FreshRSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierBleepingComputer

Hackers start pushing malware in worldwide Log4Shell attacks

13 décembre 2021 à 00:07
Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we compiled the known payloads, scans, and attacks using the Log4j vulnerability. [...]

Malicious PyPI packages with over 10,000 downloads taken down

13 décembre 2021 à 12:54
Par : Ax Sharma
The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious packages are estimated to have generated over 10,000 downloads and mirrors put together, according to the researchers' report. [...]

Police arrests ransomware affiliate behind high-profile attacks

13 décembre 2021 à 13:51
Romanian law enforcement authorities arrested a ransomware affiliate suspected of hacking and stealing sensitive info from the networks of multiple high-profile companies worldwide, including a large Romanian IT company with clients from the retail, energy, and utilities sectors. [...]

Ukraine arrests 51 for selling data of 300 million people in US, EU

13 décembre 2021 à 15:09
Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe. [...]

Bugs in billions of WiFi, Bluetooth chips allow password, data theft

13 décembre 2021 à 17:04
Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component. [...]

Attackers can get root by crashing Ubuntu’s AccountsService

13 décembre 2021 à 18:05
A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component. [...]

Kronos ransomware attack may cause weeks of HR solutions downtime

13 décembre 2021 à 18:57
Workforce management solutions provider Kronos has suffered a ransomware attack that will likely disrupt many of their cloud-based solutions for weeks. [...]

Dell driver fix still allows Windows Kernel-level attacks

13 décembre 2021 à 21:21
Dell's driver fix of the CVE-2021-21551 vulnerability leaves margin for catastrophic BYOVD attacks resulting in Windows kernel driver code execution. [...]

Phishing campaign uses PowerPoint macros to drop Agent Tesla

13 décembre 2021 à 21:49
A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. [...]

TinyNuke info-stealing malware is again attacking French users

13 décembre 2021 à 22:22
The info-stealing malware TinyNuke has re-emerged in a new campaign targeting French users with invoice-themed lures in emails sent to corporate addresses and individuals working in manufacturing, technology, construction, and business services. [...]

Google pushes emergency Chrome update to fix zero-day used in attacks

13 décembre 2021 à 23:31
Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild. [...]

Log4j: List of vulnerable products and vendor advisories

14 décembre 2021 à 08:46
News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday. [...]

CISA orders federal agencies to patch Log4Shell by December 24th

14 décembre 2021 à 15:46
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch systems against the critical Log4Shell remote code execution vulnerability and released mitigation guidance in response to active exploitation. [...]

Cyberattack on BHG opioid treatment network disrupts patient care

14 décembre 2021 à 16:35
Opioid treatment network Behavioral Health Group suffered a cyberattack that led to an almost week-long disruption of IT systems and patient care. [...]

Anubis Android malware returns to target 394 financial apps

14 décembre 2021 à 17:25
The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign. [...]

EU Parliament adopts Digital Services Act, but concerns persist

14 décembre 2021 à 17:51
The European Parliament's Internal Market and Consumer Protection Committee has adopted the Digital Services Act (DSA) proposal by 36 votes to 7 and 2 abstentions. [...]

Hackers steal Microsoft Exchange credentials using IIS module

14 décembre 2021 à 18:16
Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. [...]

Microsoft rolls out end-to-end encryption for Teams calls

14 décembre 2021 à 19:01
Microsoft announced today the general availability of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls. [...]

Windows 10 KB5008212 & KB5008206 updates released

14 décembre 2021 à 19:37
Like the November release, this month's security updates include security fixes for November 2021 Update, May 2021 Update, October 2020 Update (version 20H2), and May 2020 Update (version 2004). It's also the last security update for version 2004, which has been retired today. [...]
❌