What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-08-03 14:00:58 | Export-Grade Crypto Patching Improves (lien direct) | A Black Hat talk this week is expected to take a deep dive into the ramifications of lingering support for export-grade cryptography and how patching levels are proceeding. | ★★★ | ||
|
2016-08-02 17:00:14 | Bug Hunting Cyber Bots Set to Square Off at DEF CON (lien direct) | DARPA's Cyber Grand Challenge is set to culminate Thursday with a competition at DEF CON it's calling the CGC Final Event. | |||
|
2016-08-02 16:51:25 | Yahoo Investigates 200 Million Alleged Accounts For Sale On Dark Web (lien direct) | Yahoo says that it is investigating an alleged massive breach of its users' credential that are available for sale online. | Yahoo | ||
|
2016-08-02 13:00:43 | Kaspersky Lab Launches Bug Bounty Program (lien direct) | Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. | |||
|
2016-08-01 17:00:22 | New Technique Checks Mitigation Bypasses Earlier (lien direct) | Researchers at Endgame are expected at Black Hat to introduce Hardware Assisted Control Flow Integrity (HA-CFI), which leverages features in the micro-architecture of Intel processors for security. | |||
|
2016-08-01 13:00:30 | WPAD Flaws Leak HTTPS URLs (lien direct) | Sniffing HTTPS URLs with malicious PAC files gets easier with a new technique that exploits flaws in the Web Proxy AutoDiscovery protocol. | ★★ | ||
|
2016-07-29 17:57:34 | AdGholas Malvertising Campaign Leveraged Steganography, Filtering (lien direct) | For over a year attackers were able to carry out a malvertising campaign that managed to draw between one and five million client hits a day, according to researchers. The scam infected thousands a day using a one-two-punch of filtering and steganography. | ★★★ | ||
|
2016-07-29 14:45:04 | Threatpost News Wrap, July 29, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including a wireless keyboard vulnerability - KeySniffer, NIST's statement on 2FA, a LastPass remote compromise bug, and a new Tor paper. | LastPass | ||
|
2016-07-28 16:16:02 | Petya Sabotages Rival Ransomware Chimera, Leaks Decryption Keys (lien direct) | Petya ransomware developers leak competitor Chimera's decryption keys in an attempt to drive new business to a new Petya and Mischa offering. | |||
|
2016-07-28 12:58:02 | LastPass Patches Ormandy Remote Compromise Flaw (lien direct) | LastPass has patched a vulnerability in its Firefox add-on that allows attackers complete remote compromise of the password manager | LastPass | ||
|
2016-07-27 20:03:23 | Trump Comments Straddle Line of Soliciting Computer Crime (lien direct) | Donald Trump may have left himself an out today when he urged Russian hackers to find 30,000 emails deleted by Hillary Clinton from her private server. | |||
|
2016-07-27 16:27:15 | Attributing Advanced Attacks Remains Challenge For Researchers (lien direct) | Kaspersky Lab researchers participated in a Reddit AMA, touching on topics such as attack attribution, critical infrastructure security, attacker and researcher tradecraft, and the shortage of security talent. | |||
|
2016-07-26 21:26:33 | Yahoo Ordered to Explain Data Gathering Procedures in Deleted Email Case (lien direct) | Yahoo has been given until August 31 to comply with a court order asking how the company was able to recover emails that were thought to be deleted. | Yahoo | ||
|
2016-07-26 18:50:10 | Kimpton Hotels Investigating Payment Card Fraud (lien direct) | Kimpton Hotels & Restaurants, a nationwide chain of 62 boutique hotels, is investigating a string of unauthorized charges on payment cards used at a number of its locations. | |||
|
2016-07-26 15:45:34 | Public, Private Sector Team to Fight Ransomware (lien direct) | Security firms and law enforcement launch No More Ransom, a web-based effort dedicated to ransomware awareness and decryption tools. | |||
|
2016-07-26 13:05:13 | Unpatched Smart Lighting Flaws Pose IoT Risk to Businesses (lien direct) | Rapid7 has disclosed nine vulnerabilities in Orsam Lightify Pro and Home smart lighting products, some of which can be used as a pivot point for remote attacks. | |||
|
