What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-24 11:40:14 | How To Safeguard Your Business From Cybersecurity Stress And Prevent IT Burnout (lien direct) | The number of data breaches and their effects are increasing as more aspects of our lives move online. It’s not surprising that the latest IBM Data Breach report found that the average cost of a hack to businesses has reached a record $4.35 million when combined with inflationary levels that are unheard of. Employees are […] | Data Breach Hack | ★★ | |
 |
2023-01-24 09:49:59 | FBI: North Korean hackers stole $100 million in Harmony crypto hack (lien direct) | The FBI has concluded its investigation on the $100 million worth of ETH heist that hit Harmony Horizon in June 2022 and validated that the hackers responsible for it are the Lazarus group and APT38. [...] | Hack Medical | APT 38 | ★★ |
 |
2023-01-24 02:19:28 | Congressman \'coming for answers\' after \'no-fly list\' hack (lien direct) |  A Republican congressman on the House Committee on Homeland Security is seeking answers about last week’s hack of regional airline CommuteAir, which led to the exposure of a copy of the federal no-fly list from 2019. Alarm has grown since the researcher behind the hack, a Swiss national who goes by maia arson crimew, published [… |
Hack | ★★ | |
|
2023-01-23 10:02:40 | FanDuel Cautions Users Of Data Breach In Vendor Hack (lien direct) | Customers of the FanDuel sportsbook and betting platform are being cautioned that their names and email addresses were made public due to a security breach at MailChimp in January 2023. Users are advised to be on the lookout for scam communications. MailChimp announced a compromise on January 13th after hackers used a social engineering effort […] | Data Breach Hack | ★ | |
|
2023-01-22 13:56:45 | (Déjà vu) FanDuels warns of data breach after customer info stolen in vendor hack (lien direct) | The FanDuel sportsbook and betting site is warning customers that their names and email addresses were exposed in a January 2023 MailChimp security breach, urging users to remain vigilant against phishing emails. [...] | Data Breach Hack | ★★ | |
|
2023-01-22 13:56:45 | FanDuel discloses data breach caused by recent MailChimp hack (lien direct) | The FanDuel sportsbook and betting site is warning customers that their names and email addresses were exposed in a January 2023 MailChimp security breach, urging users to remain vigilant against phishing emails. [...] | Data Breach Hack | ★★ | |
|
2023-01-20 18:28:54 | Samsung investigating claims of hack on South Korea systems, internal employee platform (lien direct) |  Samsung is investigating a potential cyberattack and data breach on an internal employee platform and several systems in South Korea. On Tuesday, a group of hackers going by the name “Genesis Day” claimed it attacked Samsung's offices in South Korea because of the country's recent opening of a mission to the North Atlantic Treaty Organization [… |
Data Breach Hack | ★★ | |
|
2023-01-20 15:06:08 | 37 Million T-Mobile API Data On Customers Stolen in Hack (lien direct) | Following a network intrusion by a “unidentified malicious intruder,” around 37 million T-Mobile customers had their personal information taken. Its been confirmed that data taken were customers’ addresses, phone numbers, and dates of birth were among the data taken, the company informed the Security and Exchange Commission on January 5. This is the mobile company’s […] | Hack | ★ | |
 |
2023-01-19 16:00:00 | Mailchimp Hit By Another Data Breach Following Employee Hack (lien direct) | According to the company, the incident was limited to 133 accounts | Data Breach Hack | ★★★ | |
|
2023-01-19 12:55:02 | Roaming Mantis\' Android malware adds DNS changer to hack WiFi routers (lien direct) | Starting in September 2022, the 'Roaming Mantis' credential theft and malware distribution campaign was observed using a new version of the Wroba.o/XLoader Android malware that incorporates a function for detecting specific WiFi routers and changing their DNS. [...] | Malware Hack | ★★ | |
 |
2023-01-19 02:30:14 | FTX audit finds $415 million in crypto has mysteriously vanished (lien direct) | Meanwhile SBF proclaims he's both innocent and solvent Liquidators at bankrupt crypto exchange FTX say they've thus far located $5.5 billion in assets, and confirmed that $415 million stolen in a November hack is still missing. … | Hack | ★★★ | |
|
2023-01-18 16:10:16 | 1,000 Ships Affected By Ransomware Attack On DNV\'s Software (lien direct) | DNV, a Norwegian assurance and risk management firm and classification organization, has confirmed that almost 1,000 ships were affected by a recent ransomware cyberattack on its fleet management system. After the hack on its ShipManager fleet management and operations platform was discovered on Saturday, January 7, in the evening, the class society was obliged to […] | Ransomware Hack | ★★ | |
