Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-11-10 08:58:13 |
Chrome to block tab-nabbing attacks (lien direct) |
Firefox and Safari are already blocking these types of web attacks |
|
|
|
|
2020-11-10 06:00:04 |
New \'Ghimob\' malware can spy on 153 Android mobile applications (lien direct) |
New Ghimob Android trojan rises and evolves from Brazil to spread internationally. |
Malware
|
|
|
|
2020-11-09 23:18:13 |
(Déjà vu) Npm package caught stealing sensitive Discord and browser files (lien direct) |
Malicious code was found hidden inside a JavaScript library named Discord.dll. |
|
|
|
|
2020-11-09 20:59:00 |
Bug hunter wins \'Researcher of the Month\' award for DOD account takeover bug (lien direct) |
Severe bug would have allowed hackers to hijack DOD accounts just by modifying a few parameters in web requests sent to DOD servers. |
|
|
|
|
2020-11-09 19:13:40 |
Zoom settles FTC charges for misleading users about security features (lien direct) |
The FTC accused Zoom of misrepresenting how its call encryption features worked. |
|
|
|
|
2020-11-09 12:49:00 |
Compal, the second-largest laptop manufacturer in the world, hit by ransomware (lien direct) |
Compal factories build laptops for Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu. |
Ransomware
|
|
|
|
2020-11-09 06:00:02 |
Ransomware hits e-commerce platform X-Cart (lien direct) |
Company says it has now recovered from the attack and all customer sites are now back up. |
Ransomware
|
|
|
|
2020-11-08 16:25:12 |
Windows 10, iOS, Chrome, and many others fall at China\'s top hacking contest (lien direct) |
Winning hacker team pockets $744,500 at the Tianfu Cup, China's top hacking contest. |
|
|
|
|
2020-11-08 11:52:00 |
Yahoo Mail discontinues automatic email forwarding for free users (lien direct) |
Automatic email forwarding to be discontinued on January 1, 2021. Existing users told to get a Pro account. |
|
Yahoo
|
|
|
2020-11-07 08:00:03 |
FBI: Hackers stole source code from US government agencies and private companies (lien direct) |
FBI blames intrusions on improperly configured SonarQube source code management tools. |
|
|
|
|
2020-11-06 17:00:00 |
Linux version of RansomEXX ransomware discovered (lien direct) |
This marks the first time a major Windows ransomware strain has been ported to Linux to aid hackers in their targeted intrusions. |
Ransomware
|
|
|
|
2020-11-06 12:42:03 |
Israeli companies targeted with new Pay2Key ransomware (lien direct) |
Security firm Check Point reports what appears to be a targeted attack against Israeli companies. |
Ransomware
|
|
|
|
2020-11-06 06:00:03 |
Ransomware gangs that steal your data don\'t always delete it (lien direct) |
Coveware: Half of the Q3 2020 ransomware investigations involved data exfiltration, with cases doubling from the previous quarter. |
Ransomware
|
|
|
|
2020-11-05 19:42:18 |
Apple fixes three iOS zero-days exploited in the wild (lien direct) |
Apple has patched the three zero-days with today's release of iOS 14.2. |
|
|
|
|
2020-11-05 17:20:09 |
Italian beverage vendor Campari knocked offline after ransomware attack (lien direct) |
Campari has refused to engage with the ransomware gang and is restoring systems. |
Ransomware
|
|
|
|
2020-11-05 14:06:00 |
GitHub denies getting hacked (lien direct) |
Someone attached a copy of the GitHub Enterprise Server source code to GitHub's DMCA section, but the GitHub CEO said they mistakenly leaked that code months ago. |
|
|
|
|
2020-11-05 10:46:53 |
New APT hacking group leverages \'KilllSomeOne\' DLL side-loading (lien direct) |
A new entry into the APT scene has peppered its malware with political messages. |
Malware
|
|
|
|
2020-11-05 09:21:31 |
US, Brazilian law enforcement seize $24 million in cryptocurrency generated through online fraud (lien direct) |
Suspects involved in the scheme are being accused of defrauding investors of over $200 million. |
|
|
|
|
2020-11-05 08:33:41 |
Capcom quietly discloses cyberattack impacting email, file servers (lien direct) |
The attack forced Capcom to temporarily pull services to stop the attack from spreading. |
|
|
|
|
2020-11-05 07:35:29 |
Company that runs US illegal immigration detention centers discloses ransomware attack (lien direct) |
Data for inmates and employees at three centers in California, Florida, and Pennsylvania was exposed in a ransomware attack on August 19. |
Ransomware
|
|
|
|
2020-11-04 17:50:03 |
Russian authorities make rare arrest of malware author (lien direct) |
Malware dev made the grave error of deploying his malware inside Russia's borders. |
Malware
|
|
|
|
2020-11-04 12:25:51 |
As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor (lien direct) |
The ransomware's 'retirement' has left a hole that Egregor operators may capitalize on. |
Ransomware
|
|
|
|
2020-11-04 11:22:48 |
Police launch pilot program to tap resident Ring camera live streams (lien direct) |
The small trial could herald a wider rollout with participating residents in the future. |
|
|
|
|
2020-11-04 10:12:33 |
23,600 hacked databases have leaked from a defunct \'data breach index\' site (lien direct) |
Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September. |
|
|
|
|
2020-11-04 01:22:14 |
Toy maker Mattel discloses ransomware attack (lien direct) |
Mattel said the ransomware attack had "no material impact to [its] operations or financial condition." |
Ransomware
|
|
|
|
2020-11-04 00:30:00 |