2016-07-25 19:51:25 | Upcoming Tor Design Battles Hidden Services Snooping (lien direct) | Researchers at Northeastern University next week at DEF CON are expected to present a paper describing their framework for discovering Tor hidden services directories that snoop on hidden services. | |||
|
2016-07-25 17:01:30 | PornHub Hack Earns Researchers $22,000 (lien direct) | Researchers find a serious vulnerability in PHP code that could of allowed hackers to gain access to porn site's private user data. | ★★★ | ||
|
2016-07-22 17:33:55 | PayPal Fixes CSRF Vulnerability in PayPal.me (lien direct) | PayPal recently fixed a vulnerability on its PayPal.me site that could've let an attacker change a user's profile without their permission. | |||
|
2016-07-21 20:35:48 | Adobe to Block Flash in August, Disable in 2017 (lien direct) | Starting next year, Firefox users who navigate to pages that contain Flash will be asked their consent before activating the plugin. The move, long expected, comes as developers seek to curb usage of Flash in everyday web browsing. | |||
|
2016-07-21 17:02:18 | 15 Vulnerabilities in SAP HANA Outlined (lien direct) | SAP recently fixed 15 different vulnerabilities that existed in the database management system HANA and subsequent communication channels. The bugs affect 10,000 users running the software. | |||
|
2016-07-21 11:00:58 | IoT Insecurity: Pinpointing the Problems (lien direct) | The Internet of Things today faces many challenges and obstacles as it matures, including concerns around security and privacy. | |||
|
2016-07-20 17:21:12 | SoakSoak Botnet Pushing Neutrino Exploit Kit and CryptXXX Ransomware (lien direct) | Research spot SoakSoak botnets spreading the Neutrino Exploit Kit that in turn infect the unsuspecting with the CryptXXX ransomware. | |||
|
2016-07-20 13:21:36 | Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update (lien direct) | Oracle fixed a record 276 vulnerabilities – more than half of which are remotely exploitable – as part of its July Critical Patch Update on Tuesday afternoon. | ★★★★ | ||
|
2016-07-19 12:16:57 | Apple Fixes Vulnerabilities Across OS X, iOS, Safari (lien direct) | Apple fixed dozens of vulnerabilities across its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS. | |||
|
2016-07-18 22:00:46 | CGI Script Vulnerability ‘Httpoxy’ Allows Man-in-the-Middle Attacks (lien direct) | Scripting language vulnerability dubbed HTTPoxy allows for MitM attacks on Red Hat products using PHP, Go and Python. | |||
|
2016-07-18 17:17:09 | Two Million Passwords Breached in Ubuntu Hack (lien direct) | Canonical's CEO claims a SQL injection vulnerability led to the hack of Ubuntu's Two million user strong forums. | |||
|
2016-07-15 20:20:15 | Juniper Crypto Bug Let Attackers Eavesdrop on Router, Switch Traffic (lien direct) | Juniper patched a crypto security bug that could allow hackers to access the company's routers, switches and security devices and eavesdrop on sensitive communications. | |||
|
2016-07-15 18:09:29 | Scan Reveals Hydropower Plants, Other Critical Infrastructure Exposed Online (lien direct) | An Internet scan of the IPv4 address space uncovered more than 100 critical facilities exposed to the public Internet, including hydropower plants in Germany and Italy. | |||
|
2016-07-15 15:00:49 | Threatpost News Wrap, July 15, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including privacy and Pokemon GO, a new MIT anonymity system, the Fiat Chrysler bug bounty program, and a patched printer spooler vulnerability. | |||
|
2016-07-14 16:35:14 | Dirt Cheap Stampado Ransomware Sells on Dark Web for $39 (lien direct) | Ransomware selling for as little as $39 on the dark web have security experts concerned the low price coupled with its potency could trigger a wave of new ransomware victims. | ★★★ | ||
|
2016-07-13 20:23:30 | Congressional Report: China Hacked FDIC And Agency Covered It Up (lien direct) | A Congressional report accuses China of hacking the FDIC and the agency of covering up the attacks. | |||
|
2016-07-13 17:39:13 | MIT Anonymity Network Riffle Promises Efficiency, Security (lien direct) | Riffle, a new anonymity network concocted by MIT researchers, can guarantee anonymity among a large group of users, as long as there's one honest server. | |||
|
