Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-17 14:47:03 |
Slack Flaw Allows Hackers to Steal, Manipulate Downloads (lien direct) |
A recently patched vulnerability in the Slack desktop application for Windows can be exploited by malicious actors to steal and manipulate a targeted user's downloaded files.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-17 13:29:01 |
Tenable Updates Free Vulnerability Assessment Solution (lien direct) |
Tenable this week announced Nessus Essentials, an expanded version of its free vulnerability assessment solution previously known as Nessus Home.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-17 12:34:03 |
Wormable Windows RDS Vulnerability Poses Serious Risk to ICS (lien direct) |
A critical remote code execution vulnerability patched recently by Microsoft in Windows Remote Desktop Services (RDS) poses a serious risk to industrial environments, experts have warned.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-17 05:47:03 |
Stack Overflow Discloses Security Breach (lien direct) |
Stack Overflow, the popular Q&A platform for programmers, revealed on Thursday that someone gained access to its production systems over the weekend.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 17:21:02 |
How to Securely Blend Your IoT Data with Business Data (lien direct) |
Opportunities Created by the Integration of IoT Data With the Rest of Your Business Environment Are Vast
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 16:41:05 |
Authorities Takedown GozNym Cybercrime Group That Stole an Estimated $100 Million (lien direct) |
Authorities in the United States and Europe on Thursday announced the takedown of an organized cybercrime network that used the GozNym malware to steal an estimated $100 million from victims.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 16:13:02 |
(Déjà vu) Cisco Patches Critical Vulnerabilities in Prime Infrastructure (PI) Software (lien direct) |
Cisco has released patches for numerous vulnerabilities affecting its products, including Critical flaws in the Cisco Prime Infrastructure (PI) Software that could allow remote code execution.
A total of three vulnerabilities were identified in the PI software, namely CVE-2019-1821, CVE-2019-1822, and CVE-2019-1823, featuring a CVSS score of 9.8.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 15:46:01 |
Group Seeks Investigation of Deep Packet Inspection Use by ISPs (lien direct) |
European Digital Rights Organization Seeks Investigation Into Internet Service Providers' Use of Deep Packet Inspection (DPI)
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 14:40:05 |
Facebook Partially Restores Privacy Feature Abused in Massive Breach (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 14:15:04 |
Dutch Probe China\'s Huawei for Possible Spying: Report (lien direct) |
Dutch intelligence services are investigating Huawei for possibly spying for the Chinese government by leaving a "back door" to data of customers of major telecoms firms, a report said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 14:06:04 |
Business Email Compromise Still Reigns (lien direct) |
Last month, the Federal Bureau of Investigation released its 2018 Internet Crime Complaints Center (IC3). The annual report provides readers a glimpse into the types of cybercrimes being reported to the FBI and the trending threats the Bureau has responded to in the last year.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 12:44:04 |
Google Starts Tracking Zero-Days Exploited in the Wild (lien direct) |
Google Project Zero has started tracking zero-day vulnerabilities exploited in attacks before the impacted vendor released patches.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 11:37:00 |
Red Cross Website Hacked in Latest Singapore Cyber Attack (lien direct) |
The Singapore Red Cross said Thursday its website had been hacked and the personal data of more than 4,000 potential blood donors compromised in the latest cyber attack on the city-state.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 11:11:05 |
Microsoft Releases Attack Surface Analyzer 2.0 (lien direct) |
Microsoft has rewritten its Attack Surface Analyzer tool to take advantage of modern, cross-platform technologies, the company announced this week.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 05:59:05 |
Google\'s Titan Security Keys Vulnerable to Bluetooth Attacks (lien direct) |
Google announced on Wednesday that it's offering a free replacement for its Titan Security Key dongles following the discovery of a potentially serious vulnerability.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-16 00:45:05 |
Trump Bars U.S. Companies From Foreign Telecoms Posing Security Risk (lien direct) |
President Donald Trump declared a national emergency Wednesday barring US companies from using foreign telecoms equipment deemed a security risk -- a move that appeared aimed at Chinese giant Huawei.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 17:21:00 |
Hackers Exploit ASUS Update Process to Install Backdoor (lien direct) |
The BlackTech cyber-espionage group has been performing man-in-the-middle (MitM) attacks on the update process of the ASUS WebStorage application to deliver the Plead backdoor to their targeted victims, ESET reports.
