Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Kaspersky security researchers have unearthed a new backdoor likely designed by the Nobelium advanced persistent threat (APT) behind last year’s SolarWinds supply chain attack. The new malware, dubbed Tomiris, was first identified in June 2021 from samples dating back to February, a month before the “sophisticated second stage backdoor” Sunshuttle was spotted by FireEye […]
Continue ReadingInternet scammers are using Twitter bots to trick users into making PayPal and Venmo payments to accounts under their possession. Venmo and PayPal are the popular online payment services for users to pay for things such as charity donations or for goods such as the resale of event tickets. This latest campaign, however, is […]
Continue ReadingCybersecurity researcher at Comparitech has identified a misconfigured MongoDB database containing a treasure trove of data left uncovered to the public without any password or security authentication. The exposed data belongs to FarFaria, a San Francisco, CA-based company that offers fairytales for kid’s service through Android and iOS apps. According to Bob Diachenko, the […]
Continue ReadingCovid-19 pandemic has turned the world upside down in the last year and a half, leaving us with no option but to rely more on digital solutions – from using food delivery to online banking. Needless to say, the more one relies on the digital world, the more vulnerable one becomes to online scams. […]
Continue Reading
IBM Security researchers have discovered a new form of overlay malware targeting online banking users. Dubbed ZE Loader, is a malicious Windows application that attempts to obtain financial data from victims by establishing a back door connection. However, unlike the typical banking Trojans, the ZE loader employs multiple stealth tactics to remain hidden, and […]
Continue Reading
SonicWall has released a security advisory to warn users regarding a critical flaw impacting some of its Secure Mobile Access (SMA) 100 appliances. The vulnerability spotted as CVE-2021-20034 could potentially allow a remote unauthenticated hacker to delete arbitrary files from the targeted appliance and secure administrator access to the device. “The vulnerability is due […]
Continue Reading
Google researchers have identified malware developers generating malformed code signatures that appear to be valid in Windows to bypass security software. This technique is actively used to spread OpenSUpdater, a family of unwanted software known as riskware, which plants advertisements into targets’ browsers and installs other redundant programs on their machines. Researchers believe the […]
Continue Reading
A new study from security firm Tessian highlights the sophisticated techniques employed by threat actors to evade detection and trick employees. Between July 2020-July 2021, two million malicious emails bypassed traditional email defenses, like secure email gateways, placing many employers at risk of data breach and cyber fraud. According to the study, retail industry […]
Continue Reading
Chinese cybersecurity researcher has discovered a new strain of malware that spreads via “poisoned” search-engine results. The malware dubbed ‘OSX.ZuRu’ poses as the legitimate macOS tool called iTerm2. Currently, the attackers are only targeting the Chinese Baidu search engine but it would not be a surprise if they attempt to expand their operation in […]
Continue Reading
US-based web host and domain registrar Epik has confirmed an “unauthorized intrusion” in its systems, a week after members of hacktivist group ‘Anonymous’ claimed that the group had obtained and leaked gigabits of data from the hosting company, including 15 million email addresses. The firm initially denied reports of the breach by saying, “’we […]
Continue Reading