Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-10-05 09:31:18 |
Misconfigured, old Airflow instances leak Slack, AWS credentials (lien direct) |
Unprotected instances are exposing secrets across industries including IT, health, and cybersecurity. |
|
|
|
|
2021-10-04 11:50:29 |
Fraudster jailed for stealing US military health records, millions in benefits (lien direct) |
Military benefit fraud was the goal of a transnational criminal ring. |
|
|
|
|
2021-10-01 11:30:33 |
Chief exec of cybersecurity Group-IB arrested on treason charge (lien direct) |
Group-IB maintains the CEO is innocent. |
|
|
|
|
2021-10-01 09:55:31 |
Android, Java bug bunting tool Mariana Trench goes open source (lien direct) |
Mariana Trench originated as an internal Facebook tool. |
Tool
|
|
|
|
2021-09-30 15:30:00 |
Proxy Phantom: Fraud rings flood online merchants with credential stuffing attacks (lien direct) |
Over 1.5 million stolen credential sets are being used by one fraud operation. |
|
|
|
|
2021-09-30 12:00:14 |
Fears surrounding Pegasus spyware prompt new Trojan campaign (lien direct) |
Criminals hope that the lure of a promise to protect you from spyware will make you click that link. |
|
|
|
|
2021-09-29 23:01:02 |
Researchers discover bypass \'bug\' in iPhone Apple Pay, Visa to make contactless payments (lien direct) |
The security issue relates to Visa and Apple's transmit mode. |
|
|
|
|
2021-09-29 15:17:28 |
Tomiris backdoor discovery linked to Sunshuttle, DarkHalo hackers (lien direct) |
Another backdoor has been tentatively linked to the hackers behind SolarWinds. |
|
|
|
|
2021-09-29 13:00:02 |
This dangerous mobile Trojan has stolen a fortune from over 10 million victims (lien direct) |
Researchers say the infections are generating millions of dollars a month in recurring revenue. |
|
|
|
|
2021-09-29 10:49:12 |
Akamai acquires cybersecurity firm Guardicore for $600 million (lien direct) |
Guardicore's zero-trust solutions brought it to the attention of the CDN. |
|
|
|
|
2021-09-29 10:29:45 |
Google launches new reward program for Tsunami Security Scanner (lien direct) |
The program offers up to $3,133 in financial rewards. |
|
|
|
|
2021-09-29 09:00:02 |
Telegram bots are trying to steal your one-time passwords (lien direct) |
The tokens can be used to shred second-stage account verification. |
|
|
|
|
2021-09-28 15:09:00 |
FinSpy surveillance malware is now spreading through UEFI bootkits (lien direct) |
The spyware had previously been associated with malicious installers and MBR bootkits. |
Malware
|
|
|
|
2021-09-28 08:00:02 |
Scalper bots are now targeting graphics card vendors (lien direct) |
Concert tickets are no longer the most coveted items on a reseller's list. |
|
|
|
|
2021-09-24 09:45:00 |
FBI arrests 75-year-old for allegedly placing pipe bombs outside phone, carrier stores (lien direct) |
The suspect was reportedly upset over handsets being used to spread "immoral content." |
|
|
|
|
2021-09-23 09:36:00 |
New advanced hacking group targets governments, engineers worldwide (lien direct) |
The APT was one of many groups that took part in the Microsoft Exchange Server hacks. |
|
|
|
|
2021-09-22 13:16:42 |
This cryptocurrency miner is exploiting the new Confluence remote code execution bug (lien direct) |
It didn't take long for CVE-2021-26084 to be added to exploit kits. |
|
|
|
|
2021-09-22 13:15:33 |
Microsoft Autodiscover abused to collect web requests, credentials (lien direct) |
Researchers were able to exploit a protocol design feature on a vast scale. |
|
|
|
|
2021-09-21 13:00:09 |
HackerOne expands Internet Bug Bounty project to tackle open source bugs (lien direct) |
Open source code is used by most companies. It's time to improve its security. |
|
|
|
|
2021-09-21 12:00:00 |
Turla hacking group launches new backdoor in attacks against US, Afghanistan (lien direct) |
The Russian cyberattackers are using the new module to become more stealthy. |
|
|
|
|
2021-09-21 10:00:02 |
Siemens launches AI solution to fight industrial cybercrime (lien direct) |
Eos.ii will monitor for threats against industrial IoT endpoints and platforms. |
|
|
|
|
2021-09-20 11:04:48 |
Facebook rebukes WSJ over investigation on the platform\'s ability to harm, \'toxic\' impact (lien direct) |
Facebook says the series contains "deliberate mischaracterizations." |
|
|
|
|
2021-09-17 10:10:00 |
This banking Trojan abuses YouTube to manage remote settings (lien direct) |
The spam-spread malware is another headache for Latin America in the cybersecurity realm. |
Malware
|
|
|
|
2021-09-17 09:06:46 |
Cyberattacks against the aviation industry linked to Nigerian threat actor (lien direct) |
The investigation began after a Microsoft tweet concerning AsyncRAT. |
Threat
|
|
|
|
2021-09-16 13:00:15 |
New Go malware Capoae targets WordPress installs, Linux systems (lien direct) |
Capoae highlights the increase of cyberattacks designed to deploy cryptocurrency-mining payloads. |
