What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-21 22:01:08 | Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers (lien direct) | India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year.
The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact |
Data Breach Hack | ||
 |
2021-05-21 14:48:50 | Air India data breach impacts 4.5 million customers (lien direct) | Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. [...] | Data Breach Hack | ||
 |
2021-05-20 10:19:46 | SolarWinds Hack Happened Months Earlier Than Thought (lien direct) | BACKGROUND: The Solar Winds CEO has announced that its infamous hack may have happened months earlier than thought. Sudhakar Ramakrishna suggested that hackers that penetrated 10 U.S. government agencies and… | Hack | ||
 |
2021-05-20 10:00:00 | The Full Story of the Stunning RSA Hack Can Finally Be Told (lien direct) | In 2011, Chinese spies stole the crown jewels of cybersecurity-stripping protections from firms and government agencies worldwide. Here's how it happened. | Hack | ||
 |
2021-05-19 14:36:40 | Probe Into Florida Water Plant Hack Led to Discovery of Watering Hole Attack (lien direct) | An investigation conducted by industrial cybersecurity firm Dragos into the recent cyberattack on the water treatment plant in Oldsmar, Florida, led to the discovery of a watering hole attack that initially appeared to be aimed at water utilities. | Hack | ||
 |
2021-05-19 12:30:07 | ROUNDTABLE: Experts react to President Biden\'s exec order in the aftermath of Colonial Pipeline hack (lien direct) | As wake up calls go, the Colonial Pipeline ransomware hack was piercing. Related: DHS embarks on 60-day cybersecurity sprints The attackers shut down the largest fuel pipeline in the U.S., compelling Colonial to pay them 75 bitcoins, worth a … (more…) | Ransomware Hack | ||
|
2021-05-19 10:50:14 | Lawmakers Reintroduce \'Pipeline Security Act\' Following Colonial Hack (lien direct) | More than a dozen U.S. lawmakers led by Rep. Emanuel Cleaver (D-MO) have reintroduced the Pipeline Security Act, whose goal is to aid the DHS's efforts to protect pipeline infrastructure against cyberattacks, terrorist attacks and other threats. | Hack | ||
 |
2021-05-17 20:44:00 | Cyber Self-Defense Is Not Complicated (lien direct) | Anomali Sr. Director of Cyber Intelligence Strategy A.J. Nash recently penned a column for United States Cybersecurity Magazine about how few people in the modern world are immune to the threat of a cyber-attack. Hence, the importance of cyber self-defense. In “Cyber Self-Defense Is Not Complicated,” A.J. talks about why self-commitment is an increasingly effective way to minimize the risks that certainly lurk. Whether it be texts that include personal content not meant for public consumption, emails, hard drives, cloud storage containing sensitive business information, or the endless supply of finance transaction data that most of us pass across the Internet daily, few people in the modern world are immune to the threat of a cyber-attack. Hence, the importance of cyber self-defense. The most common avenue of attack for cyber actors continues to be phishing. Phishing enables cybercriminals to gain the access needed for a ransomware attack, cyber extortion, or the theft of personally identifiable information (PII) which is used to steal money or identities. While the threat of compromise may be daunting to many who do not see themselves as very technical, even those with limited knowledge can employ a few simple techniques and tools to greatly reduce the potential for being compromised. Before we talk solutions, let us briefly examine the common threats most of us face and nearly all of us can minimize through simple cyber self-defense. 4 Common Threats Faced in Cyberspace Phishing: Someone poses as a legitimate institution or individual in an email or text to lure victims into providing sensitive data such as PII, banking and credit card details, and passwords. Ransomware: Malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. Theft of PII: The theft of data that may include a Social Security number, date of birth, driver’s license number, bank account and financial information, as well as a passport number. All this data can be assembled into a full financial record file (AKA, “fullz”) for identity theft. These reportedly sell for as little as $8/each on cybercriminal markets across the Dark Web. Cyber Extortion/Blackmail: A crime in which a threat actor demands payment to prevent the release of potentially embarrassing or damaging information. In most cases involving individual victims (not companies), a threat actor pretends to have compromised a victim’s computer or an account tied to something embarrassing. By quoting credentials usually gathered from a previously published breach, the threat actor quotes those credentials as “evidence” of access to the more embarrassing data. Because people commonly use the same credentials for multiple accounts, this bluff often works, leading to the victim being forced to provide more embarrassing content for extortion, pay money, or both. Cyber Self-Defense Practices: Safely Using Wi-Fi and Bluetooth Wireless connectivity to the Internet and other devices is one of the most convenient inventions in recent memory. Unfortunately, these technologies also come with risks many users fail to recognize or mitigate. Thankfully, it only takes a few simple changes to greatly reduce the risk of personal compromise and practice cyber self-defense. Keep Wi-Fi and Bluetooth features turned off on mobile phones and la | Malware Hack Threat Guideline | ||
