Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-01-25 11:23:45 |
DreamBus botnet targets enterprise apps running on Linux servers (lien direct) |
DreamBus botnet uses exploits and brute-force to target PostgreSQL, Redis, SaltStack, Hadoop, Spark, and others. |
|
|
|
|
2021-01-25 11:08:04 |
Tesla sues ex-employee over alleged \'brazen\' theft of confidential code, files (lien direct) |
The court case claims an engineer swiped files and then tried to delete the evidence. |
|
|
|
|
2021-01-24 12:54:55 |
Hacker leaks data of 2.28 million dating site users (lien direct) |
Data belongs to dating site MeetMindful and includes everything from real names to Facebook account tokens, and from email addresses and geo-location information. |
|
|
|
|
2021-01-23 15:45:35 |
Rogue CCTV technician spied on hundreds of customers during intimate moments (lien direct) |
Prosecutors said the technician accessed more than 200 customer CCTV systems on more than 9,600 occasions to spy on them getting naked and engaging in sexual activity. |
|
|
|
|
2021-01-23 11:29:00 |
SonicWall says it was hacked using zero-days in its own products (lien direct) |
The networking device vendor has published a series of mitigations as it's investigating the incident and preparing patches. |
|
|
|
|
2021-01-22 17:08:00 |
FSB warns of US cyberattacks after Biden administration comments (lien direct) |
Unclear if political trolling or actual fear. |
|
|
|
|
2021-01-22 15:30:03 |
As Bitcoin price surges, DDoS extortion gangs return in force (lien direct) |
Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats. |
|
|
|
|
2021-01-22 13:39:01 |
New website launched to document vulnerabilities in malware strains (lien direct) |
Launched by security researcher John Page, the new MalVuln website lists bugs in malware code. |
Malware
|
|
|
|
2021-01-22 11:27:00 |
SEC calls out dubious cryptocurrency traders, miners soliciting customers worldwide (lien direct) |
The companies mentioned are considered “misleading” or impersonators of genuine businesses. |
Guideline
|
|
|
|
2021-01-22 05:30:03 |
Windows RDP servers are being abused to amplify DDoS attacks (lien direct) |
Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks. |
|
|
|
|
2021-01-21 17:57:00 |
QNAP warns users of a new crypto-miner named Dovecat infecting their devices (lien direct) |
QNAP says the malware is targeting NAS devices with weak passwords. |
Malware
|
|
|
|
2021-01-21 16:29:00 |
Hacker leaks data of millions of Teespring users (lien direct) |
Teespring account passwords were not released. |
|
|
|
|
2021-01-21 14:00:03 |
MrbMiner crypto-mining operation linked to Iranian software firm (lien direct) |
Despite the Sophos report ousting the MrbMiner group today, the botnet is expected to continue to operate with impunity. |
|
|
|
|
2021-01-21 11:35:25 |
Automated exploit of critical SAP SolMan vulnerability detected in the wild (lien direct) |
Proof-of-concept exploit code was published last week. |
Vulnerability
|
|
★★★★★
|
|
2021-01-21 11:15:00 |
This phishing scam left thousands of stolen passwords exposed through Google search (lien direct) |
A mistake on the part of the cyberattackers led to their discovery -- and that of the data they pillaged. |
|
|
|
|
2021-01-20 16:49:00 |
NSA urges system administrators to replace obsolete TLS protocols (lien direct) |
NSA: Obsolete encryption provides a false sense of security. |
|
|
|
|
2021-01-20 11:59:00 |
Interpol warns of romance scam artists using dating apps to promote fake investments (lien direct) |
Matches lead victims not to love, but to fake money-making apps, instead. |
Guideline
|
|
|
|
2021-01-20 06:00:03 |
A Chinese hacking group is stealing airline passenger details (lien direct) |
Chinese hackers are gathering passenger details from airlines across the world to track high-value targets' movements. |
|
|
|
|
2021-01-19 19:02:00 |
Malwarebytes said it was hacked by the same group who breached SolarWinds (lien direct) |
Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike. |
|
|
|
|
2021-01-19 17:17:00 |
Google Chrome 88 released with no Flash, bringing an end to an era (lien direct) |
Besides removing Flash, Google has also removed support for FTP links (ftp://) as well. |
|
|
|
|
2021-01-19 14:00:04 |
FireEye releases tool for auditing networks for techniques used by SolarWinds hackers (lien direct) |
New Azure AD Investigator is now available via GitHub. |
Tool
|
|
|
|
2021-01-19 12:46:36 |
Livecoin slams its doors shut after failing to recover from hack, financial loss (lien direct) |
The exchange suffered an alleged cyberattack last month. |
|
|
|
|
2021-01-19 12:00:05 |
Fourth malware strain discovered in SolarWinds incident (lien direct) |
Symantec said it identified Raindrop, the fourth malware strain used in the SolarWinds breach, after Sunspot, Sunburst, and Teardrop. |
Malware
|
Solardwinds
|
|
|
2021-01-19 12:00:05 |
DNSpooq lets attackers poison DNS cache records (lien direct) |
Network administrators urged to apply the latest Dnsmasq updates to prevent the new DNSpooq attacks. |
|
|
|
|
2021-01-19 11:00:03 |
New FreakOut botnet targets Linux systems running unpatched software (lien direct) |
The botnet comes with features that can be used for DDoS attacks, ARP poisoning, hidden crypto-mining, launching brute-force attacks, and more. |
