What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-08-14 11:21:58 | Google attempting new URL displays to tackle phishing and other scams (lien direct) | Some Google Chrome users can expect a big change in how the browser displays URLs as the company tests out how domain names are seen in a bid to thwart online scams. The test is expected on Chrome 86 which is slated for release at the end of August. The experiment will involve some “randomly […] | |||
|
2020-08-14 11:20:00 | Unprotected AWS Server exposes over 350m passwords (lien direct) | Ethical hackers have discovered 350 million exposed email addresses on an unsecured server which were likely to have either been stolen or acquired back in October 2018. The find was made after the CyberNews threat researchers came across an unprotected depository (also known as a bucket) on an Amazon S3 server which is said […] | Threat | ||
|
2020-08-12 13:41:29 | Update your browser now! Chrome bug allows bypassing of CSP protection (lien direct) | If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible, The Hacker News advises. Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could […] | |||
|
2020-08-12 13:38:51 | #SorryNotSorry: Seek apologises for leaking user details but won\'t report it as a notifiable data breach (lien direct) | Job search engine Seek confirmed while it suffered an “internal technical issue” on Monday, which resulted in the exposure of other candidate details when they were logged into their Seek Profiles, it does not view the incident as a notifiable data breach and will not be reporting it to the Office of Australian Information Commissioner […] | Data Breach | ||
|
2020-08-12 13:34:41 | (Déjà vu) Citrix\'s Xen Mobile Servers for ednpoint management affected by critical flaw (lien direct) | Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM), also known as XenMobile, a product made for enterprises to help companies manage and secure their employees’ mobile devices remotely, The Hacker News reported. Citrix Endpoint Management offers businesses mobile device management (MDM) and mobile application management (MAM) capabilities. It […] | |||
|
2020-08-11 14:03:30 | Securing Emails in the Modern Age (lien direct) | In the age of modern connectivity, emails are the de facto mode of communication. Securing emails from cybercriminals is a difficult task, and many businesses are left scratching their heads when deciding how to keep corporate data and privileged information secure. Zix a provider of cloud email security, productivity and compliance solutions has announced the […] | |||
|
2020-08-11 10:55:51 | Welsh police breaking law with facial recognition technology (lien direct) | Attempts by UK law enforcement to use facial recognition technology in crime investigation and prevention have taken a blow today, with a civil liberties group and an individual based on Cardiff winning a legal challenge brought to South Wales Police regarding the use of the technology. The group involved was called Liberty, who were working […] | |||
|
2020-08-11 10:54:28 | Remote workers at increased risk from DDoS attacks (lien direct) | Kaspersky has shown that in Q2 of 2020, there has been a notable upswing in the volume of distributed denial of service DDoS attacks, which have tripled from Q2 of 2019. This is in response to the Covid19 remote working landscape, with less people on holiday than usual during the quarter, and more depending on […] | |||
|
2020-08-11 10:52:14 | Revamped agent Telsa targeting browser and VPN passwords (lien direct) | The notorious password stealing browser Agent Tesla is back. The trojan, used for remote access, now has the capability to steal passwords from web browsers as well as from VPNs. An active remote access trojan since 2014, Agent Tesla is a commercially available infostealer which also doubles as a keylogger. | |||
|
2020-08-10 08:05:39 | Security Advisory Used in Phishing Attack (lien direct) | According to BleepingComputer, bad actors are utilising fake security advisories to carry out phishing attacks on cPanel users. An administrative software typically installed on shared web hosting services, cPanel allows website owners to administer their site through a graphical user interface. However, last week, fake advisories were issued indicating “security concerns” that needed to be […] | |||
|
2020-08-10 07:37:33 | F5 BIG-IP Flaw Actively Exploited By Iranian Hackers, FBI Warns (lien direct) | In a Private Industry Notification (PIN) issued by the U.S domestic intelligence and security service, it was revealed that Iranian state-sponsored hackers are actively exploiting an F5 BIG-IP flaw. The flaw allows for unauthenticated remote code executions on devices used by Fortune 500 companies, government agencies and banks, shared BleepingComputer. The FBI have added further […] | |||
