Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-02-05 06:00:03 |
Plex Media servers are being abused for DDoS attacks (lien direct) |
Cyber-security firm Netscout warns of new DDoS attack vector. |
|
|
|
|
2021-02-04 22:15:29 |
Google patches an actively exploited Chrome zero-day (lien direct) |
Google Chrome 88.0.4324.150 released with a fix. Users advised to update. |
|
|
|
|
2021-02-04 18:00:03 |
Google paid $6.7 million to bug bounty hunters in 2020 (lien direct) |
Sum is up from the $6.5 million the company paid security researchers a year before, in 2019. |
|
|
|
|
2021-02-04 14:00:06 |
Blockchain transactions confirm murky and interconnected ransomware scene (lien direct) |
Criminal gangs often use multiple ransomware strains and jump ship from one RaaS (Ransomware-as-a-Service) to another, seeking better deals. |
Ransomware
|
|
|
|
2021-02-04 13:36:07 |
Discord servers targeted in cryptocurrency exchange scam wave (lien direct) |
Free Bitcoin? Don't believe it. |
|
|
|
|
2021-02-04 13:19:00 |
Security firm Stormshield discloses data breach, theft of source code (lien direct) |
Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. |
|
|
|
|
2021-02-04 13:00:04 |
Cisco\'s AppDynamics debuts app performance, vulnerability management software (lien direct) |
Cisco says that clients will no longer have to “sacrifice security for velocity.” |
Vulnerability
|
|
|
|
2021-02-04 11:19:28 |
LockBit ransomware operator: \'For a cybercriminal, the best country is Russia\' (lien direct) |
A lone ransomware operator explains why they went down a criminal path. |
Ransomware
|
|
|
|
2021-02-04 09:27:29 |
Digital Defense acquired to bolster HelpSystems\' security assessment portfolio (lien direct) |
HelpSystems says the purchase will help clients improve infrastructure security. |
|
|
|
|
2021-02-04 06:00:03 |
Android devices ensnared in DDoS botnet (lien direct) |
New Matryosh botnet is targeting Android systems that have left their ADB debug interface exposed on the internet. |
|
|
|
|
2021-02-03 22:23:40 |
Google: Proper patching would have prevented 25% of all zero-days found in 2020 (lien direct) |
A quarter of all the zero-days exploited in the wild in 2020 were variations of previously patched vulnerabilities. |
Patching
|
|
|
|
2021-02-03 16:00:04 |
Cisco Meraki and Openpath launch new enterprise access, video security solution (lien direct) |
The offering combines smart camera technology with modern secure access enhancements. |
|
|
|
|
2021-02-03 14:46:00 |
Microsoft Defender ATP is detecting yesterday\'s Chrome update as a backdoor (lien direct) |
Microsoft commercial antivirus product is labeling Chrome's latest update as being infected with the Funvalget backdoor. |
|
|
|
|
2021-02-03 06:00:03 |
Mozilla expected to launch its VPN service in Germany and France in Q1 2021 (lien direct) |
Mozilla VPN is currently available in the US, the UK, Canada, New Zealand, Singapore, and Malaysia only. |
|
|
|
|
2021-02-03 01:15:19 |
Recent root-giving Sudo bug also impacts macOS (lien direct) |
A bug in the Sudo app can let attackers with access to a local system to elevate their access to a root-level account. |
|
|
|
|
2021-02-02 16:30:03 |
Google funds project to secure Apache web server project with new Rust component (lien direct) |
Funded by Google and led by the Internet Security Research Group, Apache's web server is set to receive a new Rust-based mod_ssl module. |
|
|
★★★★
|
|
2021-02-02 14:00:00 |
Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection (lien direct) |
The malware now attempts to disable Microsoft antivirus protection. |
Malware
|
|
|
|
2021-02-02 10:30:03 |
This Linux malware is hijacking supercomputers across the globe (lien direct) |
Kobalos' codebase is tiny, but its impact is not. |
Malware
|
|
|
|
2021-02-02 05:45:03 |
Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks (lien direct) |
Two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, reported as abused in the wild. |
|
|
|
|
2021-02-01 17:38:18 |
New Trickbot module uses Masscan for local network reconnaissance (lien direct) |
The new Trickbot module is used to scan local networks for other nearby systems with open ports that could be hacked for quick lateral movement inside a company. |
|
|
|
|
2021-02-01 10:30:03 |
Hacker group inserted malware in NoxPlayer Android emulator (lien direct) |
Attackers targeted only a handful of victims. Only five detected until now, in countries such as Taiwan, Hong Kong, and Sri Lanka. |
Malware
|
|
|
|
2021-02-01 09:51:20 |
Libgcrypt developers release urgent update to tackle severe vulnerability (lien direct) |
A severe heap buffer issue was found by Google Project Zero's Tavis Ormandy. |
Vulnerability
|
|
★★★★★
|
|
2021-02-01 08:46:55 |
UK Research and Innovation suffers ransomware attack (lien direct) |
The agency has suspended some services while an investigation takes place. |
Ransomware
|
|
|
|
2021-02-01 08:10:22 |
SonicWall zero-day exploited in the wild (lien direct) |
Security firm NCC Group said it detected "indiscriminate" exploitation of a mysterious SonicWall zero-day. |
|
|
|
|
2021-01-30 01:11:52 |
FonixCrypter ransomware gang releases master decryption key (lien direct) |
FonixCrypter gang claimed it shut down and deleted their ransomware's source code. |
Ransomware
|
|
|
|
2021-01-29 20:16:00 |
Google deploys Chrome mitigations against new NAT Slipstreaming attack (lien direct) |
