Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-04-18 20:21:02 |
Weather Channel Knocked Off-Air in Dangerous Precedent (lien direct) |
The incident was the work of malicious cyberattackers. |
|
|
★★★
|
|
2019-04-18 18:56:03 |
Shopify Flaw Exposed Thousands of Merchants\' Revenue, Traffic Numbers (lien direct) |
The flaw, which existed in a Shopify API endpoint, has been patched. |
|
|
★★★★★
|
|
2019-04-18 18:03:00 |
Poll: Facebook Harvests Email Contacts for 1.5M Users – Is Enough, Enough? (lien direct) |
Take our short poll on how far Facebook can push its luck. |
|
|
★★
|
|
2019-04-18 16:00:03 |
Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug (lien direct) |
The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug. |
|
|
★★
|
|
2019-04-18 13:04:03 |
Cisco Patches Critical Flaw In ASR 9000 Routers (lien direct) |
The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said. |
|
|
★★
|
|
2019-04-17 20:59:05 |
Ubiquitous Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images (lien direct) |
The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks. |
Malware
|
|
★★★★
|
|
2019-04-17 19:53:05 |
Researchers: Facebook\'s Data-Leveraging Scandal Puts Users on Notice (lien direct) |
After a report revealed that Facebook used user data to leverage its relationships with other companies, researchers are stressing that both firms and users need to re-assess data privacy. |
|
|
★★★★
|
|
2019-04-17 17:32:00 |
State-Sponsored DNS Hijacking Infiltrates 40 Firms Globally (lien direct) |
An ongoing campaign, active since 2017, has been stealing credentials via global DNS hijacking attacks. |
|
|
★★★
|
|
2019-04-17 15:34:04 |
ThreatList: Bad Bots Account for a Fifth of All Web Traffic, FinServ Hit the Worst (lien direct) |
The financial services industry sees nearly half of all website traffic coming from malicious bots. |
|
|
★★★★
|
|
2019-04-17 13:33:00 |
Oracle Squashes 53 Critical Bugs in April Security Update (lien direct) |
Overall Oracle patched 297 flaws across multiple product as part of its April security update. |
|
|
★★★★
|
|
2019-04-12 16:56:02 |
Romanian Duo Convicted of Malware Scheme Infecting 400,000 Computers (lien direct) |
The duo are convicted of infecting 400,000 computers in the U.S. with malware and scamming victims out of millions of dollars. |
Malware
|
|
★★★★
|
|
2019-04-12 14:58:05 |
North Korea\'s Hidden Cobra Strikes U.S. Targets with HOPLIGHT (lien direct) |
The custom malware is a spy tool and can also disrupt processes at U.S. assets. |
Malware
Tool
|
APT 38
|
|
|
2019-04-12 14:13:00 |
WordPress Yellow Pencil Plugin Flaws Actively Exploited (lien direct) |
Yet another Wordpress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered. |
|
|
|
|
2019-04-12 14:08:04 |
ThreatList: Tax Scammers Launch a Raft of Fake Mobile Apps (lien direct) |
Convincing phishing pages and millions of suspicious apps are plaguing tax season. |
|
|
|
|
2019-04-11 17:19:04 |
WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited (lien direct) |
A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild. |
Vulnerability
|
|
|
|
2019-04-11 16:05:04 |
SAS 2019: Fake News Peddlers Adopt Clever New Trick to Fool Facebook, Twitter (lien direct) |
At SAS 2019, Recorded Future CTO discusses a new kind of high-profile influence campaign spotted using a new technique: Old news. |
|
|
|
|
2019-04-11 12:54:05 |
Amazon Auditors Listen to Echo Recordings, Report Says (lien direct) |
Amazon is under fire for its privacy policies after a Bloomberg report revealed that the company hires auditors to listen to Echo recordings. |
|
|
|
|
2019-04-10 20:11:04 |
SAS 2019: Joe FitzPatrick Warns of the \'$5 Supply Chain Attack\' (lien direct) |
At the Security Analyst Summit, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, to discuss supply chain threats. |
|
|
|
|
2019-04-10 15:21:02 |
Yahoo Offers $117.5M Settlement in Data Breach Lawsuit (lien direct) |
Yahoo is taking a second stab at settling a massive lawsuit regarding the data breaches that the Internet company faced between 2013 and 2016. |
Data Breach
|
Yahoo
|
|
|
2019-04-10 04:30:03 |
SAS 2019: Gaza Cybergang Blends Sophistication Levels in Highly Effective Spy Effort (lien direct) |
The SneakyPastes campaign was highly effective but hardly advanced. |
|
|
★★
|
|
2019-04-10 03:11:05 |
SAS 2019: Meet \'TajMahal,\' A New and Highly Advanced APT Framework (lien direct) |
A highly sophisticated APT framework has been found targeting a single Central Asian diplomatic entity for years. |
|
|
★★
|
|
2019-04-09 20:11:04 |
Intel Patches High-Severity Flaws in Media SDK, Mini PC (lien direct) |
Overall Intel patched four vulnerabilities, including high-severity flaws in its Media SDK and Intel NUC mini PC. |
|
|
★★
|
|
