Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-24 16:41:05 |
ThreatList: Credential-Sniffing Phishing Attacks Erupted in 2018 (lien direct) |
Credential compromise emerged the main target for phishing campaigns in 2018 - rather than infecting victims' devices with malware. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-24 14:11:01 |
Bit-and-Piece DDoS Method Emerges to Torment ISPs (lien direct) |
Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-23 20:27:01 |
Redaman Spams Russian Banking Customers with Rotating Tactics (lien direct) |
The banking trojan hides its misdeeds with a rotating set of tactics. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-23 20:00:02 |
Malware in Ad-Based Images Targets Mac Users (lien direct) |
Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-23 18:17:04 |
Monero: Cybercrime\'s Top Choice for Mining Malware (lien direct) |
Illicit Monero-mining malware accounts for more than 4 percent of the XMR in circulation, and has created $57 million in profits for the bad guys. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-23 16:34:00 |
6 Signs of Successful Threat Hunting (lien direct) |
Here are six tips to put threat hunters in the driver's seat so they can outsmart their adversaries. |
Threat
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-23 16:23:02 |
\'Chaos\' iPhone X Attack Alleges Remote Jailbreak (lien direct) |
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-23 15:06:05 |
U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks (lien direct) |
An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-23 12:00:03 |
Microsoft Windows RCE Flaw Gets Temporary Micropatch (lien direct) |
0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8. |
Vulnerability
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-23 12:00:01 |
RogueRobin Malware Uses Google Drive as C2 Channel (lien direct) |
The RogueRobin uses a mix of novel techniques. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-22 18:45:00 |
How Web Apps Can Turn Browser Extensions Into Backdoors (lien direct) |
Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data. |
Hack
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-22 17:05:02 |
Google Fined $57M in Largest GDPR Slap Yet (lien direct) |
The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses personal data for ad-targeting purposes. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-22 15:21:01 |
Adobe Issues Unscheduled Updates for Experience Manager Platform (lien direct) |
The patches are part of Adobe's second unscheduled update this month. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-18 21:00:04 |
Google Play Removes Malicious Malware-Ridden Apps (lien direct) |
Two apps on Google Play were infecting devices with the Anubis mobile banking trojan. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-18 19:58:01 |
Fallout EK Retools for a Fresh New 2019 Look (lien direct) |
The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups. |
Vulnerability
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-18 17:58:01 |
(Déjà vu) Threatpost News Wrap Podcast For Jan. 18 (lien direct) |
Threatpost editors break down the top headlines from the week ended Jan. 18. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-18 17:30:04 |
Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open (lien direct) |
A default configuration allows full admin access to unauthenticated attackers. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-18 14:42:01 |
Twitter Android Glitch Exposed Private Tweets for Years (lien direct) |
Twitter has fixed the issue, which has been ongoing since 2014. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-17 22:36:04 |
Microsoft Launches Azure DevOps Bug Bounty Program (lien direct) |
Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-17 20:04:02 |
Apple CEO Demands Federal Data Privacy Legislation (lien direct) |
Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-17 15:41:02 |
Cyber-Jackpot: 773M Credentials Dumped on the Dark Web (lien direct) |
Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-17 14:03:01 |
Cryptomining Malware Uninstalls Cloud Security Products (lien direct) |
New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-16 22:09:02 |
Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS (lien direct) |
Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain. |
Tool
|
|
★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-16 20:25:04 |
Millions of Oklahoma Gov Files Exposed by Wide-Open Server (lien direct) |
The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-16 16:47:02 |
U.S. Issues Multiple Charges For 2016 SEC Hack (lien direct) |
The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware. |
Hack
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-16 16:16:05 |
Fortnite Hacked Via Insecure Single Sign-On (lien direct) |
Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-16 15:11:02 |
Magecart Returns with Advertising Library Tactic (lien direct) |
The threat group also has a new subsidiary, Magecart Group 12. |
Threat
