What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
itsecurityguru.webp 2022-04-12 09:00:53 What Real-Life SaaS Attack Misconfiguration Exploits Can Teach Us (lien direct) It's unfortunate, but true: SaaS attacks continue to increase. You can't get around it, COVID-19 accelerated the already exploding SaaS market and caused industries not planning on making a switch to embrace SaaS. With SaaS apps becoming the default system of record for organizations, it has left many struggling to secure their company's SaaS estate. […] ★★
itsecurityguru.webp 2022-04-12 08:46:58 Pegasus spyware targeted EU officials (lien direct) Several senior European Union (EU) officials were reportedly targeted with Pegasus spyware last year. Among those targeted were European Justice Commissioner Didier Reynders and at least four other commission staff. Reuters has said that it was notified of the claims by two EU officials and documentation it had reviewed. The EU commission reportedly became aware […]
itsecurityguru.webp 2022-04-11 10:01:39 Fraudsters stole £58m with RATs in 2021 (lien direct) 2021 saw victims of Remote Access Tool (RAT)scams lost £58m in 2021, official UK police figures show. RAT scams involve scammers taking control of a victims device, typically in order to access bank accounts. Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident. Typically, RAT attacks begin […] Tool ★★★
itsecurityguru.webp 2022-04-08 14:30:21 Server-Side-Request-Forgery Enabled Administrative Account Takeover on FinTech Platform (lien direct) Salt Labs has uncovered a Server-Side-Request Forgery on a major FinTech platform, enabling an administrative account takeover. Researchers identified API vulnerabilities allowing them to launch attacks where:  Attackers could gain administrative access to the banking platform Attackers could leak users' personal data  Attackers could access users' banking details and financial transactions Attackers could perform unauthorised […] ★★★
itsecurityguru.webp 2022-04-08 10:21:24 Mobile banking overwhelmingly safer for UK consumers (lien direct) Mobile banking is the safest way to bank for UK consumers, RiskOps platform for financial risk management Feedzai revealed in their Q2 2022 Financial Crime Report, based on the analysis of over 18 billion global banking transactions throughout 2021. According to the report, banking represented 88% of all banking transactions in the U.K. during this […]
itsecurityguru.webp 2022-04-08 09:19:11 50% of security leaders consider quitting due to stress (lien direct) A new study from Vectra AI has revealed that half of UK cybersecurity leaders consider leaving their jobs due to the pressure they face at work. The security vendor polled 200 security chiefs in the UK in order to better understand the emerging industry health crisis. The study revealed that two out of five security […] Guideline
itsecurityguru.webp 2022-04-08 09:05:44 (Déjà vu) Website of Russian oil giant allegedly hacked (lien direct) Gazprom Neft, the oil arm of Russian state gas company Gazprom, has allegedly suffered a hack on Wednesday bringing down its website. A statement allegedly from Gazprom CEO Alexie Miller was displayed on the website, appearing to criticise Russia’s invasion of Ukraine. Miller is a close friend of President Vladimir Putin. The website went down […] Hack
itsecurityguru.webp 2022-04-07 18:56:11 Webinar: Secure Your Cloud Environment from Evolving Threats (lien direct) The IT Security Guru has teamed up with Synopsys, a recognised leader in application security, to bring you the webinar, ‘Secure Your Cloud Environment from Evolving Threats‘. As the migration to the cloud continues at an unabated pace, the threats in the cloud are also increasing proportionally and evolving constantly. Data breaches, misconfiguration risks, weak […] Guideline
itsecurityguru.webp 2022-04-07 10:35:16 Fox News leaks 13 million internal records (lien direct) Researchers have claimed that a misconfiguration has exposed millions of internal records, including employees’ personally identifiable information, belonging to Fox News. The exposure was discovered by a team at Website Planet led by Jeremiah Fowler, who claimed that theoretically, anyone with an internet connection could have found the 58GB of internal records, which was left […] ★★★★
itsecurityguru.webp 2022-04-07 09:38:42 (Déjà vu) Zoom paid $1.8 million in bug bounty rewards in 2021 (lien direct) Zoom has awarded researchers $1.8 million in bug bounties over 2021, and $2.4 million since the programs launch. Bug bounties have emerged as a popular cybersecurity method recently, amidst the industry’s skill shortage. Estimates suggest that there will be roughly 3.5 million unfilled job openings by 2025 in the US alone. Zoom has experienced a […]
