What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-06 13:16:00 | Guilty verdict in the Uber breach case makes personal liability real for CISOs (lien direct) | Yesterday, a federal jury handed down a guilty verdict to Joe Sullivan, the former CSO on charges of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber” according to a notice published by the Department of Justice (DOJ).US Attorney Stephanie Hinds, upon learning of the verdict, admonished companies that are storing data as to their responsibility to also “protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught. We will not tolerate the concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.”To read this article in full, please click here | Data Breach Hack | Uber Uber | |
 |
2022-10-05 10:27:39 | (Déjà vu) Seattle Woman Gets Probation for Massive Capital One Hack (lien direct) | A former Seattle tech worker convicted of several charges related to a massive hack of Capital One bank and other companies in 2019 was sentenced Tuesday to time served and five years of probation. | Hack | ||
 |
2022-10-04 16:00:00 | Optus Confirms Hack Exposed Data of Nearly 2.1 Million Australians (lien direct) | The company confirmed it has employed Deloitte to lead a forensic review of the cyber-attack | Hack Guideline | Deloitte Deloitte | |
 |
2022-10-04 12:36:00 | Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers (lien direct) | Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a data breach late last month. The company also said it has engaged the services of Deloitte to conduct an external forensic assessment of the attack to "understand how it | Hack | Deloitte Deloitte | |
 |
2022-10-04 11:20:28 | How to See Yourself in Cyber: Top Tips from Industry Leaders (lien direct) | It's 2022 and as we all know, the world is a very different place. However, one thing that has not changed is the importance of cybersecurity. In fact, it's more important now than ever before, as the SolarWinds hack and Executive Order prove. That's why for Cybersecurity Awareness Month this year, we asked cybersecurity pioneers and leaders to get their insights on staying cyber safe. Here are their thoughts on CISA's 4 Things You Can Do to See Yourself in Cyber. Enable Multi-Factor Authentication “With the continued rise in cybercrime, there are a few simple steps every person should take to protect themselves, if they aren't already. CISA's first recommended step to stay 'cyber-safe' is to implement multi-factor authentication. It significantly lessens the likelihood of being hacked via unauthorized access and compromised credentials, which, according to Verizon's 2021 Data Breach Investigations Report, were the gateway for 61% of data breaches. Enabling multi-factor… | Data Breach Hack Guideline | ★★ | |
|
2022-10-04 01:10:35 | Report: Mexico Continued to Use Spyware Against Activists (lien direct) | The Mexican government or army has allegedly continued to use spyware designed to hack into the cellphones of activists, despite a pledge by President Andrés Manuel López Obrador to end such practices. | Hack | ||
 |
2022-10-03 16:49:07 | New PS5 exploit unlocks root privileges, read/write memory access (lien direct) | Hack uses FreeBSD "race condition" exploit on older PS5 firmware. | Hack | ||
 |
2022-10-03 14:35:40 | Russian retail chain \'DNS\' confirms hack after data leaked online (lien direct) | Russian retail chain 'DNS' (Digital Network System) disclosed yesterday that they suffered a data breach that allegedly exposed the personal information of 16 million customers and employees. [...] | Data Breach Hack | ★★★ | |
 |
2022-10-03 12:40:56 | Researcher Spotlight: Globetrotting with Yuri Kramarz (lien direct) | From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas By Jon Munshaw. Yuri “Jerzy” Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference and critical national infrastructure. He's no stranger to cybersecurity on the big stage, but he still enjoys working with companies and organizations of all sizes in all parts of the world. “What really excites me is making companies more secure,” he said in a recent interview. “That comes down to a couple things, but it's really about putting a few solutions together at first and then hearing the customer's feedback and building from there.” Yuri is a senior incident response consultant with Cisco Talos Incident Response (CTIR) currently based in Qatar. He walks customers through various exercises, incident response plan creation, recovery in the event of a cyber attack and much more under the suite of offerings CTIR has. Since moving from