|
Guideline
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 16:41:04 |
UK Supreme Court Overturns Ultimate Authority of Investigatory Powers Tribunal (lien direct) |
The UK Supreme Court has delivered a ruling that ensures that intelligence agency surveillance action can be challenged in the courts, and is subject to the rule of law.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 16:34:05 |
The Shortcomings of Network Monitoring in Fighting ICS Threats (lien direct) |
Passive and Active Threat Detection is Needed to Secure Operational Technology (OT) Environments
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 16:26:01 |
(Déjà vu) Security Automation Firm Respond Raises $20 Million (lien direct) |
Respond Software, a California-based company that specializes in helping security teams become more efficient through automation technology, on Tuesday announced that it raised $20 million in a Series B funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 15:33:04 |
Picreel and Alpaca Forms Compromised by Magecart Attacks (lien direct) |
On Sunday, May 12, 2019, security researcher Willem de Groot tweeted, "Supply chain attack of the week: @Picreel_ marketing software got hacked last night, their 1200+ customer sites are now leaking data to an exfil server in Panama." He later added, "And also hacked: http://CloudCMS(.)com with some 3400 sites."
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 15:19:05 |
SAP Patches Multiple Missing Authorization Checks (lien direct) |
SAP this week released of 8 Security Notes as part of its SAP Security Patch Day for May 2019, which also included 5 updates to previously released Notes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 15:05:05 |
Israel Spyware Firm NSO Operates in Shadowy Cyber World (lien direct) |
An Israeli spyware company named in a Financial Times report on a WhatsApp security flaw prides itself on "rigorous, ethical standards" despite previous links to alleged espionage.
- Pocket spy -
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 14:29:05 |
Intel MDS Vulnerabilities: What You Need to Know (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 06:40:05 |
Huawei Chairman Says Ready to Sign \'No-Spy\' Deal With UK (lien direct) |
Chinese telecom giant Huawei is willing to sign a "no-spy" agreement with countries including Britain, the firm's chairman said on Tuesday, as the head of NATO said Britain must preserve secure mobile networks.
Liang Hua visited Britain as the government weighs the risks of allowing the Chinese company to help develop its 5G infrastructure.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 06:06:05 |
Microsoft Patches RDS Vulnerability Allowing WannaCry-Like Attacks (lien direct) |
Microsoft's Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a zero-day and a flaw that can be exploited by malware to spread similar to the way the notorious WannaCry did back in 2017.
|
Malware
Vulnerability
|
Wannacry
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-15 01:38:02 |
San Francisco Bans Facial Recognition Use by Police (lien direct) |
A ban on facial recognition for law enforcement in San Francisco highlights growing public concerns about technology which is seeing stunning growth for an array of applications while provoking worries over privacy.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 20:31:05 |
(Déjà vu) ZombieLoad: New Class of Vulnerabilities Leak Data From Intel Chips (lien direct) |
Type:
Story
Image:
Link:
ZombieLoad Vulnerabilities Leak Data From Intel Chips
ZombieLoad: New Class of Vulnerabilities Leak Data From Intel Chips
![](http://feeds.feedburner.com/~r/Securityweek/~4/PCgS13uqCNc) |
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 20:27:03 |
New Class of Vulnerabilities Leak Data From Intel Chips (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 17:54:05 |
Boost Mobile Detected Unauthorized Activity on Customer Accounts (lien direct) |
California-based Boost Mobile, founded in 2000 as a joint venture with Nextel Communications and now a Sprint subsidiary, has warned an unspecified number of customers about unauthorized online account activity on March 14, 2019.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 16:14:05 |
Twitter Collected and Shared iOS Location Data (lien direct) |
Twitter on Monday revealed that a bug in Twitter for iOS led to the micro-blogging platform inadvertently collecting location data and sharing it with a third-party.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 15:47:02 |
(Déjà vu) Adobe Patches Over 80 Vulnerabilities in Acrobat Products (lien direct) |
Adobe's Patch Tuesday updates for May 2019 fix a critical vulnerability in Flash Player and more than 80 flaws in the company's Acrobat products.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 14:43:03 |
What Deep Learning Means for CyberSecurity (lien direct) |
If you're a film buff like me, you've probably seen The Imitation Game, with Benedict Cumberbatch in the role of Alan Turing. The movie tells the story of Turing who, In 1939, was recruited by the newly created British intelligence agency MI6 to crack the Nazi's cryptography machine Enigma, which cryptoanalysts of the day thought unbreakable.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 14:23:01 |