itsecurityguru.webp 2022-04-07 09:13:37 (Déjà vu) Electric vehicle chargers hacked to show pornography (lien direct) Electric vehicle owners in the Isle of Wight, UK, were surprised yesterday when public charging points displayed pornography. Service screens at the council-owned car parks across Quay Road, Cross Street, Cowes and Moa Place, Freshwater were supposed to display the council website, but hackers changed several of them to show explicit images. The Isle of […]
itsecurityguru.webp 2022-04-06 10:54:42 Cash App notifies 8 million customers of data breach (lien direct) Cash App, a popular stock trading app, has suffered a data breach impacting up to 8.2 million former and current users. It has been reported that the breach was caused by a former employee illegitimately accessing customer information. Block, Cash App’s owner, notified the Security and Exchange Commission (SEC) of the breach on Monday. The filing […] Data Breach
itsecurityguru.webp 2022-04-06 10:34:17 (Déjà vu) Germany closes Russian “Hydra” darknet marketplace (lien direct) The Hydra Market, a Russian-language darknet marketplace formerly specialising in the sale of illicit drugs, forged documents, intercepted data and illegal digital service, has been shut down by German Federal police. Working in conjunction with the United States Justice Department, authorities closed German servers of the marketplace on Tuesday, seizing $25m in Bitcoin of alleged […] ★★★★
itsecurityguru.webp 2022-04-06 10:20:22 New Risk-based Application Access Control aims to solve BYOD and Remote Work Security and Productivity Challenges (lien direct) Yesterday, Cato Networks introduced its new risk-based application access control for combatting the threat of infiltration posed by remote workers and Bring Your Own Device (BYOD). Now, enterprise policies will be able to consider real-time device context when restricting access to certain capabilities within corporate applications, the internet and cloud resources. “User devices can be […] Threat
itsecurityguru.webp 2022-04-05 15:23:56 Armis Appoints Tom Gol as CTO for Research (lien direct) Today, Armis announced the appointment of Tom Gol as CTO for Research. He will be reporting directly to Nadir Izrael, Global CTO and Co-founder at Armis. In this role, Tom will lead and oversee all research efforts as the company continues to solidify its place as a security leader and expert in threat and vulnerability research. His team […] Vulnerability Threat Guideline
itsecurityguru.webp 2022-04-05 12:00:58 Nominations for 2022\'s European Cybersecurity Blogger Awards NOW OPEN! (lien direct) Now in its ninth successive year, the much-anticipated annual European Cyber Security Blogger Awards, sponsored by KnowBe4 and Qualys, is now open for nominations. The awards have always been committed to celebrating the cybersecurity industry's most coveted bloggers, vloggers, podcasters and social media influencers. Previous award winners have included renowned blogging and podcast stars such […]
itsecurityguru.webp 2022-04-05 11:15:55 The Works closes stores after cyber attack (lien direct) The Works has reported that five of its 526 shops were forced to close last week as hackers gained access to its computer systems and caused issues with its tills. While customers are experiencing longer delivery times for online orders, the company has said that no shoppers’ payment details had been compromised. The Works said […]
itsecurityguru.webp 2022-04-05 09:18:15 (Déjà vu) New attack method could disrupt electric vehicle charging (lien direct) Academics from the University of Oxford and Armasuisse S+T have identified a novel attack technique targeting the widely-used Combined Charging System (CCS). They say the method could potentially disrupt the ability to charge electric vehicles at scale. The “Brokenwire” attack method meddles with the control communications between the vehicle and charger, wirelessly aborting charging from […] ★★★
itsecurityguru.webp 2022-04-05 09:00:20 The Differences in How CASB vs. SSPM Secures SaaS Apps (lien direct) There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable Information (PII), Intellectual Property […] ★★★★★
itsecurityguru.webp 2022-04-04 15:58:58 Darkweb researcher warns of possible cyberattack against Indonesian energy company Perushaan Gas Negare (lien direct) Deepweb researcher DarkFeed has taken to Twitter to announce they have discovered an attack at the hands of the Hive hacking group against Indonesian energy company Perushaan Gas Negare (PGN). 🌐 Hive #Ransomware team ransomed another huge energy company 🚨 Perusahaan Gas Negara is a state-owned natural gas company operated by the Indonesian government with […]
