What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-29 20:48:52 | Password Manager With 25 Million Users Confirms Breach, Expert Weighs In (lien direct) | One of the world’s leading password managers with 25 million users, LastPass, has confirmed that it has been hacked. While it’s good news that customer data was not compromised in this latest incident, the fact that the intruder accessed source code and ‘proprietary technical information’ is worrying. | Guideline | LastPass | |
|
2022-08-29 20:38:02 | What Can We Learn From The OpenSea Data Breach? (lien direct) | Access has always been a conundrum for security professionals. The level of access privileges you give to your employees exposes you to insider threats. The recent data breach faced by OpenSea exposes another layer of risk: third-party vendors, after the web3.0 marketplace's supplier, customer.io, was found to be responsible for a breach that saw the […] | Data Breach | ||
|
2022-08-25 13:11:36 | Expert Commentary On The Plex Data Breach (lien direct) | A Plex data breach has exposed usernames, email addresses, and encrypted passwords. As Troy Hunt, Microsoft Regional Director, said on Twitter “Aw crap, I'm pwned in a @plex data breach. Again. I can't do anything to *not* be in a breach like this (short of not using the service)” The scale of the security failure […] | Data Breach | ||
|
2022-08-22 13:31:59 | Lloyds Of London Ends Insurance Coverage For State Cyber Attacks, Expert Weighs In (lien direct) | It has been reported that Lloyd's of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk. Insurance market Lloyd's of London has indicated that it will move to require its insurance groups to exclude “catastrophic” nation state cyber attacks from cyber insurance […] | |||
|
2022-08-22 13:27:55 | (Déjà vu) Expert Commentary: LockBit Ransomware Gang Attacks Entrust (lien direct) | The Lockbit Ransomware gang has taken credit for the ransomware attack on Entrust, a digital security giant. In June, Entrust began notifying customers that they suffered a cyberattack where data was stolen from internal systems. The ransomware group attacked Entrust after purchasing access to the corporate network through “network access sellers.” After further research on […] | Ransomware | ||
|
2022-08-22 13:19:21 | Biggest Sovereign Wealth Fund In The World: “Cybersecurity Is #1 Concern” (lien direct) | As reported by the Financial Times, cybersecurity has eclipsed tumultuous financial markets as the biggest concern for the world's largest sovereign wealth fund, as it faces an average of three “serious” cyber attacks each day. The number of significant hacking attempts against Norway's $1.2tn oil fund, Norges Bank Investment Management, has doubled in the past […] | |||
|
2022-08-22 13:13:56 | US Government Bans Insecure Software (lien direct) | It has been announced that the US government is banning insecure software from its procurement process in a bid to improve the country's cyber security. | |||
|
2022-08-19 14:35:51 | (Déjà vu) Hackers Using Bumblebee Loader To Compromise Active Directory Services (lien direct) | The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. “Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration,” Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up. | Malware Threat | ||
|
2022-08-19 14:31:42 | New PyPi Malware Pkgs Steal Discord And Roblox Credential & Payment Info, Expert Weighs In (lien direct) | A dozen malicious PyPi packages have been discovered by researchers at Snyk installing malware that modify the Discord client to steal data from web browsers and Roblox. The popular online chat application, Discord, is also a target. The malware exfiltrates Discord tokens and injects a persistent malicious agent in the process. This malicious code, known […] | Malware | ||
|
2022-08-18 18:06:47 | 2022 OT Attack Vectors – Phishing, Scanning & Brute Force (lien direct) | New data released by IBM X-Force on operational technology (OT) vulnerabilities confirmed the OT cyber threat landscape is expanding dramatically and assigns percentages to the attack sectors (manufacturing was highest at 65%) and vectors. Excerpts: So far 2022 has seen international cyber security agencies issuing multiple alerts about malicious Russian cyber operations and potential attacks […] | Threat | ||
|
2022-08-18 17:56:10 | Signal / Twilio Incident – How Secure Are SMS Verifications? Experts Weigh In (lien direct) | Signal, often considered one of the most secure messaging app, was recently affected by a phishing attack suffered by Twilio, the company providing Signal with phone number verification services. With this breach, InfoSec expert and Industry leader provided some insights on MFA and SMS: • What is a secure method for 2FA? • Is SMS […] | Guideline | ||
|
2022-08-18 15:02:08 | Research And Expert Comments On TA558 Targeting Hospitality. (lien direct) | Cybersecurity researchers at Proofpoint have today published new threat intelligence detailing how cybercriminal group TA558 has been targeting hospitality, hotel, and travel organisations to deploy malware and steal data such as credit card numbers and hotel customer data for financial gain. During a busy summer for international travel in the wake of the pandemic, TA558 […] | Malware Threat | ||
