What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-03-15 09:48:29 | Israel Says Government Sites Targeted by Hack (lien direct) | Israel's National Cyber Directorate said that the country suffered a cyber attack on Monday that briefly took down a number of government web sites. | Hack | ||
 |
2022-03-10 05:37:58 | TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices (lien direct) | Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The flaws can allow remote attackers to manipulate the power of millions of enterprise devices carrying out extreme […] | Hack | ||
|
2022-03-10 01:47:28 | Alleged Ukrainian Hacker in US Court After Extradition From Poland (lien direct) | A Ukrainian man appeared before a US court on Wednesday to face charges over his role in ransomware attacks, including last year's hack of IT software company Kaseya. | Ransomware Hack | ||
 |
2022-03-09 21:10:20 | APT41 Spies Broke Into 6 US State Networks via a Livestock App (lien direct) | The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. | Hack Threat | APT 41 | |
|
2022-03-08 13:13:23 | Millions of APC Smart UPS Devices Can Be Remotely Hacked, Damaged (lien direct) | Uninterruptible power supply (UPS) products made by Schneider Electric subsidiary APC are affected by critical vulnerabilities that can be exploited to remotely hack and damage devices, according to enterprise device security company Armis. | Hack | ||
 |
2022-03-06 13:00:21 | Attackers can force Amazon Echos to hack themselves with self-issued commands (lien direct) | Popular “smart” device follows commands issued by its own speaker. What could go wrong? | Hack | ||
 |
2022-03-03 12:32:33 | Details of an NSA Hacking Operation (lien direct) | Pangu Lab in China just published a report of a hacking operation by the Equation Group (aka the NSA). It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers (aka some Russian group). …the scope of victims exceeded 287 targets in 45 countries, including Russia, Japan, Spain, Germany, Italy, etc. The attack lasted for over 10 years. Moreover, one victim in Japan is used as a jump server for further attack. News article. | Hack | ★★★ | |
 |
2022-03-02 06:47:24 | Hackers Try to Hack European Officials to Get Info on Ukrainian Refugees, Supplies (lien direct) | Details of a new nation-state sponsored phishing campaign has been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social engineering attacks "Asylum | Hack | ||
|
2022-02-24 19:59:17 | Nigerian Admits in US Court to Hacking Payroll Company (lien direct) | A Nigerian national pleaded guilty in a U.S. court for his role in a scheme to hack into thousands of user accounts maintained by a payroll processing company, to steal payroll deposits. | Hack Guideline | ||
 |
2022-02-23 13:16:49 | Meyer Data Breach – Expert Commentary (lien direct) | A major US-based kitchenware giant Meyer Corp has disclosed a cyber attack that may have led to the exposure of employee data. Meyer discovered an external hack to their employee database system, but is yet to confirm the number of employees impacted and the extent of the data breach. | Data Breach Hack | ||
|
2022-02-16 16:44:19 | Red Cross Hack Linked to Iranian Influence Operation? (lien direct) | A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran. | Hack | ||
|
2022-02-15 21:25:36 | Android 13 virtualization hack runs Windows (and Doom) in a VM on Android (lien direct) | Android 13's KVM support is for enhanced security, but you can also hijack it for fun. | Hack | ||
 |
2022-02-15 20:55:25 | How to hack the Registry File to change the size of the Windows 11 taskbar (lien direct) | Normally, Microsoft does not allow users to modify the relative size of the Windows 11 taskbar. But with a hack of the Registry File, we can make that possible. | Hack | ||
 |
2022-02-15 19:09:31 | Horizontall HackTheBox Walkthrough (lien direct) | Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and | Hack Vulnerability | ||
|
