What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-09-02 11:00:00 | How Covid-19 has increased vulnerabilities in Industrial Control Systems (lien direct) | This blog was written by an independent guest blogger. By now, most are aware that the Covid-19 pandemic has led to a spike in cyberattacks. This sharp increase in malicious activity related to COVID has taken the typical form of adversaries seeking to benefit financially, gain unauthorized access to networks for immediate and long-term strategic benefit, and spread misinformation with political agendas. Much of this is a direct result of the work from home (WFH) phenomenon. With organizations and businesses rapidly deploying systems and networks to support remote staff, criminals can’t help themselves. Increased security vulnerabilities have offered the opportunity to steal data, generate profits, and generally cause havoc. In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners. There are a number of other threats, though, that have also been caused by the pandemic but that are less visible. One of these is the increased vulnerability of industrial control systems. The threat The most up to date data on the vulnerability of industrial control systems, and how this has been affected by the pandemic, comes courtesy of the ICS Risk & Vulnerability Report, released this week by Claroty. This research contains an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors. The findings are striking, and particularly so given how many systems engineers now work from home. Fully 70% of the vulnerabilities published by the NVD can be exploited remotely, while the most common potential impact is remote code execution, which is possible with 49% of the vulnerabilities. When combined with the fact that recent research has found that 83% of firms are simultaneously struggling to ensure the security of remote working systems, this is highly concerning. In practice, this means that if an organization’s remote working systems are insecure – which seems likely, given the difficulties that many have reported in recent months – then hackers may be granted an increased capability to remotely execute malicious code on industrial systems. The Impact The increased likelihood of this kind of attack should concern all organizations working with industrial control systems, but especially those companies employing centralized systems such as DCS, SCADA, or PLS. In recent years, these solutions have been used for networking previously discrete industrial systems together. While this has allowed organizations to dramatically increase their efficiency and productivity, it potentially leaves these systems open to laterally-deployed cyberattacks. This risk is compounded by a similarly worrying trend in international cyber warfare. Tho | Spam Hack Vulnerability Guideline | ||
 |
2020-09-02 08:29:45 | AusCERT says alleged DoE hack came from a third-party (lien direct) | AusCERT says a data breach occurred at K7Maths, a company providing services to schools. | Data Breach Hack | ||
 |
2020-09-01 10:53:27 | Hack this email account… plz plz plz! (lien direct) | Running a security blog means that I'm always interested in receiving tips about data breaches, vulnerabilities, malware attacks, and the like. But I do explain that I'm not available to help troubleshoot PC problems or provide technical support – there simply aren't enough hours in the day, and it doesn't put any crumbs on the dining room table. This morning, however, I received a very polite message from a reader of the blog. | Malware Hack | ||
 |
2020-08-28 11:35:19 | Experts Reacted On Musk Confirms Russian Hack Targeted Tesla Factory (lien direct) | The US authorities arrested and charged a Russian national in US who was recruiting and convincing a Tesla’s employee to install a malware at Tesla factory in Nevada. The Telsa CEO Elon Musk also confimed the plot by tweet.The cybersecurity experts reacted on this new plot. The ISBuzz Post: This Post Experts Reacted On Musk Confirms Russian Hack Targeted Tesla Factory | Malware Hack | ||
 |
2020-08-26 12:40:00 | Russian National Arrested for Conspiracy to Hack Nevada Company (lien direct) | The defendant allegedly planned to pay an employee $1 million to infect the company network with malware. | Hack | ||
|
2020-08-26 00:57:04 | Russian arrested for trying to recruit an insider and hack a Nevada company (lien direct) | A Russian national traveled to the US to recruit and convince an employee of a Nevada company to install malware on the company's network. | Malware Hack | ||
