What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-27 12:14:25 | CISA avertit les agences Govt de Barracuda zéro-jour récemment corrigé CISA warns govt agencies of recently patched Barracuda zero-day (lien direct) |
La CISA a mis en garde contre une vulnérabilité zéro-jour récemment exploitée la semaine dernière pour pirater les appareils électroménagers de la Gateway (ESG) de Barracuda.[...]
CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway (ESG) appliances. [...] |
Hack Vulnerability | ★★ | |
 |
2023-05-26 10:31:56 | Pare-feu zyxel piraté par Mirai Botnet Zyxel Firewalls Hacked by Mirai Botnet (lien direct) |
> Un botnet Mirai a exploité une vulnérabilité récemment corrigée suivie sous le nom de CVE-2023-28771 pour pirater de nombreux pare-feu zyxel.
>A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. |
Hack Vulnerability | ★★ | |
 |
2023-05-25 19:31:34 | Faites de votre maison intelligente une maison sécurisée également: sécuriser vos appareils de maison intelligente IoT Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices (lien direct) |
> 
Ce n'est que une ampoule intelligente.Pourquoi voudrait-on pirater cela?Grande question.Parce que ça arrive au cœur ...
> 
It\'s only a smart lightbulb. Why would anyone want to hack that? Great question. Because it gets to the heart...
|
Hack | ★★ | |
|
2023-05-25 09:56:37 | Vulnérabilité zéro-jour exploitée pour pirater les appareils de passerelle de sécurité par e-mail Barracuda Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances (lien direct) |
> Barracuda Networks avertit les clients du CVE-2023-2868, un jour nul exploité pour pirater certains appareils électroménagers (ESG). .
>Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances. |
Hack Vulnerability | ★★ | |
 |
2023-05-24 10:00:00 | Lorsque la sécurité Internet est une exigence, envisagez de fibre dédiée When internet security is a requirement, look to dedicated fiber (lien direct) |
With increased dangers lurking in digital spaces, the need for cybersecurity is now a commonly known fact for just about all business owners. When it comes to protecting their network, most start with the basic firewall. While added layers are required, there is something even more fundamental that should not be overlooked: the physical connection itself. It is like making sure you have secure and quality doors and windows prior to putting alarms on them. So, what type of internet connection is the most secure? To answer this question, I consulted with Robert Lozanski, a member of AT&T\'s Solution Consultant team whose primary role is to design full networking solutions for businesses. In the following paragraphs, let’s go through the different types of connections and assess the quality - as well as the security level - of each one. Meet the contenders First off, it is important to understand the different types of internet connections. The most common ones are copper, fiber, and wireless networks. Copper: Copper cables are the original internet connections. They transmit data in the form of electrical signals. While this type of connection has been used for years, copper is difficult to maintain, has limited speed options, and degrades with time. As a result, many providers are making a shift away from it. Cellular: A cellular network provides access to the Internet by transmitting data over the air. The network connects to cellular towers rather than cables in the ground. While cellular internet has made huge technological advancements with the rollout of 5G, it still has its limitations. Cellular networks currently have lower speed tiers than many wired options – but this may change in the future. Fiber: Fiber optic internet uses a network of bundled strands of glass called fiber optic cables to deliver internet service through pulses of light. Fiber optics are the newest and most reliable type of internet connections. They also offer the highest speed options. Assessing the security of the connections A common way to assess a network is by measuring it against the CIA triad: Confidentiality, Integrity, and Availability. Among the different internet transport types, some are more secure than others because of the way they fulfill the three CIA requirements. In other words, a secure network will have high levels of confidentiality, integrity, and availability. As of 2023, 5G wireless connections have security layer options and speeds that make them strong contenders in the networking market. However, wired connections are still the primary choice for businesses prioritizing their internet connections due to wired connection’s reliability and bandwidth availability. According to Lozanski, "while a cellular network solution is utilitarian for its mobility and flexibility, wired connections still offer an added layer of security because they will provide faster speeds and performance. A cellular connection can perform like a broadband connection with fluctuations throughout the day, but it won’t offer the same speeds.” Between the two wired connections mentioned, copper and fiber, there is not much competition. With speeds up to 1Tbps, fiber moves at the speed of light and offers availability and reliability that copper wired connections cannot provide. However, the search for the most secure connection does not stop there. Even though fiber optic connections are made of glass and move at the speed of light, the way the connection is delivered may vary, and in turn offer different levels of security. The simplest way to break down this d | Hack Prediction | ★★ | |
 |
2023-05-23 13:45:45 | Rapport sur les cyberattaques 2022: les PME suisses particulièrement menacées Bericht zu Cyberattacken 2022: Schweizer KMU besonders bedroht (lien direct) |
Le rapport demi-année en 2022 du National Center for Cyber Security (NCSC) montre une menace élevée, en particulier pour le Centre national en mai.Le danger de devenir victime d'une infection des ransomwares est resté presque le même, en particulier le groupe russophone attiré par le bit actif et les avantages de vulnérabilités non rémunérées et de configurations incorrectes & # 8211;Le groupe a attiré l'attention des services secrètes occidentaux après le hack Royal Mail UK, qui est désavantageux pour le secteur des ransomwares.
