What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-20 09:33:21 | WordPress Update Millions of Sites to patch a Critical Vulnerability Affecting the Ninja Forms Plugin (lien direct) | Content management system (CMS) provider WordPress has forcibly updated over a million sites in order to patch a critical vulnerability affecting the Ninja Forms plugin. The Wordfence threat intelligence team spotted the flaw in June and documented it in an advisory by the company on Thursday. The document said that the code injection vulnerability made […] | Vulnerability Threat | ||
|
2022-06-20 09:16:31 | (Déjà vu) US Man Sentenced to Nine Years in Prison After Hacking Thousands of iCloud Accounts (lien direct) | A man from California was sentenced to time in prison on Wednesday after being found guilty of hacking thousands of iCloud accounts, stealing people’s nude images and videos and sharing them with conspirators. Hao Huo Chi acted under the online name of ‘icloudripper4you’. He would have illegally obtained the iCloud account credentials of approximately 4700 […] | |||
|
2022-06-17 10:41:03 | (Déjà vu) Chinese Hackers Exploited Critical Security Vulnerability in Sophos Firewall (lien direct) | A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos’ firewall product that came to public attention earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. Volexity said in a report, “the attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form […] | Vulnerability Threat | ||
|
2022-06-17 10:20:40 | New MaliBot Android Banking Malware Poses as Cryptocurrency Mining App (lien direct) | A new Android banking malware named MaliBot has been discovered by cybersecurity researchers. The malware poses as a cryptocurrency mining app or the Chrome web browser to target users in Spain and Italy. MaliBot focuses on stealing financial information, like e-banking credentials, crypto wallet passwords, and sensitive personal details. It is also capable of snatching […] | Malware | ||
|
2022-06-17 09:23:15 | (Déjà vu) Several Data-Stealing Apps Remain on Google Play Store According to Cybersecurity Researchers (lien direct) | Cybersecurity researchers from Dr. Web claim to have spotted numerous apps on the Google Play Store in May with adware and information-stealing malware built in. According to the report, the most dangerous of these apps features spyware tools capable of stealing information from other apps’ notifications, mainly to capture one-time two-factor authentication (2FA) one-time passwords […] | Malware Tool | ||
|
2022-06-16 10:02:48 | Hackers Exploit Old Telerik Flaws to Deploy Cobalt Strike (lien direct) | ‘Blue Mockingbird’, a threat actor, targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. The attacker leverages the CVE-2019-18935 flaw, a critical severity (CVSS v3.1: 9.8) deserialisation that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. In May 2020, the same […] | Threat Guideline | ||
|
2022-06-16 09:36:25 | Microsoft Patch Fixes Follina Bug (lien direct) | Microsoft issued its last regular patch update round this week, fixing over 50 CVEs, including the malicious zero-day bug “Follina.” Officially named CVE-2022-30190, Follina, as reported last week, is being exploited in the wild by state-backed actors and the operators behind Qakbot, which has links to ransomware groups. It’s a remote code execution (RCE) bug […] | Ransomware | ||
|
2022-06-16 09:17:42 | New Zimbra Bug Allows Data Stealing With No User Interaction (lien direct) | Technical details have emerged about a vulnerability affecting certain versions of the Zimbra email solution that hackers could exploit to steal logins without user interaction or authentication. The security issue is currently being tracked as CVE-2022-27924 and impacts Zimbra releases 8.8x and 9.x for both open-source and commercial versions of the platform. Since the 10th […] | Vulnerability | ||
|
2022-06-15 14:30:50 | Obrela sponsors open-source Commix project (lien direct) | Obrela Security Industries, a security analytics and cyber risk management services, has announced its sponsorship of Commix, an open-source pen-testing tool, to address command injection vulnerabilities. Obrela aims to address the emerging demand for end-to-end security services by offering an ‘umbrella’ of security solutions. George Patsis, CEO, at Obrela Security Industries said that this sponsorship […] | ★★ | ||
|
2022-06-15 13:39:41 | Survey Finds IT Leaders Eager to Eliminate Passwords (lien direct) | The age of the password may soon be over. A survey conducted by Ping Identity and Yubico concluded that leaders of the IT industry have serious issues with the modern password-based security system. 94% of IT leaders have serious issues with user-generated passwords and half of those surveyed believe that passwords are too weak for […] | Guideline | ||
|