the UK to Qatar, he is mainly focused on preparing various local entities in Qatar for the World Cup slated to begin in November. Qatar estimates more than 1.7 million people will visit the country for the international soccer tournament, averaging 500,000 per day at various stadiums and event venues. For reference, the World Bank estimates that 2.9 million people currently live in Qatar. This means the businesses and networks in the country will face more traffic than ever and will no doubt draw the attention of bad actors looking to make a statement or make money off ransomware attacks. “You have completely different angles in preparing different customers for defense during major global events depending on their role, technology and function,” Kramarz said. In every major event, there were different devices, systems and networks interconnected to provide visitors and fans with various hospitality facilities that could be targeted in a cyber attack. Any country participating in the event needs to make sure they understand the risks associated with it and consider various adversary activities that might play out to secure these facilities. Kramarz has worked in several different geographic areas in his roughly 12-year security career, including Asia, the Middle East, Europe and the U.S. He has experience leading red team engagements (simulating attacks against targets to find potential security weaknesses) in traditional IT and ICS/OT environments, vulnerability research and blue team defense. The incident response field has been the perfect place for him to put all these skills to use.  He joined Portcullis Securit |
Ransomware Hack Vulnerability Guideline | ||
 |
2022-10-03 05:00:59 | Méfiance : l\'authentification multifacteur ne vous protège pas totalement des pirates (lien direct) | 
Le hack récent d'Uber a montré une fois de plus que les systèmes d'authentification à plusieurs facteurs ne sont pas toujours efficaces pour contrer les cybercriminels, qui usent de nouvelles techniques pour tenter de vous piéger.
L'article Méfiance : l'authentification multifacteur ne vous protège pas totalement des pirates est à retrouver sur 01net.com. |
Hack | Uber | |
 |
2022-09-30 15:44:10 | US DoD announced the results of the Hack US bug bounty challenge (lien direct) | >The US Department of Defense (DoD) shared the results of the Hack US bug bounty program that took place in July. On July 4, 2022, the US Department of Defense (DoD) and HackerOne started the Hack US, a one-week bug bounty challenge, which is considered part of DoD's vulnerability disclosure program (VDP). The challenge was launched Chief […] | Hack Vulnerability | ||
 |
2022-09-30 10:00:00 | How analyzing employee behavior can improve your cybersecurity posture (lien direct) | This blog was written by an independent guest blogger. Despite the ongoing rise in social engineering attacks, the idea that cybersecurity is only about technology manifests within most of our minds. Organizations often neglect human behavior's impact on their cybersecurity postures. Instead, they spend lavishly on endpoint security tools, threat hunting programs, and building incident response plans. Admittedly, these security measures are a crucial part of mitigating attacks. However, it is critical to remember the role of your employees in maintaining a robust cybersecurity posture, specifically as cybercriminals have been increasingly targeting and exploiting human behavior. How employee behavior impacts cybersecurity A study by IBM highlights that human error is the leading cause of 95% of cybersecurity breaches. Although human errors are by definition unintentional, generally caused by a significant lack of awareness, they can often result in adverse circumstances. In other words, an unsuspecting employee who accidentally falls victim to a phishing attack can expose their organization to significant data breaches, causing major operational, reputational, and financial damage. One such example is the Sequoia Capital attack, which was successful because an employee fell victim to a phishing attack. The company, known for being Silicon Valley's oldest notable venture fund, was hacked in February 2021. The attack exposed some of its investors' personal and financial information to third parties, resulting in significant damage to the company. Such attacks demonstrate the consequences of inadequate phishing awareness training that every organization must provide to its employees. In this sense, simulated micro-learning can be highly effective at teaching teams to recognize potentially malicious messages. A