|
2021-05-14 17:35:22 | DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills? (lien direct) | The criminal gang behind the disruptive Colonial Pipeline ransomware hack says it is shutting down operations, but threat hunters believe the group will reemerge with a new name and new ransomware variants. | Ransomware Hack Threat | ||
 |
2021-05-13 19:15:08 | CVE-2021-29510 (lien direct) | Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. If you absolutely can't upgrade, you can work around this risk using a validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch these values. This is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue at https://github.com/samuelcolvin/pydantic/issues requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic. | Hack | ★★★★ | |
 |
2021-05-12 16:50:43 | Gig Workers Paid $500 for Payroll Passwords (lien direct) | Argyle is paying workers to help hack payroll providers, researchers suspect. | Hack | ||
 |
2021-05-12 16:32:21 | FragAttacks vulnerabilities expose all WiFi devices to hack (lien direct) | Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks. Some the flaws discovered by the experts date back as […] | Hack | ||
|
2021-05-11 12:11:31 | RSAC insights: SolarWinds hack illustrates why software builds need scrutiny - at deployment (lien direct) | By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as … (more…) | Hack | ||
|
2021-05-10 21:03:03 | Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet (lien direct) | Emails from the Epic Games lawsuit show Apple brass discussing how to handle a 2015 iOS hack. The company never notified affected users. | Hack | ||
|
2021-05-10 14:07:12 | Twilio, HashiCorp Among Codecov Supply Chain Hack Victims (lien direct) | The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the breach but a handful of victims are starting to publicly acknowledge possible exposure of sensitive developer secrets. | Hack | ||
|
2021-05-08 21:33:57 | The Colonial Pipeline Hack Is a New Extreme for Ransomware (lien direct) | An attack has crippled the company's operations-and cut off a large portion of the East Coast's fuel supply-in an ominous development for critical infrastructure. | Ransomware Hack | ||
|
2021-05-07 20:28:41 | iPhone Hack Allegedly Used to Spy on China\'s Uyghurs (lien direct) | U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem. | Hack | ||
 |
2021-05-06 10:00:00 | Password security tips and best practices for enterprises (lien direct) | In honor of World Password Day, we’re doing our part to help keep your business secure by discussing the good, the bad, the ugly and the critical about passwords. Let’s face it: between all the logins we need for work and all the accounts we use in our personal lives, there are too many passwords to remember. So many of us do what seems natural—use the same password for multiple accounts. After all, especially with corporate password policies, most employees use strong passwords with a mix of numbers, lowercase and uppercase letters, and special characters. Still, what about all those sticky notes we have “secretly” hidden in locations probably not far away from our devices? That security risk is only the tip of the iceberg. Because according to a 2019 Lastpass survey, US employees working in mid-sized corporate businesses must manage approximately 75 passwords for work. Unsurprisingly, employees recycle passwords 13 times on average. In other words, employees are using the same passwords over and over. And in many cases, especially for corporate applications and resources that lack strong password requirements, some passwords just aren’t strong enough. Cybercriminals know this, and it’s why breaches happen. If hackers get access to your trusted data, the ramifications can be dire. The costs of a data breach go well beyond financial, and include damage to your company’s brand, trust and reputation. Why do we need stronger and longer passwords? As malware, phishing, and ransomware continue to skyrocket, we must understand that the password is the primary method for attackers to gain access to corporate systems. Phishing passwords may be the easiest method, but passwords can also be cracked. The stronger the password, the harder it is for cybercriminals to decode. In a typical attack—the brute force password attack—attackers will use software that quickly attempts every possible password combination of numbers, letters, and symbols. These software programs get better as computing power increases. For example, an eight-character strong password was not long ago considered secure and difficult to crack. Today, it can be cracked in eight hours. But if we tack on two more characters to make it ten-character, cracking the password can take approximately five years. Why do we need unique passwords for every login? As mentioned above, phishing is one of the simplest ways for hackers to steal our passwords. If you think your company has been victimized by phishing, malware, or ransomware, perhaps you’ve taken steps to reset those passwords. But the security risk here is if employees are using the same passwords for different apps, sites or resources. Have you heard about credential stuffing? With credential stuffing, attackers take username and password combinations they already know (which have been stolen or paid for on the dark web) and try them everywhere they can. Use of credential stuffing is escalating, and businesses of all sizes should take note. This type of attack is only successful if and when employees use the same password for different logins. What about password managers? Managing all those passwords doesn’t have to be complicated. A password management system is software that keeps an up-to-date list of all your passwords and logins, using a master password to access the password “vault”. That master password is the only one you need to remember. What if a hacker accesses your vault? Isn’t that riskier? Sure, there is undoubtedly an element of risk, but it’s critical to think in terms of relative safety. As a general rule, using some type of password | Ransomware Data Breach Hack | LastPass | |