|
2020-08-24 15:21:46 | Former Uber Security Chief Charged With Paying Hush Money To Cover Up 2016 Hack (lien direct) | As reported by The Verge, Uber's former security chief has been charged with obstruction of justice for trying to hide a data breach from the Federal Trade Commission and Uber management, according to a statement from the Department of Justice. Joseph Sullivan, who was Uber's chief security officer from April 2015 to November 2017, allegedly concealed … The ISBuzz Post: This Post Former Uber Security Chief Charged With Paying Hush Money To Cover Up 2016 Hack | Data Breach Hack | Uber | |
 |
2020-08-22 08:15:04 | Thousands of WordPress WooCommerce stores potentially exposed to hack (lien direct) | Hackers are attempting to exploit multiple vulnerabilities in the Discount Rules for WooCommerce WordPress plugin, which has 30,000+ installations. Researchers from security firm WebArx reported that Hackers are actively attempting to exploit numerous flaws in the Discount Rules for WooCommerce WordPress plugin. The list of vulnerabilities includes SQL injection, authorization flaws, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities. Discount […] | Hack | ||
|
2020-08-21 17:48:00 | Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators (lien direct) | Experts at threat intelligence firm Cyble came across a post published by Maze ransomware operators claiming to have breached the steel sheet giant Hoa Sen Group. During the ordinary monitoring of Deepweb and Darkweb, researchers at Cyble came across the leak disclosure post published by the Maze ransomware operators that claim the hack of the Hoa Sen […] | Ransomware Hack Threat | ||
 |
2020-08-21 10:04:22 | Uber ex-security boss accused of covering up hack attack (lien direct) | Joseph Sullivan has been charged with obstruction of justice in the US over a 2016 data breach. | Hack | Uber | |
|
2020-08-20 20:51:02 | Former Uber CSO charged for 2016 hack cover-up (lien direct) | DOJ officials say former Uber CSO Joe Sullivan lied to management about the security breach and paid hush money to the hackers. | Hack | Uber | |
|
2020-08-20 16:30:00 | Former Uber CSO Charged in Hack Cover-up (lien direct) | The charges stem from a 2016 attack in which 57 million records were breached. | Hack | Uber | |
|
2020-08-20 16:04:43 | CVE-2020-3446 default credentials bug exposes Cisco ENCS, CSP Appliances to hack (lien direct) | Cisco addressed a critical default credentials vulnerability (CVE-2020-3446) affecting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances. Cisco fixed a critical default credentials vulnerability impacting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances. Cisco Wide Area Application Services (WAAS) is technology developed by Cisco Systems that optimizes […] | Hack Vulnerability | ||
 |
2020-08-19 16:13:10 | Law Enforcement Websites Hit by BlueLeaks May Have Been Easy To Hack (lien direct) | ASPX Shell, compressing files with 7-Zip | Hack | ||
|
2020-08-16 13:26:41 | Security Affairs newsletter Round 277 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Homoglyph attacks used in phishing campaign and Magecart attacks Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated US OCC imposed an $80 Million fine to Capital One for 2019 […] | Hack | ||
 |
2020-08-14 12:47:01 | BootHole vulnerability in Linux systems renders servers unbootable (lien direct) | It was reported this week by Naked Security that Linux systems are affected by a vulnerability that can render those Linux servers unbootable. BootHole leverages a vulnerability in both GRUB2 and Secure Boot, explains TechRepublic. To make BootHole a bit more daunting, it’s actually a really easy hack to pull off. The only thing blocking […] | Hack Vulnerability | ||
 |
2020-08-13 15:44:53 | Report: Unskilled hackers can breach about 3 out of 4 companies (lien direct) | Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes. | Hack | ||
|
2020-08-13 15:00:00 | The Race to Hack a Satellite at DEF CON (lien direct) | Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space. | Hack | ||
|
2020-08-11 15:18:16 | Flaws in \'Find My Mobile\' exposed Samsung phones to hack (lien direct) | A researcher found multiple flaws in Samsung's Find My Mobile that could have been chained to perform various malicious activities on Samsung Galaxy Phones. The security researcher Pedro Umbelino from Portugal-based cybersecurity services provider Char49 discovered multiple vulnerabilities in Samsung's Find My Mobile that could have been chained to perform various malicious activities on Samsung Galaxy […] | Hack | ||
