What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-13 16:46:00 | ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks (lien direct) | In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT. | Malware | APT 37 | |
|
2019-05-13 16:38:03 | ThreatList: Top 5 Most Dangerous Attachment Types (lien direct) | From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments. | Spam | ||
|
2019-05-10 21:29:02 | FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug (lien direct) | Using a bug patched in March, the attacks are starting to ramp up worldwide. | |||
|
2019-05-10 18:48:00 | News Wrap: Facebook Regulation, Verizon DBIR, Hidden Airbnb Cameras (lien direct) | From a creepy Airbnb incident to Verizon's Data Breach Investigations Report, Threatpost editors break down the top privacy and security stories for the week ended May 10. | Data Breach | ||
|
2019-05-10 16:53:03 | The WannaCry Security Legacy and What\'s to Come (lien direct) | The WannaCry attack proved pivotal, changing the way organizations go about securing their environments. | Wannacry | ||
|
2019-05-10 15:43:05 | Nvidia Warns Windows Gamers on GPU Driver Flaws (lien direct) | Nvidia has patched three vulnerabilities in its Windows GPU display driver that could enable information disclosure, denial of service and privilege escalation. | |||
|
2019-05-10 12:45:00 | ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018 (lien direct) | Nigerian scam groups launched even more attacks in 2018 - and used more complex types of malware to reach more victims. | Malware | ||
|
2019-05-09 21:08:04 | \'Unhackable\' Biometric USB Offers Up Passwords in Plain Text (lien direct) | A simple Wireshark analysis was enough to subvert the gadget, which uses iris identification to protect the drive. | |||
|
2019-05-09 21:07:00 | Chinese Hackers Behind 2015 Anthem Data Breach Indicted (lien direct) | Two have been indicted in the 2015 massive data breach of health insurer Anthem, which compromised the data of at least 78 million customers. | Data Breach | ||
|
2019-05-09 19:08:04 | Hackers Take Over IoT Devices to \'Click\' on Ads (lien direct) | A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab. | |||
|
2019-05-09 17:06:01 | Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked (lien direct) | Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password. | |||
|
2019-05-09 16:00:02 | Serious Phar Flaw Allows Arbitrary Code Execution on Drupal (lien direct) | Drupal, Typo3 and Joomla are all impacted by the bug. | |||
|
2019-05-09 14:49:00 | Researchers in the Dark on Powerful LightNeuron Malware for Years (lien direct) | LightNeuron is the first to target Microsoft Exchange transport agents -- and is used as a hub for major Turla APT espionage efforts. | Malware | ||
|
2019-05-08 20:18:04 | Airbnb Superhost Secretly Recorded Guests with Hidden Bedroom Camera (lien direct) | The incident is only the latest in a string of disturbing horror stories of guests finding live, recording cameras hidden in their Airbnb flats. | |||
|
2019-05-08 17:35:02 | Google Patches Critical Remote Code-Execution Flaws in Android (lien direct) | The Android security update patches 15 bugs, four rated critical, 10 rated high and one ranked moderate in severity. | |||
|
2019-05-08 17:14:05 | Lax Telco Security Allows Mobile Phone Hijacking and Redirects (lien direct) | A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls. | |||
|
2019-05-08 16:03:05 | Google Touts Android Q\'s New Security Update Process and Better Privacy Controls for Apps (lien direct) | At Google I/O, the tech giant announced it is beefing up security in phones with its latest Android Q operating system by offering direct updates and privacy controls. | |||
|
2019-05-08 16:01:04 | Verizon Data Breach Report: Espionage, C-Suite and Cloud Attacks on the Rise (lien direct) | Cloud misconfigurations, business email compromise (BEC) and intellectual property theft are all up in the Verizon DBIR 2019 from last year. | Data Breach | ||
|
2019-05-08 12:01:03 | Cynet Provides Security Responders with Free IR Tool to Validate and Respond to Active Threats (lien direct) | Cynet Free IR empowers its users with a solution that is accessible and easy to use, bringing crucial incident response services in-house, while saving them valuable time and resources. | Tool | ||
|
2019-05-07 20:38:03 | Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover (lien direct) | Cisco has patched a critical flaw in its virtualized function automation tool, Cisco Elastic Services Controller. | |||
|
2019-05-07 17:52:02 | Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak (lien direct) | Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017. | |||
|
2019-05-07 15:30:01 | Ukrainian Charged With Launching 100 Million Malicious Ads (lien direct) | Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions. | |||
|
2019-05-06 21:42:00 | WP Live Chat WordPress Plugin Re-Patches File Upload Flaw (lien direct) | After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued. | |||
|
2019-05-06 20:04:05 | Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig (lien direct) | Snowballing attacks using a recently patched critical bug show no sign of abating. | |||
|
2019-05-06 19:03:05 | High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack (lien direct) | Cisco patches two high-severity bugs that could be exploited by remote attackers. | |||
|
2019-05-06 16:00:05 | Avengers: Endgame Sites Promise Digital Downloads, Deliver Info-Harvesting (lien direct) | Web scammers are going after Marvel fans as the movie passes the $2.2 billion box-office mark, making it the second-highest grossing film of all time, behind only Avatar. | ★★★★★ | ||
