Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-11-21 20:25:18 |
(Déjà vu) Manchester United football club discloses security breach (lien direct) |
Football club said it's not "currently aware of any breach of personal data associated with our fans or customers." |
|
|
|
|
2020-11-21 08:00:03 |
Botnets have been silently mass-scanning the internet for unsecured ENV files (lien direct) |
Threat actors are looking for API tokens, passwords, and database logins usually stored in ENV files. |
Threat
|
|
|
|
2020-11-20 17:55:35 |
Drupal sites vulnerable to double-extension attacks (lien direct) |
The 90s called. They want their vulnerability back. |
Vulnerability
|
|
|
|
2020-11-20 14:19:03 |
Two Romanians arrested for running three malware services (lien direct) |
The two ran two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan. |
Malware
|
|
|
|
2020-11-20 05:45:03 |
The malware that usually installs ransomware and you need to remove right away (lien direct) |
If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems. |
Ransomware
Malware
|
|
|
|
2020-11-19 19:55:00 |
Facebook Messenger bug could have allowed hackers to spy on users (lien direct) |
The now-patched Messenger bug could have allowed callers to connect audio calls without the callee's knowledge or approval. |
|
|
|
|
2020-11-19 15:59:00 |
LidarPhone attack converts smart vacuums into microphones (lien direct) |
LidarPhone attack works by converting a smart vacuum's LiDAR navigational component into a laser microphone. |
|
|
|
|
2020-11-19 09:27:48 |
New Grelos skimmer variant reveals overlap in Magecart group activities, malware infrastructure (lien direct) |
The discovery of a new skimmer variant reveals the difficulties associated with tracking separate Magecart campaigns. |
Malware
|
|
|
|
2020-11-19 09:00:03 |
Fearing drama, Mozilla opens public consultation before worldwide Firefox DoH rollout (lien direct) |
Mozilla wants to enable DNS-over-HTTPS (DoH) in Firefox for all users worldwide, but wants to hear from ISPs, governments, and companies beforehand. |
|
|
|
|
2020-11-18 19:08:52 |
Starting next year, Chrome extensions will show what data they collect from users (lien direct) |
Google will add a "Privacy practices" section on each Chrome extension's Web Store page listing what data they collect from users and what the developer plans to do with it. |
|
|
|
|
2020-11-18 17:00:04 |
Cisco Webex bugs allow attackers to join meetings as ghost users (lien direct) |
Attackers can join Webex meetings as ghost users, and even remain inside rooms after getting kicked. |
|
|
|
|
2020-11-18 16:17:33 |
Liquid crypto-exchange says hacker accessed internal network, stole user data (lien direct) |
Liquid admins said the intrusion was detected before any funds were stolen. |
|
|
|
|
2020-11-18 12:00:03 |
The worst passwords of 2020 show we are just as lazy about security as ever (lien direct) |
Can't we do any better than “123456”? |
|
|
|
|
2020-11-18 11:51:08 |
Amazon Web Services\' new Network Firewall solution rolls out (lien direct) |
The firewall solution is aimed at securing virtual networks and AWS workloads. |
|
|
|
|
2020-11-18 11:08:39 |
Hacking group exploits ZeroLogon in automotive, industrial attack wave (lien direct) |
A massive campaign is underway around the globe, with automotive, pharmaceutical and engineering entities top targets. |
|
|
|
|
2020-11-18 09:33:22 |
Capcom confirms Ragnar Locker ransomware attack, data exposure (lien direct) |
Customer, employee, and shareholder information is potentially embroiled in the leak. |
Ransomware
|
|
|
|
2020-11-18 05:00:04 |
Chaes malware strikes customers of Latin America\'s largest e-commerce platform (lien direct) |
The new malware strain is being deployed in attacks against MercadoLivre users. |
Malware
|
|
|
|
2020-11-18 00:32:00 |
Trump fires CISA Director Chris Krebs (lien direct) |
Trump fires the CISA Director over a recent statement calling the recent presidential election the most secure in US history. |
|
|
|
|
2020-11-18 00:32:00 |
Trump fires CISA boss Chris Krebs (lien direct) |
Rumors that President Trump was planning to fire CISA's top official started circulating last week after the White House discovered that CISA officials have been debunking "election fraud" rumors often started by the President. |
|
|
|
|
2020-11-17 22:46:00 |
Ransomware attack forces web hosting provider Managed.com to take servers offline (lien direct) |
Ransomware attack on Managed.com appears to have taken place on Monday, November 16. |
Ransomware
|
|
|
|
2020-11-17 17:00:00 |
Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation (lien direct) |
Support for FTP links will be disabled for 50% of Chrome 87 users, with a complete removal scheduled for Chrome 88. |
|
|
|
|
2020-11-17 14:00:00 |
Researchers warn of internet security risks connected to Tesla Backup Gateway (lien direct) |
Hundreds of Tesla gateway systems have been found, exposed and open, online. |
|
|
|
|
2020-11-17 12:42:09 |
Firefox 83 released with \'HTTPS-Only Mode\' that only loads HTTPS sites (lien direct) |
Mozilla expects that HTTPS-Only Mode will soon become the default browsing state for most web browsers. |
|
|
|
|
2020-11-17 11:11:00 |
Cryptocurrency platform dangles \'bug bounty\' carrot to hacker who stole $2 million (lien direct) |
Akropolis has not yet gone to law enforcement, giving the hacker time to consider the proposal. |
|
|
|
|
2020-11-17 09:00:04 |
More than 200 systems infected by new Chinese APT \'FunnyDream\' (lien direct) |