|
2021-05-03 11:42:05 | Pulse Secure fixes VPN zero-day used to hack high-value targets (lien direct) | Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies. [...] | Hack Vulnerability | ||
|
2021-05-02 11:05:41 | Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle (lien direct) | A security duo has demonstrated how to hack a Tesla Model X's and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The scenario is disconcerting, hackers could use a drone to fly on your Tesla Model X and open the doors, a couple of researchers demonstrated. The researchers Kunnamon, […] | Hack | ||
|
2021-04-30 17:03:51 | Is the SolarWinds Hack Really a Seismic Shift? (lien direct) | Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack's legacy and ramifications for security professionals. | Hack | ||
 |
2021-04-30 07:00:00 | Cellebrite : et si l\'outil de la police avait perdu toute son utilité depuis son hack par le créateur de Signal ? (lien direct) | Le hack du créateur de Signal commence à désorganiser les procédures pénales qui reposent sur l'intégrité des données extraites par les appareils de Cellebrite.  |
Hack | ||
|
2021-04-29 16:53:26 | An issue in the Linux Kernel could allow the hack of your system (lien direct) | An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588, could allow attackers to bypass the Kernel Address Space Layout Randomization bypass (KASLR). The Kernel Address space layout randomization (KASLR) is a computer security technique designed to prevent […] | Hack | ||
 |
2021-04-29 15:46:03 | Home Is Where the Hack Is (lien direct) | One of Social-Engineer's services is Open-Source Intelligence Gathering (OSINT). It's a discipline that sees us gather publicly available information that can be accessed without any real special skills or tools. It can also include sources only available to subscribers, such as newspaper content behind a paywall, or subscription journals. As OSINT investigators, we employ countless […] | Hack | ★★★★★ | |
|
2021-04-29 11:00:00 | How Pixar Uses Hyper-Colors to Hack Your Brain (lien direct) | The animation studio's artists are masters at tweaking light and color to trigger deep emotional responses. Coming soon: effects you'll only see inside your head. | Hack | ||
|
2021-04-29 01:39:41 | US Government Taking Creative Steps to Counter Cyberthreats (lien direct) | An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it | Hack Tool | ||
 |
2021-04-26 11:06:27 | When AIs Start Hacking (lien direct) | If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published, artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage... | Hack | ★★★★ | |
 |
2021-04-26 10:27:00 | French legal challenge over EncroChat cryptophone hack could hit UK prosecutions (lien direct) | If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published, artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage... | Hack | ||
|
2021-04-26 10:00:00 | The 5 most crucial Cybersecurity updates for businesses in 2021 (lien direct) | This blog was written by an independent guest blogger. For as long as businesses have used computers, cybersecurity has been crucial. Now, as modern business and data are becoming inseparable, it’s an absolute necessity. As companies start to recover from 2020 losses, they should consider investing in security updates. Cybercrime reached new heights in the past year, with internet crime reports rising 69.4% and costing more than $4.2 billion. Now that more companies are embracing digital services after the pandemic, this trend will likely continue. All businesses, regardless of size or industry, must revisit their cybersecurity. Here are the five most important cybersecurity updates for this year. 1. Implementing a Zero-Trust framework The single most crucial cybersecurity upgrade for businesses this year is adopting a zero-trust security framework. These systems, which rely on network segmentation and thorough user verification, aren’t new but are increasingly crucial. In light of rising cyberthreats, companies can’t afford to trust anything inside or outside their networks without proof. A 2020 survey found that 82% of company leaders plan to let their employees work remotely at least part time after the pandemic. That many people accessing data remotely raises security concerns. Hackers could pose as remote workers to gain access or install spyware, and IT teams wouldn’t know it. Zero-trust models mitigate these threats. Verifying user identity at every step helps guarantee only employees can access mission-critical data. Segmentation ensures that only those who need access can get it, and if a breach occurs, it won’t impact the entire network. 