2022-02-11 12:17:53 | On the Irish Health Services Executive Hack (lien direct) | A detailed report of the 2021 ransomware attack against Ireland's Health Services Executive lists some really bad security practices: The report notes that: The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction. It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event. Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. (The antivirus server was later encrypted in the attack). ... | Ransomware Hack Guideline | ||
 |
2022-02-10 14:11:02 | (Déjà vu) Apple patches new zero-day exploited to hack iPhones, iPads, Macs (lien direct) | Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. [...] | Hack | ||
|
2022-02-10 13:25:37 | (Déjà vu) Mass Hack Of 500 Stores Running Magento 1 (lien direct) | Breaking story – Analysts at Sancec have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. According to Sansec, the attack became evident late last month when their crawler discovered 374 infections on […] | Hack | ||
|
2022-02-10 12:57:00 | $100K Bounty To Hack ExpressVPN – YouAttest Comments (lien direct) | Express VPN is challenging researchers to crack into their TrustedServer challenging researchers to crack into their TrustedServer system with a $100K bug bounty. $100K Ground Rules: The first person to submit a valid vulnerability will receive an additional US$100,000 bonus bounty. This bonus will be valid until the prize has been claimed. Avoid violating the […] | Hack Vulnerability | ||
 |
2022-02-09 07:58:43 | Hack In Paris lance un call for papers pour son édition de 2022 (lien direct) | Après 2 ans de restrictions dues à la pandémie et une édition 2021 réalisée en ligne, Hack in Paris, l'événement cyber organisé par Sysdream, filiale de Hub One spécialisée en cybersécurité, opérateur de technologies digitales pour les entreprises, revient en physique du 27 juin au 1er juillet prochains à la Maison de la Chimie. Hack In Paris vient de lancer son " call for papers " et Sysdream est à la recherche d'experts cyber pour s'exprimer à l'occasion de différentes formations, conférences et workshops. The post Hack In Paris lance un call for papers pour son édition de 2022 first appeared on UnderNews. | Hack | ||
|
2022-02-09 05:53:03 | U.S. Arrests Two and Seizes $3.6 Million in Cryptocurrency Stolen in 2016 Bitfinex Hack (lien direct) | The U.S. Justice Department (DoJ) on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "stolen funds through a labyrinth of cryptocurrency | Hack | ||
|
2022-02-08 22:30:26 | US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack (lien direct) | The law enforcement seized $3.6 billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. Law enforcement Ilya Lichtenstein (34) and his wife, Heather Morgan (31), were arrested for alleged conspiracy to launder $4.5 Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. Law enforcement also seized over $3.6 billion in cryptocurrency […] | Hack | ||
|
2022-02-08 17:56:38 | Justice Dept. Announces $3.6B Crypto Seizure, 2 Arrests (lien direct) | The Justice Department announced Tuesday its largest-ever financial seizure - more than $3.5 billion - and the arrests of a New York couple accused of conspiring to launder billions of dollars in cryptocurrency stolen from the 2016 hack of a virtual currency exchange. | Hack | ||
 |
2022-02-08 14:23:51 | CyberheistNews Vol 12 #06 [Heads Up] Beware of New Quickbooks Payment Scams (lien direct) |
![CyberheistNews Vol 12 #06 [Heads Up] Beware of New Quickbooks Payment Scams](https://blog.knowbe4.com/hubfs/Stu_Headshot_2021_resize.png)
[Heads Up] Beware of New QuickBooks Payment Scams
Email not displaying? |
CyberheistNews Vol 12 #06 | Feb. 8th., 2022
[Heads Up] Beware of New QuickBooks Payment Scams
Many small and mid-sized companies use Intuit's popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email.
The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell.
Unfortunately, phishing criminals are using QuickBooks' popularity to send business email compromise (BEC) scams. The emails appear as if they are coming from a legitimate vendor using QuickBooks, but if the potential victim takes the bait, the invoice they pay will be to the scammer.
Worse, the payment request can require that the payee use ACH (automated clearing house) method, which requires the payee to input their bank account details. So, if the victim falls for the scam, the criminal now has their bank account information. Not good.
