What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-04-06 10:17:05 | Citizen Lab pokes holes in Zoom encryption (lien direct) | Citizen Lab, a research group within the University of Toronto, has been able to drive a proverbial truck through the encryption used by video conferencing app Zoom. In a report where the group said the video platform was not suitable for sharing secrets nor government or business use, Citizen Lab found Zoom has been rolling […] | |||
|
2020-04-06 10:14:28 | 425 GB of financial companies\' data exposed (lien direct) | Researchers at vpnMentor have shared news about a recent data leak which exposed 425 GB in sensitive financial documents. The research team, led by Noam Rotem, uncovered an open database on an app developed by Advantage Capital Funding and Argus Capital Funding. The app, which is now no longer available for download, stored […] | |||
|
2020-04-06 10:13:32 | Data breaches as files sent to wrong address in Ireland (lien direct) | Birth certificates being sent to strangers and missing marriage certificates were among almost 400 data breaches reported at the Department of Social Protection last year. The 371 data breaches represent an increase of more than 60 percent compared with the previous year, when 226 incidents were logged, according to records obtained under freedom of […] | |||
|
2020-04-06 10:11:36 | More ransomware attacks against healthcare sector, warns Interpol (lien direct) | The Interpol has warned of a significant increase in the number of attempted ransomware attacks against hospitals and other healthcare institutions on the front lines of the fight against the Covid-19 pandemic. At this point, the ransomware appears to be spreading primarily via emails – often falsely claiming to contain information or advice regarding the […] | Ransomware | ||
|
2020-04-06 10:10:40 | VPN zero-day used by DarkHotel hackers (lien direct) | Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, […] | Vulnerability | ||
|
2020-04-03 12:39:51 | Onapsis Launches the Onapsis nCase Partner Program (lien direct) | In today's interconnected world, companies need to prioritize their digital transformation more than ever. One way of doing this is to open channels of communication for potential partnerships with other tech providers. This thinking is what lead Onapsis to launch the Onapsis nCase Partner Program, structured on a four-pillar strategy developed by Onapsis' Darren Gaeta […] | Guideline | ||
|
2020-04-03 09:11:00 | Alert Logic Launches Virtual Forums to Drive Industry Consensus on MDR (lien direct) | As part of an initiative to drive a universal industry standard for managed detection and response (MDR), this week Alert Logic announced the availability of its MDR Manifesto and the launch of a seven-part webcast series. Despite the cybersecurity industry's current division on what constitutes MDR, Alert Logic aims to create a standard set of […] | |||
|
2020-04-03 09:00:23 | (Déjà vu) CSS trick used in Office 365 Phishing Attack (lien direct) | A phishing campaign using Office 365 voicemail lures to trick them into visiting landing pages designed to steal their personal information or infect their computers with malware. The phishing emails delivered by the operators behind this series of attacks use the old trick of reversing some of the text elements in the source […] | |||
|
2020-04-03 08:59:40 | Hospitals warned by Microsoft on ransomware attacks (lien direct) | Microsoft has started notifying hospitals vulnerable to known threats, the company announced in a blog post earlier this week. Hospitals and other healthcare institutions around the world are being pushed to their limits thanks to the coronavirus outbreak, and hackers are using it as an opportunity to compromise their networks, steal money and data, and […] | Ransomware | ||
|
2020-04-03 08:59:00 | 14 million users exposed by digital wallet app Key Ring (lien direct) | Led by Noam Rotem and Ran Locar, vpnMentor's research team of ethical hackers, recently discovered a data leak by the popular app Key Ring, that compromised the privacy and security of their 14 million users. Key Ring allows users to upload scans and photos of membership and loyalty cards onto a digital folder on […] | |||
|
2020-04-03 08:58:08 | LinkedIn Data-Mining Feature Removed by Zoom (lien direct) | The feature, criticized for “undisclosed data-mining,” is only the latest privacy faux pas for Zoom this month. Zoom has nixed a feature that came under fire for “undisclosed data mining” of users' names and email addresses, used to match them with their LinkedIn profiles. The feature, the LinkedIn Sales Navigator, is a LinkedIn service […] | |||
|
2020-04-03 08:57:04 | OGUsers hacked for second time this year (lien direct) | OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year. “It appears that someone was able to breach the server through a shell in avatar uploading in the forum software and get access to our current database dating April 2, 2020,” […] | |||
|
2020-04-02 08:55:53 | Jamf researcher discovers Zoom vulnerabilities (lien direct) | The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims' microphone and camera. Two zero-day flaws have been uncovered in Zoom's macOS client version, according to researchers. The web conferencing platform vulnerabilities could give local, unprivileged attackers root privileges, and allow them to access victims' microphone and camera. […] | |||
|