|
2020-08-11 11:21:57 | Experts On News: Reddit hacked and defaced with pro-Trump messages (lien direct) | Reddit Inc. is the latest company to be hacked, with some 70 groups on the site defaced with pro-Donald Trump messages. The hack occurred on Friday and involved those behind the attack accessing accounts belonging to moderators of popular subreddits with millions of subscribers, including r/space, r/food, r/Japan, r/nfl, r/cfb and r/podcasts. The messages posted … The ISBuzz Post: This Post Experts On News: Reddit hacked and defaced with pro-Trump messages | Hack | ||
 |
2020-08-10 10:04:24 | Could the Twitter Social Engineering Hack Happen to You? (lien direct) | The phishing attack on Twitter employees serves as an opportunity for all businesses to reassess how they build and deploy application | Hack | ||
|
2020-08-09 15:40:50 | US OCC imposed an $80 Million fine to Capital One for 2019 hack (lien direct) | US Office of the Comptroller of the Currency (OCC) regulator has fined the credit card provider Capital One Financial Corp with $80 million over 2019 data breach. The US Office of the Comptroller of the Currency (OCC) has imposed an $80 million fine to the credit card provider Capital One Financial Corp over 2019 data breach. Capital One, one of […] | Hack | ||
|
2020-08-09 06:58:27 | Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated (lien direct) | Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. A team of Chinese experts from Sky-Go, the Qihoo 360 division focused on car hacking, discovered 19 vulnerabilities in a Mercedes-Benz E-Class, including some issues that can be exploited by attackers to remotely hack a […] | Hack | ||
|
2020-08-07 22:19:20 | Reddit massive hack: hackers defaced channels with pro-Trump messages (lien direct) | Reddit suffered a massive hack, threat actors compromised tens of Reddit channels and defaced them showing messages in support of Donald Trump’s campaign. Reddit suffered a massive hack, threat actors defaced tens of channel to display messages in support of Donald Trump’s reelection campaign. At the time of writing, the massive hack is still ongoing […] | Hack Threat | ||
|
2020-08-07 17:37:00 | Hackers are defacing Reddit with pro-Trump messages (lien direct) | BREAKING: Massive hack hits Reddit. | Hack | ||
|
2020-08-07 08:08:00 | Intel investigates security breach after the leak of 20GB of internal documents (lien direct) | Intel is investigating reports of an alleged hack that resulted in the theft and leak of 20GB of data coming from the chip giant. Intel is investigating reports that an alleged hacker has leaked 20GB of exfiltrated from its systems. The stolen data includes source code and developer documents and tools, some documents are labeled […] | Hack | ||
 |
2020-08-07 07:00:00 | Intel s\'est fait voler une belle quantité de données sensibles, certaines concernent de futurs processeurs (lien direct) | Hack ou abus de confiance ? Le géant des processeurs doit faire face à une fuite conséquente d'informations techniques sur ses produits.  |
Hack | ||
|
2020-08-06 18:56:19 | Twitter Hack Virtual Bail Hearing Hacked By Porn (lien direct) | A bail hearing by Zoom for the 17-year-old who hacked some of the world's highest-profile Twitter accounts last month was interrupted by participants showing porn, according to Bloomberg.Graham Ivan Clark, who was arrested last week and hacking into many notable Twitter accounts, was represented by lawyers asking a Florida court to lower their client's bail. … The ISBuzz Post: This Post Twitter Hack Virtual Bail Hearing Hacked By Porn | Hack | ||
|
2020-08-06 17:31:00 | Capital One fined $80 million for 2019 hack (lien direct) | Office of the Comptroller of the Currency imposes mammoth fine for the bank's failure to secure its data in the cloud. | Hack | ||
 |
2020-08-06 17:05:49 | Live from Black Hat: Hacking Public Opinion with Renée DiResta (lien direct) |  Psychological operations, orツ?PsyOps, is a topic I???ve been interested in for a while. It???s aツ?blend of social engineering and marketing, both passions of mine. That's why I found the keynote byツ?Renテゥeツ?DiResta,ツ?Research Managerツ?at theツ?Stanford Internet Observatory, particularly interesting.ツ?
The Internet Makes Spreading Information Cheap & Easyツ?