|
2022-08-18 13:24:31 | North Korean Threat Group Lazarus Up To Old Tricks With New Malware Attack Targeting Mac OS Systems (lien direct) | The news broke that ESET researchers have identified a new cyberespionage campaign by North Korean APT group Lazarus, targeting Apple and Intel chip systems via a fake engineering job post supposedly from Coinbase. Identified in a series of tweets, the job description claims to be seeking an engineering manager for product security, before dropping a […] | Malware Threat | APT 38 | |
|
2022-08-17 12:15:24 | UK Water Suppliers Hacked But Hackers Extort Wrong Victim (lien direct) | Hackers attack UK water supplier but extort wrong victim. The Clop ransomware gang claimed to have breach Thames Water supplier by accessing their SCADA systems, which would give them the ability to cause harm to 15 mill customers. However, as Clop published evidence of stolen files, the spreadsheet presented featured South Staff Water and South […] | Ransomware | ||
|
2022-08-17 11:44:10 | Squish The Phish: Teaching Your Staff About Cyber Security To Slash Phishing Attacks, Experts Weigh In (lien direct) | Phishing is a huge threat that affects so many industries every year. Some industries were hit particularly hard, with retail workers receiving an average of 49 phishing emails a year and many employees in these industries being completely unaware of how sophisticated and believable these emails can be. 2021 research found a 7.3% increase in email-based attacks […] | Threat | ||
|
2022-08-16 12:54:19 | The “Cyber Insurance Gap” Is Threatening Most Companies (lien direct) | A new study by BlackBerry and Corvus Insurance confirms a “cyber insurance gap” is growing, with a majority of businesses in North America either uninsured or underinsured against a rising tide of ransomware attacks and other cyber threats. Only 19% of all businesses surveyed have ransomware coverage limits above the median ransomware demand amount ($600,000) […] | Ransomware | ||
|
2022-08-16 12:45:07 | (Déjà vu) Argentina\'s Judiciary Of Córdoba Hit By PLAY Ransomware Attack (lien direct) | In response to reports that Argentina’s Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack at the hands. of the new ‘Play’ ransomware operation, cyber security experts reacted below. | Ransomware | ||
|
2022-08-16 12:23:09 | South Staffordshire Water Latest Target Of Criminal Cyber Attack (lien direct) | It has been reported that South Staffordshire Water “has been the target of a criminal cyber attack”, the company has confirmed. In a statement, it stressed it was “still supplying safe water to all of our Cambridge Water and South Staffs Water customers”. The full story can be found here: https://news.sky.com/story/south-staffordshire-water-says-it-was-target-of-cyber-attack-as-criminals-bungle-extortion-attempt-12674039 Please see below for commentary from […] | |||
|
2022-08-15 15:12:41 | Cisco Confirms Hack: Yanluowang Ransom Gang Claims 2.8GB Of Data (lien direct) | Talos Intelligence Group confirmed that Cisco had been hacked by the Yanluowang ransomware group. The confirmation in a Talos blog posting, stated Cisco first learned of the compromise on May 24. Excerpts follow: On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been […] | Ransomware | ||
|
2022-08-15 14:46:50 | NHS IT Supplier Held To Ransom By Hackers (lien direct) | Following news that a cyber-attack on a major IT provider of the NHS, Advanced, has been confirmed as a ransomware attack (NHS IT supplier held to ransom by hackers – BBC News), Information Security Experts explains further about attacks on healthcare providers. | Ransomware | ||
|
2022-08-11 12:18:29 | How Cisco Get Hacked With 2.8GB From Corporate Network, Experts Weigh In (lien direct) | Cisco has admitted that its corporate network was compromised and the company suffered a data exfiltration due to a compromised employee’s account. | |||
|
2022-08-11 11:59:50 | 120K Priority Health Members Impacted By Third-Party Data Breach (lien direct) | Following news that priority Health issued a notice about a third-party data breach that originated at the law firm Warner Norcross & Judd (WNJ) in October 2021 (https://healthitsecurity.com/news/120k-priority-health-members-impacted-by-third-party-data-breach), cyber security experts explain the risk of third party companies. | Data Breach | ||
|
2022-08-10 14:05:18 | Three Ransomware Gangs Consecutively Attacked The Same Network (lien direct) | Sophos X-Ops Active Adversary whitepaper, “Multiple Attackers: A Clear and Present Danger,” details finding Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacking the same network. The first two attacks took place within two hours, and the third attack took place two weeks later. Each ransomware gang left its own ransom demand, and some of the files were […] | Ransomware | ||
|
2022-08-10 13:40:24 | Python Packages Discovered On The PyPI Repository (lien direct) | Following news that threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer’s systems with password-stealing malware, cyber security experts reacted below. | Threat | ||
|
