What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-09 10:11:49 | USB Poses Significant Risk to OT Security (lien direct) | According to a Honeywell report, the use of USBs are the second most widespread industrial vector vulnerability within operational technology. Whilst the number of threats disrupting OT was at 26% in 2018, this percentage has significantly risen to 59% today. “This isn't a case of accidental exposure to viruses through USB,” said Eric Knapp, director […] | Vulnerability | ||
|
2020-07-09 09:49:54 | Ecommerce Sites Used by Russian Fraudsters to Verify Stolen Credit Cards (lien direct) | Ecommerce sites are being used by a Russian fraud group to check that the credit cards they have stolen continue to be valid. Discovered by the anti-fraud company, Sift, the criminal gang, also known as Bargain Bear, employs a new approach that does not raise suspicion with the card owner. To do this, they create […] | |||
|
2020-07-09 07:46:10 | Fifteen Billion Usernames and Passwords For Sale on Dark Web (lien direct) | According to a report by Digital Shadows Photon Research Team, there is at present 15 billion usernames and passwords for sale on the dark web. This is as a result of 100,000 different data breaches that have taken place over the course of the last two years; that is, a 300% increase in stolen credentials. […] | |||
|
2020-07-08 12:04:09 | Gambling App, Clubillion, Suffers Data Breach (lien direct) | Following a breach in the technical database, the casino gambling app, Clubillion, was found recording the daily activities of millions of players across the globe. Alongside this, the vpnMentor research team, also revealed that private user information has been exposed. This puts millions of users at risk of further cyberattacks, not least phishing. Source: European […] | Data Breach | ||
|
2020-07-08 11:18:32 | 6000 F5 Devices At Risk of CyberAttack Once Again (lien direct) | It has been revealed by security firm, CRITICALSTART, that mitigation of the severely critical security flaw in F5 Networks’ BIG-IP tool can be bypassed. This leaves another 6,000 F5 devices exposed to an attack once again. Source: Computer Business Review | Tool | ||
|
2020-07-08 11:08:13 | Malware Sent Through Fake TikTok Links (lien direct) | It has recently been discovered that fake TikTok links are being used by cybercriminals to spread malware that captures user data. As part of 59 other Chinese apps banned in India due to privacy concerns, hackers are now leveraging this to target gullible individuals hoping to download the app. The Maharashtra Cyber Police has warned citizens […] | Malware | ||
|
2020-07-08 11:01:21 | Cosmic Lynx, First Known Russian BEC Group, Discovered (lien direct) | Since last July, senior-level executives across 46 different countries were targeted by the business email compromise group, Cosmic Lynx. This is the first known Russian BEC group outside of Nigerian scanners looking to exploit this email-based attack vector. Researchers have found that Cosmic Lynx specifically targets companies that don’t use DMARC and utilises a “mergers […] | |||
|
2020-07-07 13:51:30 | Chinese-state-sponsored hackers spying on ethnic minorities worldwide (lien direct) | Chinese-state sponsored hackers have been using Android spyware tools to target ethnic minority groups particularly Uighurs, Tibetans, and Muslims, across 15 countries which include Malaysia, Turkey, Indonesia and Kazakhstan. First discovered by mobile cybersecurity providers Lookout, the primary aim of these apps is to track, gather and exfiltrate personal user data to attacker-operated command-and-control servers, with […] | |||
|
2020-07-07 11:21:14 | TikTok to No Longer Operate in Hong Kong (lien direct) | Following the imposition of new national security laws by Beijing, TikTok has announced its withdrawal to operate in Hong Kong. Owned by China-based ByteDance, TikTok has been persistent in denying any affiliation with Chinese authorities or in sharing user data. This withdrawal from Hong Kong app stores is expected to take several days. Source: The […] | |||
|
2020-07-07 11:12:58 | Data Breach Fines Predicted to Increase in the Next Few Years (lien direct) | According to a study by DSA Connect, out of a thousand workers interviewed, 37% believe there will be an increase in fines for data breaches between 2020 and 2025, whilst 6% affirm the rise will be dramatic. The principal reason behind this anticipated rise is due to employees gaining greater access to data. In the […] | Data Breach | ||
|