2020-04-02 08:55:01 | VelvetSweatshop Excel encryption spreads LimeRAT malware (lien direct) | A new campaign is spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files. LimeRAT is a simple Trojan designed for Windows machines. The malware is able to install backdoors on infected machines and encrypt files in the same way as typical ransomware strains, add PCs to botnets, and […] | Ransomware Malware | ||
|
2020-04-02 08:53:42 | Holy Water watering hole attacks with malware (lien direct) | With many malicious websites, a user typically needs to click on a link to set off a chain of events that could then lead to a malware infection. But in some cases, all you have to do is visit a particular site to trigger a possible malware attack. That’s true with a series of […] | Malware Guideline | ★★★★ | |
|
2020-04-02 08:52:49 | COVID-19 malware wipes PC and rewrites MBR (lien direct) | With the coronavirus (COVID-19) pandemic raging all over the globe, some malware authors have developed malware that destroys infected systems, either by wiping files or rewriting a computer’s master boot record (MBR). With help from the infosec community, ZDNet has identified at least five malware strains, some distributed in the wild, while others appear […] | Malware | ★★ | |
|
2020-04-02 08:51:56 | WordPress Plugin Bug Locks Admins Out (lien direct) | A second vulnerability could be used to prevent access to almost all of a site's existing content, by simply redirecting visitors. A pair of security vulnerabilities in the WordPress search engine optimization (SEO) plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to […] | Vulnerability | ||
|
2020-04-01 16:03:51 | Nominations Open for the European Cybersecurity Blogger Awards 2020 (lien direct) | Nominations opened today for the seventh annual European Cybersecurity Blogger Awards sponsored by Qualys and powered by Eskenzi PR. Anyone can elect to nominate their favourite cybersecurity bloggers, podcasters, Tweeters, Instagrammers and vloggers; with the winners being announced through a live virtual event on Tuesday 2nd June ay 6pm GMT. After an initial round of […] | |||
|
2020-04-01 13:57:01 | Securing Your Remote Workforce (lien direct) | As mentioned in previous articles, Securonix, has devoted an entire taskforce to outlining key threats that are appearing under the guise of COVID-19 themed domain names or emails. The threat research team has been observing malicious threat actors attempting to exploit an increasing number of the associated cyberattack vectors such as: Ransomware using weaponized COVID-19/coronavirus-related documents disrupting critical healthcare and […] | Ransomware Threat | ||
|
2020-04-01 11:16:14 | A technical risk assessment of COVID-19 (lien direct) | There's a lot of information and misinformation out there surrounding COVID-19, aka the Coronavirus. It dawned on me that writing risks is literally one of the fundamental skills of an information / IT / Cyber security professional. So why not try to make sense of the whole pandemic by thinking of it like malware. […] | |||
|
2020-04-01 09:49:36 | 135 Million Records Leaked by Backup Company (lien direct) | A company claiming to provide “the world's most secure online backup” leaked metadata and customer information in over 135 million records after misconfiguring an online database, Infosecurity has learned. The team at vpnMentor discovered the privacy snafu as part of its ongoing web mapping project that has already uncovered major cloud data leaks at brands […] | |||
|
2020-04-01 09:48:47 | 5.2 Million Guests Affected by Second Marriot Breach (lien direct) | Hotel chain Marriott International announced today that it has suffered a second data breach. According to an incident notification published on their website, the company spotted unusual activity occurring in an app that guests use to access services during their stay. An investigation into the activity revealed that the login credentials of two Marriott employees […] | |||
|
2020-04-01 09:47:47 | 42M Users\' Data leaked by Unofficial Telegram App (lien direct) | While Telegram isn't giving up its ongoing legal battle with United States regulators to launch its TON blockchain project, some online perpetrators are taking advantage of the messenger's popularity to expose millions of user records of third-party versions of Telegram app. Per an investigation by cybersecurity firm Comparitech and security researcher Bob Diachenko, at least […] | |||
|
2020-04-01 09:46:17 | Zoom hit by lawsuit, shares fall (lien direct) | Shares in Zoom Video Communications dipped 3.8 per cent on Tuesday following a lawsuit by a user who claims the videoconferencing service illegally disclosed personal information. While Zoom shares have fallen so far this week, the stock has more than doubled from the $62 closing price on its first day of trading in April last […] | |||
|
2020-04-01 09:44:39 | Hackers Attack Health Providers and Demand Ransom (lien direct) | When hackers broke into computers at Hammersmith Medicines Research, a London-based company that carries out clinical trials for new medicines, it was a nightmare scenario for managing director Malcolm Boyce. The coronavirus crisis was just beginning to take hold in the U.K., and the company was in talks with other firms about potentially testing a […] | |||
|