Disinformation and propaganda areツ?oldツ?phenomenaツ?that can be traced back to the invention of the printing press ??? and arguably before then.ツ?With the advent of theツ?Internet, the cost of publishing dropped to zero. There are no hosting costs on certain platforms, butツ?especially in the beginning, theツ?blogosphere was veryツ?decentralized,ツ?and it was hard to get people to read your content.ツ?With theツ?rise of social media,ツ?you can share your content and it can become viral. At the same time, content creation becomes easier.ツ?All of thisツ?eliminates cost barriers andツ?gatekeepers.ツ?ツ?
State Actors ???Hack??? Our Opinionsツ?
As social media platforms matured, the algorithms that curate content become more and more sophisticated. They are trying to group people and deliver personalized targeting of content, which allows adversaries to analyze and game the algorithms.ツ?ツ?
State actors don???t just influence, they start hacking public opinion, which involves fake content producers and fake accounts. They can do this more effectively because they understand the ecosystem extremely well, typically applying one of four tactics, sometimes in combination:ツ?ツ?ツ?
Distract:ツ?Taki |
Hack | APT 28 | ★★★★★ |
|
2020-08-06 14:55:00 | Remotely Hacking Operations Technology Systems (lien direct) | Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely. | Hack | ★★★★★ | |
 |
2020-08-06 12:00:00 | The Feds Want These Teams to Hack a Satellite-From Home (lien direct) | Meet the hackers who, this weekend, will try to commandeer an actual orbiter as part of a Defcon contest hosted by the Air Force and the Defense Digital Service. | Hack | ★★★★ | |
|
2020-08-06 10:21:59 | Porn-wielding Zoom bombers disrupt Twitter hack court hearing (lien direct) | Uh-oh… someone didn’t lock their Zoom meeting down properly. That’s probably particularly important when the person charged is an alleged hacker. | Hack | ||
|
2020-08-06 00:22:25 | Smashing Security podcast #190: Twitter hack arrests, email bad behaviour, and Fawkes vs facial recognition (lien direct) | Special guest Geoff White can’t resist using the podcast to promote his new book, “Crime Dot Com”, but other than that we also discuss the creepy (and apparently legal) way websites can find out your email and postal address even if you don’t give it to them, take a look at how the alleged Twitter hackers were identified, and learn about Fawkes – the technology fighting back at facial recognition. | Hack | ||
 |
2020-08-05 20:18:39 | Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker (lien direct) | Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding. | Hack | ★★★★★ | |
|
2020-08-05 16:14:16 | Twitter hack teen\'s court date \'Zoombombed\' with porn (lien direct) | Reporters suggested the hearing was not password-protected, allowing disruption in. | Hack | ★★★★★ | |
|
2020-08-05 13:33:41 | Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze (lien direct) | Technology and elections are heavily interrelated ??? but it wasn???t always that way. We started to adopt technology once weツ?weren???t able toツ?fit everyone into a town hall. The first piece of technology was simply a piece of paper and a ballot box. We may not think of it asツ?technology,ツ?but the ballot box can be tampered with.ツ?ツ?
That technology gave us ballot secrecy, a trait that aツ?hand-raiseツ?in the town hall didn???t. This raised the barツ?to a level that is expected from other voting technologies since then, which can be tougher with voting machines and electronic evaluation of ballot boxes. Our Confidence in the outcome of an election depends on the integrity of the methodology we use to do this.
 ???ツ?ツ?
Matt Blaze, this year???sツ?Black Hat keynoteツ?speaker,ツ?is a researcher in the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University.ツ?ツ?
Blazeツ?has been working on election security for years. He???s neverツ?encounteredツ?a problem bigger andツ?moreツ?complexツ?than democraticツ?elections. The reason for this is that the requirements are contradictory: Weツ?don???t want to be able to figure out how someone voted, but we wantツ?transparencyツ?into whether or notツ?our vote was counted as cast and that the system is not corrupted. The paper ballot box seems to do thisツ?pretty well, and other technology solutions require you to be a lotツ?more clever.ツ?Another snag is that you cannot recover from a bad election very easily. You can???t redo it easily before the term is up.ツ?ツ?