2022-08-08 10:29:43 | NHS 111 Cyberattack And Experts Reactions (lien direct) | It has been confirmed a software outage affecting the NHS 111 service was caused by a cyber-attack. Advanced, a firm providing digital services for NHS 111, said the attack was spotted at 07:00 BST on Thursday. The attack targeted the system used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions. […] | |||
|
2022-08-04 10:04:29 | Initial Access Brokers – Key To Rise In Ransomware Attacks (lien direct) | An analysis from Recorded Future's research group, Insikt Group, details the tactics, techniques, and procedures (TTPs) used by cybercriminals on dark web and special-access sources to compromise networks, deploy infostealer malware, and obtain valid credentials. Excerpts: Threat actors require remote access to compromised networks to conduct successful attacks, such as malware loader deployment, data exfiltration, […] | Ransomware Malware Threat | ||
|
2022-08-03 10:52:31 | Luxembourg Energy Companies Hit By Cyber Attack With Data Stolen (lien direct) | It has been reported that two companies based in Luxembourg are grappling with an alleged ransomware attack that began last week, the latest in a string of incidents involving European energy companies. Encevo Group said its Luxembourg entities Creos – an energy network operator – and the supplier Enovos were “victims of a cyberattack on […] | Ransomware | ||
|
2022-08-03 10:44:03 | Experts Insight On Taiwan Cyber Attacks (lien direct) | In response to the spate of cyberattacks that Taiwan has suffered over the last day, cyber security experts reacted below. | |||
|
2022-08-03 10:26:39 | (Déjà vu) Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks (lien direct) | It has been reported that cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users’ Twitter accounts that are associated with the app. The discovery belongs to CloudSEK, which scrutinized large app sets for potential data leaks […] | Threat | ||
|
2022-07-27 11:47:35 | A \'Top Tier\' Hacking Gang Is Likely To Be Behind Entrust Ransomware Attack (lien direct) | Following the news that: A 'top tier' hacking gang is likely to be behind Entrust ransomware attack Entrust ransomware attack likely to be work of ‘top tier’ hacking gang (techmonitor.ai) | Ransomware | ||
|
2022-07-27 11:43:18 | LockBit Ransomware Gang Claims It Ransacked Italy\'s Tax Agency (lien direct) | It has been reported that the LockBit ransomware crew is claiming to have stolen 78GB of data from Italy’s tax agency and is threatening to leak it if a ransom isn’t paid by July 31. The notorious gang put a notice on its dark-web site adding the agency – the Agenzia delle Entrate – to its growing […] | Ransomware | ||
|
2022-07-27 11:34:53 | Twitter Data Breach From Former Gartner Cybersecurity Analyst (lien direct) | Following the news that Twitter suffered a data breach that saw 5.4 million users' details leaked online please find a comment below from Cyber security experts. The comment covers how the attack opens the door to high-profile attacks on famous users, with the likely outcome of crypto scam efforts, and the further threats that can […] | Data Breach | ||
|
2022-07-26 11:34:02 | Uber Admits Covering Up 2016 Data Breach That Exposed 57M Users\' Data (lien direct) | Uber has admitted to covering up a massive cybersecurity attack that took place in October 2016, exposing the confidential data of 57 million customers and drivers, as part of a settlement with the US Department of Justice in order to avoid prosecution. More on the story here: https://www.theverge.com/2022/7/25/23277161/uber-2016-data-breach-settlement-cover-up | Data Breach | Uber Uber | |
|
2022-07-25 12:23:44 | Google Chrome Zero-day Vulnerability Discovered By Avast (lien direct) | Avast recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East in a highly targeted way. Specifically, the Avast Threat Intelligence team found out that in Lebanon, journalists were among the targeted parties, and further targets were located […] | Vulnerability Threat | ★★★ | |
|
2022-07-25 12:20:21 | US Offers $15m Reward For HSE Hackers (lien direct) | As reported by The Times, US authorities have offered a $15 million (€14.7 million) reward for information leading to the arrest or conviction of members of the Conti group, the criminals blamed for last year’s crippling ransomware attack on the HSE. The US State Department has also offered a bounty of up to $5 million […] | Ransomware Guideline | ||
|
2022-07-25 11:58:16 | Types Of Data Security Compliance And Why They\'re Important (lien direct) | Every business has data that they need to protect against any breach or hacking attempt. The types of data today's businesses store are sensitive customer information, financial data, and confidential agreements or trade secrets. In order to protect this data, businesses are making sure that their internet-facing assets are secured and follow certain data security […] | |||
|
2022-07-21 16:32:42 | (Déjà vu) Magecart Card Skimmers Hitting Restaurant-Ordering Systems – Expert Comments (lien direct) | A new Recorded Future threat analysis reveals that 300 restaurants and at least 50,000 payment cards have been compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services. “The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using […] | Threat | ||