REvil ransomware gang \'acquires\' KPOT malware (lien direct) |
Ransomware gang who claims to have earned $100 million buys the source code of the KPOT information stealer trojan for $6,500. |
Ransomware
Malware
|
|
|
|
2020-11-03 21:42:00 |
US voters targeted with robocalls telling them to stay home or vote tomorrow (lien direct) |
Robocalls have been reported in Florida, Georgia, Iowa, Kansas, Michigan, Nebraska, New York, New Hampshire, and North Carolina. |
|
|
|
|
2020-11-03 18:24:54 |
After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version (lien direct) |
Android smartphone users are advised to update Chrome to version 86.0.4240.185 or later. |
|
|
|
|
2020-11-03 17:01:52 |
Configuration snafu exposes passwords for two million marijuana growers (lien direct) |
Passwords for GrowDiaries users were stored using the weak MD5 hashing function, putting customer accounts at risk of attacks. |
|
|
|
|
2020-11-03 10:17:28 |
FireEye releases ThreatPursuit, a Windows VM for threat intel analysts (lien direct) |
ThreatPursuit VM comes packed with more than 50 tools threat intelligence analysts use to hunt adversaries. |
Threat
|
|
|
|
2020-11-03 09:41:56 |
Russian hacker jailed over botnet data scraping scheme that drained victim bank accounts (lien direct) |
Prosecutors estimate the scheme has caused financial losses of at least $100 million. |
|
|
|
|
2020-11-03 06:00:04 |
Oracle publishes rare out-of-band security update for WebLogic servers (lien direct) |
Oracle releases additional fix to patch a bug for the second time after the publication of proof-of-concept exploit code. |
|
|
|
|
2020-11-03 00:40:58 |
Adobe hires new CSO in Mark Adams to guide the company in its post-Flash era (lien direct) |
Adams served as CSO for Blizzard Entertainment for four years before joining Adobe today. |
|
|
|
|
2020-11-02 22:34:56 |
Google patches second Chrome zero-day in two weeks (lien direct) |
Google Chrome 86.0.4240.183 available for download. Patches 10 security bugs, including an actively-exploited zero-day. |
|
|
|
|
2020-11-02 21:48:06 |
Hacker group uses Solaris zero-day to breach corporate networks (lien direct) |
The zero-day appears to have been bought off a black-market website for $3,000. |
|
|
|
|
2020-11-02 20:01:47 |
Malicious npm package opens backdoors on programmers\' computers (lien direct) |
JavaScript library posing as a Twilio-related library opens backdoors to let attackers access infected workstations. |
|
|
|
|
2020-11-02 08:31:26 |
Marriott fined £18.4 million by UK watchdog over customer data breach (lien direct) |
The fine has been slashed from over £99 million originally proposed In light of the pandemic. |
Data Breach
|
|
|
|
2020-11-02 06:00:03 |
CERT/CC launches Twitter bot to give security bugs random names (lien direct) |
CERT/CC attempts to reduce the use of sensationalized vulnerability names that needlessly scare software users. |
Vulnerability
|
|
★★★★
|
|
2020-11-01 11:36:20 |
US Cyber Command exposes new Russian malware (lien direct) |
Together with CISA and the FBI, US Cyber Command wish Russian state hackers a "Happy Halloween!" |
Malware
|
|
|
|
2020-10-31 16:30:02 |
Chrome will soon have its own dedicated certificate root store (lien direct) |
Currently, Chrome uses the certificate root store part of each operating system. Google plans to manage its own list of "approved" certificates from now on, similar to Firefox. |
|
|
|
|
2020-10-30 18:29:00 |
Google discloses Windows zero-day exploited in the wild (lien direct) |
Windows zero-day (not yet patched) is used as part of an exploit chain that also includes a Chrome zero-day (already patched). |
|
|
|
|
2020-10-29 11:05:05 |
McAfee debuts remote browser isolation solution, XDR platform (lien direct) |
The company's new offerings are designed with real-time protection and incident management in mind. |
|
|
|
|
2020-10-26 22:27:31 |
Hacker steals $24 million from cryptocurrency service \'Harvest Finance\' (lien direct) |
Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds. |
|
|
|
|
2020-10-26 18:51:57 |
Adware found in 21 Android apps with more than 7 million downloads (lien direct) |
Six of the 21 apps are still available on the Google Play Store. |
|
|
|
|
2020-10-26 15:42:49 |
Over 100 irrigation systems left exposed online without a password (lien direct) |
More than half of the exposed systems are located inside Israel. |
|
|
|
|
2020-10-26 11:54:30 |
The rise of the social bandits: How politics, injustice shapes how we view hacktivism (lien direct) |
If they don't listen to us, do they deserve it? |
|
|
|
|
2020-10-26 09:09:22 |
KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others (lien direct) |
New KashmirBlack botnet is believed to have infected hundreds of thousands of websites since November 2019. |
|
|
|
|
2020-10-23 18:31:26 |
Apple notarizes six malicious apps posing as Flash installers (lien direct) |
Apple notarization process bypassed for the second time in six weeks. |
|
|
|
|
2020-10-23 15:04:27 |
Phishing groups are collecting user data, email and banking passwords via fake voter registration forms (lien direct) |
With the election window closing, phishing groups are striking the iron while it's hot. |
|
|
|
|
2020-10-23 11:52:36 |
Nvidia tackles code execution flaws, data leaks in GeForce Experience (lien direct) |
The worst of the bugs is an uncontrolled search path issue with severe, exploitable consequences. |
|
|
|