itsecurityguru.webp 2022-04-04 11:38:10 Spanish energy giant hit by data breach (lien direct) Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID […] Data Breach
itsecurityguru.webp 2022-04-04 10:59:39 Trezor customers phished following MailChimp breach (lien direct) Trezor, who manufacture hardware devices designed to store digital currency, has warned its customers not to reply to official-looking emails after identifying a convincing phishing campaign. Several customers complained to Trezor’s twitter account over the weekend to complain about a scam email claiming that a data breach had hit over 100,000 customers. The email reportedly […] Data Breach
itsecurityguru.webp 2022-04-01 10:59:57 Majority of data security incidents caused by insiders (lien direct) New research from Imperva has revealed that 70% of EMEA organisations have no insider risk strategy, despite 59% of data security incidents being caused by employees. The shocking revelation comes as part of a wider study carried out by Forrester: Insider Threats Drive Data Protection Improvements. The study involved interviewing 150 security and IT professionals in EMEA. […] ★★★
itsecurityguru.webp 2022-04-01 10:42:13 UK spy chief praises fake news counter cell (lien direct) Jeremy Fleming, the head of GCHQ, has praised the new government counter-disinformation cell focused on Kremlin propaganda. Fleming spoke at the Australian National University in Canberra yesterday, arguing that President Putin had massively miscalculated his invasion Ukraine. He revealed that Russian soldiers are “refusing to carry out orders, sabotaging their own equipment and even accidentally […]
itsecurityguru.webp 2022-03-31 10:14:16 820,000 NYC students have their personal data exposed (lien direct) Hackers breached the IT systems of  Illuminate Education in January, gaining access to the personal data of around 820,000 current and former New York City public school students. Illuminate Education is a taxpayer funded software based in California. It is best known for creating the widely-used IO classroom,Skedula and PupilPath platforms, current used by New York City’s […]
itsecurityguru.webp 2022-03-31 09:22:59 Unpatched SpringShell bug threatens web app security (lien direct) A new critical remote code execution bug, dubbed “SpringShell” by some in the community, has been identified by security researchers. The vulnerability impacts the spring-core artifact, a popular framework used extensively in Java applications, specifically with JKD9 or newer. Sonatype explained, “the vulnerability affects anyone using spring-core, a core part of the Spring Framework, to […] Vulnerability
itsecurityguru.webp 2022-03-31 09:11:22 NHS 111 urgent care provider leads the way in secure and flexible workforce identity and access management with My1Login (lien direct) My1Login has announced it has been hired by London Central & West Unscheduled Care Collaborative, a leading provider of urgent healthcare to the NHS 111 service, to overhaul its staff identity access through My1Login's Identity-as-a-Service (IDaaS) solution.   The platform integrates with their existing computer login and removes the need for users to manage any […] Guideline
itsecurityguru.webp 2022-03-30 11:33:24 A third of malware infections use Log4Shell (lien direct) Researchers at Lacework have revealed that the Log4Shell vulnerability was exploited as an initial attack vector in 31% of cases monitored by the company over the past six months. The software vendor's latest Lacework Cloud Threat Report highlights typical risks in today’s digital landscape. The findings confirm what security experts suspected, that the Log4j bug was used […] Malware Vulnerability Threat ★★
itsecurityguru.webp 2022-03-30 10:35:19 Ronin blockchain hit with $620 million crypto heist (lien direct) Sky Mavis’ Ronin Network, which supports its Axie Infinity game, has suffered the largest cryptocurrency theft in history. The organisation announced yesterday that the Ronin network had been hacked to the tune of 173,000 Ethereum, or roughly $594 million, and $25 million in US dollars. Comparitech has ranked the incident as the largest crypto-heist of […]
itsecurityguru.webp 2022-03-29 10:16:41 86% of organisations believe they have suffered a nation-state cyberattack (lien direct) A new study by Trellix and the Center for Strategic and International Studies (CSIS) has revealed that 86% of organisations believe they have fallen victim to a nation-state cyberattack. The research surveyed 800 IT decision-makers in Australia, France, Germany, India, Japan, the UK and US. It has also been revealed that 92% of respondents have faced, or suspect they […] Studies