2022-06-15 10:41:47 | New Iranian Spear-Phishing Campaign Hijacks Email Conversations (lien direct) | A major new state-backed spear-phishing operation targeting multiple high-ranking Israeli and US officials has been uncovered by security researchers. The campaign has been traced to the Iranian Phosphorus ATP group, according to Check Point. It has targeted former Israeli foreign minister and deputy Prime Minister Tzipi Livni, a former US ambassador to Israel, and a […] | Conference | APT 35 | |
|
2022-06-15 10:23:51 | (Déjà vu) FDNY Building Digital Firewall to Protect Emergency Workers From Cyber Attacks (lien direct) | The New York City Fire Department (FDNY) said it’s aiming to build a digital firewall to protect the city’s emergency workers from cyber-attacks. The request was published in the City Record and called for consultant services “for the development and implementation of protective strategies to address the cyber-threat of doxxing and to provide resiliency for the […] | |||
|
2022-06-15 09:43:21 | Avera Health Data Breach Affects 700 Patients (lien direct) | A news release from Avera Health, a Sioux Falls-based healthcare system, confirms that a data breach in March exposed the sensitive data of 700 patients. Among the stolen information was names, Social Security numbers, phone numbers, addresses, birth dates and email addresses. The healthcare group learned about the data breach on March 25th yet only […] | Data Breach | ||
|
2022-06-15 09:33:58 | Ransomware Gang Develops New Website That Allows Victims To Search For Their Data (lien direct) | BlackCat, the ALPHV ransomware gang, has created a website that allows customers and employees of their victim to check if their data was stolen in an attack. Ransomware gangs typically quietly steal corporate data and harvest everything of value. After they’ve done this, the threat actor starts to encrypt devices. The hackers then, in a […] | Ransomware Threat | ||
|
2022-06-15 09:19:44 | New cybersecurity bill to require mandatory reporting of ransomware, other attacks (lien direct) | The Canadian legislature plans to introduce a bill on June 14th which would make the reporting of cybersecurity breaches mandatory for private-sector organizations. The legislations aims to target the underreporting of ransomware attacks which has proven to be a problem for cybersecurity regulators. According to SecOps report released by Deep Instinct, 38% of surveyed cybersecurity professionals […] | Ransomware | ||
|
2022-06-14 13:18:40 | Searchlight Security appoints Cylance and Blackberry\'s Eric Milam to lead its dark web intelligence product strategy (lien direct) | Searchlight Security appointed Eric Milam as their new Executive Vice President of Product. Milam is a renowned cybersecurity expert who brings deep expertise in threat intelligence and research, a decisive leadership style, and a creative approach to cyber-security problem-solving and solution design. Milam has worked previously as a VP of Research & Intelligence at Blackberry […] | Threat Guideline | ||
|
2022-06-14 10:45:11 | Poll Shows That More Than 40 Million UK Consumers Have Been Targeted by Digital Fraudsters So Far This Year (lien direct) | So far in 2022 more than 40 million UK consumers are thought to have been targeted by digital fraudsters. This is a double-digit increase from the same time last year. In May, Citizens Advice commissioned a poll of over 2000 adults in the UK asking if they had been contacted by scammers since the start […] | |||
|
2022-06-14 10:13:08 | Kaiser Permanente Discloses Data Breach at WA Health Plan, 69K Impacted (lien direct) | On April 5th, Kaiser Permanente discovered and, within an hour, terminated an unauthorized parties’ breach into an employee’s emails from the Kaiser Foundation Health Plan of Washington. Access to these emails exposed the names, dates of service, medical record numbers, and laboratory test result information. Kaiser has so far not found any indication that the […] | Data Breach | ||
|
2022-06-14 09:45:15 | 45% of cybersecurity pros are considering quitting the industry due to stress (lien direct) | The results of the third edition of the annual Voice of SecOPs Report found that 45% of respondents in C-suite and senior cybersecurity roles were considering exiting the industry due to stress and incessant threats from ransomware. 46% of those surveyed knew someone in the past year who left due to stressors. Threats from ransomware […] | Ransomware Threat | ||
|
2022-06-14 09:26:51 | Two Convicted in Major Drugs Bust Discovered by Police on EncroChat (lien direct) | UK law enforcement have shut down one of the country’s largest-ever drugs laboratories, thanks to the takedown of a popular encrypted comms service in 2020. Before police cracked it two years ago, EncroChat was used by tens of thousands of criminals globally. Hundreds of arrests and several convictions have been made as a result. The […] | |||