2020-07-07 11:05:03 | Subsidiary of DXC Technology Suffers Ransomware Attack (lien direct) | Xchanging, a managed service provider for those in the insurance industry, has recently informed its investors of a ransomware attack on some of its systems. The incident was initially reported on the 5th of July but representatives of the company claimed that the ransomware did not spread outside of the Xchanging network. Moreover, investigations appear […] | Ransomware | ||
|
2020-07-07 10:57:38 | Study Finds Home Routers Riddled with Vulnerabilities (lien direct) | According to research conducted by Frauhofer Institute, out of 127 home routers from seven different manufacturers throughout Europe, 46 were not updated in 12 months. Others had not been updated for more than five years, leaving many routers vulnerable to attack. Despite the fact that vendors have the capability to distribute security patches more often, […] | |||
|
2020-07-06 13:09:38 | Four reasons edge computing is critical for IoT (lien direct) | The adoption of IoT is increasing rapidly. By 2021, it is expected that 35 billion IoT devices will be installed worldwide. While there is an opportunity for businesses to utilise all the benefits of IoT however, many traditional data centres don't have the bandwidth to handle the large volumes of data collected by IoT devices. […] | |||
|
2020-07-06 12:56:58 | Israel Supposedly Executed Cyberattacks Resulting in the Explosion of Iranian Nuclear Sites (lien direct) | Israel has been accused of executing cyberattacks in retaliation for an Iranian attempt to hack the Israelian water infrastructure. These attacks have supposedly been the cause of two explosions at Iranian nuclear sites, one working on uranium enrichment and the other on missile production. According to an unnamed senior source, Iran’s nuclear enrichment programme has […] | Hack | ||
|
2020-07-06 12:45:33 | OnePlus Fixes Vulnerability That Could Have Exposed Customer Personal Data (lien direct) | OnePlus, a Chinese phone manufacturer, recently spotted a vulnerability in its system which deals with out-of-warranty repairs for devices in the US. Through a link used to make a payment for repairs, customers could access the personal information of other customers. This includes names, addresses, phone numbers, email addresses as well as further information on […] | Vulnerability | ||
|
2020-07-06 11:48:06 | Vulnerability Allows Cybercriminals to Evade Malware Detection (lien direct) | As a result of a Path Traversal bug in the .NET Core library of Microsoft, attackers could now implement malicious code on to a system without being detected by antivirus and end-point detection software. Paul Laîné of Context Information Security was the first to find this vulnerability and claims that this is made possible because […] | Malware Vulnerability | ||
|
2020-07-06 10:32:55 | North Korea Supposedly Behind Web Skimming Attacks (lien direct) | According to a report released by SanSec, a state-sponsored hacking group from North Korea may be behind the cyberattacks of online stores ongoing since May 2019. This includes, the breach of the accessories store chain, Claire’s. The hacking group have been hacking into online stores to insert malicious code which then steals payment card details […] | |||
|
2020-07-03 13:50:11 | CASE STUDY – Securing a remote workforce: customer spotlight on LegalEdge (lien direct) | LegalEdge had a remote workforce back when it was still a choice. For ten years, LegalEdge has made in-house legal services accessible to small businesses and start-ups using a uniquely flexible model and a completely remote team of lawyers. Helen Goldberg, COO Legal Edge We sat down with Helen to learn more about her security needs and […] | |||
|
2020-07-03 09:49:20 | Will iPhone replace your passport and driver\'s license soon? (lien direct) | Apple has actively been working on making iPhone the sole thing people have to carry while out and about. The company has successfully eliminated the need to carry items such as diary, laptop, car insurance card, credit card, home keys, etc. They also recently announced plans to help humanity get rid of the need for […] | |||
|
2020-07-03 09:47:45 | Vulnerability in popular bitcoin wallets can be exploited for fraud (lien direct) | A new vulnerability in some popular bitcoin wallets can be exploited by scammers to commit fraud and even make the wallets themselves unusable. Discovered by wallet startup ZenGo, the vulnerability, dubbed “BigSpender,” was found in bitcoin wallets from Ledger Live, Edge and Breadwallet – but potentially affects others as well. The vulnerability allows a scammer […] | Vulnerability | ||