|
2020-08-10 07:28:03 | Reddit Accounts Hacked Spreading Pro-Trump Messages (lien direct) | On Friday, moderators of over 70 groups on Reddit Inc. were hacked. Messages in support of Donald Trump were then posted in both English and Mandarin, reaching millions of subscribers. Among the subreddits defaced were r/space, r/food. r/Japan, r/nfl, r/cfb and r/podcasts, all popular subreddits. According to SiliconAngle, while it is yet unknown how these […] | |||
|
2020-08-07 13:45:40 | Hospitals impacted after hackers target ventilator manufacture during Covid-19 (lien direct) | A notorious ransomware gang has been hitting a key manufacturer of coronavirus ventilators in the US. The DoppelPaymer gang have threatened Boyce Technologies with releasing valuable data if the ransom is not paid – as it stands, the ransom amount has not been disclosed. It's unfortunate to hear Boyce Technologies, an FDA-approved ventilator manufacturer, has had critical […] | Ransomware | ||
|
2020-08-07 13:37:21 | Intel data breach results in confidential info leaked (lien direct) | Intel, the U.S. based global chip provider is investigating a data breach after highly confidential and restricted information was leaked onto online sharing website, MEGA. The data was uploaded to MEGA by software engineer, Till Kottman after receiving the documents from an anonymous hacker who allegedly hacked Intel earlier this year. After analysis, the information has been […] | Data Breach | ||
|
2020-08-07 13:32:57 | Capital One hit with $80 million fine following 2019 data breach (lien direct) | It was announced yesterday that Capital One has been ordered by the Office of the Comptroller of the Currency (OCC) to pay an $80 million fine after the company suffered a massive data breach in 2019. It is estimated that the breach impacted more than 100 million Capital One customers, with names and addresses of individuals […] | Data Breach | ||
|
2020-08-06 15:38:34 | The rise of Community-Powered Threat Hunting (lien direct) | Next-Gen SIEM provider, Securonix has announced availability of its SearchMore functionality that helps operations teams better detect and respond to threats that bypass preventative and detection controls. The company states that “SearchMore delivers the industry's first Community-Powered Threat Hunting capability and provides the ability to search on real-time, streaming data, as well as long-term data.” […] | Threat | ||
|
2020-08-06 15:37:24 | Who are the new heads at NCSC and MI6? (lien direct) | Lindy Cameron, the first woman CEO of the National Cyber Security Centre – a public facing division of GCHQ and primary technical authority on cybersecurity – is replacing its first CEO, Ciaran Martin, when he steps down on 31 August. Cameron will then formally become CEO in October following a handover period. Cameron has excellent […] | |||
|
2020-08-06 10:19:16 | Maze ransomware strikes again at Canon (lien direct) | Optical and imaging giant Canon has been the latest business to be hit by the scourge of ransomware. The Maze strain of ransomware has brought operations to an effective standstill, hitting the Canon email servers as well as internal applications including their instant messaging services provided by Microsoft Teams. Additionally, the US website was also […] | Ransomware | ||
|
2020-08-06 10:17:55 | UK council takes £10 million hit in cyberattack recovery (lien direct) | A small rural council in the North of England has suffered a staggering financial hit in recovering from a cyberattack. Redcar and Cleveland in Yorkshire were forced to spend £10 million in order to recover from a cyberattack which took online public services offline for a week in February. Infrastructure and system recovery cost £2.4m, […] | |||
|
2020-08-06 10:14:28 | Google shuts down Chinese, Iranian and Russian influence campaigns ahead of US election (lien direct) | Ten influence campaigns emerging from hostile states such as China, Tunisia, Russia, and Iran have been discovered across Google platforms, and removed throughout Q2, Google's Threat Analysis Group have announced. The group is responsible within Google's security department for keeping track of high-end cybercriminal activity, which includes nation-state influence campaigns detected. Although the group is […] | Threat | ||
|
