What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-18 05:53:11 | US cyber-attack: Hack of government agencies and companies poses \'grave risk\' (lien direct) | The US cyber-security agency says thwarting the attack will be "highly complex and challenging". | Hack | ||
 |
2020-12-18 03:59:45 | Microsoft says it identified 40+ victims of the SolarWinds hack (lien direct) | Microsoft says 80% of the victims it identified were located in the United States. | Hack | ||
 |
2020-12-17 20:56:04 | Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack (lien direct) | The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought.
News of Microsoft's compromise was first reported by Reuters, which also said the company's own products were then |
Hack | ||
 |
2020-12-17 19:44:01 | Russia\'s Hack Wasn\'t Cyberwar. That Complicates US Strategy (lien direct) | To evaluate whether cyber security tactics are working, you need to first establish what the SolarWinds hack really was. | Hack | ||
 |
2020-12-16 19:47:38 | The Asset Trap (lien direct) | As we look at what’s happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a lesson we can apply to threat modeling. An example of asset-driven thinking leads the article Hack may have exposed deep US secrets; damage yet unknown. And I don’t want… | Hack Threat Guideline | ||
 |
2020-12-16 18:37:47 | Malicious Domain in SolarWinds Hack Turned into \'Killswitch\' (lien direct) | A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "killswitch" designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. | Hack | ||
 |
2020-12-16 09:57:57 | Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack (lien direct) | Microsoft and its partners have seized the primary domain used in the SolarWinds attack to identify the victims through sinkholing. Microsoft partnered with other cybersecurity firms to seize the primary domain used in the SolarWinds attack (avsvmcloud[.]com) in an attempt to identify all victims and prevent other systems from being served malicious software. The domain […] | Hack | ||
|
2020-12-16 03:04:57 | SolarWinds said no other products were compromised in recent hack (lien direct) | SolarWinds has released today updates that "replaces the compromised component" in its Orion platform. | Hack | ||
|
2020-12-16 00:17:59 | Microsoft to quarantine SolarWinds apps linked to recent hack starting tomorrow (lien direct) | After only showing detection alerts, Microsoft moves to block trojanized SolarWinds apps from running, opening the door for some IT issues for some of its customers. | Hack | ||
|
2020-12-16 00:09:40 | SolarWinds: Why the Sunburst hack is so serious (lien direct) | The hack of thousands of high-profile organisations, including the US government, could have major consequences. | Hack | Solardwinds | |
 |
2020-12-16 00:03:27 | Here are the critical responses required of all businesses after SolarWinds supply-chain hack (lien direct) | SolarWinds customers – over 300,000 of them, including most of the Fortune 500 – must determine what was breached, mitigate the damage before using the software again, and explore new supply chain safeguards. | Hack | ||
|
2020-12-15 20:18:00 | Microsoft and industry partners seize key domain used in SolarWinds hack (lien direct) | By seizing the domain, Microsoft and its partners hope to identify all victims, but are also preventing attackers from escalating intrusions in currently infected networks. | Hack | ||
 |
2020-12-15 18:50:00 | Concerns Run High as More Details of SolarWinds Hack Emerge (lien direct) | Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say. | Hack | ||
|
2020-12-15 17:41:37 | SolarWinds Hack Could Affect 18K Customers (lien direct) | The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems. | Hack | ||
 |
2020-12-15 13:49:52 | Acunetix Stance on the SolarWinds Hack (lien direct) | We at Acunetix and Invicti are deeply concerned with the aftermath of the SolarWinds hack and offer our deepest commiserations to all the security personnel who are facing this situation just before Christmas, and to SolarWinds themselves who have been an unwilling agent to the... Read more | Hack | ||
|
2020-12-14 17:36:00 | SEC filings: SolarWinds says 18,000 customers were impacted by recent hack (lien direct) | In SEC documents filed today, SolarWinds said it notified 33,000 customers of its recent hack, but that only 18,000 used a trojanized version of its Orion platform. | Hack | ||
 |
2020-12-14 12:24:34 | Russian hackers potentially spied on U.S. Treasury emails (lien direct) | It has been speculated that Russian hackers have been monitoring internal email traffic of U.S. Treasury and Commerce departments. Those who are involved in the matter are fearing that this specific hack is only a small part of a much larger attack. The hack has led a National Security Council meeting on Saturday to discuss […] | Hack | ||
|