|
2020-07-03 09:44:56 | Researchers Uncover Zero-Day Vulnerability on Cisco Routers (lien direct) | CyCognito Inc today announced its research team has uncovered a significant Cross-Site Scripting (XSS) vulnerability on the web admin interface of Cisco small business router models RV042 and RV042G. Cisco routers are popular around the world, and the company has approximately 50% market share in the router and switch market globally. This vulnerability gives attackers […] | Vulnerability | ||
|
2020-07-02 13:12:14 | One Identity PAM Portfolio Given Overall Leader Status by KuppingerCole for Second Year Running (lien direct) | One Identity, provider of identity-centered security, today announced the company's 2nd second consecutive year being named an Overall Leader for its Privileged Access Management solutions in KuppingerCole's 2020 Leadership Compass for Privileged Access Management (PAM) report. 1 This recognition follows One Identity's recent placement as an Overall Leader in KuppingerCole's Leadership Compass for Identity Governance […] | Guideline | ||
|
2020-07-02 10:12:55 | Zoom makes more security updates (lien direct) | Zoom has been on an epic security journey since the coronavirus pandemic began. As the video conferencing app's users surged to hundreds of millions within weeks, security issues and vulnerabilities left trust in Zoom at an all-time low. But Zoom quickly responded to criticism of its security with a 90 day plan outlined on April […] | |||
|
2020-07-02 10:08:05 | Hacker claims TikTok rival Chingari\'s developer website has malware (lien direct) | TikTok's rising alternative, Chingari, has been doing the rounds on social media crossing several million downloads in the last few days. However, a new report indicates that the website of the company behind the app has malicious content pinned to its webpages. Robert Baptiste, a security researcher going by the twitter name Elliot Anderson said that […] | Malware | ||
|
2020-07-02 09:42:43 | (Déjà vu) US news sites attacked with WastedLocker ransomware (lien direct) | Dozens of US newspaper websites owned by the same company were hacked by the Evil Corp gang to infect the employees of over 30 major US private firms. The cybercriminal outfit lured users with fake software update alerts displayed by the malicious SocGholish JavaScript-based framework. After downloads were made, the employees’ computers were the used […] | Ransomware | ||
|
2020-07-01 15:18:13 | Guest Blog: Ripple20 Zeek Package Open Sourced (lien direct) | Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/device vendors. Think 100s of millions/billions of devices and you are in the right ballpark. The set of vulnerabilities is collectively known as “Ripple20” , and yes […] | |||
|
2020-07-01 11:54:47 | Calling all Cybersecurity Heroes for Unsung Heroes Awards! (lien direct) | Eskenzi PR has today announced that the fifth annual Security Serious Unsung Heroes Awards are open for nominations. The 2020 awards are a chance to celebrate the people, not products, on the front lines of battling cyber threats – whether that be in the classroom, in law enforcement or within corporate organisations. A new category has been added this year for those helping to keep UK […] | |||
|
2020-07-01 10:00:57 | (Déjà vu) EvilQuest malware uses ransomware as decoy to steal data from Macs (lien direct) | A new info-stealer and data wiper malware called EvilQuest uses ransomware as a cover to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers. EvilQuest was first spotted by K7 Lab malware researcher Dinesh Devadoss and analysed by Malwarebytes’ Director of Mac & Mobile Thomas […] | Ransomware Malware | ||
|
2020-07-01 09:51:07 | (Déjà vu) Xerox Corporation victim of Maze ransomware (lien direct) | Xerox Corporation is the latest victim of the Maze ransomware operators. Hackers have encrypted its files and threatened to release them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but the Maze ransomware operators published some screenshots that show […] | Ransomware | ||
|
2020-07-01 09:44:21 | Fakespy Masquerades as Postal Service Apps Around the World (lien direct) | The Cybereason Nocturnus team is investigating a new campaign involving FakeSpy, an Android mobile malware that emerged around October 2017. FakeSpy is an information stealer used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more. FakeSpy first targeted South Korean and […] | Malware | ||