2020-03-31 13:19:02 | DomainTools supports the open-source security community and its customers with new TheHive and Cortex integration capabilities (lien direct) | The success of open source and collaborative projects depends on the community that supports them. The development model is driven solely by a common goal, and has consistently been an invaluable resource for the IT and IT security industries. Guided by the common goal of making the internet a little more secure and to help […] | |||
|
2020-03-31 12:07:28 | DomainTools\' Iris Helps L3Harris Technologies Investigate Advanced Persistent Threats And Cyber Espionage Attampts (lien direct) | As one of the largest global defense companies, L3Harris provides mission-critical solutions to connect and protect the world, serving customers in more than 130 countries. Given the nature of the company's industry, L3Harris faces numerous facets of cybersecurity threats from advanced adversaries and nation states. The company's 24×7 computer security incident response team (CSIRT) analysts […] | |||
|
2020-03-31 10:55:14 | According to Gurucul: Two in Three Cybersecurity Professionals Access Documents Unrelated to their Role (lien direct) | According to a report released today by Gurucul, a leader in unified security and risk analytics technology for on-premises and the cloud, 65 per cent of nearly 300 international cybersecurity professionals surveyed at RSA Conference 2020 admit to having accessed company documents that have nothing to do with their job role. The survey was conducted to gauge how […] | Guideline | ||
|
2020-03-31 09:44:43 | Houseparty deny breach in the face of hacking rumours (lien direct) | RUMOURS that popular video-calling app Houseparty has been “hacked” are spreading like wildfire online – but its creators deny a breach. The chat app has quickly become a viral hit in recent weeks, but terrified users are now deleting the app over fears Houseparty has been compromised. As the world goes into lockdown due to […] | |||
|
2020-03-31 09:43:18 | “You Are Infected” message sent by hackers during Coronavirus pandemic (lien direct) | Security researchers at KnowBe4 have identified a new phishing scam that involves phishers luring Internet users to download malicious documents attached to fake emails that appear to have been sent by a hospital. The fake emails sent by the phishers informed recipients that they recently came into contact with an acquaintance who had COVID-19, […] | |||
|
2020-03-31 09:42:30 | Coronavirus scammers face crackdown (lien direct) | Downing Street is working with social-media companies to counter fake news and misinformation on coronavirus, as well as take down fraud and phishing campaigns looking to exploit the outbreak. The misinformation ‘rapid-response unit’ – based across the Department for Digital, Culture, Media and Sport (DCMS), Cabinet Office and Number 10 – looks to take down […] | |||
|
2020-03-31 09:40:00 | Dharma ransomware for sale (lien direct) | An unidentified party has reportedly placed the source code for Dharma ransomware up for sale on at least two Russian hacker forums, adding a formidable new competitor to an already crowded underground market. And while cybercriminals have met the offer with some healthy skepticism, the bargain-basement selling price of $2,000 may be alluring enough for […] | Ransomware | ||
|
2020-03-31 09:39:04 | Drop in Nation-State Attacks According to Google Analysis (lien direct) | Google has registered a significant drop in government-backed cyberattacks against its properties and the people who use its products. Google sends out warnings if it detects that an account is a target of government-backed phishing or malware attempts. For 2019, the internet giant sent almost 40,000 warnings – which, while a large number, is […] | Malware | ||
|
2020-03-30 10:08:30 | Increase in RDP and VPN use since COVID-19 (lien direct) | The use of remote access technologies like RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) has skyrocketed 41% and 33%, respectively, since the onset of the coronavirus (COVID-19) outbreak. The move comes as a large number of companies have asked staff to work from home, which usually entails connecting to internal intranets via remote […] | |||
|
2020-03-30 10:03:15 | Georgia voter records published (lien direct) | Voter information for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum over the weekend, on Saturday. Personal information such as full names, home addresses, dates of birth, ID numbers, and mobile phone numbers were shared online in a 1.04 GB MDB (Microsoft Access database) file. The leaked […] | |||
|
2020-03-30 10:02:27 | Fraudsters target Westpac customers (lien direct) | Scammers have sent out a text message claiming all Westpac accounts have been frozen unless customers click on a link and provide their account details. They tried using the coronavirus chaos to fool unsuspecting Australians with the SMS caps lock title: ‘Important message from Westpac’. ‘For the safety of our customers due to the recent […] | |||
|
2020-03-30 10:00:37 | Fraudulent coronavirus sites removed (lien direct) | More than 180 fraudulent coronavirus websites targeting vulnerable people have been taken down in the UK since the start of the outbreak. Nominet, the national domain name registry, said it had seen a surge in fraudsters spoofing government websites in an attempt to trick Britons into handing over their bank details and private data. […] | |||
|
2020-03-30 10:00:01 | Facebook data collection removed from Zoom iOS app (lien direct) | Video conferencing app Zoom is enjoying a huge spike in users as a result of the COVID-19 pandemic, as massive swathes of the world’s workforce work from home at the same time. You would likely expect that such a rise to popularity might bring some road-bumps along the way, though, and Zoom has announced that […] | |||