|
2019-05-06 15:13:03 | High-Severity PrinterLogic Flaws Enable Remote Code Execution (lien direct) | The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers. | ★★★ | ||
|
2019-05-06 14:42:02 | Tor Security Add-On Abruptly Killed by Mozilla Bug (lien direct) | A digital signing flaw killed add-ons for Firefox as well as Tor -- and no patch is yet available for Tor users. | ★★★★★ | ||
|
2019-05-06 14:10:01 | Extinguishing the IoT Insecurity Dumpster Fire (lien direct) | Will connected devices be insecure forever? Or will legislation - such as the recent UK mandate announced this week - help boost IoT security? | ★★★★★ | ||
|
2019-05-06 13:00:03 | Amid Bug Bounty Hype, Sometimes Security is Left in the Dust (lien direct) | Amidst the PR glitz and popularity of bug bounty programs, experts worry that actual smart security strategy is being left behind. | ★★★★ | ||
|
2019-05-03 21:16:05 | Researchers Weigh in on Trump\'s Cyber Workforce Executive Order (lien direct) | Short on concrete details but long on affirming cybersecurity skills as a critical piece of federal defense, the White House executive order aims to bolster the national cyber workforce. | ★★★★★ | ||
|
2019-05-03 19:14:00 | News Wrap: Cartoon Network Hack, the Catholic Church and Jason Statham Scams (lien direct) | The Threatpost team breaks down the strangest security stories this week - from Cartoon Network hacked to show stripper videos, to a church being scammed out of $1.75 million. | ★★★★ | ||
|
2019-05-03 14:58:01 | Retefe Banking Trojan Resurfaces, Says Goodbye to Tor (lien direct) | The malware has new tricks, like using the stunnel encrypted tunneling mechanism and abusing a legitimate shareware app. | Malware | ||
|
2019-05-03 14:36:02 | Multiple Sierra Wireless AirLink Routers Open to Remote Code Execution (lien direct) | Critical flaws in the software of Sierra Wireless' AirLink routers enable an array of malicious attacks. | |||
|
2019-05-02 21:15:03 | Critical Flaws Found in Eight Wireless Presentation Systems (lien direct) | Crestron, Barco wePresent, Extron ShareLink and more wireless presentation systems have an array of critical flaws. | |||
|
2019-04-29 20:31:03 | Malware Infests Popular Pirate Streaming Hardware (lien direct) | Hardware that supports pirated video streaming content comes packed with malware. | Malware | ||
|
2019-04-29 20:04:03 | MuddyWater APT Hones an Arsenal of Custom Tools (lien direct) | The attack group shows a moderate level of sophistication, but the stage is set for MuddyWater to take things to the next level. | |||
|
2019-04-29 14:13:02 | Docker Hub Hack Affects 190K Accounts (lien direct) | Github and Bitbucket tokens for Docker autobuilds are also impacted. | Hack | ||
|
2019-04-29 13:37:04 | 2 Million IoT Devices Vulnerable to Complete Takeover (lien direct) | Millions of security cameras, baby monitors and "smart" doorbells are open to hijack - and no solution is currently available. | |||
|
2019-04-26 19:44:05 | Users Urged to Disable WordPress Plugin After Unpatched Flaw Disclosed (lien direct) | Yet another WordPress plugin vulnerability has put thousands of websites at risk. | Vulnerability | ★★★★★ | |
|
2019-04-26 17:47:00 | GoDaddy Shutters 14,000 Subdomains Tied to \'Snake Oil\' Scams (lien direct) | GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns. | Spam | ★★ | |
|
2019-04-26 16:12:00 | Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection (lien direct) | The wireless gateways are used in PoS, industrial IoT and distributed enterprise settings. | |||
|
2019-04-26 12:10:01 | Facial Recognition \'Consent\' Doesn\'t Exist, Threatpost Poll Finds (lien direct) | Half of Threatpost readers surveyed in a recent poll don't believe that consent realistically exists when it comes to facial recognition. | |||
|
2019-04-25 21:13:03 | Android-Based Sony Smart-TVs Open to Image Pilfering (lien direct) | A pair of bugs would allow attackers to compromise the WiFi password of a TV and the multimedia stored inside it. | |||
|
2019-04-25 15:55:01 | Amazon Employees Given \'Broad Access\' to Personal Alexa Info (lien direct) | An auditing program for the voice assistant technology exposes geolocation data that can be personally identified, sources said. | |||
|
2019-04-25 15:19:02 | Qualcomm Critical Flaw Exposes Private Keys For Android Devices (lien direct) | A side-channel attack in Qualcomm technology, which is used by most modern Android devices, could allow an attacker to snatch private keys. | |||
|
2019-04-24 20:57:05 | Facebook May Face $5 Billion FTC Fine for Data Misuse (lien direct) | Facebook may be fined as much as $5 billion by the FTC for data issues related to the Cambridge Analytica incident. | |||
|
2019-04-24 16:55:02 | Adware-Ridden Apps in Google Play Infect 30 Million Android Users (lien direct) | Google Play has removed up to 50 apps that once downloaded plagued systems with full-screen ads. | |||
|
2019-04-19 19:45:04 | Three-Fourths of Consumers Don\'t Trust Facebook, Threatpost Poll Finds (lien direct) | On the heels of several Facebook data privacy snafus this week - and over the past year - users no longer trust the platform. | |||
|
2019-04-19 16:37:03 | Insecure Ride App Database Leaks Data of 300K Iranian Drivers (lien direct) | A researcher said that millions of records were leaking 300,000 Tap30 drivers' names, ID numbers and phone numbers. | ★★ |
To see everything:
Our RSS (filtrered)