|
2020-06-30 10:24:38 | Pro-democracy groups in Hong Kong disband after security law passed (lien direct) | One of Hong Kong's most prominent pro-democracy activists, has disbanded his party after China's top legislative body passed a national security law for the territory. Tam Yiu-chung, a member of China's rubber-stamp legislature, said full details of the law would only be released once the meeting closed on Tuesday. But in a sign that the […] | |||
|
2020-06-30 10:20:13 | StrongPity APT Group Targeting victims in Syria and Turkey using watering hole tactics (lien direct) | Bitdefender researchers identified the APT group StrongPity targeting victims in Syria and Turkey. They used watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover […] | |||
|
2020-06-30 10:15:16 | India Bans 59 Chinese Mobile Apps Over \'Security\' (lien direct) | On Monday, India banned 59 Chinese mobile apps, including TikTok and WeChat, over national security and privacy concerns – two weeks after a deadly Himalayan border clash between the nuclear-armed neighbours. Relations between the world’s two most populous nations have been strained following the deaths of 20 Indian troops in hand-to-hand fighting with their Chinese […] | |||
|
2020-06-30 10:11:52 | Warnings over PAN-OS security bug (lien direct) | In a warning given by the US Cyber Command, it said that foreign state-sponsored hacking groups were likely to exploit a major security bug disclosed in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks. “Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use,” […] | |||
|
2020-06-29 13:31:00 | Securing the mobile channel amidst FBI cautions (lien direct) | Entersekt, a global specialist in digital security solutions, today released its updated guidance for financial institutions, Securing the Mobile Banking Channel, a white paper. This follows the FBI warning that an increase in attacks on banking applications by cybercriminals and fraudsters is likely, as consumers stuck at home during the COVID-19 pandemic rely more heavily […] | |||
|
2020-06-29 13:24:03 | Untrained and Malicious Users Biggest Cause for Concern Among UK IT Professionals (lien direct) | Following on the success of last year's global report, KnowBe4 has today released the findings of 'The 2020 What Keeps You Up at Night Report”. This year, KnowBe4 delves into the issues that specifically trouble UK-based organisations and IT experts, including attack types, security initiatives as well as organisational constraints. An in-depth analysis examined just […] | |||
|
2020-06-29 11:28:01 | Computer Misuse Act Requires Updating (lien direct) | Reaching its 30th anniversary of reaching royal assent, a group of cybersecurity organisations have issued an open letter to Prime Minister Boris Johnson, asking for an update to the Computer Misuse Act (CMA) to make it fit for the digital age. “In 1990, when the CMA became law, only 0.5% of the UK population used […] | |||
|
2020-06-29 11:12:44 | Study Tool OneClass Accidentally Exposes Millions of Records (lien direct) | Researchers at vpnMentor say that an improperly-secured online database belonging to OneClass has left the private information of more than a million students exposed. The tool lets students share class notes and study guides. vpnMentor researchers discovered the database while performing a series of routine Internet scans and estimates that the exposed OneClass database included nearly […] | Tool | ||
|
2020-06-29 10:54:29 | University of California Paid Cybercriminals a £1 Million Ransom (lien direct) | The University of California, San Francisco (UCSF) says it paid cybercriminals $1.14 million (£1 million) to decrypt a “limited number of servers” in its School of Medicine that was hit by Netwalker ransomware earlier this month. The University – which has 10 campuses around California - was hit by the ransomware attack on June 1. It […] | Ransomware | ||
|
2020-06-29 10:46:12 | Office 365 users could be targeted with Coronavirus training resources (lien direct) | Threat actors are continuing to use Coronavirus lures and adapting their techniques to the current situation depending on the state of businesses in each region. In places where the Coronavirus is still spreading, cybercriminals use COVID-19 lures. In other regions where the pandemic is under control, they are targeting people returning to the workplace by […] | |||
|
