What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-28 10:28:16 | Fake SharePoint Alerts Spread Malware (lien direct) | Microsoft Office 365 users are being targeted by a malicious email campaign impersonating an automated SharePoint notification. The fake emails were crafted to mention the name of the targeted organisations and have already reached over 50,000 inboxes, according to email security company Abnormal Security. The messages invited potential victims to click on a link in […] | Malware | ||
|
2020-07-28 10:10:26 | National Cardiovascular Partners (NCP) Notifies Patients of Data Breach (lien direct) | US healthcare service National Cardiovascular Partners (NCP) has fallen victim of an email hack that exposed 78,000 cardiovascular patients’ data. The data was archived in an Excel spreadsheet, which was accessed by malicious actors back in April. The breach remained undetected until nearly a month late, when NCP responded by securing the compromised email and […] | Data Breach Hack | ||
|
2020-07-27 10:41:50 | (Déjà vu) Microsoft, Adobe, Lenovo and Nintendo\'s Source Code Exposed In Public Repository Leak (lien direct) | Source code from exposed repositories of dozens of companies across various fields of activity (tech, finance, retail, food, eCommerce, manufacturing) is publicly available as a result of misconfigurations in their infrastructure, Bleeping Computer reported. A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, […] | ★★★★★ | ||
|
2020-07-27 10:21:25 | FBI Warns of Network Protocols Abused in Large Scale DDoS Attacks (lien direct) | The Federal Bureau of Investigation added three network protocols and one web application to its list of newly discovered DDoS attack vectors. In a private industry notification, the Bureau reported that: In February 2020, UK security researchers identified a vulnerability in the built-in network discovery protocols of Jenkins servers-free, open source, automation servers used to […] | Vulnerability | ★★★★★ | |
|
2020-07-24 10:48:55 | Hearing Between US Government and Tech Giants Put On Hold (lien direct) | The hearing between the US government and four tech giants – Amazon, Apple, Facebook and Google, has been postponed to a later date that has yet to be confirmed, the BBC reports. The hearing will look into these companies’ dominance in their respective fields of e-commerce, smartphone software, social media and search. The delay will […] | ★★ | ||
|
2020-07-24 10:36:24 | More Universities Impacted by Blackbaud Data Breach (lien direct) | A ransomware attack on Blackbaud, a US cloud computing provider, back in May has led to data breaches across numerous universities and NGOs. This includes the University of York, University College London, University of London, Human Rights Watch and Young Minds. As a result of Blackbaud’s delay in responding to the incident, it is likely […] | Ransomware Data Breach | ||
|
2020-07-24 10:28:16 | Drone App Made in China Suspected of Spying (lien direct) | An Android application used to control drones possesses a self-update feature that bypasses the Google Play Store which allows it to transfer sensitive data to its manufacturer, Da Jiang Innovations, and potentially the Chinese government. This was confirmed by French researchers at Synacktiv with the GRIMM security research group. “While we can't prove intent, what […] | |||
|
2020-07-24 10:18:15 | Garmin Operations Halted Following Alleged Ransomware Attack (lien direct) | Garmin, a wearable device maker, has suffered an outage of its connected services and call centres as a result of a suspected ransomware attack. It was first revealed following a Tweet from the company’s Indian branch which announced a shutdown of some servers for planned maintenance. Soon after, the same outage message was shared across […] | Ransomware | ||
|
2020-07-23 11:22:16 | Twilio\'s SDK Compromised by Attackers (lien direct) | Twilio is a cloud communications platform as a service (CPaaS) company that enables communications for over 40,000 companies including Twitter, Netflix, Uber, Airbnb and many more. It allows developers to add various communication tools such as voice, video, and messaging as well as authentication capabilities. However, BleepingComputer has reported that hackers had infiltrated Twilio’s TaskRouter […] | Uber | ||
|
2020-07-23 11:06:15 | Private Messages from 36 Twitter Accounts Exposed to Hackers (lien direct) | Following the great Twitter hack last week, it has been revealed that hackers had viewed the private messages of 36 of the affected accounts. While it has not been announced who these accounts belong to, one is believed to be owned by an elected official in the Netherlands. According to Twitter, no other former or […] | Hack | ★★★★★ | |