2016-07-13 13:05:57 | Seeking Alpha Mobile Financial App Forgoes Encryption (lien direct) | The Seeking Alpha mobile app operates without a measure of encryption, putting user information, including credentials and strategic financial interests at risk. | |||
|
2016-07-12 17:51:53 | Little Snitch Bug Leaves Some Mac Systems Open to Attack (lien direct) | Mac OS X firewall Little Snitch is vulnerable to local escalation of privileges attacks that could give criminals the ability plant rootkits and keylogger on some Mac OS X El Capitan systems. | |||
|
2016-07-12 15:40:10 | xDedic Hacked Server Market Resurfaces on Tor Domain (lien direct) | The xDedic market has resurfaced, this time on a Tor network domain and with the inclusion of a new enrollment fee. | ★★ | ||
|
2016-07-12 13:31:54 | Malware Dropper Built to Target European Energy Company (lien direct) | Researchers at SentinelOne said they have discovered a malware dropper for the Furtim malware that was designed to attack an unnamed energy company in Europe. | ★★★★★ | ||
|
2016-07-11 21:12:37 | Jigsaw Ransomware Decrypted, Again (lien direct) | Jigsaw ransomware's encryption has been thwarted by Check Point researchers that discover a fatal flaw. | |||
|
2016-07-11 17:54:50 | Malicious Pokémon Go App Installs Backdoor on Android Devices (lien direct) | Researchers are warning would-be Pokémon Trainers that a malicious, backdoored version of the massively popular game Pokémon Go could be making the rounds soon. | |||
|
2016-07-11 15:31:33 | IoT Medical Devices: A Prescription for Disaster (lien direct) | Hospitals are on the IoT device vanguard revolutionizing patient care, but they are also huge targets for hackers targeting unsecure IoT medical devices. | |||
|
2016-07-11 12:32:31 | 91 Percent of Public-Facing ICS Components Are Remotely Exploitable (lien direct) | A report on ICS security released today by Kaspersky Lab reveals how dire the situation really is. | |||
|
2016-07-08 18:00:54 | Google Testing Post-Quantum Cryptography in Chrome (lien direct) | Google has announced its first venture into post-quantum cryptography with the use of a post-quantum key-exchange algorithm in the Canary test build of the Chrome browser. | |||
|
2016-07-08 14:30:08 | Threatpost News Wrap, July 8, 2016 (lien direct) | Mike Mimoso, Tom Spring and Chris Brook discuss the news of the week, including all things Android: the crypto weakness, the full disk encryption bypass, and new malware, Hummingbad, which impacts the mobile operating system. The three also discuss the TP-Link router fiasco. | |||
|
2016-07-08 11:25:10 | CryptXXX, Cryptobit Ransomware Spreading Through Campaign (lien direct) | Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains. | |||
|
2016-07-07 18:21:26 | CryptXXX Ransomware Updates Ransom Note, Payment Site (lien direct) | CryptXXX ransomware has been updated with new ransom instructions and payment site, as well as the removal of special extensions appended to encrypted files. | |||
|
2016-07-07 15:52:07 | Android KeyStore Encryption Scheme Broken, Researchers Say (lien direct) | The default implementation for KeyStore, the system in Android designed to store users credentials and cryptographic keys, is broken, researchers say. | |||
|
2016-07-07 11:00:38 | APT Group ‘Patchwork’ Cuts-and-Pastes a Potent Attack (lien direct) | Researchers discover APT attackers that rummage dark web, GitHub and hidden criminal forums to patch together a high-impact APT. | |||
|
2016-07-06 18:00:58 | Android Security Bulletin Features Two Patch Levels (lien direct) | Google today released its monthly Android Security Bulletin, and points out that there are two security patch level strings in today's bulletin: July 1 and July 5. | |||
|
2016-07-06 15:42:11 | Adwind RAT Resurfaces, Targeting Danish Companies (lien direct) | The remote access Trojan Adwind has resurfaced and as of last weekend, is being used in spam emails targeting Danish companies, researchers claim. | ★★★★★ | ||
|
2016-07-06 11:00:56 | Most Post-Intrusion Cyber Attacks Involve Everyday Admin Tools (lien direct) | Ninety-nine percent of post-intrusion cyberattack activities leverage standard networking, IT administration and other tools as opposed to malware. | ★★★★★ |
To see everything:
Our RSS (filtrered)