2020-12-13 21:48:48 | Pay2Key hackers stole data from Intel\'s Habana Labs (lien direct) | Pay2Key ransomware operators claim to have compromised the network of the Intel-owned chipmaker Habana Labs and have stolen data. Intel-owned AI chipmaker Habana Labs was hacked by Pay2key ransomware operators who claim to have stolen from the company. The group announced the hack on Twitter, they claim to have stolen sensitive data, including information about […] | Ransomware Hack | ||
|
2020-12-13 17:19:51 | Hacked Subway UK marketing system used in TrickBot phishing campaign (lien direct) | Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. Subway UK customers received emails from ‘Subcard’ about the processing […] | Malware Hack | ||
|
2020-12-13 09:58:29 | PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs (lien direct) | Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. PostgreSQL, also known as Postgres, is one of […] | Hack | ||
|
2020-12-12 12:05:02 | WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack (lien direct) | Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but […] | Hack Vulnerability | ||
 |
2020-12-11 13:32:28 | Preliminary detection of stolen FireEye red team tools (lien direct) | By Bhabesh Raj Rai, Associate Security Analytics Engineer On Tuesday, December 8, FireEye disclosed that they were compromised by a highly sophisticated nation-state group, most likely Russian, that used novel techniques to exfiltrate their red team tools. The FireEye hack is now considered the biggest known theft of cybersecurity tools since the NSA was hacked by [...] | Hack | ||
|
2020-12-10 23:42:22 | Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam (lien direct) | Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware.
Tracked as APT32 (or Bismuth, OceanLotus, and Cobalt Kitty), the state-aligned operatives affiliated with the Vietnam government have been known for |
Hack Threat | APT 32 | |
|
2020-12-09 16:32:16 | Fireeye Hack & Culture (lien direct) | Fireeye’s announcement of their discovery of a breach is all over the news. The Reuters article quotes a ‘Western security official’ as saying “Plenty of similar companies have also been popped like this.” I have two comments. First, it’s easy for anyone to label attackers “sophisticated.” Fireeye certainly has more data and experience in assessing… | Hack | ||
|
2020-12-09 01:42:51 | Russia\'s FireEye Hack Is a Statement-but Not a Catastrophe (lien direct) | The fallout from the attack may not be as dire as it first sounds. | Hack | ||
|
2020-12-08 17:58:14 | Unauthenticated Command Injection bug opens D-Link VPN routers to hack (lien direct) | An unauthenticated command injection vulnerability could be exploited by threat actors to compromise D-Link VPN routers. Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The experts initially discovered the flaws in DSR-250 router family running firmware version 3.17, further investigation allowed […] | Hack Vulnerability Threat | ||
|
2020-12-08 14:42:06 | Norway says Russian hacking group APT28 is behind August 2020 Parliament hack (lien direct) | Russian hackers breached the Norway's Parliament email accounts in August this year. | Hack | APT 28 | |
 |
2020-12-07 17:42:00 | New iOS exploit can hack iPhones wirelessly (lien direct) | A researcher at Google's Project Zero has just announced a zero-click iOS exploit capable of wirelessly hacking nearby iPhones. As iOS exploits go, this one is a pretty big deal! | Hack | ||
 |
2020-12-07 11:00:00 | Could electric vehicles present a Cybersecurity risk to the grid? (lien direct) |
Credit: Pexels
With many countries now participating in the Paris Agreement to address climate change, coupled with the rising popularity of electric vehicles, it is expected that 125 million electric cars will be on the road worldwide by 2030. But these cars, although beneficial to the environment, come with cybersecurity risks. According to experts, security concerns should be addressed before a massive rollout of electric vehicles take place. While the United States has less than 5.4 million hybrid electric vehicles on its roads (based on numbers from 1999 to 2019), the slow growth of the American market might suddenly experience a spike before cybersecurity risks involving charging stations and the energy grid are reduced or removed.
Policy changes
As the United States started working on policy changes to reduce carbon emissions from its transport sector, 327,000 plug-in electric vehicles were sold in the country. And this was in 2019 alone. Although this is but a dent in the international market, electric vehicles have a bright future in the USA. Plug-in electrics are popular because they run on gasoline and electricity. Environmentally conscious motorists can use electricity to power their plug-ins, and still have a back-up system powered by gasoline if the need arises. And as expected, the savings are huge when it comes to fuel.