-
rapports spéciaux
/ /
affiche
Der im Mai veröffentlichte Halbjahresbericht 2022 des Nationalen Zentrums für Cybersicherheit (NCSC) zeigt insgesamt eine hohe Bedrohungslage besonders für KMU auf. Die Gefahr Opfer einer Ransomware-Infektion zu werden, ist nahezu gleichgeblieben, besonders die russischsprachige Gruppe Lockbit war aktiv und profitiert von ungepatchten Schwachstellen und fehlerhaften Konfigurationen – spätestens nach dem Royal Mail UK Hack hat die Gruppe die Aufmerksamkeit der westlichen Geheimdienste auf sich gezogen, was sich zukünftig nachteilig auf das Ransomware-Business auswirken dürfte. - Sonderberichte / affiche |
Hack | ★★ | |
 |
2023-05-23 13:00:00 | Cyberheistnews Vol 13 # 21 [Double Trouble] 78% des victimes de ransomwares sont confrontées à plusieurs extensions en tendance effrayante CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend (lien direct) |
CyberheistNews Vol 13 #21 | May 23rd, 2023
[Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend
New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture.
You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them.
According to the report, in 2023:
7% of organizations were victims of a ransomware attack
7% of those paid a ransom
73% were able to recover data
Only 21.6% experienced solely the encryption of data and no other form of extortion
It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents.
IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent.
In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all.
Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats
[Free Tool] Who Will Fall Victim to QR Code Phishing Attacks?
Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters.
With the increased popularity of QR codes, users are more at |
Ransomware Hack Tool Vulnerability Threat Prediction | ChatGPT | ★★ |
 |
2023-05-23 03:22:09 | #TripwireBookClub – How to Hack Like a Legend (lien direct) | Celui-ci a pris un peu plus de temps à lire que la plupart des livres que nous passons en revue, mais c'est entièrement sur moi… tout le monde l'a terminé il y a quelque temps.Cette fois-ci, nous regardons comment pirater comme une légende: casser les fenêtres par le flux de spar.La page de presse No Starch indique que le livre est «rempli de trucs intéressants, de conseils ingénieux et de liens vers des ressources utiles pour vous donner un guide pratique et pratique pour pénétrer et contourner les systèmes de sécurité Microsoft».Le contenu du livre est assez intéressant, et il couvre un certain nombre de sujets, notamment AMSI, Microsoft Advanced Threat Analytics, Kerberoasting ...
This one took a bit longer to read than most of the books we review, but that\'s entirely on me… everyone else finished it a while ago. This time around, we\'re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.” The content of the book is quite interesting, and it covers a number of topics including AMSI, Microsoft Advanced Threat Analytics, Kerberoasting... |
Hack Threat | ★★ | |
|
2023-05-23 03:22:09 | #TripwireBookClub & # 8211;Comment pirater comme une légende #TripwireBookClub – How to Hack Like a Legend (lien direct) |
Celui-ci a pris un peu plus de temps à lire que la plupart des livres que nous passons en revue, mais c'est entièrement sur moi… tout le monde l'a terminé il y a quelque temps.Cette fois-ci, nous regardons comment pirater comme une légende: casser les fenêtres par le flux de spar.La page de presse No Starch indique que le livre est «rempli de trucs intéressants, de conseils ingénieux et de liens vers des ressources utiles pour vous donner un guide pratique et pratique pour pénétrer et contourner les systèmes de sécurité Microsoft».Le contenu du livre est assez intéressant, et il couvre un certain nombre de sujets, notamment AMSI, Microsoft Advanced Threat Analytics, Kerberoasting ...
