien direct) | Mobile cybersecurity specialists, Lookout, has acquired CipherCloud, a cloud-native security company that operates in the emerging Secure Access Service Edge (SASE) market. Through this acquisition, which combines the Lookout Mobile Endpoint Security with the CipherCloud SASE technologies, Lookout believes it is in the best position to provide industry's first end-to-end platform that secures an organisation's entire data path from endpoint to cloud. […] | |||
|
2021-03-15 16:19:35 | Arrest warrants out for Canadians behind ECC cryptophone networks (lien direct) | The US issued arrest warrants on the 12th March 2021, for Jean-François Eap, Sky Global’s Canadian Chief Executive Officer, and Thomas Herman, former phone distributer. The two executives have been indicted for racketeering and knowingly facilitating the import and distribution of illegal drugs, while running the largest encrypted phone service. The warrants came after Belgian […] | |||
|
2021-03-15 15:46:29 | Blue-tooth Virus to improve COVID-10 tracking (lien direct) | Researchers from the University of Queensland, the University of Melbourne, and the Massachusetts Institute of Technology (MIT) have developed a virtual “virus” that could be used to more accurately assess the spread of COVID-19. The joint project could also reduce the lag between the time people catch the virus and get diagnosed. The now dubbed […] | |||
|
2021-03-15 11:51:26 | Twitter users suspended due to “Memphis” bug (lien direct) | A Twitter bug was banning users who tweeted the word “Memphis” recently. Users flagged the bug to the social media platform after dozens of account were suspended. Since the incidents took place Twitter has resolved the bug but has not issued any comments. The French football club, Olympique Lyonnais, were banned due to the bug […] | |||
|
2021-03-12 16:30:41 | (Déjà vu) West Ham supporters have data leaked by club website (lien direct) | English Premier League football club, West Ham, has suffered an accidental data breach with personal information of supporters leaked via the clubs official website. Having first been reported by Forbes, error messages were being displayed on the West Ham’s website before showcasing the profile information of supporters to other fans who were attempting to log […] | Data Breach | ||
|
2021-03-12 14:39:39 | Internet providers aid Home Office in web-spying (lien direct) | A trial of new powers granted by the controversial Investigatory Powers Act of 2016 has been going on for months, which involves the internet providers creating internet connection records (ICRs). These can be used to show which websites individual people have visited and when. This has caused digital rights campaigners to voice their concerns: “We […] | |||
|
2021-03-12 14:11:47 | Fastway Couriers suffers data breach (lien direct) | An investigation has been opened into the data breach at Fastway Couriers, during which hackers stole the personal details of thousands of Irish online shoppers. The company has confirmed that the names, addresses, email accounts and phone numbers of 446,143 customers have been accessed. Fortunately, no financial information or other personal data was accessed or […] | Data Breach | ||
|
2021-03-12 12:02:11 | Molson Coors hit by suspected ransomware attack (lien direct) | Molson Coors, a beverage giant responsible for brands such as Coors, Miller Lite and Foster's, has released details for what seems to be a ransomware attack. The company filled the attack yesterday with the Securities and Exchange Commission (SEC), claiming that it has experienced a “systems outage caused by a cybersecurity incident”. In the report, […] | Ransomware | ||
|
2021-03-12 11:34:55 | Netflix to trial restrictions on password sharing (lien direct) | Netflix has announced that it will be trialling new restrictions for password sharing on its streaming platform. Streaming services, such as including HBO Go, Amazon Prime, Netflix and Disney+, all allow users to create multiple profiles which can be used across a number of devices. However, it is specified in their terms and conditions that […] | |||
|
2021-03-11 17:36:46 | Developing a Strong Security Posture in the Era of Remote Work (lien direct) | Many of us have had to adopt remote working for a large proportion of the past year. But remote working is about more than saving yourself time on the morning commute and navigating Zoom etiquette: The security implications for thousands of businesses sending their employees home to work for a year have been massive. In […] | |||
|
2021-03-11 15:04:59 | Norway\'s Stortingnet becomes newest victim of Microsoft Exchange malware (lien direct) | Norway’s Parliament becomes the newest organisation to fall victim to the vulnerabilities in Microsoft’s Exchange Server. A press release was issued, confirming that the great assembly Stortingnet had been breached by ‘backdoor-installing miscreants’. Marianne Andreassen, the director at Stortingnet stated: “We know that data has been extracted, but we do not yet have a full […] | Malware | ||
|
2021-03-11 12:39:25 | Three UK universities hit by cyber-attacks (lien direct) | Three UK universities have been hit by a series of cyberattacks this week. The University of Central Lancashire in Preston, the University of the Highlands and Islands in Scotland, and Queen’s University in Belfast were all hit by separate attacks. On Sunday the University of Central Lancashire (UCLAN) experienced an incident that left remote-learning students […] | |||
|
2021-03-11 12:29:35 | Spanish employment agency hit by major cyberattack (lien direct) | The Spanish employment agency has been targeted by a ransomware attack which has resulted in hundreds of offices being knocked offline. The SEPE published a note on their website which said, “currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State […] | Ransomware | ||
|
2021-03-11 11:36:11 | AT&T Cybersecurity Launches Managed SASE Solution with Fortinet (lien direct) | AT&T has announced it is expanding its portfolio of Managed Security Services through its alliance with Fortinet to make Secure Access Service Edge (SASE) a reality for enterprises. AT&T SASE with Fortinet is the first, global managed SASE solution at scale that unifies software-defined wide-area network (SD-WAN) with essential network security functions of the SASE […] | ★★★★ | ||
|
2021-03-10 17:19:57 | Leveraging Automation to Secure Your Remote & Hybrid Workforce (lien direct) | Adopting end-to-end security automation is a top priority for many organisations, and the rapid shift to remote work due to the COVID-19 pandemic has forced many businesses to accelerate their Digital Transformation strategy. Faced with the challenge of managing identities and securing access to data and applications from a growing number of endpoints, IT and […] | |||
|
2021-03-10 17:02:15 | The risks of social selling (lien direct) | Facebook recently announced the introduction of carts to WhatsApp to streamline online purchases. While this move will reduce some online friction and make the purchasing process easier for customers, it can also introduce many security and fraud risks. Cybercriminals are always looking for new ways to target unsuspecting customers with social engineering scams through various […] | ★★★★ | ||
|
2021-03-10 13:19:10 | Adobe releases security patches for a number of their apps (lien direct) | Adobe has just released patches for critical security problems which were affecting their Connect, Framemaker and Creative Cloud applications. Following Adobe’s monthly security update the vulnerability, tracked as CVE-2021-21056, has been patched in the document processor Framemaker. Three vulnerabilities in Adobe’s Creative Cloud were also patched – CVE-2021-21068; CVE-2021-21078; and CVE-2021-21069 following the update. Another […] | |||
|
2021-03-10 11:06:05 | Researchers discover flaws in Apple\'s offline \'find my device\' feature (lien direct) | Apple’s OF (Offline Finding) technology uses online finder devices running the ‘Find My’ app to detect the location of missing offline devices (for instance iPads using Bluetooth and AirTags). The security and privacy of Apple’s Bluetooth location-tracking system earned praise from researchers who discovered two flaws in the technology. Computer scientists from the Technische Universität […] |
To see everything:
Our RSS (filtrered)