New York City noted recently that it is planning to spend $1 billion to improve its car charging infrastructure. Around 50,000 charging stations in NYC are said to be in the works, and are expected to be fully operational by 2025. The State of Florida is also doing the same thing, while other states are offering incentives in the form of rebates to individuals who buy electric vehicles.
Charging stations And Cybersecurity attacks
Although the rising popularity of electric vehicles is good news for America and the planet, their charging stations pose security risks. According to Yury Dvorkin, an electrical and computer engineering expert at New York University, charging stations can be entry points for cyberattacks directed at the American energy grid. The grid, Dvorkin says, is a complex mix of cyber and physical layers. Cybersecurity plays a crucial role in the United States’ transportation infrastructure and its interoperable power systems. Poorly implemented security in charging stations can have a negative impact on critical infrastructure, such as the grid itself and its operators, vehicles, and OEM vendors. Experts say that the concern is quite complicated, as it involves software and equipment vendors, stakeholders, and end users.
Charging station vulnerabilities can lead to exploitation of the grid for gain, according to Dvorkin’s analysis. The assistant professor also explains in his research that electric vehicles that are charging in these charging stations can be hacked simultaneously and cause a disruption on the grid’s stability. Such attacks are possible, according to other experts, since electric vehicles have control interfaces and communication interfaces that interact with the grid. There is good news, however, as Dvorkin and other computer engineering professors say that there is still time for the United States to prepare for |
Hack Guideline | ★★ | |
|
2020-12-06 13:16:18 | Security Affairs newsletter Round 292 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A critical flaw in industrial automation systems opens to remote hack Crooks stole 800,000€ from ATMs in Italy with Black Box attack Operators behind Dark Caracal are still alive and […] | Hack | ||
|
2020-12-04 12:39:59 | Hundreds of millions of Android users exposed to hack due to CVE-2020-8913 (lien direct) | Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913 The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library. The vulnerability is rated 8.8 out […] | Hack Vulnerability | ||
|
2020-12-04 12:09:55 | Data Protection Is Integral In Wake Of COVID-19 Vaccine \'Cold Supply\' Chain Network Hack (lien direct) | As the country prepares for the long-awaited and much anticipated COVID-19 vaccine, the news of an attempted hacking campaign targeting crucial organisations within the vaccine ‘cold supply’ chain network is… The ISBuzz Post: This Post Data Protection Is Integral In Wake Of COVID-19 Vaccine ‘Cold Supply’ Chain Network Hack | Hack | ||
 |
2020-12-03 17:44:32 | iPhone hack allowed device takeover via Wi‑Fi (lien direct) | Using a zero-click exploit, an attacker could have taken complete control of any iPhone within Wi-Fi range in seconds | Hack | ||
|
2020-12-02 14:15:09 | Google discloses a zero-click Wi-Fi exploit to hack iPhone devices (lien direct) | Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack iPhone devices. Google Project Zero white-hat hacker Ian Beer has disclosed technical details of a critical “wormable” iOS bug that could have allowed a remote attacker to take over any device in the vicinity over […] | Hack | ||
 |
2020-12-02 13:34:21 | Google Chrome will soon warn you when using weak passwords (lien direct) | Your online accounts' security is heavily dependent on how strong your passwords are, and if they are too easy, attackers could hack into your account by brute-forcing your password. [...] | Hack | ||
|
2020-12-01 23:18:58 | Google Hacker Details Zero-Click \'Wormable\' Wi-Fi Exploit to Hack iPhones (lien direct) | Google Project Zero whitehat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi.