2020-08-05 12:46:46 | KnowBe4 Releases New Security Research Report “The Department of No” (lien direct) | KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, has released a new report that explores how and why the reputation of security departments have traditionally been perceived as “The Department of No.” This new report, authored by Javvad Malik, security awareness advocate at KnowBe4, explains how many security […] | |||
|
2020-08-05 11:08:58 | Serious bug found in official Facebook WordPress chat plugin allows attackers to intercept messages (lien direct) | On June 26, 2020, Wordfence’s threat intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites. This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors […] | Vulnerability Threat | ||
|
2020-08-05 11:00:56 | (Déjà vu) Nearly 300 Chrome extensions are loading malicious code (lien direct) | AdGuard has discovered 295 Chrome extensions that hijack and insert ads in Google and Bing search results. The extensions have been installed by more than 80 million users. In a technical analysis shared with ZDNet, AdGuard said all extensions loaded malicious code from the fly-analytics.com domain, and then proceeded to quietly inject ads inside Google […] | |||
|
2020-08-05 10:40:50 | US and Australian government warn of critical vulnerabilities in Cisco, Microsoft and IBM remote access and perimeter devices (lien direct) | Security firm RiskIQ has published a report highlighting several critical vulnerabilities in 12 widely used remote access and perimeter devices. The findings show that the rapidly increasing adoption of these devices amid the COVID-19 pandemic is expanding digital attack surfaces outside the corporate firewall at incredible speed-and introducing a range of critical, rapidly proliferating vulnerabilities. […] | |||
|
2020-08-04 15:02:20 | Dangerous flaws found in Cisco, Microsoft, Citrix and IBM Among Many Others (lien direct) | RiskIQ, released its Vulnerability Landscape report, a high-level view of critical vulnerabilities in twelve very widely used remote access and perimeter devices. The report shows that the rapidly increasing adoption of these devices throughout the COVID-19 pandemic is increasing digital attack surfaces outside the corporate firewall at incredible speed-and introducing a range of critical, rapidly […] | Vulnerability | ||
|
2020-08-04 14:36:30 | These 10 IoT devices pose the biggest risk to your organisation (lien direct) | By Richard Orange, Regional Director of UK&I at Forescout Connected devices continue to transform the way organisations operate in every industry. From healthcare and retail to manufacturing and financial services, Internet of Things (IoT) devices are omnipresent and positively impact the bottom line of many organisations. But an increase in connected devices also means an […] | |||
|
2020-08-04 14:10:36 | Tweet Chat Roundup with KnowBe4 (lien direct) | We are now more than halfway through the year, and what a crazy half it has been both in terms of the global pandemic but also when you consider the volatile climate the cybersecurity industry finds itself in. We wanted to find out what trends had been seen, how organisations should go about ensuring security is being kept as a priority, […] | |||
|
2020-08-04 14:08:34 | 70% of large businesses consider remote working a security hazards: The experts have their say (lien direct) | A survey conducted by AT&T found that 70% of large businesses think that their security posture is being damaged by remote working, leaving them more vulnerable to cyberattack- This is what the experts think. Remote working has made us all ask difficult questions of ourselves. While the initial kneejerk decisions to deploy a remote workforce […] | |||
|
2020-08-04 13:27:36 | It\'s Official: COVID-19 Creates a Larger Surface Area for Cyberattacks (lien direct) | Ever since it was declared a global pandemic, experts have warned that COVID-19 will put increased strain on security teams by creating more variables and attack surfaces. Now, according to VMware Carbon Black, it is official. Their most recent Global Incident Response Report, revealed that COVID-19 continues to create a larger surface area for cyberattacks. […] | |||
|
2020-08-04 09:57:38 | Deep Fake: Deep Trouble (lien direct) | According to a new report from University College London (UCL), fake audio or video content has been ranked as the most worrying use of artificial intelligence in terms of its potential applications for crime or terrorism. Deep fakes will most likely come to fruition on social media as memes, however their future can be much […] | |||
|
2020-08-04 09:28:16 | 1 in 5 Businesses Would Consider Sabotaging a Competitor\'s Online Business (lien direct) | The digital era has brought a multitude of opportunities, and unique challenges for businesses. Industrial espionage and sabotage has always been a threat to corporations, but the digital age presents new tools and weapons. Acts of online sabotage may involve discrediting a business's products/service with negative (and often fake) reviews, as well as running a […] | Threat | ||