itsecurityguru.webp 2022-03-29 09:47:29 US proposes healthcare cybersecurity bill (lien direct) A new bill with bipartisan support has been proposed by US lawmakers, with the intention of enhancing the cybersecurity of America’s healthcare and public health (HPH) sector. The Healthcare Cybersecurity Act (S.3904) was proposed by US senators Jacky Rosen and Bill Cassidy on Thursday. The proposal is likely a reaction to the White House warning […] ★★★★
itsecurityguru.webp 2022-03-29 09:24:28 Critically Exposed Web Apps Discovered Across Europe\'s Top Chemical Manufacturers (lien direct) New research has revealed the top Chemical Manufacturers in the EU all have concerning levels of vulnerabilities and weak spots in their attack surface. According to the 2022 Web Application Security for Manufacturers report by Outpost24, 60% of European Chemical Manufacturers had vulnerabilities that are critically exposed and open to attacks. This new industry threat […] Threat ★★★★
itsecurityguru.webp 2022-03-29 09:08:22 EU and US confirm transatlantic data flow (lien direct) The new Trans-Atlantic Data Privacy Framework, announced over the weekend by the EU and the US, signals incoming clarification as to what data flows are allowed. The announcement comes after a European court struck down the EU-US Privacy Shield one and a half years ago. The Privacy Shield agreement, which set the terms for transatlantic transfers […] ★★★
itsecurityguru.webp 2022-03-28 10:31:18 (Déjà vu) Major League Baseball players\' personal data stolen (lien direct) A third-party vendor of American Major League Baseball has been hit with a cyber-attack, resulting in the personal information of players and their family members being stolen. Horizon Actuarial Services LLC, a consulting firm based in Maryland, suffered a ransomware attack in November of last year. The company recently released a data incident notice, revealing […] Ransomware
itsecurityguru.webp 2022-03-28 10:02:02 One tenth of UK staff bypass corporate security (lien direct) A new study from Cisco has found that a tenth of UK employees actively circumvent their organisation’s security measures. The network technology company polled over 1000 UK professionals working for organisations that allow hybrid working, in order to better understand the potential security risks of the modern, flexible workplace. The research has revealed that many […]
itsecurityguru.webp 2022-03-25 16:39:11 Russia preparing to conduct cyberattacks, White House warns (lien direct) The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future, BleepingComputer reported this week. With the U.S. imposing strict sanctions against Russia and aiding Ukraine in the war, the White House is expecting the Kremlin to retaliate […]
itsecurityguru.webp 2022-03-25 16:33:36 Strong Customer Authentication (SCA): what to expect (lien direct) SCA is a new set of rules from the Financial Conduct Authority (FCA) to help protect customers from fraud when they are shopping online, UK Finance explains. With increasing amounts of purchases being made online, these new rules will help to ensure that customers are safe when shopping and their money is better protected. The changes […]
itsecurityguru.webp 2022-03-25 10:43:26 Honda bug allows hackers to unlock and start your car (lien direct) Multiple researchers disclosed a vulnerability this week that would allow nearby attackers to unlock and even start some Honda and Acura cars. To carry out the attack, threat actors would capture the R signals sent from a key fob to a car, then resending these signals to unlock the car and even start the engine […] Vulnerability Threat
itsecurityguru.webp 2022-03-24 11:29:18 Ransomware payments peaked in 2021 (lien direct) Ransomware payments reached all-time highs last year, with related data leaks and ransom demands also surging, according to Palo Alto Networks. The stats were compiled from cases worked on by the security vendor’s Unit 42 security consulting business. The 2022 Unit 42 Ransomware Threat Report published by Palo Alto Networks today claimed the average ransomware payment reached […] Ransomware Threat ★★
itsecurityguru.webp 2022-03-24 11:02:33 Researchers trace LAPSUS$ hacks to English teenager (lien direct) Cybersecurity researchers investigating the ultra-prolific LAPSUS$ group have traced the attacks to a 16 year old living at his mother’s house near Oxford, England. In a shocking turn of events, the four researchers investigating the attacks have said they believe the teenager is the mastermind behind the operation. LAPSUS$ has gained significant notoriety in the […] ★★