|
2020-07-23 10:59:33 | New Cryptojacking Botnet Discovered (lien direct) | Researchers at Cisco Talos have identified a new botnet dubbed Prometei which has been active since March of this year. They have described the attacks to be a complex campaign utilising multi-modular malware. It has been spreading across compromised networks through SMB exploits, including the EternalBlue exploit for Windows Server Message Block communication protocol. The […] | ★★★★★ | ||
|
2020-07-23 10:46:49 | Premier League Clubs Targeted by Cyber Hackers, Almost Lost £1M (lien direct) | During a transfer deal, a Premier League club almost lost £1m and this was only halted because of an intervention by the unnamed club’s bank, reports the BBC. A report from the NCSC revealed that the attempted theft came about as a result of an email address hack; specifically, a hack of the Premier League […] | Hack | ||
|
2020-07-22 12:13:16 | Entersekt urges financial institutions not to underestimate the time it will take to meet PSD2 deadline (lien direct) | Entersekt, a global specialist in digital security solutions, is urging banks and other financial institutions not to underestimate the time it will take to meet strong customer authentication (SCA) compliance mandates set by the second Payment Services Directive (PSD2) in Europe. The company has made its SCA checklist and whitepaper “Turning a compliance challenge into […] | |||
|
2020-07-22 11:21:00 | Multiple Vulnerabilities Found in CMS Made Simple and Lime Survey (lien direct) | Edgescan‘s Senior Security Consultant Guram Javakhishvili has identified numerous vulnerabilities across several popular applications. Some of which have not yet been announced to the public until vendors have implemented the appropriate patches. For the moment, however, five vulnerabilities have been found in the content management system, CMS Made Simple, and has been disclosed. Three of which […] | |||
|
2020-07-22 11:12:03 | Unsecured Databases Wiped by \'Meow\' Attack (lien direct) | An automated ‘meow’ attack is circulating the public web targeting dozens of unsecured databases without any explanation or a ransom note. According to BleepingComputer, a simple search on Shodan shows many databases affected by this attack. Many researchers are now scrambling to identify any exposed databases and report them responsibly before they are wiped, or […] | ★★★★★ | ||
|
2020-07-22 10:34:51 | London is the Third Most Surveilled City in the World, Research Finds (lien direct) | Collating data from government reports, police websites, and news articles across 150 countries, cybersecurity analysts at Comparitech have identified London to be the third most surveilled city in the world. London was only one of two cities, the other being Hyderabad in India, outside of China that ranked in the top 20 most surveilled cities. […] | ★★★★★ | ||
|
2020-07-22 10:17:01 | University of York Suffers Data Breach (lien direct) | According to YorkMix, the personal details of staff and students from the University of York have been stolen by hackers. The US tech company, Blackbaud, which provided the university with a customer management system had suffered a ransomware attack in May of this year. However, they only informed the university on the 16th of June. […] | Ransomware Data Breach | ||
|
2020-07-22 09:11:30 | Edgescan finds Critical WordPress Plugin Vulnerabilities – Here\'s All You Need To Know (lien direct) | Edgescan’s Senior Security Consultant Guram Javakhishvili has discovered several vulnerabilities across a number of popular applications. Some of these are not yet publicly available. As soon as the vendor implements the fixes, those issues will also be added to this list and article will be updated accordingly. CMS Made Simple 2.2.13 CMS Made Simple is […] | ★★★ | ||
|
2020-07-21 13:54:27 | Emotet Strikes Back (lien direct) | The past few days has seen the resurgence of Emotet, a dangerous email threat vector that aims to steal sensitive and financial information. ZIX, the cybersecurity company that specialises in email security has uncovered a worrying trend that could lead to users falling victim to cybercriminals seeking to exploit the uncertainty of these precarious times […] | Threat Guideline | ||
|