Malware
|
|
|
|
2021-09-15 10:55:11 |
Cybercriminals recreate Cobalt Strike in Linux (lien direct) |
The new malware strain has gone unnoticed by detection tools. |
Malware
|
|
|
|
2021-09-15 10:00:02 |
Two-thirds of cloud attacks could be stopped by checking configurations, research finds (lien direct) |
IBM says that over half of cloud security breaches are caused by issues simple to rectify. |
|
|
|
|
2021-09-15 09:27:30 |
Meris botnet assaults KrebsOnSecurity (lien direct) |
The botnet appears to be made up of compromised routers. |
|
|
|
|
2021-09-14 12:00:05 |
The state of ransomware: national emergencies and million-dollar blackmail (lien direct) |
Banks, however, have experienced the highest volume of ransomware attacks this year. |
Ransomware
|
|
|
|
2021-09-14 11:06:46 |
HP patches severe OMEN driver privilege escalation vulnerability (lien direct) |
The bug can be used to achieve kernel-mode permissions. |
Vulnerability
|
|
|
|
2021-09-14 11:00:02 |
Close to half of on-prem databases contain vulnerabilities, with many critical flaws (lien direct) |
The Microsoft Exchange attack wave revealed the risks, but patching isn't always straightforward. |
Patching
|
|
★★★
|
|
2021-09-13 16:06:00 |
Over 60 million wearable, fitness tracking records exposed via unsecured database (lien direct) |
Data sources included Apple's HealthKit and Fitbit. |
|
|
|
|
2021-09-13 14:19:00 |
This is how a cybersecurity researcher accidentally broke Apple Shortcuts (lien direct) |
Detectify explains how investigating CloudKit resulted in Shortcuts disruption for users back in March. |
|
|
|
|
2021-09-10 11:08:38 |
Google debuts new Private Compute features in ramp up of Android security (lien direct) |
Google will also make the source code public for external audits. |
|
|
|
|
2021-09-10 10:12:22 |
US military reservist lands himself prison sentence for operating romance scams (lien direct) |
Older women and men were among his targets. |
|
|
|
|
2021-09-10 08:46:01 |
Ukrainian man extradited to the US to face botnet, data theft charges (lien direct) |
The suspect has been detained ahead of his trial. |
|
|
|
|
2021-09-09 11:18:55 |
Attacker releases credentials for 87,000 FortiGate SSL VPN devices (lien direct) |
Access data for FortiGate devices was obtained by exploiting a known, old vulnerability. |
|
|
|
|
2021-09-09 11:05:02 |
91% of IT teams have felt \'forced\' to trade security for business operations (lien direct) |
When it comes to remote work, security is often the last thing on the priority list. |
|
|
|
|
2021-09-09 09:36:12 |
GitHub tackles severe vulnerabilities in Node.js packages (lien direct) |
Bugs impacting tar and @npmcli/arborist were reported through a bug bounty program. |
|
|
|
|
2021-09-08 14:00:02 |
Pro-Chinese government propaganda campaign spurs on COVID-19 protests in the US (lien direct) |
The campaign is far more extensive than previously thought. |
|
|
|
|
2021-09-08 11:31:44 |
Operation Chimaera: TeamTNT hacking group strikes thousands of victims worldwide (lien direct) |
The cybercriminals are now indiscriminate in the operating systems they attack. |
|
|
|
|
2021-09-08 09:47:06 |
BladeHawk attackers spy on Kurds with fake Android apps (lien direct) |
Facebook is being abused to spread surveillanceware focused on the Kurdish ethnic group. |
|
|
|
|
2021-09-06 10:18:58 |
This is the perfect ransomware victim, according to cybercriminals (lien direct) |
An investigation into what ransomware groups want has painted the picture of the perfect target. |
Ransomware
|
|
|
|
2021-09-06 08:25:00 |
Apple slams the brakes on plans to scan user images for child abuse content (lien direct) |
Backlash stemming from privacy concerns has delayed the rollout. |
|
|
|
|
2021-09-03 11:16:29 |
FTC orders SpyFone to delete all of its surveillance data (lien direct) |
The watchdog alleges the app "helped stalkers steal private information." |
|
|
|
|
2021-09-03 08:39:14 |
BitConnect director pleads guilty to role in $2 billion cryptocurrency fraud (lien direct) |
Prosecutors claim that the promoter earned over $24 million. |
|
|
|
|
2021-09-01 11:53:33 |
This is why the Mozi botnet will linger on (lien direct) |
The botnet continues to haunt IoT devices, and likely will for some time to come. |
|
|
|
|
2021-09-01 09:25:56 |
Cream Finance platform pilfered for over $34 million in cryptocurrency (lien direct) |
The project has promised to cover losses suffered by its users. |
|
|
|
|
2021-09-01 09:00:02 |
Scam artists are recruiting English speakers for business email campaigns (lien direct) |
Finding fluent speakers is becoming important to criminals conducting business-based attacks. |
|
|
|
|
2021-08-31 12:00:14 |
Initial Access Broker use, stolen account sales spike in cloud service cyberattacks (lien direct) |
Current trends also include the abuse of Docker images. |
|
|
|