What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-03-26 10:47:45 | Cloud Storage Exposes Information on 270,000 Users (lien direct) | Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor's research team recently found a serious breach in an open Amazon S3 bucket owned by secure cloud storage provider Data Deposit Box. The leak exposed detailed information about 270,000 private files uploaded by customers through the company's secure cloud storage service. The database also […] | |||
|
2020-03-26 10:44:25 | Cisco, Citrix Flaws Exploited by Chinese Hackers (lien direct) | Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they've seen from a Chinese-linked actor “in recent years.” Researchers warn that APT41, a notorious China-linked threat group, has targeted more than 75 organizations worldwide in “one of the broadest campaigns by a Chinese cyber-espionage actor observed in recent years.” […] | Threat Guideline | APT 41 | |
|
2020-03-26 10:43:29 | Brazilian data protection regulations threatened (lien direct) | The COVID-19 crisis will likely result in the postponement of the go-live date for Brazil’s general data protection regulations. According to industry observers, the pandemic is seen as a fair justification to delay the go-live date for the regulations, which are due to be enforced in August 2020. A bill authored by congressman Carlos […] | |||
|
2020-03-26 10:42:23 | 400 Professionals Volunteer to Fight Coronavirus Hacking (lien direct) | An international group of nearly 400 volunteers with expertise in cybersecurity formed on Wednesday to fight hacking related to the novel coronavirus. Called the COVID-19 CTI League, for cyber threat intelligence, the group spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft Corp. and Amazon.com Inc. […] | Threat | ||
|
2020-03-25 14:57:02 | Executives Believe Employees are the Greatest Threat to Critical Infrastructure Security According to Nozomi Networks (lien direct) | Over 400 C-level executives from critical infrastructure organisations across North America, Europe and Asia/Pacific were surveyed in a report sponsored in part by Nozomi Networks titled “Weathering the Perfect Storm: Securing the Cyber-Physical Systems of Critical Infrastructure”. The report found that most (88%) critical infrastructure organisations have, or are currently, integrating their IT, OT, IoT […] | Threat | ||
|
2020-03-25 11:15:29 | (Déjà vu) GE Discloses Data Breach (lien direct) | Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE’s service providers. GE is a multinational operating in a wide range of tech segments including aviation, power, healthcare, and renewable energy, and it […] | Data Breach | ||
|
2020-03-25 11:14:47 | Middle East firms face cyber espionage attempts from Russian hackers (lien direct) | As per Trend Micro's research, since May 2019, a Russian state-sponsored notorious cyber espionage threat group called Pawn Storm (also known as Fancy Bear or APT28) has been scanning servers for reusing previously compromised emails. The compromised email addresses are used to carry out phishing campaigns, targeted mainly at defense firms from the Middle […] | Threat | APT 28 | |
|
2020-03-25 11:13:17 | Hospitals in Spain targeted by Netwalker ransomware (lien direct) | Hospitals in Spain have been targeted with coronavirus-themed phishing lures by attackers looking to lock-down their systems with Netwalker ransomware. Local reports indicate that medical centres have been receiving emails purporting to offer “information on COVID-19”, but with PDF attachments that activate the ransomware, commonly associated with computer crime groups in Eastern Europe. Source: Computing.com | Ransomware | ||
|
2020-03-25 11:10:13 | Microsoft warns Windows users of unfixable hack attack (lien direct) | MICROSOFT has warned of hackers exploiting a new vulnerability that can be found in all supported versions of Windows. If successfully manipulated by a cyber-criminal, it would be possible for them to run malware on a victim’s device. Source: The Sun | Malware Hack Vulnerability | ||
|
2020-03-25 11:09:28 | HHS website vulnerability leads to Coronavirus-themed phishing attack (lien direct) | A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services' website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website's “parameter values (the portion of URL after “?”) in an HTTP […] | Malware Vulnerability | ||
|
2020-03-24 09:54:55 | COVID-19 UK app \'must respect privacy rights\' (lien direct) | UK health chiefs are being urged to safeguard people’s privacy as they develop an app to help tackle the coronavirus pandemic. An open letter published by a group of “responsible technologists” warns that if corners are cut, the public’s trust in the NHS will be undermined. And it urges those in charge to be more […] | |||
|
2020-03-24 09:54:17 | COVID-19 misinformation tweets removed by Twitter (lien direct) | Twitter has emphasised that while it attempts to curb any misinformation about COVID-19, it is unable to take “enforcement action on every tweet”. “As we communicated last week, COVID-19 is affecting our content moderation capacities in unique ways, and we’re adjusting to meet the challenge. Right now, we’re focused on content that has the highest […] | |||
|