2. Securing machine learning training data Machine learning algorithms are becoming increasingly common among companies in various industries. These models take considerable amounts of data to train, which presents an enticing opportunity for cybercriminals. As more companies rely on machine learning, more threat actors will likely try to poison the training data. By injecting incorrect or corrupt data into the training pool, cybercriminals could manipulate a machine learning system. If companies don’t catch the problem before it’s too late, the algorithms they rely on could influence poor or even harmful business decisions. Given this threat, securing machine learning training data is a must. Businesses should carefully inspect the information they use to train machine learning models. They should also enact stricter access controls over training pools, including activity monitoring. 3. Verifying third-party and partner security Businesses should also look outward when improving their cybersecurity. The growing public awareness of cyberthreats is changing expectations about visibility, and that’s a good thing. It’s no longer sufficient to trust that a business partner or third party has robust data security. Companies must verify it. Third-party data breaches in 2020 exposed millions of records, and major events like the SolarWinds hack have revealed how fragile some systems are. In light of these risks, businesses must ask all potential partners to prove | Data Breach Hack Threat Guideline | ||
|
2021-04-23 07:45:44 | Evil Maid Attack – Vacuum Hack (lien direct) | Evil Maid Attack – Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry Pi. It is a typical day at the office. You are sitting at your desk, working hard at whatever it is that you do. The cleaning lady is also doing her job nearby, but you […] | Hack | ||
 |
2021-04-22 13:08:16 | SolarWinds hack analysis reveals 56% boost in command server footprint (lien direct) | Researchers say newly identified targets are likely. | Hack | ||
 |
2021-04-21 17:27:21 | Ethics: University of Minnesota\'s hostile patches (lien direct) | The University of Minnesota (UMN) got into trouble this week for doing a study where they have submitted deliberately vulnerable patches into open-source projects, in order to test whether hostile actors can do this to hack things. After a UMN researcher submitted a crappy patch to the Linux Kernel, kernel maintainers decided to rip out all recent UMN patches.Both things can be true:Their study was an important contribution to the field of cybersecurity.Their study was unethical.It's like Nazi medical research on victims in concentration camps, or U.S. military research on unwitting soldiers. The research can simultaneously be wildly unethical but at the same time produce useful knowledge.I'd agree that their paper is useful. I would not be able to immediately recognize their patches as adding a vulnerability -- and I'm an expert at such things.In addition, the sorts of bugs it exploits shows a way forward in the evolution of programming languages. It's not clear that a "safe" language like Rust would be the answer. Linux kernel programming requires tracking resources in ways that Rust would consider inherently "unsafe". Instead, the C language needs to evolve with better safety features and better static analysis. Specifically, we need to be able to annotate the parameters and return statements from functions. For example, if a pointer can't be NULL, then it needs to be documented as a non-nullable pointer. (Imagine if pointers could be signed and unsigned, meaning, can sometimes be NULL or never be NULL).So I'm glad this paper exists. As a researcher, I'll likely cite it in the future. As a programmer, I'll be more vigilant in the future. In my own open-source projects, I should probably review some previous pull requests that I've accepted, since many of them have been the same crappy quality of simply adding a (probably) unnecessary NULL-pointer check.The next question is whether this is ethical. Well, the paper claims to have sign-off from their university's IRB -- their Institutional Review Board that reviews the ethics of experiments. Universities created IRBs to deal with the fact that many medical experiments were done on either unwilling or unwitting subjects, such as the Tuskegee Syphilis Study. All medical research must have IRB sign-off these days.However, I think IRB sign-off for computer security research is stupid. Things like masscanning of the entire Internet are undecidable with traditional ethics. I regularly scan every device on the IPv4 Internet, including your own home router. If you paid attention to the packets your firewall drops, some of them would be from me. Some consider this a gross violation of basic ethics and get very upset that I'm scanning their computer. Others consider this to be the expected consequence of the end-to-end nature of the public Internet, that there's an inherent social contract that you must be prepared to receive any packet from anywhere. Kerckhoff's Principle from the 1800s suggests that core ethic of cybersecurity is exposure to such things rather than trying to cover them up.The point isn't to argue whether masscanning is ethical. The point is to argue that it's undecided, and that your IRB isn't going to be able to answer the question better than anybody else.But here's the thing about masscanning: I'm honest and transparent about it. My very first scan of the entire Internet came with a tweet "BTW, this is me scanning the entire Internet".A lot of ethical questions in other fields comes down to honesty. If you have to lie about it or cover it up, then th | Hack Vulnerability | ||