This one took a bit longer to read than most of the books we review, but that\'s entirely on me… everyone else finished it a while ago. This time around, we\'re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.” The content of the book is quite interesting, and it covers a number of topics including AMSI, Microsoft Advanced Threat Analytics, Kerberoasting... |
Hack Threat | ★★ | |
|
2023-05-18 15:34:54 | Apple corrige trois nouveaux jours zéro exploités pour pirater les iPhones, les Mac Apple fixes three new zero-days exploited to hack iPhones, Macs (lien direct) |
Apple a abordé trois nouvelles vulnérabilités zéro-jours exploitées dans les attaques pour pirater les iPhones, les Mac et les iPads.[...]
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads. [...] |
Hack | ★★ | |
|
2023-05-16 13:00:00 | CyberheistNews Vol 13 # 20 [pied dans la porte] Les escroqueries de phishing du Q1 2023 \\ |Infographie CyberheistNews Vol 13 #20 [Foot in the Door] The Q1 2023\\'s Top-Clicked Phishing Scams | INFOGRAPHIC (lien direct) |
CyberheistNews Vol 13 #20 | May 16th, 2023
[Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC
KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.
IT and Online Services Emails Drive Dangerous Attack Trend
This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work.
Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical.
Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following:
Common "In-The-Wild" Emails for Q1 2023
Top Phishing Email Subjects Globally
Top 5 Attack Vector Types
Top 10 Holiday Phishing Email Subjects in Q1 2023
This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.
Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l |
Ransomware Spam Malware Hack Tool Threat | ★★ | |
|
2023-05-12 09:22:58 | Australian Enterprise Software Maker Technologyone reprend le trading après le piratage Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack (lien direct) |
Le fabricant de logiciels d'entreprise australienne a déclaré que son système interne Microsoft 365 avait été compromis dans une cyberattaque.
Australian enterprise software maker TechnologyOne said its internal Microsoft 365 system was compromised in a cyberattack. |
Hack | ★★ | |
 |
2023-05-11 17:59:43 | Ex-ingénieur de l'ubiquiti derrière le vol de données «à couper le souffle» obtient une peine de prison de 6 ans Ex-Ubiquiti engineer behind “breathtaking” data theft gets 6-year prison term (lien direct) |
L'ingénieur a tenté de prétendre que le piratage était un «exercice de sécurité non autorisé».
Engineer tried to claim that the hack was an “unsanctioned security drill.” |
Hack | ★★ | |
 |
2023-05-11 13:20:00 | La National Crime Agency de l'UK \\ remporte un défi juridique majeur sur ENCROCHAT HACK UK\\'s National Crime Agency wins major legal challenge over Encrochat hack (lien direct) |
Britain\'s National Crime Agency (NCA) won a major legal challenge on Thursday that had threatened to undermine thousands of arrests based on evidence gathered when French and Dutch police hacked the Encrochat messaging service. The Investigatory Powers Tribunal - the only court in the U.K. that can hear complaints about the intelligence services and the
Britain\'s National Crime Agency (NCA) won a major legal challenge on Thursday that had threatened to undermine thousands of arrests based on evidence gathered when French and Dutch police hacked the Encrochat messaging service. The Investigatory Powers Tribunal - the only court in the U.K. that can hear complaints about the intelligence services and the |
Hack | ★★ | |
|
2023-05-11 13:10:06 | Détails divulgués pour la chaîne d'exploitation qui permet le piratage des routeurs Netgear Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers (lien direct) |
> Claroty a divulgué les détails de 5 vulnérabilités qui peuvent être enchaînées dans un exploit permettant aux attaquants non authentifiés de pirater les routeurs Netgear.