|
2022-06-14 09:00:41 | Google Engineer Suspended After Claiming AI Became Sentient (lien direct) | An engineer at Google has claimed that the AI system he was working on has became sentient. There is renewed urgency to design ethical codes and regulations for the industry. Blake Lemoine wrote in a blog post over the weekend describing how LaMDA, the chatbot-generating system, that he was working on told him that it […] | ★★★★★ | ||
|
2022-06-13 16:16:26 | API Security: Best Tools and Resources (lien direct) | Every organisation is facing a multitude of security challenges. These range from getting the basics right, like ensuring the correct firewall is in place, to higher-level challenges, such as API security and data privacy. One of the greatest challenges facing organizations these days is a comprehensive approach to API security. With an expanding number […] | Tool | ||
|
2022-06-13 11:20:02 | Russia Reportedly Warns of “Direct Military Clash” if Cyber-Attacks on its Infrastructure Continue (lien direct) | Reportedly, the Russian government has warned the U.S. and its allies that continued cyber-attacks on its infrastructure risks a “direct military clash.” The threats follow reports from last week that Russia’s Ministry of Construction, Housing and Utilities website had been hacked and replaced with a message stating “Glory to Ukraine” on its homepage. A foreign […] | Threat | ||
|
2022-06-13 10:39:20 | Large Numbers of Extortion Emails Blocked Daily (lien direct) | Security researchers warn users that they block millions of extortion scam emails each day. On average one million extortion emails are blocked every 24 hours, according to Proofpoint. On high volume days two million emails are blocked. They usually come in the form of sextortion, whereby the attacker claims to have a webcam video of […] | |||
|
2022-06-13 10:24:34 | (Déjà vu) Second Version of Hello XD Ransomware Drops Backdoor While Encrypting (lien direct) | It has been reported by cybersecurity researchers that there has been an increase in the activity of the Hello XD ransomware. Its operators are now deploying an upgraded sample featuring stronger encryption. This family of ransomware is based on the leaked source code of Babuk and engaged in a small number of double-extortion attacks where […] | Ransomware | ||
|
2022-06-13 09:39:51 | (Déjà vu) Organisations in Australia and Southeast Asia Targeted by Aoqin Dragon For Over 10 Years (lien direct) | A new advanced persistent threat (APT) actor, reportedly based in China and dubbed Aoqin Dragon, has been linked to several hacking attacks across Australia and Southeast Asia against education, government and telecom entities since 2013. Sentinel Labs, threat researchers, published a blog post on Thursday outlining the events. Joey Chen, threat intelligence researcher at SentinelOne, […] | Threat | ||
|
2022-06-10 11:13:04 | New Linux Malware Dubbed “Almost Impossible” To Detect Found (lien direct) | A new form of Linux malware that is “almost impossible” to detect has been found in a joint research effort by BlackBerry Threat Research & Research team and Intezer security researcher Joakim Kennedy. It has been dubbed Symbiote. A blog post on the malware was released on Thursday. It has been called Symbiote because of […] | Malware Threat | ||
|
2022-06-10 10:51:31 | (Déjà vu) Dark Web Vendors Allegedly Selling Western Weapons in Ukraine (lien direct) | Allegedly, military-grade firearms coming from Western countries that were sent to support the Ukrainian army in their fight against Russia have been listed on multiple weapon marketplaces on the dark web. These weapons were supposedly put aside from the received supplies and are now being sold to terrorists looking to buy rocket launchers and other […] | |||
|
2022-06-10 10:16:53 | New Emotet Malware Targets Chrome Users Card Information (lien direct) | Emotet malware has deployed a new module that is designed to steal credit card information stored in the Chrome web browser. Exclusively targeting Chrome, the module has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to Proofpoint. The enterprise security company discovered the component on the 6th June. Emotet […] | Malware | ||
|
2022-06-10 09:50:42 | Gamers Targeted On Roblox By Ransomware Selling Decryptors On Game Pass Store (lien direct) | A new ransomware is selling its decryptor on the gaming platform Roblox using the service’s in-game currency, Robux. Roblox is an online kids gaming platform that lets members create and monetize their own games by selling Game Passes. These passes provide various rewards, including special access, enhanced features and in-game items. These passes can only […] | Ransomware | ★★★★★ | |
|
