What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-01-24 16:41:05 | ThreatList: Credential-Sniffing Phishing Attacks Erupted in 2018 (lien direct) | Credential compromise emerged the main target for phishing campaigns in 2018 - rather than infecting victims' devices with malware. | |||
|
2019-01-24 14:11:01 | Bit-and-Piece DDoS Method Emerges to Torment ISPs (lien direct) | Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. | |||
|
2019-01-23 20:27:01 | Redaman Spams Russian Banking Customers with Rotating Tactics (lien direct) | The banking trojan hides its misdeeds with a rotating set of tactics. | |||
|
2019-01-23 20:00:02 | Malware in Ad-Based Images Targets Mac Users (lien direct) | Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted. | Malware | ||
|
2019-01-23 18:17:04 | Monero: Cybercrime\'s Top Choice for Mining Malware (lien direct) | Illicit Monero-mining malware accounts for more than 4 percent of the XMR in circulation, and has created $57 million in profits for the bad guys. | Malware | ||
|
2019-01-23 16:34:00 | 6 Signs of Successful Threat Hunting (lien direct) | Here are six tips to put threat hunters in the driver's seat so they can outsmart their adversaries. | Threat | ||
|
2019-01-23 16:23:02 | \'Chaos\' iPhone X Attack Alleges Remote Jailbreak (lien direct) | The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS. | |||
|
2019-01-23 15:06:05 | U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks (lien direct) | An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks. | |||
|
2019-01-23 12:00:03 | Microsoft Windows RCE Flaw Gets Temporary Micropatch (lien direct) | 0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8. | Vulnerability | ||
|
2019-01-23 12:00:01 | RogueRobin Malware Uses Google Drive as C2 Channel (lien direct) | The RogueRobin uses a mix of novel techniques. | Malware | ||
|
2019-01-22 18:45:00 | How Web Apps Can Turn Browser Extensions Into Backdoors (lien direct) | Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data. | Hack | ||
|
2019-01-22 17:05:02 | Google Fined $57M in Largest GDPR Slap Yet (lien direct) | The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses personal data for ad-targeting purposes. | |||
|
2019-01-22 15:21:01 | Adobe Issues Unscheduled Updates for Experience Manager Platform (lien direct) | The patches are part of Adobe's second unscheduled update this month. | |||
|
2019-01-18 21:00:04 | Google Play Removes Malicious Malware-Ridden Apps (lien direct) | Two apps on Google Play were infecting devices with the Anubis mobile banking trojan. | |||
|
2019-01-18 19:58:01 | Fallout EK Retools for a Fresh New 2019 Look (lien direct) | The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups. | Vulnerability | ||
|
2019-01-18 17:58:01 | (Déjà vu) Threatpost News Wrap Podcast For Jan. 18 (lien direct) | Threatpost editors break down the top headlines from the week ended Jan. 18. | |||
|
2019-01-18 17:30:04 | Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open (lien direct) | A default configuration allows full admin access to unauthenticated attackers. | |||
|
2019-01-18 14:42:01 | Twitter Android Glitch Exposed Private Tweets for Years (lien direct) | Twitter has fixed the issue, which has been ongoing since 2014. | |||
|
2019-01-17 22:36:04 | Microsoft Launches Azure DevOps Bug Bounty Program (lien direct) | Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server. | |||
|
2019-01-17 20:04:02 | Apple CEO Demands Federal Data Privacy Legislation (lien direct) | Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019. | |||
|
2019-01-17 15:41:02 | Cyber-Jackpot: 773M Credentials Dumped on the Dark Web (lien direct) | Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen. | |||
|
2019-01-17 14:03:01 | Cryptomining Malware Uninstalls Cloud Security Products (lien direct) | New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products. | Malware | ||
|
2019-01-16 22:09:02 | Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS (lien direct) | Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain. | Tool | ★★ | |
|
2019-01-16 20:25:04 | Millions of Oklahoma Gov Files Exposed by Wide-Open Server (lien direct) | The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS. | |||
|
2019-01-16 16:47:02 | U.S. Issues Multiple Charges For 2016 SEC Hack (lien direct) | The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware. | Hack | ||
|
2019-01-16 16:16:05 | Fortnite Hacked Via Insecure Single Sign-On (lien direct) | Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts. | |||
|
2019-01-16 15:11:02 | Magecart Returns with Advertising Library Tactic (lien direct) | The threat group also has a new subsidiary, Magecart Group 12. | Threat | ||