|
2020-08-03 15:59:47 | Russian Hackers Allegedly Behind Document Leak Preceding Britain\'s 2019 Elections (lien direct) | The leak of classified U.S and UK trade documents in the run-up to Britain’s 2019 elections were allegedly stolen by Russian hackers. The documents were supposedly accessed from the email inbox of former trade minister, Liam Fox, between July 12 and October 21, revealed Reuters. Whilst choosing not to name the Russian organisation responsible, the […] | |||
|
2020-08-03 10:57:25 | Aged Care Operators in Australia Under Threat of Ransomware Attacks (lien direct) | The Sydney Morning Herald has announced yet another cyberattack in a string of attacks targeted at Australian organisations and critical infrastructure. Suspected to be the work of an overseas actor, Regis, the aged care operator, is the latest to be affected. Already struggling with the coronavirus outbreak, the company now has to deal with the […] | Ransomware Threat | ||
|
2020-08-03 10:47:47 | 1.3 Million Havenly Accounts Leaked on Online (lien direct) | The hacking group, ShinyHunters, recently leaked the databases of 18 companies for free. Among the 386 million user records exposed, 1.3million were users from the US-based interior design website, Havenly. The leaked data included login names, full names, MD5 hashed passwords, email address and phone numbers, among others. BleepingComputer had reported the breach to Havenly […] | |||
|
2020-08-03 10:34:01 | Data Leak Reveals Higher Death Toll in Iran Than Initially Reported (lien direct) | An anonymous source has recently revealed to the BBC that the number of deaths in Iran from COVID-19 is actually triple that of Iran’s government claims. While the health ministry had reported 14,405 deaths, the records appear to show up to 42,000 deaths. The data leaked included details of daily admissions to hospitals across the […] | |||
|
2020-07-31 11:31:24 | EU imposes sanctions on North Korean, Chinese and Russian-backed cyberattackers (lien direct) | The European council announced today that it will impose “restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW (Organisation for the Prohibition of Chemical Weapons) and those publicly known as ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud Hopper’.” The measures will include a travel ban and asset freeze, and constitute the very first sanctions […] | NotPetya Wannacry | ||
|
2020-07-31 11:22:44 | Blackbaud hack affects Labour party data (lien direct) | Hackers gained access to confidential information about thousands of Labour party donors, ITV reported today. This security compromise is the result of a wider cyber-attack directed at cloud computing provider Blackbaud, which affected over 125 institutions in the UK, including many universities. The compromise affected the fundraising and donor management software Raiser’s Edge, which is […] | Hack | ||
|
2020-07-31 11:06:29 | IRS urges users to use multi-factor authentication to protect accounts (lien direct) | The US International Revenue Service has urged tax professionals to select multifactor authentication options whenever possible in order to reduce the risk of exposing sensitive information. Amidst the Covid-19 crisis, the IRS stressed the importance of this security practice for those working remotely or social distancing. “Cybercriminals continue to find new ways to try accessing […] | |||
|
2020-07-31 09:58:51 | Got MDM? You still need mobile security (lien direct) | It is common practice for businesses to implement some kind of central tool to manage smartphones and tablets. Normally, this is done through solutions referred to as mobile device management (MDM), which can ensure mobile devices are configured properly for business use. MDMs can also be used to mandate certain built-in device security settings, such […] | Tool | ||
|
2020-07-30 19:19:01 | EU sanctions for WannaCry, NotPetya, OPCW & Cloud Hopper attackers (lien direct) | Individuals and entities from North Korea, China and Russia, responsible for or involved in ‘WannaCry’, ‘NotPetya’, ‘Operation Cloud Hopper’ and the OPCW (Organisation for the Prohibition of Chemical Weapons) cyber attacks have been identified and received travel bans and an asset freeze in the first ever imposition of restrictive sanctions by the EU Council. EU persons and entities are also […] | NotPetya Wannacry | ||
|