 |
2023-01-18 13:19:15 | CREST and Hack The Box launch CREST certification-aligned penetration testing training labs (lien direct) | CREST and Hack The Box launch CREST certification-aligned penetration testing training labs New Hack The Box training pathway provides study support for CREST penetration testing exams - Product Reviews | Hack | ★★ | |
|
2023-01-17 05:31:58 | Datadog Changes RPM Signing Key Exposed in CircleCI Hack (lien direct) | Datadog, a cloud security company, reports that a recent CircleCI security incident exposed one of its RPM GPG signing keys and its passphrase. The business has yet to discover proof that this key has been compromised or misused. Datadog stated that as of January 16th, 2023, it had no proof that the key was actually […] | Hack | ★★ | |
|
2023-01-16 14:08:19 | Datadog rotates RPM signing key exposed in CircleCI hack (lien direct) | Cloud security firm Datadog says that one of its RPM GPG signing keys and its passphrase have been exposed during a recent CircleCI security breach. [...] | Hack | ★★ | |
 |
2023-01-16 13:18:41 | Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems (lien direct) | The US Department of Defense (DoD) is getting ready to launch the third installment of its 'Hack the Pentagon' bug bounty program, which will focus on the Facility Related Controls System (FRCS) network. | Hack | ★★★ | |
|
2023-01-14 17:28:34 | CircleCI\'s hack caused by malware stealing engineer\'s 2FA-backed session (lien direct) | Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing access to the company's internal systems. [...] | Malware Hack | ★★★★ | |
|
2023-01-13 11:21:01 | Fortinet Says Recently Patched Vulnerability Exploited to Hack Governments (lien direct) | Fortinet reported this week that a recently patched vulnerability tracked as CVE-2022-42475 has been exploited in highly targeted attacks aimed at government organizations. The security hole impacts the FortiOS SSL-VPN and it can allow a remote, unauthenticated hacker to execute arbitrary code or commands using specially crafted requests. | Hack Vulnerability | ★★★ | |
 |
2023-01-12 14:42:00 | (Déjà vu) Hack the Box Secures $55 Million in Series B Funding Led by Carlyle (lien direct) | Fortinet reported this week that a recently patched vulnerability tracked as CVE-2022-42475 has been exploited in highly targeted attacks aimed at government organizations. The security hole impacts the FortiOS SSL-VPN and it can allow a remote, unauthenticated hacker to execute arbitrary code or commands using specially crafted requests. | Hack | ★★ | |
|
2023-01-12 11:16:48 | Recently Disclosed Vulnerability Exploited to Hack Hundreds of SugarCRM Servers (lien direct) | Exploitation of a critical vulnerability affecting the widely used SugarCRM customer relationship management system was seen just days after someone made public an exploit. | Hack Vulnerability | ★★ | |
|
2023-01-11 13:45:01 | EfficientIP Launches Free Tool to Detect Enterprises Risk of Data Exfiltration (lien direct) | EfficientIP Launches Free Tool to Detect Enterprises Risk of Data Exfiltration New tool enables organisations to ethically hack their own network and test DNS Robustness - Business News | Hack Tool | ★★ | |
|
2023-01-11 13:36:09 | Hack The Box announces a Series B investment round of $55 million led by Carlyle (lien direct) | Hack The Box announces a Series B investment round of $55 million led by Carlyle. Minority growth investment in gamified cybersecurity online upskilling & talent assessment platform is set to reduce the severe global cybersecurity skills shortage and help organizations enhance their cyberattack readiness - Business News | Hack | ★ | |
|
2023-01-10 14:00:00 | Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security (lien direct) | Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump. | Hack Medical | ★ | |
 |
2023-01-09 14:00:41 | Cracked it! Highlights from KringleCon 5: Golden Rings (lien direct) | >Learning meets fun at the 2022 SANS Holiday Hack Challenge – strap yourself in for a crackerjack ride at the North Pole as I foil Grinchum's foul plan and recover the five golden rings | Hack | ★★ | |
 |