|
|
|
|
2021-01-19 10:54:29 |
US President Trump orders security assessment for Chinese-made drones (lien direct) |
Drones sourced from “foreign adversaries” could be removed from federal activities. |
|
|
|
|
2021-01-18 20:10:20 |
OpenWRT reports data breach after hacker gained access to forum admin account (lien direct) |
The OpenWRT wiki, which contains the official download links, was not compromised, the project said. |
Data Breach
|
|
|
|
2021-01-18 12:09:53 |
UK police warn of sextortion attempts in intimate online dating chats (lien direct) |
There are people out there trying to take advantage of the only way to date during a pandemic. |
|
|
|
|
2021-01-18 05:30:03 |
Multiple backdoors and vulnerabilities discovered in FiberHome routers (lien direct) |
At least 28 backdoor accounts found in FiberHome FTTH ONT routers. |
|
|
|
|
2021-01-18 04:44:00 |
GDPR: German laptop retailer fined €10.4m for video-monitoring employees (lien direct) |
NBB (notebooksbilliger.de) described the GDPR fine "as wrong as it is irresponsible." |
|
|
|
|
2021-01-16 18:26:00 |
DuckDuckGo surpasses 100 million daily search queries for the first time (lien direct) |
DuckDuckGo reaches historic milestone in a week when both Signal and Telegram saw a huge influx of new users. |
|
|
|
|
2021-01-16 02:56:16 |
Iconic BugTraq security mailing list shuts down after 27 years (lien direct) |
BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities. |
|
|
|
|
2021-01-15 23:23:00 |
Joker\'s Stash, the internet\'s largest carding forum, is shutting down (lien direct) |
Joker's Stash to shut down on February 15, 2021. |
|
|
|
|
2021-01-15 18:28:17 |
Linux Mint fixes screensaver bypass discovered by two kids (lien direct) |
Two children playing on their dad's computer accidentally found a way to bypass the screensaver and access locked systems. |
|
|
|
|
2021-01-15 10:47:49 |
Toyota slapped with $180 million fine for violating Clean Air Act (lien direct) |
Prosecutors say Toyota failed to comply with the law for a decade. |
|
|
|
|
2021-01-15 04:45:28 |
More than 10mil users installed Android apps that showed out-of-context ads (lien direct) |
Google has removed all 164 offending Android apps from its official Play Store. |
|
|
|
|
2021-01-14 23:50:26 |
NSA warns against using DoH inside enterprise networks (lien direct) |
The NSA urges companies to host their own DoH resolvers and avoid sending DNS traffic to third-parties. |
|
|
|
|
2021-01-14 20:16:00 |
Facebook sues two Chrome extension devs for scraping user data (lien direct) |
Facebook filed a lawsuit today in Portugal against browser extension maker Oink and Stuff. |
|
|
|
|
2021-01-14 20:03:28 |
SolarWinds defense: How to stop similar attacks (lien direct) |
The Linux Foundation, which knows a thing or two about building secure software, has suggestions on how we can avoid SolarWinds type attacks in the future. It won't be easy. But it must be done. |
|
|
|
|
2021-01-14 16:14:57 |
Cisco says it won\'t patch 74 security bugs in older RV routers that reached EOL (lien direct) |
Cisco advises RV110W, RV130, RV130W, and RV215W device owners to migrate to newer gear. |
|
|
|
|
2021-01-14 13:32:34 |
Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs (lien direct) |
The ContentFilterExclusionList has been removed in macOS 11.2 beta 2. |
|
|
|
|
2021-01-14 13:28:50 |
Trump ban: No \'moment for celebration\' in the eyes of Twitter chief (lien direct) |
Analysis: Twitter CEO Jack Dorsey has highlighted how enmeshed private companies, politics, and public safety have become. |
|
|
|
|
2021-01-14 11:00:00 |
Scam-as-a-Service operation made more than $6.5 million in 2020 (lien direct) |
"Classiscam" operation is made up of around 40 groups operating in the US and across several European countries. |
|
|
|
|
2021-01-14 09:24:37 |
Ring trials customer video end-to-end encryption for smart doorbells (lien direct) |
The security feature will be opt-in for users that want to encrypt their video feeds. |
|
|
|
|
2021-01-13 18:48:03 |
Iranian cyberspies behind major Christmas SMS spear-phishing campaign (lien direct) |
Iranian hackers managed to successfully hide URLs to phishing sites behind legitimate google.com links. |
|
|
|
|
2021-01-13 14:02:46 |
TikTok tightens up privacy controls for young users (lien direct) |
The default privacy setting for young users will now be set to private. |
|
|
|
|
2021-01-13 11:42:51 |
RG Coins cryptocurrency exchange owner lands 10 years behind bars for money laundering (lien direct) |
Prosecutors uncovered fake auctions, scammed customers, and a web of cash-to-cryptocurrency schemes. |
|
|
|
|
2021-01-13 10:13:38 |
Adobe fixes critical code execution vulnerabilities in 2021\'s first major patch round (lien direct) |
Seven different products have received fixes during January's security update. |
|
|
|
|
2021-01-12 19:59:00 |
Google reveals sophisticated Windows & Android hacking operation (lien direct) |
The attackers used a combination of Android, Chrome, and Windows vulnerabilities, including both zero-days and n-days exploits. |
|
|
|
|
2021-01-12 18:18:00 |
Microsoft fixes Defender zero-day in January 2021 Patch Tuesday (lien direct) |
Microsoft fixes 83 security bugs in the January 2021 Patch Tuesday releases. |
|
|
|