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-16 14:00:00 |
VOIPO Database Exposes Millions of Texts, Call Logs (lien direct) |
VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-15 22:43:04 |
IDenticard Zero-Days Allow Corporate Building Access, Location Recon (lien direct) |
Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-15 21:44:03 |
Data Breach Roundup: U.S. Healthcare, Cryptopia, SingHealth and Experian (lien direct) |
January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead. |
Data Breach
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-15 18:53:04 |
Judge: Law Enforcement Can\'t Force Suspects to Unlock iPhones with FaceID (lien direct) |
A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-15 18:38:01 |
ThreatList: $1.7M is the Average Cost of a Cyber-Attack (lien direct) |
Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-14 22:22:00 |
Popular Web-Hosting Platform Bluehost Riddled with Flaws, Researcher Claims (lien direct) |
He said that similar flaws were also found in the Dreamhost, HostGator, OVH and iPage web hosting platforms. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-14 19:50:00 |
Threatpost Poll: Can We Fix 2FA? (lien direct) |
Take our short poll to weigh in on the state of two-factor authentication. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-14 18:10:01 |
Hack Allows Escape of Play-with-Docker Containers (lien direct) |
Researchers created a proof-of-concept escape of Docker test environment. |
Hack
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-14 17:06:01 |
Ryuk Hauls in $3.7M in \'Earnings,\' Adds TrickBot to the Attack Mix (lien direct) |
The malware's operator, Grim Spider, could be affiliated with Russian cybercrime rings, according to some -- others say there's no concrete evidence. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-14 17:02:03 |
Mozilla Kills Default Support for Adobe Flash in Firefox 69 (lien direct) |
Firefox 69 will force users to manually install Adobe Flash as the plugin inches toward end of life. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-14 14:18:02 |
Data Exposed in OXO, Amazon and MongoDB Leaks (lien direct) |
Dual data exposures and a wide-scale data leak due to a vulnerable MongoDB database have kicked off 2019 so far. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-14 12:00:01 |
Podcast: Emotet Grows With Fast-Evolving Tactics (lien direct) |
Threatpost discusses the future of the Emotet banking trojan with Cylance. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-11 21:58:02 |
Pre-Installed Android App Impacts Millions with Slew of Malicious Activity (lien direct) |
The app was developed by legitimate Chinese manufacturing giant TCL. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-11 17:49:02 |
TA505 Crime Gang Debuts Brand-New ServHelper Backdoor (lien direct) |
The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-11 16:23:05 |
U.S. Government Shutdown Leaves Dozens of .Gov Websites Vulnerable (lien direct) |
As the shutdown continues into its 21st day, dozens of .gov websites haven't renewed their TLS certificates. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-11 15:44:05 |
Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In (lien direct) |
A penetration testing tool called Modlishka can defeat two-factor authentication in the latest 2FA security issue. We asked a roundtable of experts what it all means. |
Tool
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-10 21:32:03 |
At CES, Focus is On \'Cool Factor\' Not IoT Security (lien direct) |
When it comes to IoT, the priority at CES is the "wow factor" - but not so much a focus on security. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-10 16:05:05 |
\'Unprecedented\' DNS Hijacking Attacks Linked to Iran (lien direct) |
The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-10 15:45:02 |
Google Search Results Spoofed to Create Fake News (lien direct) |
The technique can be used to spread disinformation while leveraging the trust people have in Google's search results. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-09 22:33:04 |
Critical Flaw in Cisco\'s Email Security Appliance Enables \'Permanent DoS\' (lien direct) |
A remote attacker could exploit the vulnerability simply by sending an email. |
Vulnerability
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-09 21:16:05 |
ICEPick-3PC: A Sophisticated Adware That Collects Data En Masse (lien direct) |
Researchers think an organized crime gang is running the massive campaigns, prepping for large-scale follow-on attacks on Android users. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-09 20:59:02 |
Google Play Boots 85 Malicious Adware Apps (lien direct) |
Once downloaded, the fake apps hide themselves on the victim's device and continue to show a full-screen ad every 15 minutes.
|
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2019-01-09 18:27:05 |
ThreatList: WordPress Vulnerabilities Tripled in 2018 (lien direct) |
Despite fewer plugins being added to Wordpress last year, the CMS saw an astounding tripling of vulnerabilities in its platform in 2018. |
|
|
|