|
2021-04-21 13:12:46 | REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack (lien direct) | The REvil ransomware operators are attempting to blackmail Apple after they has allegedly stolen product blueprints of the IT giant from its business partner. REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. Quanta […] | Ransomware Hack | ||
|
2021-04-21 09:45:24 | Codecov breach impacted \'hundreds\' of customer networks: report (lien direct) | Reports suggest the initial hack may have led to a more extensive supply chain attack. | Hack | ★★ | |
|
2021-04-21 05:38:01 | China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors (lien direct) | At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. According to coordinated reports published by FireEye and Pulse Secure, two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors […] | Hack Vulnerability | ||
|
2021-04-20 19:50:57 | Hacking a X-RAY Machine with WHIDelite & EvilCrowRF (lien direct) | The popular cyber security expert Luca Bongiorni demonstrated how to hack an X-Ray Machine using his WHIDelite tool. Recently I bought a X-RAY machine from China to have some ghetto-style desktop setup in order to inspect/reverse engineer some PCBs and hardware implants. The first thing striked my curiosity, even before purchasing it, was its remote. […] | Hack | ||
|
2021-04-20 11:03:06 | Pulse Secure VPN zero-day used to hack defense firms, govt orgs (lien direct) | Pulse Secure has shared mitigation measures for an actively exploited zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance. [...] | Hack | ||
|
2021-04-19 21:49:23 | Experts demonstrated how to hack a utility and take over a smart meter (lien direct) | Researchers from the FireEye's Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased. Many security firms highlighted the risks related to attacks targeting OT networks used in […] | Hack | ||
 |
2021-04-19 15:46:19 | Six million male members may have been exposed after hack of gay dating service (lien direct) | Manhunt, a popular gay dating service, has suffered a data breach which may have put members at risk of exposure. | Data Breach Hack | ||
 |
2021-04-19 13:52:46 | Naked Security Live – To hack or not to hack? (lien direct) | Latest video - watch now! We look at the recent FBI "webshell hacking" controversy from both sides. | Hack | ||
|
2021-04-19 13:00:00 | Hackers Used to Be Humans. Soon, AIs Will Hack Humanity (lien direct) | Like crafty genies, AIs will grant our wishes, and then hack them, exploiting our social, political, and economic systems like never before. | Hack | ||
|
2021-04-17 06:38:38 | 6 out of 11 EU agencies running Solarwinds Orion software were hacked (lien direct) | SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed. European Commissioner for Budget and Administration Johannes Hahn confirmed the hack of some EU agencies as result of the SolarWinds supply chain attack in a response to a question filed by an EU Parliament member in February 2021. […] | Hack | ||
|
2021-04-16 02:47:55 | Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack (lien direct) | Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world. | Hack Tool | ||
|
2021-04-15 22:20:58 | US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack (lien direct) | The U.S. and UK attributed with “high confidence” the recently disclosed supply chain attack on SolarWinds to Russia’s Foreign Intelligence Service (SVR). The U.S. and U.K. attributed with “high confidence” the supply chain attack on SolarWinds to operatives working for Russia’s Foreign Intelligence Service (SVR) (ska APT29, Cozy Bear, and The Dukes). The UK, US […] | Hack | APT 29 | |
 |
2021-04-15 20:17:39 | US government strikes back at Kremlin for SolarWinds hack campaign (lien direct) | Treasury Department says it's sanctioning 6 Russian firms for supporting the hacks. | Hack | ||
|
2021-04-15 10:54:57 | US government confirms Russian SVR behind the SolarWinds hack (lien direct) | The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies. [...] | Hack | ||
|
2021-04-15 04:09:58 | 1-Click Hack Found in Popular Desktop Apps - Check If You\'re Using Them (lien direct) | Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems.
The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble. |
Hack | ||
|
2021-04-14 21:03:35 | WhatsApp flaws could have allowed hackers to remotely hack mobile devices (lien direct) | WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. WhatsApp recently addressed two security vulnerabilities in its app for Android that could have been exploited by remote attackers to execute malicious code on a target device and potentially eavesdrop on communications. The vulnerabilities […] | Hack | ||
|
2021-04-14 07:51:05 | New WhatsApp Bugs Could\'ve Let Attackers Hack Your Phone Remotely (lien direct) | Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even compromise encrypted communications.
The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what's known as a "man-in-the-disk" attack that makes it possible |
Hack | ||
|
2021-04-14 06:15:09 | Sweden blames Russia for Swedish Sports Confederation hack (lien direct) | The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said. The Swedish Sports Confederation is the umbrella organisation of the Swedish sports movement, it was hacked by Russian military intelligence in a campaign conducted between December 2017 and May 2018, officials said. In the same period, Russia-linked […] | Hack |
To see everything:
Our RSS (filtrered)