Note: Some other QuickBooks scam warnings will tell you that QuickBooks will never ask for your ACH or banking details. This is not completely true. QuickBooks, the company and its support staff, never will, but QuickBooks email payment requests often do. Warn your users in Accounting.
CONTINUED at the KnowBe4 blog with both legit and malicious example screenshots:
https://blog.knowbe4.com/beware-of-quickbooks-payment-scams
|
Malware Hack Threat Conference | APT 35 | |
|
2022-02-08 12:51:37 | US seizes $3.6 billion stolen in 2016 Bitfinex cryptoexchange hack (lien direct) | The US Department of Justice announced that law enforcement seized billions worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. [...] | Hack | ||
|
2022-02-07 11:55:33 | New Report Alleges Widespread Pegasus Spying by Israel Police (lien direct) | Police used Pegasus spyware to hack phones of dozens of prominent Israelis, including a son of former premier Benjamin Netanyahu, activists and senior government officials, an Israeli newspaper reported Monday. | Hack | ||
|
2022-02-04 09:03:26 | News Corp discloses hack from "persistent" nation state cyber attacks (lien direct) | American media and publishing giant News Corp has disclosed today that it was the target of a "persistent" cyberattack. The attack discovered sometime this January, reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists. [...] | Hack | ||
|
2022-02-04 03:52:32 | Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware (lien direct) | A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into | Hack Vulnerability | ||
|
2022-02-03 14:27:31 | Over $300 Million in Cryptocurrency Stolen in Wormhole Hack (lien direct) | Blockchain bridge Wormhole has confirmed that roughly $320 million worth of cryptocurrency has been stolen following a hack discovered on Wednesday. | Hack | ||
|
2022-02-03 10:46:23 | Wormhole cryptocurrency platform hacked, crooks stole $326 million, the second-biggest hack of a DeFi platform (lien direct) | Threat actors have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge. Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took place on Wednesday. This is the second-biggest hack of a DeFi platform ever, just after the $600 […] | Hack | ||
|
2022-02-01 14:37:29 | CyberheistNews Vol 12 #05 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct) |
|
Ransomware Malware Hack Tool Threat Guideline | NotPetya NotPetya Wannacry Wannacry APT 27 APT 27 | |
|
2022-01-31 18:18:41 | Apple Pays $100.5K Bug Bounty for Mac Webcam Hack (lien direct) | The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also "hack every website you've ever visited." | Hack | ||
|
2022-01-31 15:33:06 | Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform (lien direct) | Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract code used in an Ethereum bridge. The DeFi platform Qubit Finance was victim of a cyber heist, threat actors stole around $80 million in cryptocurrency last week. The hack took place at around 5PM ET […] | Hack Threat | ||
|
2022-01-31 12:19:57 | Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone (lien direct) | Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone and camera. Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. Pickren received […] | Hack Threat | ||
|
2022-01-30 22:07:04 | Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam (lien direct) | Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of | Hack | ||
 |
2022-01-28 15:52:38 | A 19 year old security researcher was able to hack 25+ Teslas. Here\'s what happened (lien direct) | A 19-year-old security researcher named David Colombo detailed how he was able to remotely unlock the doors, open the windows, blast music, and start keyless driving for dozens of Teslas, WIRED reported. The vulnerabilities he exploited to do so aren’t in Tesla software itself, but in a third-party app. Salt Security‘s Michael Isbitsky, technical evangelist, […] | Hack | ||
|
2022-01-26 22:25:35 | Apple fixed the first two zero-day vulnerabilities of 2022 (lien direct) | Apple released security updates to fix two zero-day flaws, one of them actively exploited to hack iPhones and Macs. Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild by threat actors to compromise iPhone and Mac devices. One of the zero-day flaws addressed […] | Hack Threat | ||