Facebook Launches Global CTF Competition (lien direct) |
Facebook on Monday announced that it is getting ready to kick off its first global Capture the Flag (CTF) competition.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 14:14:05 |
(Déjà vu) Apple Patches 21 Vulnerabilities in WebKit (lien direct) |
Security updates Apple released this week for iOS, macOS, Safari, tvOS and watchOS include patches for 21 vulnerabilities that affect open source web browser engine WebKit.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 14:10:05 |
Remote Code Execution Vulnerability Impacts SQLite (lien direct) |
A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 14:06:04 |
Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products (lien direct) |
The May 2019 Patch Tuesday advisories from Siemens address over a dozen vulnerabilities, including serious flaws affecting the company's LOGO and SINAMICS Perfect Harmony products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 12:15:01 |
Hackers Add Security Software Removal to Banload Banking Malware (lien direct) |
There are two primary characteristics of the Brazilian hacking scene: a focus on Brazil, and the adaptability of the hackers. Very strict money laws make trans-border money movement difficult, ensuring that most targets remain local; and the hackers tend to move on to new targets when the current one becomes too difficult.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 08:16:00 |
Report Links Vast Online Disinformation Campaign to Iran (lien direct) |
When an attractive young Middle Eastern woman contacted Saudi dissident Ali AlAhmed over Twitter last November, he was immediately suspicious.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-14 05:45:04 |
Facebook Patches WhatsApp Flaw Exploited to Spy on Users (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 18:04:05 |
US, EU Spar Over Sharing Electronic Evidence in Investigations (lien direct) |
In August 2016, the lifeless bodies of a young French man and woman were discovered on a beach in Madagascar, with murder suspected.
The secret to the case could be in the last messages they sent, but those are stored in the databanks of US tech giants who don't have to turn over the information to French investigators.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 17:47:01 |
Nine Charged in SIM Hijacking Scheme (lien direct) |
The United States has indicted nine individuals with online identity theft and related charges, the U.S. Department of Justice announced.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 17:32:04 |
GAO Makes Recommendations to Improve Security of Taxpayer Data (lien direct) |
The GAO Makes Recommendations to Improve Security of Taxpayer Information
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 17:18:04 |
New Bill Proposes Cybersecurity Training for U.S. House Members (lien direct) |
A bill introduced last week requires all members, officers and employees of the U.S. House of Representatives to undergo annual cybersecurity training.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 16:53:00 |
Website Infections Holding Steady at 1%, But Attacks Becoming Stealthier: Report (lien direct) |
Only 15% of Malware-Infected Websites Are Blacklisted, Report Finds
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 16:26:00 |
Leak Reveals Activity of Iranian Hacking Group (lien direct) |
Documents associated with the activity of Iranian APT group “Rana” have leaked online recently, exposing the group's targeting of individuals, as well as information on what appears to be some of the group's members.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 16:14:05 |
An Ode to CISOs: How Real-World Risks Became Cyber Threats (lien direct) |
From Vancouver to Volkswagen to Vanderbilt, the most significant threats facing organizations across every sector are now virtual. That's according to the World Economic Forum's 2019 Global Risks Report, which named cyber-attack the greatest non-environmental danger to mankind, ahead of even war and terrorism.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 15:40:01 |
Sectigo Acquires IoT Security Firm Icon Labs (lien direct) |
Certificate Authority (CA) Sectigo, formerly Comodo CA, has acquired Icon Labs, a provider of cross-platform security solutions for embedded OEMs and Internet of Things (IoT) device manufacturers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 15:29:00 |
North Korea-Linked \'ScarCruft\' Adds Bluetooth Harvester to Toolkit (lien direct) |
A North Korea-linked threat group tracked as ScarCruft, APT37 and Group123 continues to evolve and expand its toolkit, Kaspersky Lab reported on Monday.
|
Threat
Cloud
|
APT 37
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-05-13 13:43:01 |
Remote Code Execution Flaw Found in Kaspersky Products (lien direct) |
Researchers have discovered a serious remote code execution vulnerability affecting products from Kaspersky Lab. The cybersecurity firm pushed out a patch to customers in early April.
|
Vulnerability
|
|
|