2023-01-06 06:51:00 | 14 UK schools suffer cyberattack, highly confidential documents leaked (lien direct) | More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That's according to a report from the BBC which claimed that children's SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.Passport, contract data stolen and posted on dark web Pates Grammar School in Gloucestershire is one of 14 to have been impacted by the data breach, the BBC reported, with Vice Society hackers using generic search terms to steal documents. “One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions. Another folder marked 'confidential' contains documents on the headmaster's pay and student bursary fund recipients,” the BBC wrote. The hack at Pates is estimated to have taken place on September 28 before data was published on the dark web. The UK Information Commissioner's Office (ICO) and Gloucestershire Police confirmed they were investigating the alleged breaches in 2022.To read this article in full, please click here | Ransomware Hack | ★★ | |
 |
2023-01-05 17:14:37 | Twitter: Millions of users\' email addresses \'stolen\' in data hack (lien direct) | Reports suggest more than 200 million sets of data were taken and are being given away on an online forum. | Hack | ★★ | |
 |
2023-01-05 11:35:01 | Roblox Prison, 3DS RCE, Puckungfu, Google Home Wiretaps, & Lastpass Hack - PSW #768 (lien direct) | Reports suggest more than 200 million sets of data were taken and are being given away on an online forum. | Hack | LastPass | ★ |
|
2023-01-03 19:39:05 | Scripps Health, Avalon Healthcare reach settlements after data breaches (lien direct) | Avalon Healthcare settled with state regulators after its 2019 email hack due to failing to timely report, while Scripps Health will pay $3.5 million after its 2021 data theft tied to ransomware. | Hack | ★★ | |
 |
2022-12-31 16:15:04 | (Déjà vu) Antique HackTheBox Walkthrough (lien direct) | Summary Antique is Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a basic | Hack | ★★ | |
|
2022-12-30 10:33:59 | 3Commas Confirms Report On 100,000 API keys Leaked (lien direct) | As 2022 draws to a close, an anonymous Twitter user has leaked over 100,000 API Keys stolen from 3commas. In a hack last week, hackers made off with $22 million worth of cryptocurrency due to stolen API keys from 3Commas. Initially, Yuriy Sorokin, one of the firm’s co-founders, shot down these accusations and indicated that […] | Hack | ★★★ | |
|
2022-12-28 17:38:35 | (Déjà vu) Nunchucks HackTheBox Walkthrough (lien direct) | Summary Nunchucks is a Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a | Hack | ★★ | |
|
2022-12-26 09:59:57 | (Déjà vu) Late HackTheBox Walkthrough (lien direct) | Summary Late is a Linux machine and is considered as an easy box by the hack the box. On this box, we will begin with | Hack | ★ | |
|
2022-12-24 15:17:54 | (Déjà vu) Backdoor HackTheBox Walkthrough (lien direct) | Summary Backdoor is a Linux machine and is considered an easy box the hack the box. On this box we will begin with a basic | Hack | ★★ | |
|
2022-12-23 00:27:51 | Crooks copy source code from Okta\'s GitHub repository (lien direct) | The hack wraps up a year of bad security incidents for identity Intruders copied source code belonging to Okta after breaching the identity management company's GitHub repositories.… | Hack | ★★ | |
|
2022-12-21 13:29:02 | Russians hacked JFK airport\'s taxi dispatch system for profit (lien direct) | Two U.S. citizens were arrested for allegedly conspiring with Russian hackers to hack the John F. Kennedy International Airport (JFK) taxi dispatch system to move specific taxis to the front of the queue in exchange for a $10 fee. [...] | Hack | ★★ | |
|
2022-12-21 11:41:48 | Malicious PyPI Package Found Posing as SentinelOne SDK in recent Hack Trend (lien direct) | In-depth studies on cybersecurity have just recently uncovered a new malicious package that was hiding out in the Python Package Index (PyPI) repository. This package was participating in a campaign known as SentinelSneak, in which it pretended to be a software development kit (SDK) for SentinelOne, a major company in the field of cybersecurity. The […] | Hack Studies Prediction | ★ | |
|
2022-12-19 16:36:47 | Paper HackTheBox Walkthrough (lien direct) | Paper is a Linux machine and is considered an easy box the hack the box. On this box, we will begin with a basic port | Hack | ★★ | |
 |
2022-12-19 11:14:43 | OpwnAI: AI That Can Save the Day or HACK it Away (lien direct) | >Research by: Sharon Ben-Moshe, Gil Gekker, Golan Cohen Introduction Due to ChatGPT, OpenAI's release of the new interface for its Large Language Model (LLM), in the last few weeks there has been an explosion of interest in General AI in the media and on social networks. This model is used in many applications all over […] | Hack | ChatGPT | ★★★ |
|
2022-12-17 20:06:19 | Pandora HackTheBox Walkthrough (lien direct) | Summary Pandora is a Linux machine and is considered an easy box by the hack the box but indeed it is not. With this box, | Hack | ★★ | |
|