recent report by Hoxhunt found that after some 50 simulations, people’s “failure rates” plummeted from 14% to 4%. By being exposed to simulated phishing attacks over time, they became far more skilled at recognizing them. Beyond educational solutions, ensuring that your employees practice proper password hygiene is likewise critical. Although passwords have played a remarkable role in ensuring cyber security, relying only on a single password makes your organization vulnerable since it can be stolen or compromised. Your users might be ignorant of password security and keep generic passwords such as "12345" susceptible to brute force attacks and hack attacks. These practices are standard within an organization that doesn't deploy the use of secure password managers and has strict password security guidelines for employees to follow. How can your employees help maintain cybersecurity? The significant rise in social engineering attacks and the ongoing occurrence of data breaches due to human error have reinforced the idea that humans are the weakest link in cybersecurity. A workforce that can be distracted or tricked is indeed a liability. However, this narrative is hardly set in stone. With the below strategies in place, it’s possible to maximize team vigilance and circumvent much of the risk associated with human error. Integrate the principle of least privilege access The principle of least privileged access has become a crucial aspect of effective cyb | Hack Threat Guideline | Prowli | |
 |
2022-09-29 14:00:54 | How Do Hackers Hack Phones and How Can I Prevent It? (lien direct) | >
The threat of having your phone hacked has become a common fear. The truth is that it is possible to hack any phone. With the advancement of technology, where discovery of knowledge and information advances the understanding of technology, hackers are able to hack even the most sophisticated phone software. But how?
|
Hack Threat | ||
 |
2022-09-28 20:12:30 | Fast Company CMS Hack Raises Security Questions (lien direct) | The company's website remains offline after hackers used its compromised CMS to send out racist messages. | Hack | ||
 |
2022-09-28 16:30:07 | Hacked Fast Company sends \'obscene and racist\' alerts via Apple News (lien direct) | Someone going by 'Thrax' claims responsibility for 'incredibly easy' breach Apple News shut down Fast Company's news channel after "an incredibly offensive alert" was sent to subscribers following a hack of the business publication on Tuesday evening.… | Hack | ||
|
2022-09-28 15:29:22 | Fast Company Hack Impacts Website, Apple News Account (lien direct) | American business magazine Fast Company has confirmed that its Apple News account was hijacked after hackers compromised its content management system (CMS). The monthly magazine focuses on business, technology, and design. In addition to its online version, the magazine publishes six print issues each year. | Hack | ★★★★★ | |
|
2022-09-28 15:00:00 | Hacker Breaches Fast Company Apple News Account, Sends Racist Messages (lien direct) | The breach seems related to the hack of Fast Company's website on Sunday afternoon | Hack | ||
|
2022-09-28 10:33:00 | Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (lien direct) | WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and | Hack Vulnerability Guideline | ||
 |
2022-09-28 03:00:00 | 4 times students compromised school cybersecurity (lien direct) | >Categories: NewsTags: School Tags: password Tags: sticky note Tags: lax security Tags: Sometimes we hear stories about brilliant students that hack their school and get celebrated, but it doesn't always end well. (Read more...) | Hack | ||
|
2022-09-27 14:55:43 | Lazarus hackers drop macOS malware via Crypto.com job offers (lien direct) | The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency. [...] | Malware Hack | APT 38 | |
|
2022-09-27 12:24:20 | Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack (lien direct) | Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company's systems. | Ransomware Data Breach Hack | ||
|
2022-09-27 11:44:00 | Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme (lien direct) | The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP said in a statement. The | Hack | ||
|
2022-09-26 16:30:06 | Ethereum : près d\'un million de dollars en cryptomonnaies ont disparu lors d\'un nouveau piratage (lien direct) | 
Un portefeuille sur la blockchain Ethereum a été siphonné par un pirate. L'attaquant a exploité une faille de sécurité identifiée récemment. Les fonds de nombreux investisseurs sont vraisemblablement en grand danger.