New Chinese APT discovered targeting Southeast Asian governments. |
|
|
|
|
2020-11-17 06:00:03 |
More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug (lien direct) |
Millions of computers and servers across the globe remain unpatched for some of today's most dangerous bugs. |
|
|
|
|
2020-11-16 19:21:00 |
New Zoom feature can alert room owners of possible Zoombombing disruptions (lien direct) |
The new "At-Risk Meeting Notifier" Zoom feature scans the internet and alerts conference organizers when a link to their Zoom meeting has been posted online. |
|
|
|
|
2020-11-16 13:20:24 |
The ransomware landscape is more crowded than you think (lien direct) |
More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. |
Ransomware
|
|
|
|
2020-11-16 10:30:03 |
Lazarus malware strikes South Korean supply chains (lien direct) |
The malware is passing security checks through the abuse of stolen software certificates. |
Malware
|
APT 38
|
|
|
2020-11-13 15:33:53 |
Hacker steals $2 million from cryptocurrency service Akropolis (lien direct) |
Cryptocurrency borrowing and lending service Akropolis said it suffered a "flash loan" attack. |
|
|
|
|
2020-11-13 14:00:00 |
Microsoft says three APTs have targeted seven COVID-19 vaccine makers (lien direct) |
The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium. |
Medical
|
APT 38
APT 28
APT 43
|
|
|
2020-11-13 10:28:38 |
Chainalysis launches program to manage cryptocurrency seized by law enforcement (lien direct) |
The program will monitor and store virtual coins confiscated in criminal cases. |
|
|
|
|
2020-11-13 10:02:07 |
Amazon files lawsuit against Instagram, TikTok influencers over \'dupe\' sales scam (lien direct) |
The company claims influencers worked together to promote fake products listed on Amazon's platform. |
|
|
|
|
2020-11-13 05:40:03 |
Info of 27.7 million Texas drivers exposed in Vertafore data breach (lien direct) |
Vertafore blames incident on human error after user data was stored on an unsecured external storage service. The files were accessed by an external party. |
Data Breach
|
|
|
|
2020-11-13 00:07:00 |
Australian government warns of possible ransomware attacks on health sector (lien direct) |
The ACSC says it has seen an uptick in attacks targeting the health sector with SDBBot, a known precursor of the Clop ransomware. |
Ransomware
|
|
|
|
2020-11-12 20:48:30 |
BlackBerry discovers new hacker-for-hire mercenary group (lien direct) |
CostaRicto is the fifth hacker-for-hire mercenary group discovered this year. |
|
|
|
|
2020-11-12 13:58:14 |
Comodo open-sources its EDR solution (lien direct) |
OpenEDR, announced in September, is available on GitHub starting this week. |
|
|
|
|
2020-11-12 11:40:43 |
KuCoin CEO says 84% of stolen cryptocurrency has been recovered (lien direct) |
Estimates suggest millions of dollars in cryptocurrency could still be outstanding. |
|
|
|
|
2020-11-12 10:32:49 |
New ModPipe malware targets hospitality, hotel point of sale systems (lien direct) |
The backdoor has been created to target PoS devices actively used by thousands of hotels and restaurants. |
Malware
|
|
|
|
2020-11-12 05:20:03 |
Microsoft urges users to stop using phone-based multi-factor authentication (lien direct) |
Microsoft recommends using app-based authenticators and security keys instead. |
|
|
|
|
2020-11-11 22:40:00 |
Google patches two more Chrome zero-days (lien direct) |
Google has now patched five Chrome zero-days in three weeks. |
|
|
|
|
2020-11-11 18:32:18 |
Recent ransomware wave targeting Israel linked to Iranian threat actors (lien direct) |
Israeli companies have seen an uptick in attacks and successful infections with the Pay2Key and WannaScream ransomware. |
Ransomware
Threat
|
|
|
|
2020-11-11 15:50:26 |
Play Store identified as main distribution vector for most Android malware (lien direct) |
Mammoth research project using Symantec (now NortonLifeLock) telemetry confirms what everyone suspected. |
Malware
|
|
|
|
2020-11-11 12:59:41 |
Palo Alto Networks acquires attack surface manager Expanse in $800m deal (lien direct) |
Expanse's platform will be added to the Cortex product suite. |
|
|
|
|
2020-11-11 11:31:42 |
Avast warns of Minecraft skin, mod apps fleecing \'millions\' of Android users (lien direct) |
Ridiculously expensive subscriptions are costing users as much as $120 per month. |
|
|
|
|
2020-11-11 08:23:29 |
Adobe releases new security fixes for Connect, Reader Mobile (lien direct) |
This month's update is small in comparison to last month's flurry of emergency fixes. |
|
|
|
|
2020-11-11 06:00:03 |
Facebook link preview feature used as a proxy in website-scraping scheme (lien direct) |
Mysterious groups have been scraping data from internet sites by abusing Facebook's link preview feature, using Facebook API servers as proxies to avoid getting blacklisted. |
|
|
|
|
2020-11-10 18:27:00 |
Microsoft November 2020 Patch Tuesday arrives with fix for Windows zero-day (lien direct) |
The Microsoft November 2020 Patch Tuesday fixes 112 vulnerabilities, 24 of which are remote code execution (RCE) bugs. |
|
|
|
|
2020-11-10 18:00:00 |
New Platypus attack can steal data from Intel CPUs (lien direct) |
Intel has released microcode updates today to prevent attackers from abusing the Intel RAPL mechanism to steal sensitive data from its CPUs. |
|
|
|
|
2020-11-10 13:34:42 |
Critical privilege escalation bugs squashed in WordPress Ultimate Member plugin (lien direct) |
The vulnerabilities impacted roughly 100,000 websites. |
|
|
|