2022-12-15 12:56:02 | Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG (lien direct) | Australia's TPG Telecom this week announced that a threat actor has gained unauthorized access to a service hosting the email accounts of 15,000 customers. The second largest telecommunications company in the country, TPG Telecom was formerly known as Vodafone Hutchison Australia, but was renamed after its merger with TPG. | Hack Threat | ★★ | |
 |
2022-12-14 21:54:51 | Meet Ghostwriter, a haunted AI-powered typewriter that talks to you (lien direct) | Custom typewriter hack uses Arduino, Rapsberry Pi, and GPT-3 to dramatic effect. | Hack | ★★ | |
 |
2022-12-14 13:58:34 | Attackers Set Sights on Active Directory: Understanding Your Identity Exposure (lien direct) | Eighty percent of modern attacks are identity-driven. Why would an attacker hack into a system when they can simply use stolen credentials to masquerade as an approved user and log in to the target organization? Once inside, attackers increasingly target Microsoft Active Directory because it holds the proverbial keys to the kingdom, providing broad access […] | Hack | ★★ | |
|
2022-12-13 15:48:43 | (Déjà vu) Apple security update fixes new iOS zero-day used to hack iPhones (lien direct) | In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. [...] | Hack Vulnerability | ★★ | |
 |
2022-12-13 11:00:00 | 2023 Cybersecurity predictions (lien direct) | Cybersecurity is a relatively new discipline in the realm of computing. Once computing became more democratized with PCs connected via local area networks (LAN) and client/server environments, adversaries quickly saw opportunities. The more democratized computing – the more risk and the potential for cyber adversaries.
Dealing with cyber risk and adversaries is now part of a normal business plan. Gone are the days of instilling fear, uncertainty, and doubt (FUD) about the potential of a bad actor. The days of nefarious hackers in hoodies lurking in the shadows are gone.
Businesses of all types and sizes now know that cybersecurity is part of a solid business plan. Security is no longer relegated to a team of really smart experts; security is a business enabler and builder of digital trust.
As we move to 2023, we will continue to see computing more democratized. With the advent of more edge computing (according to the 2022 AT&T Cybersecurity Insights Report, 75% of organizations are on a journey to the edge, the way we interact with technology is rapidly shifting. We are moving from input/output types of functions to more seamless interactions that deliver outcomes.
With more of a focus on outcomes, security becomes the center of focus in the new democratized era of computing. We are just getting started with ideas for edge computing. And, by association, we are just getting started with what security means.
Here are my predictions for some of the trends and highlights we will see in cybersecurity landscape in the year ahead.
Move to the edge
A new paradigm of computing is upon us. This new era is underpinned by 5G and edge.
Edge is a word we have heard for quite some time, but in general conversation lacks a consistent definition. Vendors and business users alike tend to define edge in accordance with the technology stack being sold or used.
When thinking about edge, consider these three characteristics as a starting point:
A distributed model of management, intelligence, and networks
Applications, workloads, and hosting closer to users and assets that are generating or consuming the data – may be on-premise or in the cloud
Software defined
Edge use cases are largely driven by the world of the internet of things (IoT) that collect and transmit data to make logical and rational decisions to derive an outcome.
In 2023, we should expect to see an accelerated full-scale rollout of edge use cases in areas such as:
Real-time fraud detection for financial services
Automated warehousing with near real-time inventory management
Near real-time visual inspections for uses as varied as manufacturing assembly lines, passport control at border crossing, and available parking spaces
These use cases require connected systems from the network layer through to application monitoring/management, and require each component to be secure in order to derive the desired outcome.
With more democratized computing, security is no longer isolated, it is central to delivering strong business outcomes.
In 2023, expect to see more edge use cases and applications. For successful implementation and with security at the core, expect to see the erosion of decades-old siloes such as networking, IT, app development, and security begin to fade away and enable more cross-functional work and roles.