>Claroty has disclosed the details of 5 vulnerabilities that can be chained in an exploit allowing unauthenticated attackers to hack Netgear routers. |
Hack | ★★ | |
 |
2023-05-10 16:20:00 | Mastermind derrière Twitter 2020 Hack plaide coupable et risque jusqu'à 70 ans de prison Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison (lien direct) |
A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform.
Joseph James O\'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter," the U.S. Department of
A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O\'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter," the U.S. Department of |
Hack | ★★ | |
|
2023-05-10 11:55:00 | Un homme britannique impliqué dans Twitter Hack a été extradé pour nous, plaide coupable à de nombreux cybercrimes British man involved in Twitter hack extradited to US, pleads guilty to numerous cybercrimes (lien direct) |
Un homme britannique a plaidé coupable à New York mardi à son rôle dans le piratage Twitter de juillet 2020, aux côtés de plusieurs autres cyber-infractions, notamment le vol de crypto-monnaie à travers des attaques d'échange de sim et de cyberterre un mineur.Joseph James O \\ 'Connor, 23 ans, a été extradé vers les États-Unis d'Espagne en avril.Il fait face à 77
A British man pleaded guilty in New York on Tuesday to his role in the Twitter hack of July 2020, alongside multiple other cyber offenses including stealing cryptocurrency through SIM swapping attacks and cyberstalking a minor. Joseph James O\'Connor, 23, was extradited to the United States from Spain in April. He faces up to 77 |
Hack | ★★ | |
|
2023-05-10 09:27:41 | Twitter Celebrity Hacker plaide coupable aux États-Unis Twitter Celebrity Hacker Pleads Guilty in US (lien direct) |
> Joseph James O \\ 'Connor a plaidé coupable pour son rôle dans des plans pour pirater les comptes Twitter de célébrités comme Barack Obama et Elon Musk.
>Joseph James O\'Connor pleaded guilty for his role in schemes to hack the Twitter accounts of celebrities like Barack Obama and Elon Musk. |
Hack | ★★ | |
 |
2023-05-10 09:18:04 | Hack pour ton collège ! (lien direct) | L'Académie de Versailles lance sa compétition de hacking éthique pour les élèves de 4ème et 3ème. Un CTF adapté pour les futurs professionnels de la cyber de demain !... | Hack | ★★ | |
 |
2023-05-09 23:51:49 | Britannique plaide coupable aux États-Unis à 2020 Twitter Hack Briton pleads guilty in US to 2020 Twitter hack (lien direct) |
C'était probablement le piratage le plus en vue de l'histoire des médias sociaux, frappant des dizaines de comptes célèbres.
It was probably the most high-profile hack in social media history, hitting dozens of famous accounts. |
Hack | ★★ | |
|
2023-05-08 18:12:00 | Les pirates ont volé une base de données avec les informations du client de Western Digital Hackers stole database with customer info from Western Digital (lien direct) |
Le géant du stockage de données Western Digital a déclaré que les pirates ont volé une base de données contenant les informations personnelles des clients [lors d'une cyberattaque] (https://therecord.media/western-digital-cyberattack-data-abri) survenu le 26 mars.L'entreprise - qui a eu des revenus en 2022 d'environ 19 milliards de dollars et est surtout connu pour la marque Sandisk de disques durs portables et de cartes mémoire amovibles - a annoncé le piratage
Data storage giant Western Digital said hackers stole a database containing the personal information of customers [during a cyberattack](https://therecord.media/western-digital-cyberattack-data-breach) that occurred on March 26. The company - which had 2022 revenues of about $19 billion and is best known for the SanDisk brand of portable hard drives and removable memory cards - announced the hack |
Hack | ★★ | |
|
2023-05-05 15:41:29 | L'ancien chef de la sécurité de l'uber a été condamné à la couverture du piratage Ex-Uber security chief sentenced over covering up hack (lien direct) |
Joseph Sullivan a été condamné pour couvrer une violation de sécurité de 57 millions de comptes d'utilisateurs en 2016.
