Federal agencies get new cybersecurity response playbooks (11/16/2021 from The Record)
Exchange Exploit Leads to Domain Wide Ransomware (11/15/2021 from The DFIR Report)
Official FBI email server hacked, used to send fake threat (11/13/2021 from The Record)
macOS zero-day deployed via Hong Kong pro-democracy news sites (11/11/2021 from The Record)
Bill proposes large financial institutions to report ransomware attacks, cap payments (11/11/2021 from SC Media)
BazarBackdoor now abuses Windows 10 app feature in ‘call me back’ attack (11/11/2021 from ZDNet)
Microsoft: Chinese hackers are targeting Zoho ManageEngine software (11/9/2021 from ZDNet)
Ce nouveau fil de sécurité est une ressource pour les MSP et les professionnels de l’informatique qui leur permet de se tenir au courant des dernières nouvelles en matière de cybersécurité et des alertes de vulnérabilité liées aux systèmes d’exploitation, aux navigateurs, aux VPN et aux RDP. Protégez votre entreprise et vos clients en suivant l’actualité relative à la sécurité.
News: November 2021 (11/9-11/16)
News: October 2021 (10/4-10/28)
HTTPS threats grow more than 314% through 2021: Report (10/28/2021 from ZDNet)
Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware (10/26/2021 from Threatpost)
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks (10/25/2021 from Microsoft )
AWS patches bug that left its WAF customers exposed to SQL injection (10/21/2021 from SC Media)
Top 10 Most Exploited Vulnerabilities (10/17/2021 from Syxsense)
Misconfiguration Attacks: 5 Real-Life Attacks and Lessons Learned (10/4/2021 from Neuralegion)
News: September 2021 (9/2-9/20)
Epik data breach impacts 15 million users, including non-customers (9/20/2021 from Arstechnica)
DirtyMoe: Code Signing Certificate (9/17/2021 from Decoded: Avast Threat Labs)
OWASP Top 10 ranking has a new leader after ten years (9/14/2021 from The Record)
Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices (9/9/2021 from The Hacker News)
US farm loses $9 million in the aftermath of a ransomware attack (9/2/2021 from The Record)
White House double downs on warning about cyberattacks over the holidays (9/2/2021 from The Record)
News: August 2021 (8/13-8/24)
38 Million Records Exposed from Microsoft Power Apps of Dozens of Organisations (8/24/21 from The Hacker News)
New LockFile ransomware gang weaponizes ProxyShell and PetitPotam attacks (8/22/21 from The Record)
Cloudflare reports record-breaking HTTP-request DDoS attack (8/20/21 from SC Media)
100m T-Mobile Customer Records Purportedly Up for Sale (8/16/21 from Threatpost)
New AdLoad Variant Bypasses Apple’s Security Defenses to Target macOS Systems (8/16/21 from The Hacker News)
Phishing campaign leverages legit DocuSign email notifications (8/13/21 from SC Media)
WordPress Sites Abused in Aggah Spear-Phishing Campaign (8/13/21 from Threatpost)
Using AI to Scale Spear Phishing (8/13/21 from Schneier on Security)
News: August 2021 (8/1-8/11)
Hackers take $600m in ‘biggest’ cryptocurrency theft (8/11/21 from ZDNet)
Laptop maker Gigabyte hit by ransomware attack (8/8/21 from TechRadar)
Routers and modems running Arcadyan firmware are under attack (8/8/21 from The Record)
The cybersecurity industry is in a state of dismay: New alliance to promote uniform XDR framework (8/3/21 from SC Media)
This new phishing attack is ‘sneakier than usual’, Microsoft warns (8/2/21 from ZDNet)
Decryptor released for Prometheus ransomware victims (8/1/21 from The Record)
News: July 2021 (7/22-7/31)
Hackers leak full EA data after failed extortion attempt (7/31/21 from The Record)
DOJ says SolarWinds hack impacted 27 US attorneys’ offices (7/30/21 from The Record)
Amazon fined $887 million over EU privacy violations (7/30/21 from The Record)
Ransomware: These are the two most common ways hackers get inside your network (7/29/21 from ZDNet)
BlackMatter ransomware targets companies with revenue of $100 million and more (7/27/21 from The Record)
Even after Emotet takedown, Office docs deliver 43% of all malware downloads now (7/23/21 from ZDNet)
Wiper malware targeting Japanese PCs discovered ahead of Tokyo Olympics opening (7/22/21 from The Record)
News: July 2021 (7/1-7/21)
SeriousSAM bug impacts all Windows 10 versions released in the past 2.5 years (7/21/21 from The Record)
Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug (7/20/21 from The Record)
Windows Hello bypassed using infrared image (7/18/21 from The Record)
Fake Zoom App Dropped by New APT ‘LuminousMoth’ (7/15/21 from Threatpost)
Cisco BPA, WSA bugs allow remote cyberattacks (7/9/21 from Threatpost)
Diving Deeper Into the Kaseya VSA Attack: REvil Returns and Other Hackers Are Riding Their Coattails (7/7/21 from Trustwave)
Malware Masquerades as Privacy Tool (7/1/21 from Proofpoint)
News: June 2021 (6/28-6/30)
Secure your cloud environment for long-term success (6/30/21 from SC Media)
Costs from ransomware attack against Ireland health system reach $600M (6/29/21 from SC Media)
Cisco routers come under attack, including a destructive hacktivist campaign (6/29/21 from The Record)
Using VMs to hide ransomware attacks is becoming more popular (6/28/21 from The Record)
Microsoft says SolarWinds hacking group has breached three new victims (6/28/21 from The Record)
News: June 2021 (6/21-6/24)
Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models Via Dell Remote Os Recovery And Firmware Update Capabilities (6/24/21 from Eclypsium)
Zyxel says a threat actor is targeting its enterprise firewall and VPN devices (6/24/21 from The Record)
Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access (6/23/21 from Threatpost)
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE (6/23/21 from Threatpost)
SonicWall ‘Botches’ October Patch for VPN Bug (6/23/21 from Threatpost)
North Korean hackers breach South Korea’s atomic research agency through VPN bug (6/21/21 from The Record)
News: June 2021 (6/13-6/17)
Threat Actors Use Google Docs to Host Phishing Attacks (6/17/21 from Threatpost)
Peloton Bike+ Bug Gives Hackers Complete Control (6/16/21 from Threatpost)
Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets (6/16/21 from The Hacker News)
Millions of Connected Cameras Open to Eavesdropping (6/15/21 from Threatpost)
Chinese Hackers Believed to be Behind Second Cyberattack on Air India (6/13/21 from The Hacker News)