2020-07-30 11:32:48 | OkCupid vulnerabilities allow attackers to hijack user accounts (lien direct) | With over 50 million registered users, OkCupid is one of the largest players in the online dating game, aided by the social distancing measures imposed by governments across the globe in response to the coronavirus pandemic. An expanding user base and the wealth of information contained in dating apps accounts makes them a particularly ripe […] | ★★ | ||
|
2020-07-30 11:14:50 | Cyber espionage of air-gapped environments and Covid-19 themed attacks: Q2 2020 in review (lien direct) | In a report published today, ESET researchers have outlined the threats and the trends that characterised the second quarter of 2020. Perhaps unsurprisingly, researchers found that Covid-19 themed phishing attacks are alive and well, and continued into Q2, confirming how the coronavirus pandemic has defined this year in cybercrime. ESET researchers also discovered a new […] | ★★★★★ | ||
|
2020-07-30 11:03:37 | News organisations\' CMS systems hacked to spread disinformation (lien direct) | Security firm FireEye released yesterday a report on the activity of filo-Russian disinformation focussed group Ghostwriter. According to FireEye’s report, the group seems to have upped its game since it first started operating in 2017, and has now begun hacking the content management systems of news organisations. Generally aimed at undermining NATO, the hacking campaign […] | ★★ | ||
|
2020-07-29 15:30:23 | Global Knowledge is named official training provider to grow cybersecurity skills by (ISC)2 (lien direct) | (ISC)² has announced today that it will add Global Knowledge to its portfolio of Official Training Providers for the UK, thus expanding the range of leading training organisations offering (ISC)2 certification preparation training. Global Knowledge will be providing exam preparation training for the full range of (ISC)2 certifications to its UK customer base, delivering pathways to […] | Guideline | ★★ | |
|
2020-07-29 10:45:49 | Ransomware strikes again: German business giant Dussmann Group\'s data leaked online (lien direct) | The trend of ransomware attacks turning into data breaches continues. Cybercriminals have taken the habit of exfiltrating a company’s data before encrypting their databases with ransomware, so as to double up on their profits with the sale of the stolen information. Dussman Group, one of the largest multi-service providers in Germany, is the latest enterprise […] | Ransomware | ||
|
2020-07-29 10:13:18 | Beijing has been inside the Vatican\'s computer network for the past three months (lien direct) | According to security firm Recorded Future, Chinese hackers have infiltrated the Vatican’s computer network in an apparent espionage effort. This happened ahead of sensitive negotiations with Beijing, which currently recognises five religions, including Catholicism. However, the Communist Party has recently attempted to tighten its control over religious groups, perceived as a threat to the stability […] | Threat | ||
|
2020-07-29 10:00:02 | Decrypting Diversity 2020: NCSC publishes report on diversity and inclusion in the cybersecurity industry (lien direct) | Decrypting Diversity 2020 is a joint report between the National Cyber Security Centre (NCSC) and KPMG UK, supported by Professor Nick Jennings, Vice-Provost (Research and Enterprise) of Imperial College London. It is the first in an annual series that will benchmark and track levels of diversity and inclusion in the cyber security industry. According to […] | |||
|
2020-07-28 10:34:06 | CISA and NCSC Release Joint Alert: 62,000 QNAP NAS Devices Infected with QSnach Malware (lien direct) | CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has […] | Malware | ||
|
2020-07-28 10:28:16 | Fake SharePoint Alerts Spread Malware (lien direct) | Microsoft Office 365 users are being targeted by a malicious email campaign impersonating an automated SharePoint notification. The fake emails were crafted to mention the name of the targeted organisations and have already reached over 50,000 inboxes, according to email security company Abnormal Security. The messages invited potential victims to click on a link in […] | Malware | ||
|
2020-07-28 10:10:26 | National Cardiovascular Partners (NCP) Notifies Patients of Data Breach (lien direct) | US healthcare service National Cardiovascular Partners (NCP) has fallen victim of an email hack that exposed 78,000 cardiovascular patients’ data. The data was archived in an Excel spreadsheet, which was accessed by malicious actors back in April. The breach remained undetected until nearly a month late, when NCP responded by securing the compromised email and […] | Data Breach Hack |
To see everything:
Our RSS (filtrered)