Read more about the edge ecosystem in the upcoming 2023 AT&T Cybersecurity Insights Report due out January 24, 2023. Check out our previous reports available here for: 2022 and |
Malware Hack Threat Medical | ★★★ | |
|
2022-12-12 19:44:24 | SANS 2022 Holiday Hack Challenge gestartet (lien direct) | Schützen Sie den Nordpol vor Cyber-Bedrohungen und verdienen Sie sich einen Platz auf der Liste der Guten des Weihnachtsmanns - dann kommen Sie mit dem Weihnachtsmann zur KringleCon, einer virtuellen Konferenz mit Cybersecurity-Experten Das SANS Institute hat offiziell seine 21. jährliche Holiday Hack Challenge eröffnet! Die Teilnehmer können sich dem Weihnachtsmann anschließen, um die Weihnachtszeit vor Verrat zu retten, indem sie fünf wertvolle Ringe zurückgewinnen, wobei jeder Ring für eine andere Aufgabe steht, bei der es gilt, Cybersecurity-Hindernisse zu überwinden und den Kurs der Zukunft zu ändern. Diese kostenlose, praktische Cybersecurity-Herausforderung steht allen Erfahrungsstufen und Altersgruppen offen, wobei die Spieler ihre Fähigkeiten von einem weihnachtlichen Superschurken testen lassen und Preise gewinnen können, die von Cybersecurity-Goodies bis hin zum Hauptpreis eines kostenlosen SANS-Online-Trainingskurses reichen. - Sonderberichte / Sonderberichte, cybersecurite_home_gauche | Hack | ★ | |
|
2022-12-12 08:27:21 | The SANS 2022 Holiday Hack Challenge, The Year\'s Most Awaited Cybersecurity Tradition, Opens to Players of All Skill Levels (lien direct) | The SANS 2022 Holiday Hack Challenge, The Year's Most Awaited Cybersecurity Tradition, Opens to Players of All Skill Levels Protect the North Pole from Threats and Earn Your Place on Santa's Nice List – Then Join Santa at KringleCon, a Virtual Conference featuring Cybersecurity Experts - SANS INSTITUTE | Hack | ★★★ | |
|
2022-12-08 12:01:56 | CloudSEK Blames Hack on Another Cybersecurity Company (lien direct) | Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee's Jira account. As part of the targeted cyberattack, an unknown party used session cookies for the employee's Jira account to gain access to various types of internal data. | Data Breach Hack | ★★ | |
|
2022-12-07 14:01:30 | Intersport Data Posted On Hive Dark Web Blog (lien direct) | On the dark web blog of the well-known Ransomware gang Hive, data purportedly belonged to the renowned sports shop Intersport. Following a hack on Black Friday, the Hive ransomware group appears to be posting Intersport’s data via its victim blog.It comes after a hack that happened in November during the week of Black Friday. Last […] | Ransomware Hack | ★★★ | |
|
2022-12-07 13:31:22 | What Do You Know About Mercury IT Ransomware Attack? (lien direct) | Numerous government departments and public bodies are believed to have been affected by a ransomware attack on Mercury IT, a popular managed service provider (MSP) in New Zealand. A hack on a third-party IT support provider has affected a number of governmental authorities, including Te Whatu Ora (Health New Zealand) and the Ministry of Justice. […] | Ransomware Hack | ★★ | |
 |
2022-12-06 14:30:00 | CyberheistNews Vol 12 #49 [Keep An Eye Out] Beware of New Holiday Gift Card Scams (lien direct) |
CyberheistNews Vol 12 #49 | December 6th, 2022
[Keep An Eye Out] Beware of New Holiday Gift Card Scams
By Roger A. Grimes
Every holiday season brings on an increase in gift card scams. Most people love to buy and use gift cards. They are convenient, easy to buy, easy to use, easy to gift, usually allow the receiver to pick just what they want, and are often received as a reward for doing something.
The gift card market is estimated in the many hundreds of BILLIONS of dollars. Who doesn't like to get a free gift card? Unfortunately, scammers often use gift cards as a way to steal value from their victims. There are dozens of ways gift cards can be used by scammers to steal money.
Roger covers these three scams in a short [VIDEO] and in detail on the KnowBe4 blog:
You Need to Pay a Bill Using Gift Cards
Maliciously Modified Gift Cards in Stores
Phish You for Information to Supposedly Get a Gift Card
Blog post with 2:13 [VIDEO] and links you can share with your users and family:https://blog.knowbe4.com/beware-of-holiday-gift-card-scams
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, December 7 @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! KnowBe4 Mobile Learner App - Users Can Now Train Anytime, Anywhere!
NEW! Security Culture Benchmarking feature lets you compare your organization's security culture with your peers
NEW! AI-Driven phishing and training recommendations for your end users
Did You Know? You can upload your own training video and SCORM modules into your account for home workers
Active Directory or SCIM Integration to easily upload user data, eliminating the need to manually manage user changes
Find out how 50,000+ organizations have mobilized their end-users as their human firewall.
Date/Time: TOMORROW, Wednesday, December 7 @ 2:00 PM (ET)
Save My Spot!https://event.on24.com/wcc/r/3947028/0273119CCBF116DBE42DF81F151FF99F?partnerref=CHN3
|
Ransomware Data Breach Spam Hack Tool Guideline | ★★★ |
To see everything:
Our RSS (filtrered)