2020-03-24 09:53:31 | Microsoft say unpatched Windows Zero-Day flaws are being exploited (lien direct) | Attackers are exploiting unpatched Windows zero day flaws, Microsoft said in a Monday security advisory. The company said “limited targeted attacks” could leverage two unpatched remote code executive (RCE) vulnerabilities in Windows “when the Windows Adobe Type Manager Library improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format.” Source: SC Magazine | |||
|
2020-03-24 09:52:47 | Ready-made ICS hacking tools available, warn FireEye (lien direct) | FireEye security researchers warn that the proliferation of hacking tools with capabilities for targeting industrial control systems (ICS) is lowering the entry bar for attackers and increasing risks for organizations operating in the industrial sector. In a study published today, the US cybersecurity firm said it analyzed all the hacking tools with ICS targeting capabilities […] | |||
|
2020-03-24 09:52:01 | Ransomware attack at Finastra (lien direct) | Finastra, a bank technology company in London that has more than 9,000 customers, including 90 of the top 100 global banks, was working Monday to bring servers back online that were hit by a ransomware attack late last week. Some U.S. bank customers are affected by the incident, which occurred Friday. The company says it […] | Ransomware | ||
|
2020-03-23 12:44:40 | Employees spending extra 2h working during COVID-19 mandated remote work (lien direct) | New data from NordVPN Teams shows a massive spike since March 11 in business VPN usage worldwide in the wake of the global coronavirus pandemic. This directly correlates with the mass increase in remote work globally. The fundamental shift in work location will have enormous ramifications on digital business, the economy, and cybersecurity. Key numbers: […] | |||
|
2020-03-23 09:53:32 | 200 million Americans exposed by data breach (lien direct) | Huge data breach included personal information on more than 200 million Americans. Equally as bad, it’s unclear where the data came from. Researchers have noticed that detailed personal information of more than 200 million Americans was exposed in a data breach. This is the latest in a long list of data security incidents over […] | Data Breach | ||
|
2020-03-23 09:52:40 | Norwegian Cruise Line suffers data breach (lien direct) | The world’s third largest cruise line, Norwegian Cruise Line, has suffered a data breach, the British security firm DynaRisk says, adding that the email addresses and passwords of nearly 27,000 travel agents had been exposed as a result. DynaRisk said its researchers had found a breached database from the NCL travel agents’ portal on […] | Data Breach | ||
|
2020-03-23 09:51:34 | 538 million Weibo users\' data for sale (lien direct) | The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online, according to ads seen by ZDNet and corroborating reports from Chinese media. In ads posted on the dark web and other places, a hacker claims to have breached Weibo in mid-2019 and obtained a […] | |||
|
2020-03-23 09:50:44 | Maze ransomware attack on British medical firm (lien direct) | The Maze ransomware group has published personal and medical details of thousands of former patients of a London-based medical research company after a failed attempt to disable the firm’s computer systems. Cyber gangsters have attacked the computer systems of a medical research company on standby to carry out trials of a possible future vaccine for […] | Ransomware | ||
|
2020-03-23 09:49:58 | WHO launches Coronavirus Whatsapp service (lien direct) | The World Health Organization (WHO) has launched a chatbot on WhatsApp to provide information on the coronavirus (COVID-19) pandemic sweeping the planet. To interact with it, users will need to message the WHO account on +41 79 475 22 09 and send the word ‘Hi’ to begin chatting, after which, a list of prompts is […] | |||
|
2020-03-20 16:33:52 | Cybersecurity Vendors Offer Free Products To Help Organisations As Employees Work From Home (lien direct) | With an unprecedented number of businesses having to quickly change the way they work, here is what some of the cybersecurity community are doing to help make sure the change is as secure and safe as possible: OneLogin will be offering the OneLogin Trusted Experience Platform for free to educators who are moving to a […] | |||
|
2020-03-20 11:05:30 | Bitcoin Ransomware Attacks at Record High (lien direct) | Bitcoin and crypto-related ransomware attacks hit a record high in the United Kingdom last year. According to a report by Bitcoinist and records obtained under the Freedom of Information Act (FOI), UK authorities received 562 reports from victims of devices that were hijacked by crypto-related ransomware. Source: CryptoGlobe | Ransomware | ||
|
2020-03-20 11:04:23 | Ransomware gang will stop hospital attacks (lien direct) | The notorious Maze ransomware gang announced Wednesday that it will not attack any healthcare organizations during the COVID-19 pandemic. The pandemic has put a strain hospitals and public health agencies in recent weeks as governments across the globe struggle to contain the spread of COVID-19, also known as the new coronavirus. Some security vendors have […] | Ransomware | ||
|
2020-03-20 11:03:42 | (Déjà vu) Phishing attempts impersonate WHO to deliver HawkEye Malware (lien direct) | An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims. This spam campaign started today according to researchers at IBM X-Force Threat Intelligence who spotted it and it has already delivered several waves […] | Spam Malware Threat | ||
|