The exploit makes it possible to "view all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] |
Hack | ||
|
2020-11-29 15:41:12 | A critical flaw in industrial automation systems opens to remote hack (lien direct) | Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November […] | Hack Vulnerability | ||
|
2020-11-25 17:24:22 | Home Depot settles with state AGs for 2014 point-of-sale hack (lien direct) | Home Depot settled with the attorneys general of 45 states and the District of Columbia over a 2014 point-of-sale systems hack, agreeing to pay $17.5 million, states announced Tuesday. The Home Depot breach was, at the time, the largest reported breach in history, capturing 56 million credit cards. It came during a string of attacks… | Hack | ||
|
2020-11-24 23:17:16 | (Déjà vu) 2FA bypass in cPanel potentially exposes tens of millions of websites to hack (lien direct) | 2FA bypass discovered in web hosting software cPanel More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel, a popular […] | Hack | ||
|
2020-11-23 17:37:13 | Tesla Model X hacked and stolen in minutes using new key fob hack (lien direct) | Tesla is rolling out over-the-air software updates this week to prevent the attack from hijacking owner key fobs. | Hack | ||
|
2020-11-20 12:12:17 | Robot vacuums can allow bad actors into your home (lien direct) | Researchers have discovered a new way for bad actors to listen to homeowners’ private conversations by hacking into their robot vacuums. Robot vacuums, such as Roombas, use smart sensors to autonomously operate. Attackers hack into the targets vacumes using the LiDAR smart sensors, with researchers thus giving the attacks the name “LidarPhone”. LiDAR stands for […] | Hack | ||
 |
2020-11-19 22:03:23 | Robot Vacuums Suck Up Sensitive Audio in \'LidarPhone\' Hack (lien direct) | Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums. | Hack | ||
|
2020-11-19 11:22:54 | Expert Insight On Cryptocurrency Exchange Liquid Confirms HacK (lien direct) | Cryptocurrency exchange Liquid has confirmed that on November 13 a hacker gained access to the company's domain records, allowing the them to take control of several employee email accounts, and… The ISBuzz Post: This Post Expert Insight On Cryptocurrency Exchange Liquid Confirms HacK | Hack | ||
|
2020-11-19 11:15:44 | Major global hack found to be state-funded by China (lien direct) | Researchers from the security firm Symantec have discovered a major hacking campaign that is using sophisticated techniques in order to compromise companies networks worldwide. It is thought that the hack has been funded by the Chinese government, with a well-know hacking group initiating the attacks using both off-the-shelf and custom-made tools. One of the tools […] | Hack | ||
 |
2020-11-16 04:00:00 | SEC\'s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack (lien direct) | Recently, the Securities and Exchange Commission's exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there's been an increase in a specific type of hack known as “credential stuffing.“ This cyberattack involves using stolen credentials to log into web-based systems and […]… Read More | Hack | ||
 |
2020-11-15 15:09:17 | The Server From Hell TryHackMe Walkthrough (lien direct) | In this article, we will provide the write-up of the Try Hack Me Room: The Server from hell. This is a write-up about a medium level boot to root Linux box which is available for free on TryHackMe for penetration testing practice. Let's get started and learn how to break it down successfully. Level: Medium... Continue reading → | Hack | ||
|
2020-11-14 21:02:30 | Feds investigate Zoom-bombings attack against Gonzaga University Black Student Union (lien direct) | FBI and Spokane police are investigating an incident in which the Gonzaga University Black Student Union was hacked during a Zoom meeting. The FBI and Spokane police are investigating the hack of Gonzaga University Black Student Union. The hackers broke into a Zoom meeting and bombarded participants with racial and homophobic slurs. The attackers have […] | Hack | ||
|
2020-11-11 14:24:04 | Ragnar Locker ransomware gang advertises Campari hack on Facebook (lien direct) | Ragnar Locker Ransomware operators have started to run Facebook advertisements to force their victims into paying the ransom. In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems. Then the attackers threaten to release the stolen […] | Ransomware Hack Threat | ||
|
2020-11-10 18:50:46 | Flaws in WordPress Ultimate Member plugin expose 25K sites to hack (lien direct) | Multiple critical vulnerabilities affecting the Ultimate Member plugin could be easily exploited to potentially takeover up to 25K websites. Multiple critical vulnerabilities in the Ultimate Member plugin could be easily exploited to take over websites, the issue potentially impact up to 100K installs. The Ultimate Member WordPress plugin allows admins to easily manage membership to […] | Hack | ||
|
2020-11-09 08:26:07 | Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others (lien direct) | Many popular OS and applications have been hacked during this year’s edition of the Tianfu Cup hacking competition. This year’s edition of the Tianfu Cup hacking competition was very prolific, bug bounty hackers have discovered multiple vulnerabilities in multiple software and applications. The Tianfu Cup is the most important hacking contest held in China, the […] | Hack |
To see everything:
Our RSS (filtrered)