Joseph Sullivan was convicted over covering up a security breach of 57 million user accounts in 2016. |
Hack | Uber | ★★ |
 |
2023-05-04 16:30:00 | Brightline Hack expose les données de plus de 780 000 patients en santé mentale d'enfants Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients (lien direct) |
Brightline a déclaré que la violation était due à une faille zéro-jour dans Fortra Goanywhere MFT
Brightline said the breach was due to a zero-day flaw in Fortra GoAnywhere MFT |
Hack | ★★ | |
|
2023-05-02 13:00:00 | Cyberheistnews Vol 13 # 18 [Eye on Ai] Chatgpt a-t-il la cybersécurité indique-t-elle? CyberheistNews Vol 13 #18 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? (lien direct) |
CyberheistNews Vol 13 #18 | May 2nd, 2023
[Eye on AI] Does ChatGPT Have Cybersecurity Tells?
Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card.
It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is.
"When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes."
That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive.
One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves.
Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 |
Ransomware Malware Hack Threat | ChatGPT ChatGPT | ★★ |
 |
2023-05-02 10:00:00 | Solarwinds: L'histoire inédite du piratage de chaîne d'approvisionnement le plus audacieux SolarWinds: The Untold Story of the Boldest Supply-Chain Hack (lien direct) |
Les assaillants étaient dans des milliers de réseaux d'entreprises et de gouvernement.Ils pourraient encore être là maintenant.Dans les coulisses de l'enquête Solarwinds.
The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation. |
Hack | ★★ | |
|
2023-05-01 23:40:36 | T-Mobile révèle la 2e violation de données de 2023, celle des épingles de compte qui fuient et plus T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more (lien direct) |
Le piratage affectant 836 abonnés, a duré plus d'un mois avant sa découverte.
Hack affecting 836 subscribers, lasted for more than a month before it was discovered. |
Data Breach Hack | ★★ | |
|
2023-05-01 12:09:00 | Les fonds de pension britanniques ont averti de vérifier les données des clients après la violation de Capita UK pension funds warned to check on clients\\' data after Capita breach (lien direct) |
Des centaines de fonds de pension au Royaume-Uni ont été invités à vérifier si leurs clients ont été volés à la suite du piratage de Capita en mars.Capita, la plus grande entreprise d'externalisation du pays, détient des contrats pour administrer les systèmes de paiement pour les fonds de pension utilisés par plus de 4 millions de personnes en Grande-Bretagne.Le
Hundreds of pension funds in the United Kingdom have been told to check whether their clients\' data had been stolen as a result of the Capita hack in March. Capita, the country\'s largest outsourcing company, holds contracts to administer the payment systems for pension funds used by more than 4 million individuals in Britain. The |
Hack | ★★★ | |
 |
2023-04-28 19:15:12 | Pirater le processus de mise à pied Hacking the Layoff Process (lien direct) |
Mon dernier livre, un hacker & # 8217; s esprit , est rempli d'histoires sur les systèmes de piratage riches et puissants, mais il était difficile de trouver des histoires de piratage par les moins puissants.Voici celui que je viens de trouver.Un Article Les grandes entreprises travaillent par inadvertance à un piratage d'employé pour éviter d'être licencié:
Le logiciel & # 8230; Le logiciel effectue une analyse statistique lors des terminaisons pour voir si certains groupes sont affectés négativement, ont déclaré que ces revues peuvent découvrir d'autres problèmes.Sur une liste de candidats à la mise à pied, une entreprise pourrait constater qu'il est sur le point de licencier par inadvertance un employé qui a précédemment ouvert une plainte contre un gestionnaire & # 8212; une décision qui pourrait être considérée comme des représailles, a-t-elle dit ...