2020-03-20 11:02:57 | Linux tool developed by Google to tackle USB keystroke attacks (lien direct) | Google has developed a tool for Linux machines that combats USB keystroke injection attacks by flagging suspicious keystroke speeds and blocking devices classified as malicious. Keystroke injection attacks can execute malicious commands via a thumb drive connected to a host machine, by running code that mimics keystrokes entered by a human user. Source: Daily Swig | Tool | ||
|
2020-03-20 11:02:10 | Report reveals APT28 email scanning activities (lien direct) | For the past year, one of Russia’s top state-sponsored hacking units has spent its time scanning and probing the internet for vulnerable email servers, according to a report published yesterday by cyber-security firm Trend Micro. The report deals with the activities of APT28, also known as Fancy Bear, Sednit, and Pawn Storm. Source: ZD Net | APT 28 | ||
|
2020-03-19 11:16:35 | Password managers vulnerable to fake app attacks (lien direct) | Security experts recommend using a complex, random and unique password for every online account, but remembering them all would be a challenging task. That's where password managers come in handy. Encrypted vaults are accessed by a single master password or PIN, and they store and autofill credentials for the user. However, researchers at the […] | |||
|
2020-03-19 11:15:14 | Caution advised when tracking COVID-19\'s spread (lien direct) | Privacy advocates advise caution when tracking the movements of patients or those infected with the new coronavirus, as an effort to minimize the pandemic's effect. Authorities in the United States and Israel are eyeing ways to use mobile-phone and other location-based data to help control the spread of the new coronavirus COVID-19, raising serious […] | |||
|
2020-03-19 11:13:31 | France warns of ransomware gang (lien direct) | France’s cyber-security agency issued an alert this week warning about a new ransomware gang that’s been recently seen targeting the networks of local government authorities. The alert, issued by France’s CERT team, points to a rising number of attacks carried out with a new version of the Mespinoza ransomware strain, also known as the […] | Ransomware | ||
|
2020-03-19 11:12:38 | Facebook Charged Over Data Privacy Breach (lien direct) | The Australian Information Commissioner lodged Federal Court proceedings against the social media giant, Facebook. The Information Commissioner found Facebook guilty of data privacy breach, which was also in conjunction with a breach of the country's Privacy Act 1988. The breach affected 311,127 Australian Facebook users. If proven guilty, a maximum civil penalty of up to […] | |||
|
2020-03-19 11:11:49 | (Déjà vu) Support for FTP protocol removed by Firefox (lien direct) | Mozilla has announced plans today to remove support for the FTP protocol from Firefox. Going forward, users won’t be able to download files via the FTP protocol and view the content of FTP links/folders inside the Firefox browser.” We’re doing this for security reasons,” said Michal Novotny, a software engineer at the Mozilla Corporation, the […] | |||
|
2020-03-18 10:51:03 | Six-Month Data Breach on Guitar Site (lien direct) | A Florida company that offers guitar lessons online to millions of students around the world has suffered a data breach.Unauthorized access of TrueFire’s computer system went on for six months before the breach was detected on January 10, 2020. In a data breach notification letter dated March 9, 2020, and signed by TrueFire Chief Customer […] | Data Breach | ||
|
2020-03-18 10:49:37 | New Malware Lets Hackers Control Browsing (lien direct) | Security researchers at Kaspersky recently posted a warning of new Android malware that can steal cookies and gain control of its victims' accounts. According to researchers, when the two malware modifications are combined, they can be used for stealing cookies collected by social media networking sites, as well as browsers themselves. [Hindustan Times] After that, […] | Malware | ||
|
2020-03-18 10:48:32 | (Déjà vu) Crimson RAT spread via Coronavirus Phishing (lien direct) | A state-sponsored threat actor is attempting to deploy the Crimson Remote Administration Tool (RAT) onto the systems of targets via a spear-phishing campaign using Coronavirus-themed document baits disguised as health advisories. This nation-backed cyber-espionage is suspected to be Pakistan-based and it is currently tracked under multiple names including APT36, Transparent Tribe, ProjectM, Mythic Leopard, and […] | Tool Threat | APT 36 | ★★ |
|
2020-03-18 10:47:36 | Monitor Minor Stalkerware Discovered (lien direct) | Stalkerware called Monitor Minor gives users the ability to creep on a target's missives swapped via Instagram, Skype and Snapchat. Researchers are sending up a red flag over the distribution of an aggressive stalkerware app called Monitor Minor. In a report released Monday, researchers said the Android version of the app gives stalkers near absolute […] | |||
|
2020-03-18 10:46:26 | NutriBullet Hacked By Credit Card Skimmers (lien direct) | Threat researchers at security company RiskIQ have identified a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks. Source: Forbes | Malware | ||
|
