Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-10-08 23:24:33 |
Microsoft October 2019 Patch Tuesday is a light one (lien direct) |
No zero-days this month. Only 59 security updates. |
|
|
|
|
2019-10-08 21:48:41 |
Twitter used 2FA phone numbers for ad targeting (lien direct) |
Twitter couldn't say how many users had been impacted by this latest bug. |
|
|
|
|
2019-10-08 19:38:00 |
Hackers breach Volusion and start collecting card details from thousands of sites (lien direct) |
More than 6,500 stores have been compromised, but the number could be around 20,000. |
|
|
|
|
2019-10-08 16:41:08 |
Thunderbird to add built-in support for OpenPGP email encryption standard (lien direct) |
Built-in OpenPGP support coming to Thunderbird 78, scheduled for release in the summer of 2020. |
|
|
|
|
2019-10-08 14:15:20 |
France warns of cyberattacks against service providers and engineering offices (lien direct) |
French cyber-security agency warns of ongoing cyber-espionage campaign after Airbus and Expleo hacks. |
|
|
|
|
2019-10-08 13:00:09 |
76 percent of US businesses have experienced a cyberattack in the past year (lien direct) |
SMBs in the country are becoming a firm favorite as targets for cybercriminals. |
|
|
|
|
2019-10-08 13:00:08 |
New sextortion campaign taps altcoins to avoid detection (lien direct) |
Cryptocurrency rules designed to protect email accounts from phishing are being fooled through a pivot from Bitcoin to Litecoin. |
|
|
|
|
2019-10-08 11:27:43 |
California takes on deepfakes in porn and politics (lien direct) |
The state hopes new laws will stop the use of deepfake technology to manipulate political speech and sexual content. |
|
|
|
|
2019-10-08 10:00:06 |
Cybersecurity giants join forces to combat cyberthreats under OASIS umbrella (lien direct) |
IBM and McAfee aim to tie cybersecurity products and data together through open source code and standards. |
|
|
|
|
2019-10-08 09:58:20 |
Tū Ora Compass Health data breach exposes medical data of one million people (lien direct) |
The health organization has admitted its failure in safeguarding user data. |
Data Breach
|
|
|
|
2019-10-08 04:50:07 |
Zero-day published for old Joomla CMS versions (lien direct) |
Proof-of-concept code available online; trivial to exploit. |
|
|
|
|
2019-10-07 20:33:25 |
Data breach at Russian ISP impacts 8.7 million customers (lien direct) |
Security breach took place in 2017, but user details are only now being shared online, including on Telegram channels. |
Data Breach
|
|
|
|
2019-10-07 13:58:51 |
White-hat hacks Muhstik ransomware gang and releases decryption keys (lien direct) |
Annoyed victim hacks back ransomware gang and releases all their decryption keys, along with a free decrypter. |
Ransomware
|
|
|
|
2019-10-07 13:00:00 |
A year after patch, Drupalgeddon2 is still being employed in cybercriminal attacks (lien direct) |
The remote code execution bug is being used in attacks against high-profile websites. |
|
|
|
|
2019-10-07 12:15:00 |
FBI warns about attacks that bypass multi-factor authentication (MFA) (lien direct) |
FBI warns about SIM swapping and tools like Muraen and NecroBrowser. |
|
|
|
|
2019-10-07 09:25:04 |
D-Link router remote code execution vulnerability will not be patched (lien direct) |
The security issue won't be resolved, considering the age of the products. |
Vulnerability
|
|
|
|
2019-10-06 16:35:52 |
DNS-over-HTTPS causes more problems than it solves, experts say (lien direct) |
Several experts, companies, and national entities have voiced very convincing concerns about DoH and its features. |
|
|
|
|
2019-10-04 21:49:55 |
Signal fixes FaceTime-like eavesdropping bug (lien direct) |
Signal bug lets attackers place and then auto-answer a call by pressing the Mute button. |
|
|
|
|
2019-10-04 19:12:51 |
DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities (lien direct) |
Urgent/11 vulnerabilities impact multiple operating systems, not just VxWorks. |
|
|
|
|
2019-10-04 17:19:07 |
Microsoft: Iranian hackers targeted a 2020 presidential campaign (lien direct) |
The Iranian hackers also targeted current and former US government officials, journalists, and Iranians living abroad. |
|
|
|
|
2019-10-04 13:50:52 |
EA website snafu leaks data of 1,600 FIFA 20 pro gamers (lien direct) |
Glitch in EA FIFA 20 tournament site accidentally leaked some players' data to other players. |
|
|
|
|
2019-10-04 12:03:47 |
Russian hacker group patches Chrome and Firefox to fingerprint TLS traffic (lien direct) |
Turla hacker group lives up to its reputation with another clever/wacky hacking technique. |
|
|
|
|
2019-10-04 07:29:17 |
Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices (lien direct) |
Vulnerability was patched in older Android OS versions, but resurfaced in newer releases. |
Vulnerability
|
|
★★★
|
|
2019-10-04 04:30:06 |
Microsoft: MFA bypass attacks are so rare we don\'t have good statistics on them (lien direct) |
Microsoft security expert also ranks authentication factors based on their ability to fend off attackers. |
|
|
|
|
2019-10-03 19:35:32 |
Google gets tougher on HTTPS with ban on mixed content (lien direct) |
Google to stop loading "mixed content" in Chrome starting next year. |
|
|
|
|
2019-10-03 17:37:59 |
macOS systems abused in DDoS attacks (lien direct) |