My latest book, A Hacker’s Mind, is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Here’s one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being fired: …software performs a statistical analysis during terminations to see if certain groups are adversely affected, said such reviews can uncover other problems. On a list of layoff candidates, a company might find it is about to fire inadvertently an employee who previously opened a complaint against a manager—a move that could be seen as retaliation, she said... |
Hack | ★★★ | |
 |
2023-04-27 16:55:18 | S3 EP132: La preuve de concept permet à toute personne pirater à volonté S3 Ep132: Proof-of-concept lets anyone hack at will (lien direct) |
Quand Doug dit: "Happy Remote Code Execution Day, Duck" ... c'est l'ironie.Pour éviter tout doute :-)
When Doug says, "Happy Remote Code Execution Day, Duck"... it\'s irony. For the avoidance of all doubt :-) |
Hack | ★★★ | |
|
2023-04-25 13:00:00 | Cyberheistnews Vol 13 # 17 [Head Start] Méthodes efficaces Comment enseigner l'ingénierie sociale à une IA CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
 |
2023-04-24 17:45:05 | Compte de Kucoin Twitter piraté, pertes 22,6 000 $ en crypto arnaque KuCoin Twitter Account Hacked, Losses $22.6K In Crypto Scam (lien direct) |
Une fausse fraude à des cadeaux qui a entraîné un vol de plus de 22,6 000 $ de crypto-monnaie a été promue par les attaquants après que leur compte Twitter de Kucoin ait été compromis.La plate-forme Bitcoin Trading and Exchange s'est engagée à indemniser entièrement les victimes pour toutes les pertes résultant du piratage de son poignée Twitter officielle, qui a été [& # 8230;]
A fake giveaway fraud that resulted in the theft of more than $22.6K in cryptocurrency was promoted by attackers after their access to KuCoin’s Twitter account was compromised. The bitcoin trading and exchange platform has pledged to fully compensate victims for all losses resulting from the hack of its official Twitter handle, which has been […] |
Hack | ★★ | |
|
2023-04-24 17:12:21 | Intel Let Google Cloud pirater ses nouvelles puces sécurisées et a trouvé 10 bogues Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs (lien direct) |
Pour protéger son infrastructure de cloud informatique confidentielle et obtenir des informations critiques, Google s'appuie sur ses relations avec les fabricants de puces.
To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers. |
Hack Cloud | ★★★ | |
|
2023-04-24 11:42:12 | Un défaut critique dans le produit INEA ICS expose les organisations industrielles aux attaques à distance Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks (lien direct) |
> La vulnérabilité critique trouvée dans INEA RTU peut être exploitée pour pirater à distance les appareils et provoquer des perturbations dans les organisations industrielles.
>Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations. |
Hack Vulnerability Industrial | ★★★★ | |
|
2023-04-22 13:00:00 | Les criminels utilisent de minuscules appareils pour pirater et voler des voitures Criminals Are Using Tiny Devices to Hack and Steal Cars (lien direct) |
Apple contrer les logiciels espions de l'Apple, la montée en puissance d'un marché noir GPT-4, la Russie cible les connexions Internet StarLink, et plus encore.
Apple thwarts NSO\'s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more. |
Hack | ★★ | |
|
2023-04-22 12:16:00 | Lazarus X_Trader Hack a un impact sur les infrastructures critiques au-delà Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach (lien direct) |
Lazare, le prolifique groupe de piratage nord-coréen derrière l'attaque de la chaîne d'approvisionnement en cascade ciblant 3CX, a également violé deux organisations d'infrastructures critiques dans le secteur de l'énergie et de l'énergie et deux autres entreprises impliquées dans le négociation financière en utilisant l'application X_Trader Trojanisée.
Les nouvelles conclusions, qui viennent gracieuseté de l'équipe Hunter Hunter de Symantec \\, confirment les soupçons antérieurs que le
Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec\'s Threat Hunter Team, confirm earlier suspicions that the |
Hack Threat | APT 38 | ★★ |
|
2023-04-20 13:38:56 | Attaque de la chaîne d'approvisionnement en cascade: 3cx piraté après l'application Trojanisée téléchargée par l'employé Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App (lien direct) |
> 3CX Hack est la première attaque de chaîne d'approvisionnement en cascade connue, la violation commençant après qu'un employé a téléchargé un logiciel compromis d'une autre entreprise.
>3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm. |
Hack | ★★★★ | |
|
2023-04-20 08:00:00 | Hack 3cx causé par l'attaque de la chaîne d'approvisionnement des logiciels de trading 3CX hack caused by trading software supply chain attack (lien direct) |
Une enquête sur l'attaque de la chaîne d'approvisionnement du mois dernier du mois dernier a découvert qu'elle avait été causée par un autre compromis de la chaîne d'approvisionnement où des attaquants nord-coréens présumés ont violé le site de Stock Trading Automation Company Trading Technologies pour pousser les builds de logiciels trojanisés.[...]