itsecurityguru.webp 2022-03-23 11:19:03 Anonymous leaks 10GB of Nestle Data (lien direct) The hacktivist and activist group known as Anonymous has released Nestle’s database. The move comes days after the Ukrainian President Zelensky called out the world’s largest food company for its continued relationship with Russia. Anonymous announced the breach in a tweet on Tuesday: “Hacker group Anonymous has released 10 GB of data from Swiss company […] ★★★★★
itsecurityguru.webp 2022-03-23 09:51:14 Okta confirms hack, 2.5% of customers affected (lien direct) Okta has confirmed that they were hacked by LAPSUS$ ransomware group. LAPSUS$ ransomware posted screenshots which they claimed were of Okta’s internal company environment yesterday. Today, the authentication services provider has updated a blog post confirming the breach: “After a thorough analysis of these claims, we have concluded that a small percentage of customers — […] Ransomware
itsecurityguru.webp 2022-03-22 10:49:09 AvosLocker ransomware hits critical infrastructure (lien direct) Several US authorities issued an alert warning of the threat to critical national infrastructure (CNI) providers from the AvosLocker ransomware group. The group is a ransomware-as-a-service affiliate operation known for targeting financial services, manufacturing and government entities, as well as other sectors, the report indicated. AvosLocker seems to be geographically indiscriminate, with some victims hailing […] Ransomware Threat
itsecurityguru.webp 2022-03-22 10:29:21 LAPSUS$ claims to have breached Okta (lien direct) The ultra-prolific ransomware group LAPSUS$ are now claiming to have breached Okta, an authentication services provider. The report comes after the hackers posted what they claim to be screenshots of Okta’s internal company environment. Thousands of companies rely on Okta to manage access to their networks and applications, making the possibility of a breach especially […] Ransomware
itsecurityguru.webp 2022-03-21 10:44:05 Hackers target luxury hotels in Macau (lien direct) Luxury hotels in Macau were the target of malicious spear-phishing campaigns for nearly 3 months, according to research from security researchers at Trellix. The cybersecurity firm has attributed the campaign to the aptly named DarkHotel group, building on research published by Zscaler in December 2021.  DarkHotel is believed to have been access since 2007, with […]
itsecurityguru.webp 2022-03-21 10:28:15 Hubspot breach spreads to BlockFi, Swan Bitcoin (lien direct) Hubspot, a widely used Customer Relationship Management (CRM) platform, was hacked on Friday by a threat actor accessing an employee account.  The hacker then used the account to target 30 as yet unnamed cryptocurrency stakeholders, with BlockFi and Swan Bitcoin confirming that they suffered a breach. As Hubspot is a third party vendor, the hacker […] Threat
itsecurityguru.webp 2022-03-21 09:57:32 More Conti group source code leaked (lien direct) A Ukrainian security researcher has released further source code from the Conti ransomware group in retaliation for their siding with Russia over the ongoing Russia-Ukraine conflict. Conti is a prolific ransomware operation run by Russia-based threat actors. The group has been involved in developing numerous malware families, and is considered one of the most active […] Ransomware Malware Threat
itsecurityguru.webp 2022-03-18 11:39:44 76,000 scams taken down through email reporting (lien direct) The National Cyber Security Centres’s (NCSC) Suspicious Email Reporting Service is proving successful. Over 10 million emails have been reported to the service, leading to 76,000 online scams being taken down. The service has been operating for almost two years, enabling members of the public to alert the authorities regarding potential cyberattacks and scams. Scams […] Guideline
itsecurityguru.webp 2022-03-18 11:25:52 (Déjà vu) New “initial access broker” working with Conti gang (lien direct) Google’s Threat Analysis Group (TAG) has new initial access broker that it alleges is closely affiliated to a Russian cyber-crime gang infamous for its Conti and Diavol ransomware operations. The financially motivated threat actor, dubbed Exotic Lily, has been detected exploiting a recently patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444). The exploit […] Ransomware Threat
itsecurityguru.webp 2022-03-18 09:50:50 Phishers exploit Ukraine conflict to solicit crypto (lien direct) In the wake of the Ukraine-Russia conflict, cyber-criminals have begun to impersonate legitimate aid organisations in order to steal financial donations intended for the Ukrainian people. The discovery comes from new research by managed detection and response provider, Expel. The company’s security operations centre (SOC) analysed attack vectors and incident trends for its February Attack […]
Last update at: 2024-03-28 16:12:18
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter