Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-12-18 13:34:58 |
NSA warns of federated login abuse for local-to-cloud attacks (lien direct) |
The US National Security Agency describes two techniques abused in recent attacks for escalating attacks from local networks to cloud infrastructure. |
|
|
|
|
2020-12-18 03:59:45 |
Microsoft says it identified 40+ victims of the SolarWinds hack (lien direct) |
Microsoft says 80% of the victims it identified were located in the United States. |
Hack
|
|
|
|
2020-12-17 23:46:00 |
Microsoft was also breached in recent SolarWinds supply chain hack, report (lien direct) |
Report claims that after hackers breached Microsoft, they used Microsoft's own products to attack other companies. |
|
|
|
|
2020-12-17 16:20:20 |
Ad-blocker AdGuard deploys world\'s first DNS-over-QUIC resolver (lien direct) |
DNS-over-QUIC, or DoQ, is viewed as a superior, faster, and more private version of the DNS protocol, even DoH and DoT. |
|
|
|
|
2020-12-17 12:29:01 |
This \'off the shelf\' Tor backdoor malware is now a firm favorite with ransomware operators (lien direct) |
SystemBC is making its mark as a popular tool used in high-profile ransomware campaigns. |
Ransomware
Malware
Tool
|
|
|
|
2020-12-17 11:00:00 |
IBM launches experimental homomorphic data encryption environment for the enterprise (lien direct) |
Is it possible for fully homomorphic encryption to be a “game-changer” for data privacy? IBM intends to find out. |
|
|
|
|
2020-12-17 06:39:54 |
Phobos launches Orbital, a tool for finding attack pathways and entry points into your network (lien direct) |
After months of work, teasing, and planning, Phobos Orbital is out of beta and available for trials. |
Tool
|
|
|
|
2020-12-17 02:30:32 |
Three million users installed 28 malicious Chrome or Edge extensions (lien direct) |
Extensions could redirect users to ads, phishing sites, collect user data, or download malware on infected systems. |
Malware
|
|
|
|
2020-12-16 22:29:16 |
FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay (lien direct) |
FBI says ransomware group has been calling victims, threatening to send individuals to their homes if they don't pay the ransom. |
Ransomware
|
|
|
|
2020-12-16 13:00:04 |
FICO launches cryptocurrency trade risk solution for banks (lien direct) |
The software will bring crypto risk assessment to KYC processes. |
|
|
|
|
2020-12-16 05:01:04 |
New Goontact spyware discovered targeting Android and iOS users (lien direct) |
Most Goontact-laced apps are targeting Asian users in Chinese speaking countries, Korea, and Japan. |
|
|
|
|
2020-12-16 03:04:57 |
SolarWinds said no other products were compromised in recent hack (lien direct) |
SolarWinds has released today updates that "replaces the compromised component" in its Orion platform. |
Hack
|
|
|
|
2020-12-16 00:17:59 |
Microsoft to quarantine SolarWinds apps linked to recent hack starting tomorrow (lien direct) |
After only showing detection alerts, Microsoft moves to block trojanized SolarWinds apps from running, opening the door for some IT issues for some of its customers. |
Hack
|
|
|
|
2020-12-15 20:18:00 |
Microsoft and industry partners seize key domain used in SolarWinds hack (lien direct) |
By seizing the domain, Microsoft and its partners hope to identify all victims, but are also preventing attackers from escalating intrusions in currently infected networks. |
Hack
|
|
|
|
2020-12-15 13:35:00 |
Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems (lien direct) |
AIR-FI technique can send stolen data at speeds of up to 100 b/s to Wi-Fi receivers at a distance of a few meters. |
|
|
|
|
2020-12-15 11:03:33 |
Pornhub suspends over 10 million videos to eradicate illegal content (lien direct) |
Roughly 13.5 million videos hosted on Pornhub are now reduced to only 2.9 million. |
|
|
|
|