An investigation into last month\'s 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds. [...] |
Hack | ★★★ | |
 |
2023-04-19 21:40:00 | Russian Fancy Bear APT a exploité les routeurs de Cisco non corrigés pour nous pirater, UE Gov \\ 't agences Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov\\'t Agencies (lien direct) |
Le groupe de menaces de scène nationale a déployé des logiciels malveillants personnalisés sur les versions archaïques du système d'exploitation du routeur de Cisco \\.Les experts préviennent que de telles attaques ciblant les infrastructures du réseau sont en augmentation.
The nation-stage threat group deployed custom malware on archaic versions of Cisco\'s router operating system. Experts warn that such attacks targeting network infrastructure are on the rise. |
Malware Hack Threat | APT 28 | ★★ |
|
2023-04-19 13:39:53 | Le service des casiers judiciaires a toujours perturbé 4 semaines après le piratage Criminal Records Service still disrupted 4 weeks after hack (lien direct) |
Les personnes souhaitant travailler avec des enfants ou obtenir des visas d'émigration sont toujours confrontés à de longs retards.
People wishing to work with children or gain emigration visas are still facing long delays. |
Hack | ★★ | |
|
2023-04-19 09:03:31 | États-Unis, Royaume-Uni: la Russie exploitant la vieille vulnérabilité pour pirater les routeurs Cisco US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers (lien direct) |
> Les agences gouvernementales américaines et britanniques ont émis un avertissement conjoint pour le groupe russe APT28 ciblant les routeurs Cisco en exploitant une ancienne vulnérabilité.
>US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. |
Hack Vulnerability | APT 28 | ★★ |
|
2023-04-18 13:00:00 | Cyberheistnews Vol 13 # 16 [doigt sur le pouls]: comment les phishers tirent parti de l'IA récent Buzz CyberheistNews Vol 13 #16 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz (lien direct) |
CyberheistNews Vol 13 #16 | April 18th, 2023
[Finger on the Pulse]: How Phishers Leverage Recent AI Buzz
Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.
Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device."
Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals."
Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet.
Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations.
Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav |
Spam Malware Hack Threat | APT 28 ChatGPT ChatGPT | ★★★ |
|
2023-04-17 21:32:43 | NCR Datacenter affecté par une attaque de ransomware massive NCR Datacenter Affected By Massive Ransomware Attack (lien direct) |
Ransomware a frappé la société américaine de paiement NCR Datacenter, en se concentrant sur l'une de ses installations de données à Aloha, Hawaï.Quelques jours après avoir commencé à examiner A & # 8220; Problème & # 8221;Avec son produit Aloha Restaurant Point of Sale (POS), la société a divulgué le piratage samedi.L'avertissement déclare, & # 8220; Le 13 avril, nous avons confirmé que le temps d'arrêt était causé par [& # 8230;]
Ransomware struck American payments company NCR datacenter, focusing on one of its data facilities in Aloha, Hawaii. A few days after beginning to look into a “problem” with its Aloha restaurant point-of-sale (PoS) product, the company disclosed the hack on Saturday. The warning states, “On April 13, we confirmed that the downtime was caused by […] |
Ransomware Hack | ★★ | |
|
2023-04-17 20:01:00 | Les Pentesters doivent pirater l'IA, mais aussi remettre en question son existence Pentesters Need to Hack AI, but Also Question its Existence (lien direct) |
Il est important d'apprendre à briser les derniers modèles d'IA, mais les chercheurs en sécurité devraient également se demander s'il y a suffisamment de garde-corps pour empêcher l'utilisation abusive de la technologie.