2022-06-10 08:05:22 | The Must-Attend Cybersecurity Event: International Cyber Expo (lien direct) | International Cyber Expo is where great cybersecurity minds come together to explore the issues of tomorrow’s interconnected world. Held at Olympia London on the 27th – 28th September 2022, International Cyber Expo endeavours to be the go-to-meeting place for industry collaboration, where everyone from vetted senior cybersecurity buyers, government officials and entrepreneurs, to software developers […] | |||
|
2022-06-10 07:47:18 | International Cyber Expo Invites Esteemed Advisory Council to Shape Event Agenda (lien direct) | International Cyber Expo has announced the members of this year's event Advisory Council. Chaired by former CEO of the National Cyber Security Centre (NCSC), Professor Ciaran Martin, CB, the Advisory Council combines 30 of the cybersecurity's most well-respected industry figures from government, private and academic sectors. The council is united by their shared passion and […] | |||
|
2022-06-09 11:05:53 | UK Government Acquires Its First Quantum Computer (lien direct) | The UK government has reportedly acquired its first quantum computer with the aim to help boost research capabilities in cyber-defence and other national security fields. The BBC have reported that The Ministry of Defence (MoD) is set to work with Orca Computing, a UK company, to explore the potential of quantum to enhance the nation’s […] | ★★★★ | ||
|
2022-06-09 09:52:18 | Large Scale Phishing Campaign on Facebook Messenger Generates Millions in Ad Revenue (lien direct) | A large-scale phishing operation held on Facebook and Messenger to lure millions of users onto phishing pages has been uncovered by researchers. The aim of the operation was to trick victims into entering their credentials and see adverts. These stolen account details were used to send further phishing messages to victim’s friends. The aim being […] | |||
|
2022-06-09 09:17:56 | (Déjà vu) Unofficial Security Patch Released For Microsoft Zero-Day Vulnerability (lien direct) | As the Follina flaw continues to be exploited in the wild, an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Diagnostic Tool (MSDT) has been made available. Referenced as DogWalk, the issue relates to a path traversal flaw that, when a potential target opens a specially created “.diagcab” archive file that […] | Tool Vulnerability | ||
|
2022-06-08 11:17:44 | New NHS Digital Materials Aim to Boost Cybersecurity Awareness in Social Care Organisations (lien direct) | This week the UK’s social care sector received a boost after NHS Digital released new materials designed to enhance staff cybersecurity awareness. The materials hope to raise awareness of critical threats and risks. The programme was developed in partnership with Digital Social Care, the materials are part of the NHS “Keep IT Confidential” campaign. The […] | Threat | ||
|
2022-06-08 10:55:17 | New Report Shows That Smishing Attempts Soared in 2021 (lien direct) | In 2021 SMS phishing (also known as smishing) attacks more than doubled year-on-year, according to Proofpoint. Cyber-criminals looked to compromise devices by using human error. Proofpoint’s latest annual Human Factor report is based on an analysis of over 49 billion URLs, 2.6 billion emails, 1.9 billion attachments, 28 million cloud accounts, 1.7 billion mobile messages and […] | |||
|
2022-06-08 09:56:22 | Italian Municipality of Palermo Suffers Cyberattack (lien direct) | On Friday the municipality of Palermo, Italy, suffered a cyberattack. The attack appears to have had an impact on multiple services and operations to both citizens and tourists. Local IT experts have been trying to restore the systems since the attack, however all services, online portals, and public websites remain offline. The impacted systems include […] | ★★ | ||
|
2022-06-08 09:20:09 | Evil Corp Hacker Group Changes Ransomware Tactics After U.S. Sanctions (lien direct) | The Evil Corp Russian hacker group has reportedly changed its attack tactics to avoid sanctions placed on US companies prohibiting them from paying it a ransom. Mandiant, the threat intelligence firm, reported the shift. The firm recently wrote a blog post linking a series of Lockbit ransomware intrusions to UNC2165, a threat cluster that shares […] | Ransomware Threat | ★★★ | |
|
2022-06-07 11:14:50 | (Déjà vu) Microsoft\'s Digital Crimes Unit Takes Legal Action Over Spear-Phishing Attacks by Bohrium Hackers (lien direct) | Last week Microsoft’s Digital Crimes Unit (DCU) disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium, linked with a spear-phishing operation. Bohrium is said to have targeted multiple entities in the U.S., India and the Middle East, including across transportation, tech, education, and government sectors. In a Tweet Amy Hogan-Burney […] | Threat | ||
|