2020-12-14 17:36:00 |
SEC filings: SolarWinds says 18,000 customers were impacted by recent hack (lien direct) |
In SEC documents filed today, SolarWinds said it notified 33,000 customers of its recent hack, but that only 18,000 used a trojanized version of its Orion platform. |
Hack
|
|
|
|
2020-12-14 04:02:30 |
(Déjà vu) FireEye confirms SolarWinds supply chain attack (lien direct) |
Known victims so far include the US Treasury, the US NTIA, and FireEye itself. |
|
|
|
|
2020-12-14 04:02:00 |
Microsoft, FireEye confirm SolarWinds supply chain attack (lien direct) |
Known victims so far include the US Treasury, the US NTIA, and FireEye itself. |
|
|
|
|
2020-12-13 07:50:03 |
PgMiner botnet attacks weakly secured PostgreSQL databases (lien direct) |
Only PostgreSQL databases running on Linux servers have been attacked so far. |
|
|
|
|
2020-12-11 20:31:07 |
Zero-day in WordPress SMTP plugin abused to reset admin account passwords (lien direct) |
A patch has been released earlier this week but many WordPress sites remained unpatched -as usual. |
|
|
|
|
2020-12-11 10:58:10 |
Mastercard, Visa cut card payment ties with Pornhub over child abuse, illegal content allegations (lien direct) |
Mastercard has terminated services whereas Visa has placed a temporary hold on card payments. |
|
|
|
|
2020-12-11 09:27:49 |
Critical CSRF vulnerability found on Glassdoor company review platform (lien direct) |
The critical flaw impacted both job seeker and employer accounts on the web domain. |
Vulnerability
|
|
|
|
2020-12-11 06:00:03 |
CISA and FBI warn of rise in ransomware attacks targeting K-12 schools (lien direct) |
The percentage of ransomware attacks against K-12 schools increased at the beginning of the 2020 school year |
Ransomware
|
|
|
|
2020-12-11 01:56:06 |
Facebook doxes APT32, links Vietnam\'s primary hacking group to local IT firm (lien direct) |
Facebook suspends accounts linked to APT32, says the group used its platform to spread malware. |
|
APT 32
|
|
|
2020-12-10 22:40:39 |
Tech unicorn UiPath discloses data breach (lien direct) |
EXCLUSIVE: UiPath admits to accidentally exposing a sensitive file containing the personal details of some of its registered users. |
Data Breach
|
|
|
|
2020-12-10 20:57:27 |
Chinese APT suspected of supply chain attack on Mongolian government agencies (lien direct) |
Chinese hackers have compromised the update mechanism of a chat app used by hundreds of Mongolian government agencies. |
|
|
|
|
2020-12-10 18:37:42 |
Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox (lien direct) |
Microsoft says that at its peak, Adrozek had controlled more than 30,000 devices a day. |
Malware
|
Adrozek
|
|
|
2020-12-10 16:40:36 |
Pwnie Awards 2020 winners include Zerologon, CurveBall, Checkm8, BraveStarr attacks (lien direct) |
The cybersecurity community voted for the best bugs and vulnerabilities discovered over the past year. |
|
|
|
|
2020-12-10 14:07:11 |
Romania to host the EU\'s new cybersecurity research hub (lien direct) |
Romania's capital, Bucharest, was selected as host for the EU's future cybersecurity research hub. |
|
|
|
|
2020-12-10 12:36:18 |
Proof-of-concept exploit code published for new Kerberos Bronze Bit attack (lien direct) |
The Kerberos Bronze Bit attack can allow intruders to bypass authentication and access sensitive network services. |
|
|
|
|
2020-12-10 09:52:12 |
njRAT Trojan operators are now using Pastebin as alternative to central command server (lien direct) |
Avoiding C2 infrastructure could help hackers avoid detection. |
|
|
|
|
2020-12-10 08:01:44 |
Remote code execution vulnerability uncovered in Starbucks mobile platform (lien direct) |
The researcher's report revealed multiple endpoints vulnerable to the same flaw. |
Vulnerability
|
|
|
|
2020-12-10 03:29:02 |
Hackers are selling more than 85,000 SQL databases on a dark web portal (lien direct) |