L'article Ethereum : près d’un million de dollars en cryptomonnaies ont disparu lors d’un nouveau piratage est à retrouver sur 01net.com. |
Hack | ||
 |
2022-09-26 13:22:43 | Why 2FA is failing and what should be done about it (lien direct) | >Jack Wallen details a recent hack and why he believes one aspect of two-factor authentication is part of the problem. | Hack | ||
|
2022-09-26 10:50:50 | Hacktivist Attacks Show Ease of Hacking Industrial Control Systems (lien direct) | Hacktivists might not know a lot about industrial control systems (ICS), but they're well aware of the potential implications of these devices getting compromised. That is why some groups have been targeting these systems - which are often unprotected and easy to hack - to draw attention to their cause. | Hack | ||
|
2022-09-24 12:10:48 | Ethereum : premier hack suite à The Merge, la cryptomonnaie est-elle en danger ? (lien direct) | 
Une faille de sécurité a été identifiée sur une chaîne de la blockchain Ethereum. Un pirate a exploité la brèche pour gagner des actifs numériques. Peu après le Merge, la deuxième cryptomonnaie la plus valorisée du marché est-elle devenue vulnérable ? On fait le point.
L'article Ethereum : premier hack suite à The Merge, la cryptomonnaie est-elle en danger ? est à retrouver sur 01net.com. |
Hack | ||
|
2022-09-23 19:34:00 | Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts (lien direct) | GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent messages claim to | Hack | ||
|
2022-09-23 16:37:23 | So long slowdown: New hack runs SNES Star Fox at up to 60 fps (lien direct) | 20 fps original is smoothed out without ruining the original pacing. | Hack | ||
 |
2022-09-23 13:14:19 | Microsoft Exchange Hack (lien direct) | Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. The attacker then used this inbound connector and transport rules designed to help evade detection to deliver phishing emails through the compromised Exchange servers. | Hack Threat | ||
|
2022-09-22 18:42:00 | IT Security Takeaways from the Wiseasy Hack (lien direct) | Last month Tech Crunch reported that payment terminal manufacturer Wiseasy had been hacked. Although Wiseasy might not be well known in North America, their Android-based payment terminals are widely used in the Asia Pacific region and hackers managed to steal passwords for 140,000 payment terminals. How Did the Wiseasy Hack Happen? Wiseasy employees use a cloud-based dashboard for remotely | Hack | ||
|
2022-09-22 13:44:39 | Tech news you may have missed: Sept 15 – 21 (lien direct) | >Learn how to grant access to Excel workbook ranges, get the latest updates on the Windows 11 22H2 release and learn about the Uber hack in this week's roundup of the news. | Hack | Uber Uber | |
 |
2022-09-22 03:00:00 | SecTor 2022: The IoT Hack Lab is Back! (lien direct) | >Last year, it was great to be back at SecTor after everything was canceled in 2020. The capacity was reduced, but the Hack Lab was still plenty busy and we loved having everyone come by and visit our table and play with the gear. Even more than that, we were excited to meet up with […]… Read More | Hack | ||
|
2022-09-22 02:00:00 | D&O insurance not yet a priority despite criminal trial of Uber\'s former CISO (lien direct) | The trial of former Uber CISO Joe Sullivan marks the first time a cybersecurity chief has faced potential criminal liability. Sullivan is charged with trying to conceal from federal investigators the details of a 2016 hack at Uber that exposed the email addresses and phone numbers of 57 million drivers and passengers. The two charges against Sullivan, obstruction of justice and failure to report a crime, carry potential jail time of five and three years, respectively, in a watershed case that has drawn the attention of security professionals.To read this article in full, please click here | Hack | Uber Uber | |
|
2022-09-21 17:51:00 | Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident (lien direct) | In what's the latest crypto heist to target the decentralized finance (DeFi) space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute. The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker's wallet. The company said that its centralized | Hack | ||
|
2022-09-21 14:58:37 | Rockstar Confirm Data Leak, GTA Footage Stolen (lien direct) | Following news of a hack that saw new Grand Theft Auto footage leaked , experts reacted below. | Hack | ||
|