2020-07-21 12:00:51 | Cybercriminals Leveraging Public Cloud Services for Phishing (lien direct) | According to a report by Check Point, attackers are increasingly leveraging public cloud services to share malicious documents or phishing pages which collect login details. This includes the use of Google Drive but also Microsoft Azure, Microsoft Dynamics and IBM Cloud, finds Bleeping Computer. | ★★ | ||
|
2020-07-21 11:52:36 | Data of over 20 Million Users Leaked through VPN Services (lien direct) | WeLiveSecurity yesterday reported that seven Virtual Private Network (VPN) providers had exposed the personal data of over 20 million users. This is in spite of the fact that they had claimed not to keep any logs of their users online activity. The data leaked included email and home addresses, clear text passwords, IP addresses as […] | ★★★★ | ||
|
2020-07-21 11:40:02 | $7.5 Million Demanded From Telecom Company Following Ransomware Attack (lien direct) | The largest telecommunications company in Argentina fell victim to a ransomware attack on the 18th of July. The attack was largely contained by the company’s IT workers and services such as landlines, mobile phones or the internet do not look to have been affected. However, hackers are now demanding the company pay $7.5 million, or […] | Ransomware | ||
|
2020-07-21 10:33:12 | Report Suggests UK is Russia\'s \'top target\' (lien direct) | According to a report released by the Intelligence and Security Committee, the UK is one of the ‘top targets’ in the West for Russia. The committee has criticised the government for delaying its release and urges for ‘immediate action’ to assist intelligence services in tackling this ‘capable adversary’. Among other topics covered, the ISC’s report […] | ★★★★★ | ||
|
2020-07-20 13:12:25 | Overcoming the Challenges of AppSec Programs in a Remote Working Environment (lien direct) | Patrick Carey, Director of Product Marketing at Synopsys In the 2020 Verizon Data Breach Investigations Report (DBIR), it was found that 43% of data breaches are linked to application vulnerabilities; a number that has more than doubled in comparison to the year prior. Considering recent events, including the COVID-19 outbreak and the Black Lives Matter […] | Data Breach | ||
|
2020-07-20 10:58:25 | Israeli Water Systems Hit with Two More Cyberattacks (lien direct) | Officials from the Israeli Water Authority have announced that their water management facilities have been hit with two more cyber-attacks. These attacks occurred in June but fortunately, did not cause any damage to the affected organisations. One hit an agricultural water pump in upper Galilee and the second hit water pumps in Mateh Yehuda. Source: […] | ★★★★★ | ||
|
2020-07-20 10:52:56 | New Malware Targets 337 Android Apps to Steal Payment Card Details (lien direct) | A new malware called BlackRock has been recently identified by the cybersecurity firm ThreatFabric. This malware has affected over 337 Android app and utilises an overlay with keylogger functionality on top of the legitimate app. It then encourages users to enter in their payment card details in order to ‘access’ the app. Moreover, with the […] | Malware | ★★★★ | |
|
2020-07-20 10:43:46 | England\'s Test and Trace Programme Under Scrutiny (lien direct) | The Open Rights Group (ORG) have accused England’s test and trace programme of breaking a key data protection law since it launched on the 28th of May. The system asks individuals to share sensitive data including name, date of birth, postcode, who they live with, where they have recently visited as well as the name […] | ★★ | ||
|
2020-07-20 10:32:37 | Online Student Personal Data Exposed (lien direct) | According to WizCase, a VPN comparison site, four misconfigured and unencrypted AWS S3 buckets, as well as an unsecured Elasticsearch server, led to the exposure of almost a million online student records. This includes the personal information of children, their parents and teachers. Full names, home addresses, emails, phone numbers, date of birth etc. were […] | ★★ | ||
|
2020-07-17 09:56:51 | Police \'Team Cyber UK\' implementing regional CRC network (lien direct) | IT Security Guru interviewed Nick Bell, detective superintendent and national policing director for Cyber Resilience Centres with the NPCC National Cybercrime Programme. Q1: This is the first role of its kind within policing – why was it important to establish the role? Ans: “Policing needs to reach out across partnerships and the Cyber Resilience Centre […] | ★★★ | ||
|
2020-07-17 07:58:49 | Telecom Company, Orange, Victim of Ransomware Attack (lien direct) | Data from twenty enterprise customers of the French telecommunications company, Orange, have been exposed following a ransomware attack on the 15th of July. The operators behind this Nefilim ransomware supposedly breached the company through their “Orange Business Solutions” division. This division offers business remote support, virtual workstations, system security as well as cloud backups. Source: […] | Ransomware | ||