The hackers are breaking into SQL databases, stealing their content, holding it for ransom for 9 days, and then selling them to the highest bidder if the DB owner doesn't want to ransom their content back. |
|
|
|
|
2020-12-09 23:29:59 |
Adobe to block Flash content from running on January 12, 2021 (lien direct) |
Adobe releases final Flash update with stronger language asking users to uninstall the app before its EOL. |
|
|
|
|
2020-12-09 20:59:57 |
Google open-sources Atheris, a tool for finding security bugs in Python code (lien direct) |
Atheris helps developers find bugs in Python-based codebases using a technique called fuzzing. |
Tool
|
|
|
|
2020-12-09 17:27:00 |
EU agency in charge of COVID-19 vaccine approval says it was hacked (lien direct) |
The European Medicines Agency (EMA) says it's investigating a recent cyber-attack. |
|
|
|
|
2020-12-09 13:12:01 |
Hackers hide web skimmer inside a website\'s CSS files (lien direct) |
Previously, security researchers found web skimmers (Magecart scripts) inside favicons, site logos, live chat windows, and, most recently, in social media sharing buttons. |
|
|
|
|
2020-12-09 10:40:00 |
Oblivious DoH: Cloudflare supports new privacy, security-focused DNS standard (lien direct) |
Test clients for the new standard have been released to the open source community. |
|
|
|
|
2020-12-09 07:49:49 |
Adobe security update squashes critical vulnerabilities in Lightroom, Prelude (lien direct) |
Adobe's last major patch round of 2020 has dealt with arbitrary code and JavaScript execution bugs. |
|
|
|
|
2020-12-09 02:40:05 |
Four sentenced to prison for planting malware on 20 million Gionee smartphones (lien direct) |
Chinese quartet conspired to plant a malicious SDK inside an app that came preinstalled on Gionee devices. |
Malware
|
|
|
|
2020-12-08 21:54:00 |
FireEye, one of the world\'s largest security firms, discloses security breach (lien direct) |
FireEye suspects it was the victim of a nation-state hacking group. |
|
|
|
|
2020-12-08 17:30:00 |
GitHub rolls out dependency review, vulnerability alerts for pull requests (lien direct) |
The aim is to prevent vulnerable code from being added to dependencies by accident. |
Vulnerability
|
|
|
|
2020-12-08 17:00:03 |
Accounts with default creds found in 100+ GE medical device models (lien direct) |
GE Healthcare is embarking on a massive effort to help healthcare providers reconfigure vulnerable devices. |
|
|
|
|
2020-12-08 14:42:06 |
Norway says Russian hacking group APT28 is behind August 2020 Parliament hack (lien direct) |
Russian hackers breached the Norway's Parliament email accounts in August this year. |
Hack
|
APT 28
|
|
|
2020-12-08 12:47:46 |
Amnesia:33 vulnerabilities impact millions of smart and industrial devices (lien direct) |
Security researchers have identified 33 security flaws in four open-source TCP/IP stacks used across a wide range of smart products. |
|
|
|
|
2020-12-08 10:27:05 |
Police officer abused vehicle database to track down women drivers (lien direct) |
A court dismissed the idea that he did so to contact women for an Instagram comic project, or that this is in any way justifiable. |
|
|
|
|
2020-12-07 21:42:31 |
BTC-e founder sentenced to five years in prison for laundering ransomware funds (lien direct) |
French prosecutors weren't able to prove that Vinnik was also involved in the distribution of the Locky ransomware. |
Ransomware
|
|
|
|
2020-12-07 18:21:56 |
Hacker opens 2,732 PickPoint package lockers across Moscow (lien direct) |
PickPoint says this is the world's first targeted cyberattack against a post-gateway network. |
|
|
|
|
2020-12-07 15:17:02 |
NortonLifeLock buys Avira in $360 million cash deal (lien direct) |
Avira acquisitions brings 30M+ active devices to the Norton family, 1.5M paying customers. |
|
|
|