Learning how to break the latest AI models is important, but security researchers should also question whether there are enough guardrails to prevent the technology\'s misuse. |
Hack | ★★ | |
|
2023-04-14 12:17:00 | Tasmanie: 150 000 personnes et entreprises touchées par le groupe de ransomwares CLOP Tasmania: 150,000 individuals and businesses affected by Clop ransomware group (lien direct) |
Le gouvernement de l'État australien de Tasmanie a confirmé vendredi «environ 150 000 personnes et entreprises» dans l'État insulaire ont été directement affectées par le piratage du produit de transfert de fichiers Goanywhere de Fortra \\.Dans [une mise à jour] (https://www.premier.tas.gov.au/site_resources_2015/additional_releases/update-on-cyber-investigation3) du ministre de la Science et de la technologie de l'État, Madeleine Ogilvie, The Tasmanian \'s Science, Madeleine Ogilvie, TasmanianLe gouvernement a déclaré qu'il continuait à enquêter sur le
The government of the Australian state of Tasmania confirmed on Friday “approximately 150,000 individuals and businesses” in the island state were directly affected by the hack of Fortra\'s GoAnywhere file transfer product. In [an update](https://www.premier.tas.gov.au/site_resources_2015/additional_releases/update-on-cyber-investigation3) from the state\'s minister for science and technology, Madeleine Ogilvie, the Tasmanian government said it is continuing to investigate the |
Ransomware Hack | ★★ | |
|
2023-04-13 10:04:00 | Les systèmes d'irrigation en Israël perturbés par des attaques de pirates contre les circuits intégrés Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS (lien direct) |
> Les systèmes d'irrigation ont été perturbés récemment en Israël dans une attaque qui montre à nouveau à quel point il est facile de pirater les systèmes de contrôle industriel (ICS).
>Irrigation systems were disrupted recently in Israel in an attack that once again shows how easy it is to hack industrial control systems (ICS). |
Hack Industrial | ★★★ | |
|
2023-04-11 13:16:54 | Cyberheistnews Vol 13 # 15 [Le nouveau visage de la fraude] FTC fait la lumière sur les escroqueries d'urgence familiale améliorées AI-AI CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams (lien direct) |
CyberheistNews Vol 13 #15 | April 11th, 2023
[The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams
The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress."
They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how."
"Don\'t Trust The Voice"
The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one.
"So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends."
Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams
A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation
Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making |
Ransomware Data Breach Spam Malware Hack Tool Threat | ChatGPT ChatGPT | ★★ |
|
2023-04-11 12:00:00 | [Outil gratuit] Voir quels utilisateurs sont susceptibles de se faire un comportement de sécurité risqué avec l'aperçu gratuit de SecurityCoach! [Free Tool] See Which Users Are Susceptible to Risky Security Behavior with SecurityCoach Free Preview! (lien direct) |
Data Breach Hack | ★★ | ||
 |
2023-04-10 18:34:05 | Quelqu'un a-t-il vraiment piraté la plante d'Oldsmar, en Floride, de traitement de l'eau?De nouveaux détails suggèrent peut-être pas. Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. (lien direct) |
> Les déclarations du FBI et de l'ancien directeur de la ville d'Oldsmar indiquent ce qui s'est passé à l'usine peut ne pas avoir été l'œuvre d'un pirate extérieur.
>Statements from the FBI and former Oldsmar city manager indicate what happened at the plant may not have been the work of an outside hacker. |
Hack | ★★★ | |
|
2023-04-10 12:24:43 | CISA ordonne aux agences Govt de mettre à jour les iPhones, Mac avant le 1er mai CISA orders govt agencies to update iPhones, Macs by May 1st (lien direct) |
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a ordonné aux agences fédérales de corriger deux vulnérabilités de sécurité activement exploitées dans la nature pour pirater les iPhones, les Mac et les iPads.[...]
The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads. [...] |
Hack | ★★ | |
 |
2023-04-10 08:28:05 | Piratage de télécopieur a correctement des choses, encore et encore et encore et encore Pager hack faxed things up properly, again, and again, and again (lien direct) |
Où pouvez-vous lire une histoire qui commence par un piratage Wang et se termine par un mariage? Qui, moi? Ah, cher lecteur, à quel pointEncore une fois au Water-Cooliner Analog Le registre aime appeler qui, moi?où nous admettons nos erreurs passées sans crainte de jugement.Ok, peut-être un petit jugement … | Hack | ★★ |
To see everything:
Our RSS (filtrered)