|
2022-07-21 12:24:11 | (Déjà vu) Neopets Data Breach Exposes Personal Data Of 69 Million Members (lien direct) | It has been reported that the virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. Neopets is a popular website where members can own, raise, and play games with their virtual pets. Neopets recently launched NFTs […] | Data Breach Guideline | ||
|
2022-07-19 13:13:44 | British Jeweller Graff Paid £6 Million Ransom To Attackers Then Sued Insurers (lien direct) | As reported by SecurityAffairs, in September 2021, the Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons. Graff decided to pay a £6m ($7.5 million) ransom to Conti to avoid the leak of its customers' data and sued its insurance company Travelers for refusing […] | Ransomware Guideline | ||
|
2022-07-19 12:32:28 | Cyberattack Blocks Albania\'s Public Online Services (lien direct) | In response to reports that a synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack, cybersecurity experts reacted below. | |||
|
2022-07-18 11:30:02 | Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability – Expert Comments (lien direct) | The Wordfence Threat Intelligence team is reporting on a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This is an ongoing campaign targeting an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which though previously disclosed, had not been patched they closed the plugin. “As the plugin was closed without a patch, all versions […] | Vulnerability Threat | ||
|
2022-07-15 14:11:23 | Major Cyber Bug In Log4j To Persist As \'Endemic\' Risk For Years To Come (lien direct) | It has been reported that a major cybersecurity bug detected last year in a widely used piece of software is an “endemic vulnerability” that could persist for more than a decade as an avenue for hackers to infiltrate computer networks, a U.S. government review has concluded. “The Log4j event is not over,” the report said. “The board […] | |||
|
2022-07-15 13:58:34 | Security Expert Re: DHS report On Defending Against Log4j (lien direct) | The U.S. Department of Homeland Security (DHS) has released the first report by the Cyber Safety Review Board (CSRB), which includes 19 actionable recommendations for government and industry to address the continued risk posed by the Log4j zero day vulnerability. | |||
|
2022-07-14 14:12:45 | Rise In Smishing Scams, Why And How To Protect? (lien direct) | Australian university, Deakin, has suffered a data breach affecting nearly 47,000 current and past students, following a smishing attempt after a member of staff's username and password was hacked. | Data Breach | ||
|
2022-07-14 14:07:51 | Play Elden Ring? It\'s Just Been Hit With Ransomware (lien direct) | Not sure you’re a huge gamer, but Bandai Namco, publisher of Dark Souls, Elden Ring and Soulcalibur, has confirmed it was the target of a ransomware attack by cybergang, Black Cat. This will cripple not only the business, but all of its loyal gamers, putting their own data at risk. | Ransomware | ||
|
2022-07-13 17:49:25 | Why Pac-man Video Game Publisher Bandai Namco Suffers Ransomware Attack? (lien direct) | Global video game publisher Bandai Namco – known for games including Pac-Man and Elden Ring – has reportedly been hit by a ransomware attack according to the cyber security site VX-underground, which showed a screen grab suggesting stolen data from the company is incoming from Ransomware-as-a-Service group ALPHV. ALPHV is a rapidly growing ransomware group notorious for […] | Ransomware | ||
|
2022-07-12 08:34:32 | Will Maintaining A Sustainable Strengthened Cyber Security Posture? (lien direct) | Maintaining a sustainable strengthened cyber security posture Maintaining a sustainable strengthened cyber security posture – NCSC.GOV.UK | |||
|
2022-07-12 08:21:17 | Ransomware Hits Flood Monitoring System In Goa, India – Perspective From Industry Leaders (lien direct) | A Ransomware attack hit Goa's flood monitoring system according to the Hindustan Times, which reports that the state government's water resources department that maintains the data said that all its files have been encrypted and can no longer be accessed. The data center server in Panaji stores the data of 15 flood monitoring systems on major rivers […] | Ransomware | ||
|
2022-07-12 08:12:36 | Marriott Hotels Repeat Hack Proves Businesses Still Way Behind On Cybersecurity (lien direct) | Marriott Hotels has been the victim of a third data breach in four years, according to reports. It is clear that today’s businesses are way off the mark when it comes to responsible resilience against cyber threats – especially in preventing repeat attacks. | Data Breach Hack Threat | ||
|
2022-07-06 19:56:36 | Expert Comment On DMA: Give Power To The People (lien direct) | Followings the EU’s agreement on the Digital Markets Act last night, the world's farthest reaching law to address Big Tech’s monopoly, cyber security experts reacted below. The act will stop tech ‘gatekeepers’ from using their power to box in users and squash emerging rivals, creating a fairer, more competitive market. Google will no longer be able to […] |
To see everything:
Our RSS (filtrered)