Up to 40,000 macOS systems expose a particular port online that can be abused for pretty big DDoS attacks. |
|
|
|
|
2019-10-03 12:54:29 |
Minerva attack can recover private keys from smart cards, cryptographic libraries (lien direct) |
Older Athena IDProtect smart cards are impacted, along with the WolfSSL, MatrixSSL, Crypto++, Oracle SunEC, and Libgcrypt crypto libraries. |
|
|
|
|
2019-10-03 11:40:56 |
Court reinstates lawsuit over Google iPhone user tracking (lien direct) |
The lawsuit alleges Google should be held accountable for bypassing default iPhone privacy settings. |
|
|
|
|
2019-10-03 10:45:45 |
WhatsApp vulnerability exploited through malicious GIFs to hijack chat sessions (lien direct) |
Personal files and messages are at risk in unpatched builds of the app. |
Vulnerability
|
|
★★
|
|
2019-10-03 08:59:50 |
EA to give users a free month of Origin Access if they enable 2FA (lien direct) |
Offer stands only for October 2019. Origin users will get November for free. |
|
|
|
|
2019-10-02 22:52:16 |
Dutch police take down hornets\' nest of DDoS botnets (lien direct) |
Police seize servers from bulletproof hosting provider that harbored tens of DDoS botnets. |
|
|
|
|
2019-10-02 17:42:00 |
Zendesk discloses 2016 data breach (lien direct) |
Zendesk said hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers. |
Data Breach
|
|
|
|
2019-10-02 11:07:25 |
Tax and PII records of 20 million Russians stored without encryption, leaked online (lien direct) |
Sensitive data was available to anyone with a browser. |
|
|
|
|
2019-10-02 10:49:00 |
Google launches Incognito Mode for Google Maps, and more (lien direct) |
Google expands history auto-delete to YouTube, adds better privacy controls to voice assistant. |
|
|
|
|
2019-10-02 10:00:08 |
Google launches Password Checkup feature, will add it to Chrome later this year (lien direct) |
Google's Password Checkup is currently available for Android devices and Google's web dashboard. |
|
|
|
|
2019-10-01 23:17:36 |
Intel proposes new SAPM memory type to protect against Spectre-like attacks (lien direct) |
New CPU memory type proposed. No silicon prototype. Just a research paper and a lot of hope. |
|
|
|
|
2019-10-01 19:08:27 |
Academics find eight vulnerabilities in Android\'s VoIP components (lien direct) |
The vulnerabilities can be exploited to make unauthorized VoIP calls, spoof caller IDs, deny voice calls, and even execute malicious code on users' devices. |
|
|
|
|
2019-10-01 14:24:00 |
Over 500 US schools were hit by ransomware in 2019 (lien direct) |
Fifteen US school districts, accounting for 100 schools, were hit in the past two weeks alone. |
Ransomware
|
|
|
|
2019-10-01 12:09:24 |
German police storm bulletproof data center in former NATO bunker (lien direct) |
The military bunker was allegedly used to host servers catering for Dark Web markets and child pornography websites. |
|
|
|
|
2019-10-01 10:20:30 |
Vengeful IT admin thrown behind bars for destroying Army systems on exit (lien direct) |
His efforts have earned him two years in prison. |
|
|
|
|
2019-10-01 09:07:07 |
Former Yahoo engineer pleads guilty to hacking user emails in search for porn (lien direct) |
Former Yahoo engineer accessed about 6,000 email accounts, primarily belonging to young women. |
|
Yahoo
|
|
|
2019-09-30 21:26:13 |
Ransomware incident to cost Danish company a whopping $95 million (lien direct) |
After a month, hearing aid manufacturer Demant has yet to recover after the attack. |
Ransomware
|
|
|
|
2019-09-30 14:00:00 |
Malvertiser exploited two browser bugs to show over one billion malicious ads (lien direct) |
eGobbler group exploits bugs in Chrome for iOS, and Chrome and Safari for desktop to show popup ads and redirect users to malicious sites. |
|
|
|
|
2019-09-30 11:47:06 |
New PDFex attack can exfiltrate data from encrypted PDF files (lien direct) |
All the 27 desktop and web PDF viewer apps that were tested were found to be vulnerable in a way or another. |
|
|
|
|
2019-09-29 23:24:41 |
Linux to get kernel \'lockdown\' feature (lien direct) |
New Linux kernel "lockdown" module to limit high-privileged users -- even root -- from tampering with some kernel functionality. |
|
|
|
|
2019-09-29 07:30:04 |
Pi-hole drops support for ad blocklists used by browser-based ad-blockers (lien direct) |
The ad-blocking landscape is in line for some standardization, starting with the blocklists' synthax. |
|
|
|
|
2019-09-28 07:00:04 |
Most malspam contains a malicious URL these days, not file attachments (lien direct) |
Proofpoint: 85% of all malicious email spam sent in Q2 2019 contained a link to download a malicious file. |
Spam
|
|
|
|
2019-09-27 21:15:39 |
New SIM card attack disclosed, similar to Simjacker (lien direct) |
There's now an app to test your phone's SIM card for both Simjacker and WIBattack |
|
|
|
|
2019-09-27 17:27:57 |
Malware infection disrupts production at defence contractor plants in three countries (lien direct) |
Rheinmetall plants in Brazil, Mexico, and the US disrupted by malware infection. |
Malware
|
|
|
|
2019-09-27 13:04:01 |
WhiteShadow downloader uses Microsoft SQL queries to deliver malicious payloads (lien direct) |
The downloader has an unusual way of executing next-stage payloads. |
|
|
|