Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.
Last month, BleepingComputer spoke to a threat actor who said that they were able to create a list of 5.4 million Twitter account profiles using a vulnerability on the social media site.
This vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. The threat actor then used this ID to scrape the public information for the account. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Twitter
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal.
|
Scooped by
Gust MEES
|
Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.
The risks are substantial as these apps are required for large populations worldwide, allowing hackers an extensive target base.
Digital passports Digital passport apps store proof of a person's COVID-19 vaccination status, full name, ID number, date of birth, and other personally identifiable information (PII) encoded in a QR code or displayed directly in the app. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.
The new malware deployment method was discovered by the Malwarebytes Threat Intelligence team while analyzing a January spearphishing campaign impersonating the American security and aerospace company Lockheed Martin.
After the victims open the malicious attachments and enable macro execution, an embedded macro drops a WindowsUpdateConf.lnk file in the startup folder and a DLL file (wuaueng.dll) in a hidden Windows/System32 folder. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas.
The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range.
"An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group said. "This may enable unauthorized access to devices in BLE-based proximity authentication systems. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth https://www.scoop.it/topic/securite-pc-et-internet/?&tag=BLURtooth
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.
It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire. It's just a little perplexing the biz went to all the effort of a big write-up and giving the flaws a catchy name, Nimbuspwn, when countless privilege-elevation holes are fixed in its Windows operating system each month, and we can't recall Microsoft lately making this much of a song and dance over them. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
Scooped by
Gust MEES
|
A new Remote Access Trojan (RAT) might have an amusing name to some, but its capabilities show the malware to be no laughing matter.
Dubbed Borat RAT, Cyble Research Labs said in a recent malware analysis that the new threat doesn't settle for standard remote access capabilities; instead, Borat RAT also includes spyware and ransomware functions.
According to the cybersecurity researchers, the Trojan, named after the character adopted by comedian Sacha Baron Cohen, is offered for sale to cybercriminals in underground forums.
Borat RAT has a centralized dashboard and is packaged up with a builder, feature modules, and a server certificate. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=RAT
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Scam artists have taken advantage of a contract migration initiative to swindle NFTs out of users in an opportunistic phishing attack.
Last week, NFT marketplace OpenSea announced the rollout of contract migrations and an upgrade to make sure inactive, old NFT listings on Ethereum expire safely and to allow OpenSea to "offer new safety features in the future."
The contract migration timeline was set from February 18 to February 25.
NFT holders are required to make the change, and OpenSea published a guide to assist them. After the deadline, any listings that were not migrated would expire, although they could be re-listed after this window without further fees.
However, an attacker saw an opportunity to cash in. Check Point Research has suggested that phishing emails were sent to users, linking them to fraudulent websites. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
If it's not one thing, it's another. After one real Linux problem -- the heap overflow bug in the Linux kernel's fs/fs_context.c program -- is found and fixed, then a new security problem is discovered. This time security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034.
Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.
How dangerous is it? Very. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
Scooped by
Gust MEES
|
The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.
'WP HTML Mail' is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send to their audience.
The plugin is compatible with WooCommerce, Ninja Forms, BuddyPress, and others. While the number of sites using it isn't large, many have a large audience, allowing the flaw to affect a significant number of Internet users.
|
Researchers from the University of California San Diego in a new paper have demonstrated how Bluetooth signals can be used to identify and track smartphones.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=BLURtooth