2022-09-21 10:54:00 | Critical Remote Hack Flaws Found in Dataprobe\'s Power Distribution Units (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe | Hack Guideline | ||
|
2022-09-21 10:35:00 | iBoot Power Distribution Unit Flaws Allow Hackers to Remotely Shut Down Devices (lien direct) | Critical vulnerabilities discovered by researchers in Dataprobe's iBoot power distribution unit (PDU) can allow malicious actors to remotely hack the product and shut down connected devices, potentially causing disruption within the targeted organization. | Hack | ||
 |
2022-09-20 11:36:14 | SecSea, les 14 et 15 octobre (lien direct) | L'association Hack in Provence organise les 14 et 15 octobre 2022 la 4ème édition de sa conférence Ethical Hacking, SecSea.... | Hack | ||
|
2022-09-20 11:24:32 | Revolut Hack Exposes Data Of 50,000 Users, Fuels New Phishing Wave (lien direct) | In response to reports that financial technology company Revolut has suffered a cyberattack that gave an unauthorized third party access to personal information of tens of thousands of clients and relied on social engineering, an expert at cybersecurity firm offers the following comment. | Hack | ||
|
2022-09-19 14:26:20 | Uber links breach to Lapsus$ group, blames contractor for hack (lien direct) | Uber believes the hacker behind last week's breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, Nvidia, Samsung, and Okta. [...] | Hack | Uber Uber | |
|
2022-09-19 10:24:11 | GTA 6 Videos and Source Code Stolen in Rockstar Games Hack (lien direct) | The Rockstar Games hacker also claims to be behind the recent Uber breach | Hack | Uber Uber | |
|
2022-09-19 10:13:55 | Revolut hack exposes data of 50,000 users, fuels new phishing wave (lien direct) | Revolut is sending out notices of a data breach to a small percentage of impacted users, informing them of a security incident where an unauthorized third party accessed internal data. [...] | Data Breach Hack | ||
|
2022-09-18 16:23:07 | GTA 6 source code and videos leaked after Rockstar Games hack (lien direct) | Grand Theft Auto 6 gameplay videos and source code have been leaked after a hacker allegedly breached Rockstar Game's Slack server and Confluence wiki. [...] | Hack | ||
|
2022-09-18 11:58:11 | Uber says there is no evidence that users\' private information was compromised (lien direct) | Uber hack update: There is no evidence that users’ private information was compromised in the data breach. Uber provided an update regarding the recent security breach of its internal computer systems, the company confirmed that there is no evidence that intruders had access to users’ private information. “We have no evidence that the incident involved […] | Hack | Uber Uber | |
|
2022-09-17 18:11:10 | LastPass revealed that intruders had internal access for four days during the August hack (lien direct) | >The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days […] | Hack Threat | LastPass | |
|
2022-09-16 17:38:52 | Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack (lien direct) | By telling AI bot to ignore its previous instructions, vulnerabilities emerge. | Hack | ||
 |
2022-09-16 17:00:29 | Blame game follows Uber hack. Experts say don\'t fault employee. (lien direct) | The Uber hack may be a lesson in poor security design and points to problems with vulnerable multi-factor authentication. | Hack | Uber Uber | |
 |
2022-09-16 14:07:13 | Massive Data Breach at Uber (lien direct) | It’s big: The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. “They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.” It looks like a pretty basic phishing attack; someone gave the hacker their login credentials. And because Uber has lousy internal security, lots of people have access to everything. So once a hacker gains a foothold, they have access to everything... | Data Breach Hack | Uber Uber | |
 |
2022-09-16 10:10:38 | Uber investigating hack on its computer systems (lien direct) | A hacker was apparently able to gain access to the company's internal systems. | Hack | Uber | |
|
2022-09-16 08:38:00 | Uber Says It\'s Investigating a Potential Breach of Its Computer Systems (lien direct) | Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident. The hack is said to have forced the company to take its internal communications and engineering systems offline as it investigated the extent of the breach. | Hack | Uber |
To see everything:
Our RSS (filtrered)