After the discovery of NAT Slipstreaming 2.0 attack this week, Google says it will block Chrome traffic on ports 69, 137, 161, 1719, 1720, 1723, 6566, and 10080. |
|
|
|
|
2021-01-29 08:44:57 |
Electronic health records provider Athena to pay $18m settlement in kickback lawsuit (lien direct) |
Athena was accused of paying under the table to push athenaClinicals software. |
|
|
|
|
2021-01-29 06:00:04 |
Google bans another misbehaving CA from Chrome (lien direct) |
Digital certificates issued by Spanish certificate authority Camerfirma will stop working in Chrome 90, in April. |
|
|
|
|
2021-01-28 22:13:19 |
Google researcher discovers new iOS security system (lien direct) |
iOS 14 shipped with BlastDoor, a new sandbox system for processing iMessages data. |
|
|
|
|
2021-01-28 16:39:00 |
Hezbollah\'s cyber unit hacked into telecoms and ISPs (lien direct) |
Security firm Clearsky said they identified at least 250 servers hacked by Lebanese Cedar, a hacking group linked to the Hezbollah militant group. |
|
|
|
|
2021-01-28 13:10:20 |
Pirated themes and plugins are the most widespread threat to WordPress sites (lien direct) |
Wordfence says it found malware originating from a pirated WordPress theme or plugin on 206,000 sites, accounting for over 17% of all infected sites. |
Malware
Threat
|
|
|
|
2021-01-28 11:34:13 |
Utah tests the waters in turning online catfishing into a criminal act (lien direct) |
Pretending to be someone you're not online could, one day, land you in hot water. |
|
|
|
|
2021-01-28 10:12:36 |
Citrix\'s $2.3 million settlement offer for employees impacted by data breach approved (lien direct) |
Hackers lurked undetected in company systems for five months. |
Data Breach
|
|
|
|
2021-01-28 09:00:04 |
Mozilla: Racism, misinformation, anti-worker policies are \'undermining\' the Internet (lien direct) |
Mozilla's latest Internet Health report reveals an online world becoming fragmented by critical social issues. |
|
|
|
|
2021-01-28 05:45:03 |
New cybercrime tool can build phishing pages in real-time (lien direct) |
The new LogoKit phishing kit has already been spotted on more than 700 unique domains over the past month. |
Tool
|
|
|
|
2021-01-27 20:54:00 |
US and Bulgarian authorities disrupt NetWalker ransomware operation (lien direct) |
Authorities seize dark web domains, charge a Canadian, and seize $454,000 in cryptocurrency. |
Ransomware
|
|
|
|
2021-01-27 18:55:14 |
(Déjà vu) Authorities plan to mass-uninstall Emotet from infected hosts on March 25, 2021 (lien direct) |
The world's largest malware botnet will become extinct by April after today's coordinated takedown and planned clean-up operations. |
Malware
|
|
|
|
2021-01-27 18:55:00 |
Authorities plan to mass-uninstall Emotet from infected hosts on April 25, 2021 (lien direct) |
The world's largest malware botnet will become extinct by April after today's coordinated takedown and planned clean-up operations. |
Malware
|
|
|
|
2021-01-27 13:08:55 |
National Crime Agency warns novice and veteran traders alike of rise in clone company scams (lien direct) |
The NCA says these schemes have already led to the theft of over £78 million. |
|
|
|
|
2021-01-27 11:11:34 |
Fake ICO consultant sentenced for embezzling cryptocurrency now worth $20 million (lien direct) |
The US resident pretended to be an expert on investing in cryptocurrencies. |
|
|
|
|
2021-01-27 09:40:20 |
UK association defends ransomware payments in cyber insurance policies (lien direct) |
The group has been criticized for “funding” organized crime. |
Ransomware
|
|
|
|
2021-01-27 04:04:00 |
10-years-old Sudo bug lets Linux users gain root-level access (lien direct) |
The vulnerability, named "Baron Samedit," impacts most Linux distributions today. |
|
|
|
|
2021-01-26 20:42:00 |
Apple fixes another three iOS zero-days exploited in the wild (lien direct) |
Fixes come after Apple patched another set of three zero-days last November. |
|
|
|
|
2021-01-26 19:23:39 |
Four security vendors disclose SolarWinds-related incidents (lien direct) |
Mimecast, Palo Alto Networks, Qualys, and Fidelis confirmed this week they were also targeted during the SolarWinds supply chain attack. |
|
|
|
|
2021-01-26 16:31:22 |
Firefox 85 removes Flash and adds protection against supercookies (lien direct) |
Firefox now joins Chrome and Edge, both of which removed support for Flash earlier this month. |
|
|
|
|
2021-01-26 15:38:07 |
South African government releases its own browser just to re-enable Flash support (lien direct) |
For some people, it's apparently easier to manage your own browser than port some web forms from Flash to HTML. |
|
|
|
|
2021-01-26 14:00:48 |
Cybercriminals use deceased staff accounts to spread Nemty ransomware (lien direct) |
Researchers explore how 'ghost' accounts can become targets for threat actors. |
Ransomware
Threat
|
|
★★
|
|
2021-01-26 01:14:00 |
Google: North Korean hackers have targeted security researchers via social media (lien direct) |
Google TAG warns security researchers to be on the lookout when approached by unknown individuals on social media. |
|
|
|
|
2021-01-25 16:24:00 |
Dutch COVID-19 patient data sold on the criminal underground (lien direct) |
Two individuals have been arrested in the Netherlands last week for selling data from Dutch COVID-19 systems on Telegram, Snapchat and Wickr. |
|
|
|
|
2021-01-25 12:13:39 |
Data of BuyUcoin cryptocurrency exchange traders allegedly leaked online (lien direct) |
A customer update, since removed, claimed the leak was “dummy data.” |
|
|
|