|
2022-01-26 14:39:31 | Apple fixes new zero-day exploited to hack macOS, iOS devices (lien direct) | Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs. [...] | Hack | ||
|
2022-01-24 16:16:45 | CWP Flaws That Expose Servers to Remote Attacks Possibly Exploited in the Wild (lien direct) | Researchers discovered that the Control Web Panel (CWP) web hosting panel is affected by two serious vulnerabilities that can allow attackers to remotely hack servers, and it's possible that they may have already been exploited in the wild. | Hack | ||
|
2022-01-22 16:29:21 | Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack (lien direct) | Two critical security vulnerabilities in Control Web Panel potentially expose Linux servers to remote code execution attacks Researchers from Octagon Networks disclosed details of two critical security flaws in Control Web Panel that potentially expose Linux servers to remote code execution attacks. Control Web Panel is a popular open-source Linux control panel for servers and VPS that allows easy […] | Hack | ||
|
2022-01-20 15:05:32 | Crypto.com hack impacted 483 accounts and resulted in a $34 million theft (lien direct) | Crypto.com confirmed that a cyber attack compromised around 400 of its customer accounts leading in the theft of $33 million. Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000 employees. Recently, several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts […] | Hack Guideline | ||
|
2022-01-20 13:03:39 | Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom (lien direct) | OpenSubtitles Hack Shows Why Paying Ransom Offers No Guarantees Popular subtitles website OpenSubtitles on Tuesday admitted that its systems had been hacked after the details of nearly seven million user accounts were leaked, despite the site allegedly paying a ransom to avoid this situation. | Hack | ||
|
2022-01-20 10:54:37 | Red Cross Hack exposes data of 515,000 (lien direct) | It has been reported that the International Committee of the Red Cross has recently suffered a cyber-attack, during which the data of more that 515,000 vulnerable people was accessed and seized. Some of the individuals affected recently fled conflicts. The ICRC confirmed the attack in a published statement: “A sophisticated cybersecurity attack against computer servers […] | Hack | ||
 |
2022-01-20 09:56:17 | Multichain token hack losses reach $3 million: report (lien direct) | Multichain messaging seems confusing, at best. | Hack | ||
|
2022-01-20 04:10:00 | 483 Crypto.com accounts compromised in $34 million hack (lien direct) | Crypto.com has confirmed that a multi-million dollar cyberattack led to the compromise of 483 of its customer accounts. Although, the company's CEO stresses that customer funds are not at risk. Crypto.com is reportedly the world's third-largest cryptocurrency trading platform. [...] | Hack | ||
 |
2022-01-20 01:17:58 | Red Cross implores hackers not to leak data for 515k “highly vulnerable people” (lien direct) | Hack on Red Cross storage contractor follows a separate hacking incident last year. | Hack | ||
 |
2022-01-18 08:00:00 | Yi Hack – Pour débrider les caméras Xiaomi et profiter gratuitement du RTSP (lien direct) | Yi Hack - Pour débrider les caméras Xiaomi et profiter gratuitement du RTSP | Hack | ||
|
2022-01-17 11:40:12 | Personal Information Compromised in Goodwill Website Hack (lien direct) | Nonprofit organization Goodwill has started notifying users of its ShopGoodwill.com e-commerce platform that their personal information was compromised as a result of a cybersecurity breach. | Hack | ||
|
2022-01-16 14:19:42 | Ukraine Says Has \'Evidence\' Russia Behind Cyberattack (lien direct) | Ukraine said Sunday it had evidence that Russia was behind a massive cyberattack that knocked out key government websites this past week, as Microsoft warned the hack could be far worse than first thought. | Hack | ||
|
2022-01-13 20:42:20 | Microwave hack replaces flat keypad with mechanical keyboard switches (lien direct) | Keyboard switches give this microwave a more tactile feel. | Hack | ||
|
2022-01-11 14:52:46 | Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers (lien direct) | Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and […] | Ransomware Hack Vulnerability |
To see everything:
Our RSS (filtrered)