|
2020-03-27 14:10:31 | The Great Security Survivor: Experts on Ransomware (lien direct) | If a layman pictures a cyberattack, the likelihood is they picture a ransomware attack: The screens overcome by a malicious message, locking up systems and demanding payment to a shadowy organisation or individual. This cultural ubiquity does not exist in a vacuum: Where other forms of cybercrime have gone in and out of fashion based […] | Ransomware | ||
|
2020-03-27 14:05:28 | 37.9% of Untrained End Users Will Fail a Phishing Test According to KnowBe4 (lien direct) | KnowBe4's new Phishing by Industry Benchmarking Report, published this week, reveals organisation's Phish-Prone percentage (PPP), which indicates how many of their employees are likely to fall for a phishing or social engineering scam. The initial baseline phishing test was administered to organisations that hadn't conducted any KnowBe4 security awareness training. The results indicated a high […] | |||
|
2020-03-27 11:44:16 | Fighting cybercriminals is an ongoing battle (lien direct) | If these uncertain times have proved anything it is that now, more than ever, maintaining cybersecurity is critical to ensuring business as usual; especially as the workforce is moving towards a remote working environment. This means that even the slightest disruption to daily operations can cause catastrophic damage to businesses, many of whom are already […] | |||
|
2020-03-27 11:01:19 | Chubb data stolen by Maze ransomware (lien direct) | Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, has itself become a target of a data breach. The insurance giant told TechCrunch it was investigating a “security incident” involving the unauthorized access to data belonging to an unnamed third-party. Chubb spokesperson Jeffrey Zack said the company had “no evidence” the incident […] | Ransomware | ||
|
2020-03-27 11:00:27 | Three customers targeted by phishing attack (lien direct) | Cyber criminals are posing as UK mobile network operator Three as part of a sophisticated phishing campaign designed to extract the financial details of its customers. The attack relies on a well-spoofed HTML document that entices Three customers to hand over everything from their password and personal details to credit card and payment information. Source: […] | |||
|
2020-03-27 10:58:58 | (Déjà vu) Hospitals still targeted by ransomware during Coronavirus pandemic (lien direct) | The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic. Last week BleepingComputer contacted various ransomware groups and asked if they would target hospitals and other healthcare organizations during the pandemic. Source: Bleeping Computer | Ransomware | ||
|
2020-03-27 10:58:22 | Phishing emails up 667% in less than a month (lien direct) | Phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic, according to Barracuda Networks. The security vendor observed just 137 incidents in January, rising to 1188 in February and 9116 so far in March. Around 2% of the […] | |||
|
2020-03-27 10:57:35 | (Déjà vu) 40,000 State-Sponsored Attacks in 2019 according to Google (lien direct) | Google says that it delivered almost 40,000 alerts of state-sponsored phishing or malware hacking attempts to its users during 2019, with a 25% drop when compared to the previous year. One of the reasons behind this notable drop in the number of government-backed hacking incidents is the increasingly effective protections Google sets up to protect […] | Malware | ||
|
2020-03-26 16:25:50 | Is SaaS the future of cybersecurity? (lien direct) | A security software-as-a-service solution that continuously scans the entirety of an organisation's digital assets is perhaps the clearest indicator of how much the cybersecurity world has changed since the old days, when one ad-hoc penetration test and an antivirus would do the trick. We asked Eoin Keary, CEO and founder of edgescan, to tell us […] | |||
|
2020-03-26 10:49:35 | Ransomware Gangs Join group to Leak Data (lien direct) | In recent days, Nefilim, CLOP and Sekhmet have become the latest ransomware operations to launch data-leaking sites, as Bleeping Computer first reported on Tuesday. CLOP has been tied to an attack against Maastricht University in the Netherlands that resulted in the institution paying attackers a ransom of 30 bitcoins (now worth about $200,000). Nefilim […] | Ransomware | ||
|
2020-03-26 10:47:45 | Cloud Storage Exposes Information on 270,000 Users (lien direct) | Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor's research team recently found a serious breach in an open Amazon S3 bucket owned by secure cloud storage provider Data Deposit Box. The leak exposed detailed information about 270,000 private files uploaded by customers through the company's secure cloud storage service. The database also […] | |||
|
2020-03-26 10:44:25 | Cisco, Citrix Flaws Exploited by Chinese Hackers (lien direct) | Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they've seen from a Chinese-linked actor “in recent years.” Researchers warn that APT41, a notorious China-linked threat group, has targeted more than 75 organizations worldwide in “one of the broadest campaigns by a Chinese cyber-espionage actor observed in recent years.” […] | Threat Guideline | APT 41 |
To see everything:
Our RSS (filtrered)