|
2019-01-16 14:00:00 | VOIPO Database Exposes Millions of Texts, Call Logs (lien direct) | VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline. | |||
|
2019-01-15 22:43:04 | IDenticard Zero-Days Allow Corporate Building Access, Location Recon (lien direct) | Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more. | |||
|
2019-01-15 21:44:03 | Data Breach Roundup: U.S. Healthcare, Cryptopia, SingHealth and Experian (lien direct) | January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead. | Data Breach | ||
|
2019-01-15 18:53:04 | Judge: Law Enforcement Can\'t Force Suspects to Unlock iPhones with FaceID (lien direct) | A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments. | |||
|
2019-01-15 18:38:01 | ThreatList: $1.7M is the Average Cost of a Cyber-Attack (lien direct) | Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach. | |||
|
2019-01-14 22:22:00 | Popular Web-Hosting Platform Bluehost Riddled with Flaws, Researcher Claims (lien direct) | He said that similar flaws were also found in the Dreamhost, HostGator, OVH and iPage web hosting platforms. | |||
|
2019-01-14 19:50:00 | Threatpost Poll: Can We Fix 2FA? (lien direct) | Take our short poll to weigh in on the state of two-factor authentication. | |||
|
2019-01-14 18:10:01 | Hack Allows Escape of Play-with-Docker Containers (lien direct) | Researchers created a proof-of-concept escape of Docker test environment. | Hack | ||
|
2019-01-14 17:06:01 | Ryuk Hauls in $3.7M in \'Earnings,\' Adds TrickBot to the Attack Mix (lien direct) | The malware's operator, Grim Spider, could be affiliated with Russian cybercrime rings, according to some -- others say there's no concrete evidence. | |||
|
2019-01-14 17:02:03 | Mozilla Kills Default Support for Adobe Flash in Firefox 69 (lien direct) | Firefox 69 will force users to manually install Adobe Flash as the plugin inches toward end of life. | |||
|
2019-01-14 14:18:02 | Data Exposed in OXO, Amazon and MongoDB Leaks (lien direct) | Dual data exposures and a wide-scale data leak due to a vulnerable MongoDB database have kicked off 2019 so far. | |||
|
2019-01-14 12:00:01 | Podcast: Emotet Grows With Fast-Evolving Tactics (lien direct) | Threatpost discusses the future of the Emotet banking trojan with Cylance. | |||
|
2019-01-11 21:58:02 | Pre-Installed Android App Impacts Millions with Slew of Malicious Activity (lien direct) | The app was developed by legitimate Chinese manufacturing giant TCL. | |||
|
2019-01-11 17:49:02 | TA505 Crime Gang Debuts Brand-New ServHelper Backdoor (lien direct) | The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. | Malware | ||
|
2019-01-11 16:23:05 | U.S. Government Shutdown Leaves Dozens of .Gov Websites Vulnerable (lien direct) | As the shutdown continues into its 21st day, dozens of .gov websites haven't renewed their TLS certificates. | |||
|
2019-01-11 15:44:05 | Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In (lien direct) | A penetration testing tool called Modlishka can defeat two-factor authentication in the latest 2FA security issue. We asked a roundtable of experts what it all means. | Tool | ||
|
2019-01-10 21:32:03 | At CES, Focus is On \'Cool Factor\' Not IoT Security (lien direct) | When it comes to IoT, the priority at CES is the "wow factor" - but not so much a focus on security. | |||
|
2019-01-10 16:05:05 | \'Unprecedented\' DNS Hijacking Attacks Linked to Iran (lien direct) | The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran. | |||
|
2019-01-10 15:45:02 | Google Search Results Spoofed to Create Fake News (lien direct) | The technique can be used to spread disinformation while leveraging the trust people have in Google's search results. | |||
|
2019-01-09 22:33:04 | Critical Flaw in Cisco\'s Email Security Appliance Enables \'Permanent DoS\' (lien direct) | A remote attacker could exploit the vulnerability simply by sending an email. | Vulnerability | ||
|
2019-01-09 21:16:05 | ICEPick-3PC: A Sophisticated Adware That Collects Data En Masse (lien direct) | Researchers think an organized crime gang is running the massive campaigns, prepping for large-scale follow-on attacks on Android users. | |||
|
2019-01-09 20:59:02 | Google Play Boots 85 Malicious Adware Apps (lien direct) | Once downloaded, the fake apps hide themselves on the victim's device and continue to show a full-screen ad every 15 minutes. | |||
|
2019-01-09 18:27:05 | ThreatList: WordPress Vulnerabilities Tripled in 2018 (lien direct) | Despite fewer plugins being added to Wordpress last year, the CMS saw an astounding tripling of vulnerabilities in its platform in 2018. |
To see everything:
Our RSS (filtrered)