|
2020-07-17 07:54:04 | COVID-19 Researchers Targeted by Russian State-Sponsored Hackers (lien direct) | According to an advisory issued by the National Cyber Security Centre (NCSC) and counterparts in Canada and America, Russian state-sponsored hackers, APT29 or Cozy Bear, have been attacking organisations working towards a coronavirus vaccine. The campaign has been targeting government agencies, diplomatic bodies, healthcare organisations, thinktanks and the energy sector looking to steal intellectual property. […] | APT 29 | ||
|
2020-07-17 07:47:56 | Phishing Attacks Masked as Amazon Delivery Notices (lien direct) | Armorblox researchers have recently noted a number of campaigns utilising Amazon as a means of lifting credentials and personal information. This is in light of a growing dependence on the e-commerce giant during COVID-19. With many expecting to receive deliveries, one campaign takes advantage through counterfeit notices of a failed delivery attempt. Another campaign utilises […] | |||
|
2020-07-17 07:39:34 | Hacker Forum Welcomes Less Experienced Hackers (lien direct) | Private hacker forums have typically been exclusive to only elite, and highly-skilled cybercriminals. In order to gain access to such forums. Members have to undergo a “rigorous application and interview process,” said researchers. However, a report recently published by Digital Shadows has found that the forum, CryptBB has become increasingly inclusive. Less-experienced hackers are now […] | |||
|
2020-07-16 08:04:19 | High-profile Twitter accounts hacked in Bitcoin scam (lien direct) | Billionaires Jeff Bezos, Bill Gates and Elon Musk amongst other prominent US figures have been targeted by hackers on Twitter in an apparent Bitcoin scam. The official accounts of Joe Biden, Barack Obama and Kanye West were also reportedly hacked to request donations in the cryptocurrency. “Everyone is asking me to give back,” a tweet […] | |||
|
2020-07-15 15:19:52 | Huawei banning – NCSC\'s advice was more nuanced (lien direct) | It will become illegal for UK telecos to buy new Huawei equipment from the end of this year once a new bill takes effect. Culture secretary Oliver Dowden told the house of commons yesterday that the legislation would also require the complete removal of all Huawei kit from 5G networks by 2027. The decision followed advice from the NCSC […] | ★★★ | ||
|
2020-07-15 08:04:25 | New Mirai variant includes exploits for 9 vulnerable products (lien direct) | The impacted products include routers, IP cameras, DVRs, and smart TVs. Nearly four years after Mirai first demonstrated how ordinary Internet-connected devices could be turned into remotely controlled attack systems, variants of the malware continue to surface with troubling regularity. This week, researchers from Trend Micro discovered a brand-new Mirai variant designed to exploit a […] | Malware | ★★ | |
|
2020-07-15 07:51:55 | South Korean regulator fines TikTok for mishandling child data (lien direct) | Video sharing platform TikTok has been fined by a South Korea regulator over mishandling child data. The country’s telecommunications watchdog, The Korea Communications Commission (KCC), said it has fined the company 186 million won — around $155,000 — for failing to protect users’ private data. The fine is equivalent to 3% of the company’s […] | ★★★★ | ||
|
2020-07-14 16:13:58 | CyberSmart raises £5.5million to fund growth following increased demand for cybersecurity (lien direct) | CyberSmart has raised £5.5 million in a heavily oversubscribed Series A funding round led by VC firm IQ Capital and respected cyber security and tech entrepreneur investors. The funding will be used to fund the growth of the company, which enables small to medium-sized businesses (SMBs) to combat the constant threat of cyber-attacks and increasing […] | Threat | ||
|
2020-07-14 08:04:50 | Security firm G4S fined by Serious Fraud Office (lien direct) | Security firm G4S has been fined £44m by the Serious Fraud Office (SFO) as part of an agreement that will see it avoid prosecution for overcharging the Ministry of Justice for the electronic tagging of offenders, some of whom had died. The SFO said G4S had accepted responsibility for three counts of fraud that were […] | |||
|
2020-07-14 08:01:38 | (Déjà vu) Highly-Critical SAP bug that could let attackers take over corporate servers patched (lien direct) | SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, […] | Vulnerability | ||