2020-06-29 10:40:02 | “Golang” malware used to target Windows and Linux machines (lien direct) | Cyber-security researchers at Barracuda have identified a new variant of cryptominer malware called Golang, which is being used by China-based hackers to target both Windows and Linux machines. The new malware variant tries to mine Monero, an open-source cryptocurrency and researchers have spotted seven IP addresses linked to this it so far, all based out […] | Malware | ||
|
2020-06-26 11:36:59 | 26.8% of all crimes in Singapore last year were cybercrime (lien direct) | According to the Singapore Cyber Landscape 2019 report released Friday by the Cyber Security Agency of Singapore (CSA), cybercrime accounted for 26.8% of all crimes last year with e-commerce scams being the most popular. In 2018, there were a total of 6,215 cybercrime cases. Last year, this increased to 9,430 cases. Typically, victims of e-commerce […] | |||
|
2020-06-26 11:27:05 | Companies made to install compromised tax software (lien direct) | Two UK-based companies, a technology/software vendor as well as a major financial institution, have been forced by a Chinese bank to install tax software on their systems. However, the software was compromised with malware. “Discussions with our client revealed that [the malware] was part of their bank’s required tax software,” Trustwave said today. “They informed […] | |||
|
2020-06-26 11:21:35 | (Déjà vu) Biggest PPS DDoS attack on European Bank (lien direct) | A European bank has fallen victim to a huge distributed denial-of-service (DDoS) attack that sent to its networking gear a flood of 809 million packets per second (PPS). This attack is potentially the largest one to have ever occurred with a relatively small footprint of just 418Gbps. DDoS attack differentiates depending on the method used. […] | |||
|
2020-06-26 11:16:41 | Coronavirus training resources used as a phishing ploy (lien direct) | Coronavirus training resources are being used as a phishing ploy as COVID-19 restrictions lift and employees begin returning to the workplace. This phishing campaign leverages new training programs that are required for employees to undertake, in order to comply with coronavirus regulations. Specifically, the campaign targets Office 365 users and sends a fraudulent link for […] | |||
|
2020-06-26 10:29:22 | Boston bans use of facial recognition technology (lien direct) | Following San Francisco, Boston is now the second-largest city in the world to ban the use of facial recognition technology by police and city agencies, as well as the procurement of facial surveillance from a third party. This was determined on Wednesday, with a veto-proof majority and is with Mayor Martin J. Walsh who will […] | |||
|
2020-06-26 10:15:17 | LG Electronics Fall Victim to Ransomware Attack (lien direct) | South Korean multinational LG Electronics have supposedly had their website breached and locked by Maze ransomware operators. No details about this attack have been released as of yet, but the cyber criminals claim to have stolen proprietary information for projects involving big US companies. If their ransom demands are not met, or contact with the […] | Ransomware | ||
|
2020-06-25 10:02:32 | (Déjà vu) $50K+ rewards for PlayStation bug bounty program (lien direct) | Sony today announced the launch of a public PlayStation bug bounty program to pay security researchers and gamers for security vulnerabilities found in PlayStation 4 devices, the PlayStation Network domains. According to the company’s new PlayStation bug bounty program (aka Vulnerability Disclosure Program) hosted on HackerOne, Sony wants the research community to report any issues found in […] | |||
|
2020-06-25 09:58:42 | 67% of malware in Q1 2020 delivered via encrypted HTTPS connections (lien direct) | 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and 72% of encrypted malware was classified as zero day, so would have evaded signature-based antivirus protection, according to WatchGuard. These findings show that without HTTPS inspection of encrypted traffic and advanced behavior-based threat detection and response, organizations are missing up to […] | Malware Threat | ||
|
2020-06-25 09:31:08 | Google will automatically delete data it collect on users (lien direct) | Google is changing its default settings to automatically delete some of the data it collects about users. Web and app activity, including a log of website searches and pages visited, as well as location data, will now be wiped after 18 months. YouTube histories – including which clips were watched and for how long – […] |
To see everything:
Our RSS (filtrered)