2022-06-07 10:46:46 | Ukrainian Officials\' Phones Targeted by Russian Hackers (lien direct) | On Monday, a senior cybersecurity official said that the phones of Ukrainian officials had been targeted by hackers as Russia pursues its invasion of Ukraine. The deputy head of Ukraine’s State Special Communications Service, Victor Zhora, said that phones used by Ukraine’s public servants were the subject of sustained targeting. At an online news conference […] | |||
|
2022-06-07 10:19:31 | (Déjà vu) Motorola\'s Unisoc Chips Found to Contain Vulnerability (lien direct) | A critical vulnerability in the Unisoc Tiger T700 chips that power the Motorola Moto G20, E30 and E40 smartphones has been found by the cyber-threat intelligence firm Checkpoint Research (CPR). These components have been marked as threat vectors due to a stack overflow vulnerability. The Unisoc Tiger T700 chip replaced MediaTek’s chips in these devices […] | Vulnerability Threat | ||
|
2022-06-07 09:44:02 | (Déjà vu) Gloucester Council IT Systems Still Affected Six Months After Cyber-Attack (lien direct) | The IT systems of Gloucester City Council are still not fully operational almost six months after Russian hacker targeting. The servers were compromised on December 20th last year, the council acknowledged. Many of the online services were disrupted, including council tax support, track and trace support payments, and housing benefits. The systems were targeted by […] | |||
|
2022-06-06 14:18:47 | Armis unveils Industry\'s first End-to-End Risk-Based Vulnerability Lifecycle Management (lien direct) | Last week, Armis announced Armis Asset Vulnerability Management (AVM), the only solution for risk-based vulnerability management that enables organisations to prioritise mitigation efforts across the entire asset attack surface. This includes IT, OT, ICS, IoMT, IIoT, Cloud and cellular-IoT, managed or unmanaged. The new solution strengthens the existing Armis Platform, which provides unified asset visibility […] | Vulnerability | ||
|
2022-06-06 14:05:49 | Is SEO Better Than Paid Ads? (lien direct) | If you are looking to advertise your business online, then you might be wondering: Is SEO better than paid ads? Paid ads and SEO both promote brands on the SERP, but how do they compare? SEO aims to boost your website’s organic ranking in search engine results pages, while PPC promotes your site content via […] | ★★★★ | ||
|
2022-06-06 12:26:15 | Apple Release 2021 Fraud Prevention Analysis (lien direct) | Apple has announced that, in 2021, it prevented over 1.6 million risky and untrustworthy apps and app updates from reaching the App Store and stopped over $1.5 billion in fraudulent transactions. Apple produced its first fraud prevention analysis last year with information about 2020. Last year’s report showed that Apple had prevented one million potentially […] | ★★★★ | ||
|
2022-06-06 11:41:11 | (Déjà vu) State-Backed Hackers Exploit Microsoft “Follina” Bug to Target U.S. and European Entities (lien direct) | A suspected state-aligned threat actor has been linked to a fresh set of attacks exploiting the Microsoft Office “Follina” vulnerability to target government entities across the U.S. and Europe. Proofpoint, an enterprise security firm, said that it blocked attempts at exploiting the remote code execution flaw. The flaw is being tracked CVE-2022-30190 (CVSS Score: 7.8). […] | Vulnerability Threat | ||
|
2022-06-06 11:12:04 | Singapore Officially Launches Digital Platform to Ease Supply Chain Data Flow and Improve Data Efficiencies (lien direct) | In an attempt to streamline information flows across a fragmented global supply chain, Singapore has officially launched a centralised data platform. The data exchange has already gained the support of more than 70 participants, including banks, logistics operators, and energy companies. The new common data platform, called Singapore Trade Data Exchange (SGTraDex), was introduced in […] | |||
|
2022-06-01 13:45:05 | Berkshire Bank Selects Salt Security for API Security as its Business Operations Scale (lien direct) | Salt Security, the leading API security company, today announced that Berkshire Bank, a leading socially responsible community bank with office locations in New England and New York, has selected the Salt Security API Protection Platform to secure its growing ecosystem of APIs. The Salt platform enables Berkshire Bank to reduce business risk by shielding itself, […] | Guideline | ★★★ | |
|
2022-06-01 13:33:17 | SafeBreach Expands Global Reach with Launch in EMEA (lien direct) | SafeBreach, the pioneer in breach and attack simulation (BAS), today announced the launch of their EMEA programme, which will aim to bring their dynamic continuous security validation platform to an EMEA audience. The SafeBreach platform enables security teams to assess the efficacy of their security ecosystem by safely executing attacks across the entire cyber kill […] |
To see everything:
Our RSS (filtrered)