|
2020-07-14 07:59:19 | COVID-19 could spur authentication without passwords (lien direct) | Passwords have always been a weak link in security, but people are so used to them that getting them to change to a more secure form of authentication has been a difficult task. Could COVID-19 be the catalyst that ends up ushering in passwordless access? The push is slowly happening. Gartner predicts that 60% of […] | |||
|
2020-07-13 15:54:43 | Announcement: Tony Morbin joins IT Security Guru as Editor in Chief (lien direct) | Today Tony Morbin joined IT Security Guru as editor in chief, signalling a drive to further develop this vital news and information source for the cyber security industry. Last week Tony left SC Media UK, the world's longest established cyber security title, where he oversaw the transition from print to digital, as well as more […] | |||
|
2020-07-13 08:35:59 | (Déjà vu) Hacker “revenge hacks” security firm (lien direct) | A hacker claims to have breached the backend servers belonging to a US cybersecurity firm and stolen information from the company’s “data leak detection” service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that have leaked from other companies in previous security breaches. The databases […] | |||
|
2020-07-13 08:32:20 | A look at Evilnum, the APT Group Behind the Malware (lien direct) | The group behind Evilnum malware, that targets financial institutions, appears to be testing new techniques. ESET researchers published an analysis of advanced persistent threat (APT) group Evilnum, known for developing malware of the same name. A detailed look at its activity reveals an evolved toolset and infrastructure that combine custom malware with tools bought from […] | Malware Threat | ||
|
2020-07-13 08:27:51 | (Déjà vu) Malware evading analysis by adding Any.Run sandbox detection (lien direct) | Any.Run is a malware analysis sandbox service that lets researchers and users safely analyse malware without risk to their computers. And now malware developers are checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analysed by researchers. Source: Bleeping Computer | Malware | ||
|
2020-07-10 08:59:13 | Zero-Day Vulnerability Discovered in Zoom (lien direct) | Security researchers recently found a flaw in the videoconferencing software, Zoom, which would have allowed hackers to remotely take control of computers running on old Microsoft Windows operating systems. Specifically, the vulnerability applies to Zoom running on Windows 7 or older operating systems. While Microsoft has attempted to phase out technical support for Windows 7 […] | Vulnerability | ||
|
2020-07-10 08:38:03 | Google to Ban Ads on Stalkerware (lien direct) | This week, Google announced that it would now ban any ads that promote any form of surveillance technology, including stalkerware. As part of an update on Google Ad policies, this change will take effect on the 11th of August 2020. Advertisers will no longer be able to promote the following: Technology that allows intimate partner […] | |||
|
2020-07-10 08:26:47 | Conti Ransomware Possesses Similar Characteristics as Ryuk (lien direct) | First spotted towards the end of December 2019, the Conti ransomware has since increased its number of attacks. It appears that this new ransomware shares certain code as Ryuk. The latter has also begun to disappear, whilst Conti’s distribution is growing. Indeed, it is becoming a considerable threat as it works faster and performs more […] | Ransomware Threat | ||
|
2020-07-10 08:18:52 | Joker Malware Back in Google Play Store (lien direct) | Google has recently removed yet another 11 compromised Android applications from its app store, Google Play, as a new variant of the Joker malware has returned to the store. This has become a recurring theme since 2019 and has continued to have success in manoeuvring past Google Play’s protections as slight changes are made to […] | Malware | ||
|
2020-07-09 15:39:30 | BLOCKAPT\'s Success With The London Office For Rapid Cybersecurity Advancement (lien direct) | BlockAPT announces a major accomplishment in being successful with the London Office for Rapid Cybersecurity Advancement (LORCA) accelerator programme, which is backed by the Department for Digital, Culture, Media & Sport. LORCA helps scale early-stage cyber companies in the UK and internationally. Reinforcing BlockAPT's mission to proactively safeguard organisation's digital assets against persistent cyber threats […] |
To see everything:
Our RSS (filtrered)