2020-03-17 10:21:40 | KnowBe4 offers complimentary home security awareness course amidst COVID-19 concerns (lien direct) | Given the current state of uncertainty surrounding the coronavirus and many organizations mandating or recommending that employees work from home, KnowBe4 has a few security recommendations: Be on the lookout for emails or text messages related to COVID-19 and confirm the information directly with the vendor, bank or your boss. If an employee will be […] | |||
|
2020-03-17 10:01:21 | Government Blockchain Hacked in Argentina (lien direct) | In the midst of the global emergency caused by the Coronavirus pandemic, the Argentine government confirmed on March 14 that they suffered a hack on the website of their official gazette (Boletin Official) based on blockchain technology, where false statements regarding the coronavirus were spread. Source: Cointelegraph | Hack | ★★★★ | |
|
2020-03-17 10:00:37 | American Health Department Hacked (lien direct) | Cyber-attackers have hacked the US Health and Human Services Department as America works hard to minimize the impact of the COVID-19 virus. The intrusion occurred on Sunday night and is thought to have been motivated by a desire to slow the agency down and spread misinformation among the public. After compromising the department’s system, […] | |||
|
2020-03-17 10:00:05 | 2.9 million records exposed by Blisk browser (lien direct) | The web-development browser Blisk suffered a data breach leaking more than 2.9 million records through an open Elasticsearch database that was left open and that bypassed the security put in place by its users. The browser has been compromised in a way that it now leaks the data it was designed to gather from […] | Data Breach | ||
|
2020-03-17 09:59:26 | Data Breach at Illinois College (lien direct) | An Illinois college is offering nearly free credit monitoring to over 1,700 current and former employees following a recent data breach. Officials at the College of DuPage confirmed on Monday that a cybersecurity incident had taken place recently. College president Brian Caputo said that personal and tax information belonging to 1,755 staff had been compromised. […] | Data Breach | ||
|
2020-03-17 09:58:44 | RAT Malware dropped by Foreign APT groups (lien direct) | Each day, as the novel coronavirus multiplies and spreads, so do cyber scams capitalizing on users' fears and thirst for knowledge concerning this pandemic. The perpetrators, and their victims, are based all over the world, as evidenced by two recently discovered global APT-style campaigns designed to spread remote access trojans. Source: SC Magazine | Malware | ||
|
2020-03-16 10:49:23 | Princess Cruises reports 2019 data breach (lien direct) | Princess Cruises has reported a data breach where an unsanctioned third party gained unauthorised access to some employee email accounts that contained personal information regarding its employees, crew, and guests. The company identified suspicious activity on its network in late May 2019, and has identified that the data breach happened between 11 April and 23 […] | Data Breach | ||
|
2020-03-16 10:47:43 | Ransomware infects through Coronavirus tracker (lien direct) | A coronavirus tracking application is actually infecting Android devices with ransomware, with owners then asked to pay a $100 ransom to have their smartphones unlocked. Coronavirus trackers are particularly popular these days, as many users look for such apps to keep an eye on the virus outbreak, so it's not necessarily a surprise that malicious […] | Ransomware | ||
|
2020-03-16 10:46:44 | Malware stealing social media cookies (lien direct) | Researchers at cybersecurity firm Kaspersky have discovered two new Android malware modifications that, when combined, can steal cookies collected by the browser and app of popular social networking sites and then allow the thieves to discreetly gain control of the victim's account in order to send various ill-intentioned content. Source: Express Computer | Malware | ||
|
2020-03-16 10:45:40 | Iranian App Claimed to Diagnose Coronavirus, Collected Data (lien direct) | On Tuesday, March 3, the smartphones of tens of millions of Iranian citizens beeped in unison. “Dear compatriots, before going to the hospital or health center, install and use this software to determine if you or your loved ones have been infected with the coronavirus,” said the message, which claimed to come from the […] | |||
|
2020-03-16 10:42:38 | WordPress to add auto-update (lien direct) | The WordPress developer team is working on adding an auto-update mechanism to themes and plugins, a common source of website hacks, primarily because site owners usually install themes and plugins, and then forget to update them. Source: ZD Net | |||
|
2020-03-13 10:30:24 | Melbourne Polytechnic data breach (lien direct) | UPDATED A higher education institution in Victoria, Australia, has disclosed a data breach impacting the personal data of around 90,000 staff, students, and suppliers. In a security alert issued yesterday (March 11), Melbourne Polytechnic said Victoria Police had notified them that an individual who attended the campus in late 2018 had “obtained unauthorised access to […] | Data Breach | ||
|
2020-03-13 10:29:09 | (Déjà vu) Data Breach at Open Exchange (lien direct) | Open Exchange Rates has announced a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. Open Exchange Rates provides an API that allows organizations to query real-time and historical exchange rates for over 200 world currencies. The service’s web site states that their API is used […] | Data Breach |
To see everything:
Our RSS (filtrered)