U.S.ツ?voting isツ?highlyツ?decentralized |
Hack | ★★★★★ | |
 |
2020-08-05 09:00:00 | What the Twitter hack reveals about spear phishing – and how to prevent it (lien direct) | Twitter has now confirmed spear phishing was the cause of last month's attack. This blog looks at the limitations in our current defenses against this well-known attack technique, and how a layered AI approach identifies and stops it. | Hack | ||
|
2020-08-01 12:21:27 | Four individuals charged for the recent Twitter hack (lien direct) | Four suspects were charged for their alleged involvement in the recent Twitter hack, announced the Department of Justice. US authorities announced the arrest of 17-year-old Graham Ivan Clark from Tampa, Florida, it is suspected to have orchestrated the recent Twitter hack. The arrest is the result of an operation coordinated by the FBI, the IRS, and […] | Hack | ||
|
2020-08-01 11:00:00 | The Garmin Hack Was a Warning (lien direct) | As ransomware groups turn their attention to bigger game, expect more high-profile targets to fall. | Ransomware Hack | ||
|
2020-08-01 01:01:00 | How the FBI tracked down the Twitter hackers (lien direct) | A timeline of the Twitter hack composed from court documents published today. | Hack | ||
|
2020-07-31 21:43:11 | Three Charged in July 15 Twitter Compromise (lien direct) | Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world's most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. | Hack | ||
|
2020-07-31 19:21:00 | Florida teen arrested for orchestrating Twitter hack (lien direct) | Main suspect identified as Graham Ivan Clark, a 17-year-old teen from Tampa, Florida. | Hack | ★★★★ | |
 |
2020-07-31 18:24:29 | (Déjà vu) Three suspects charged for roles in Twitter hack, Bitcoin scam (lien direct) | Four suspects were charged today for their supposed involvement in this month's Twitter hack according to press releases from the Department of Justice and State Attorney Andrew H. Warren. [...] | Hack | ||
 |
2020-07-31 13:01:24 | 17-Year-Old \'Mastermind\', 2 Others Behind the Biggest Twitter Hack Arrested (lien direct) | Three young individuals - 17, 19, and 22-year-old - have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts as part of a massive bitcoin scam.
According to the U.S. Department of Justice, Mason Sheppard, aka "Chaewon," 19, from the United Kingdom, Nima Fazeli, aka "Rolex," 22, from Florida and an |
Hack | ||
|
2020-07-31 11:22:44 | Blackbaud hack affects Labour party data (lien direct) | Hackers gained access to confidential information about thousands of Labour party donors, ITV reported today. This security compromise is the result of a wider cyber-attack directed at cloud computing provider Blackbaud, which affected over 125 institutions in the UK, including many universities. The compromise affected the fundraising and donor management software Raiser’s Edge, which is […] | Hack | ||
|
2020-07-31 10:40:48 | Hackers stole Twitter employee credentials via phone phishing (lien direct) | Twitter today said that the attackers behind this month's hack were able to take control of high-profile accounts after stealing Twitter employees' credentials as part of a phone spear phishing attack on July 15, 2020. ddd29e6efee4c391a7acce4012ba507d [...] | Hack | ||
|
2020-07-31 08:46:25 | Twitter confirms spear-phishing attack on employees (lien direct) | Following the major security breach suffered by Twitter on 15 July, it has confirmed that the hack targeted a small number of employees through a phone “spear-phishing” attack. Attackers targeted specific employees who had access to account support tools, Twitter said. The company added it has since restricted access to its internal tools and systems. The ISBuzz Post: This Post Twitter confirms spear-phishing attack on employees | Hack | ||
 |
2020-07-30 15:20:47 | Is Your Smart Home Vulnerable to a Hack Attack? (lien direct) | 
Is Your Smart Home Vulnerable to a Hack Attack? Your smart home device creates a computer network which can function as your incredibly convenient garage door opener, appliance manager, lighting designer, In-House DJ, and even security system supervisor, among many other selected duties. Yet cybersecurity experts frequently caution that this ultra-convenient home network provided through […]
|
Hack | ||
|
2020-07-30 14:08:30 | Smashing Security podcast #189: DNA cock-up, Garmin hack, and virtual kidnappings (lien direct) | Why are students faking their own kidnappings? What’s the story behind Garmin’s ransomware attack? And a genetic genealogy website suffers a hack or two. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray REDACTED. | Ransomware Hack |
To see everything:
Our RSS (filtrered)