2019-04-09 18:08:00 |
Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player (lien direct) |
During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products. |
|
|
★★★
|
|
2019-04-09 16:22:00 |
Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print (lien direct) |
The Samsung Galaxy S10 fingerprint sensor can be fooled in a hack that takes a mere 13 minutes and involves a 3D printed fingerprint. |
Hack
|
|
|
|
2019-04-09 15:39:00 |
Shadow App Development: Insider Threat or Opportunity? (lien direct) |
The challenge for most enterprises is that the demand for software is so high that traditional development teams often can't keep up. |
Threat
|
|
|
|
2019-04-09 13:00:04 |
Verizon Router Command Injection Flaw Impacts Millions (lien direct) |
A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection. |
|
|
|
|
2019-04-09 12:06:00 |
SAS 2019: 4 Stuxnet-Related APTs Form Gossip Girl, an \'Apex Threat Actor\' (lien direct) |
Flowershop, Equation, Flame and Duqu appear to have a hand in the different phases of Stuxnet development, all working as part of an operation active as early as 2006. |
Threat
|
|
|
|
2019-04-09 07:20:04 |
SAS 2019: Genesis Marketplace Peddles 60K Stolen Digital Identities (lien direct) |
An underground marketplace is selling tens of thousands of compromised digital identities, paving the way for cybercriminals to commit online fraud. |
|
|
|
|
2019-04-05 20:29:00 |
Cisco Finally Patches Router Bugs As New Unpatched Flaws Surface (lien direct) |
Cisco repatched its RV320 and RV325 routers against two high-severity vulnerabilities, but at the same time reported two new medium-severity bugs with no fixes. |
|
|
|
|
2019-04-05 17:42:04 |
Facebook Boots 74 Cybercrime Groups From Platform (lien direct) |
The 74 cybercrime groups were offering illicit services - from email spamming tools to stolen credentials - right on Facebook's platform. |
|
|
|
|
2019-04-05 14:22:04 |
Hackers Abuse Google Cloud Platform to Attack D-Link Routers (lien direct) |
Three waves of DNS hijacking attacks against consumer routers have been linked back to Google Cloud Platform abuse. |
|
|
|
|
2019-04-05 14:01:02 |
LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files (lien direct) |
Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack. |
Spam
|
|
|
|
2019-04-04 17:33:04 |
This Preinstalled Mobile Security App Delivered Vulnerabilities, Not Protection (lien direct) |
No. 4 global phone maker, Xiaomi, preinstalled a security app called 'Guard Provider' that had a major flaw. |
|
|
★★
|
|
2019-04-04 17:31:00 |
Facebook and Amazon are Locked in a Blame Game Over Leaked Data: Who\'s Really To Blame? (lien direct) |
After two databases were discovered leaking Facebook data, Facebook and Amazon are both pointing fingers - but researchers say the onus lies on all parties involved as data collection continues to grow. |
|
|
★★★★
|
|
2019-04-04 13:26:01 |
Free Cynet Threat Assessment for Mid-sized and Large Organizations (lien direct) |
Have your business try Cynet's Free Threat Assessment that checks for malware, C&C connections, data exfiltration, phishing link access, user credential thefts attempts, etc. |
Threat
|
|
|
|
2019-04-04 13:00:02 |
BEC Scam Gang London Blue Evolves Tactics, Targets (lien direct) |
Business email compromise group London Blue is back with evolved email domain spoofing tactics and a newfound interest in targets in Asia. |
|
|
|
|
2019-04-04 11:00:00 |
SAS 2019 to Tackle APTs, Supply Chains and More (lien direct) |
The Security Analyst Summit 2019 heads to Singapore where elite researchers, top cybersecurity firms and global law enforcement agencies fight cybercrime. |
|
|
|
|
2019-04-03 21:27:04 |
Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution (lien direct) |
Nvidia has patched eight high-severity flaws in its Tegra processors, which could enable denial of service and code execution. |
|
|
|
|
2019-04-03 18:36:00 |
Facebook Data of Millions Exposed in Leaky Datasets (lien direct) |
Researchers say that two publicly exposed dataset are leaking Facebook data- from user names to plaintext passwords. |
|
|
★★★
|
|
2019-04-03 17:57:04 |
How to Maximize the Value of Your Cybersecurity Investment (lien direct) |
Maximizing your security investment starts with hiring the right talent, harvesting data, spotting trends in logs and more. |
|
|
★★★★★
|
|
2019-04-03 14:44:02 |
OceanLotus APT Uses Steganography to Shroud Payloads (lien direct) |
The OceanLotus APT is using two new loaders which use steganography to read their encrypted payloads. |
|
APT 32
|
★★★★
|
|
2019-04-02 20:26:02 |
ThreatList: Half of All Attacks Aim at Supply Chain (lien direct) |
Attackers these days want to 'own' your entire system, including partners and suppliers. |
|
|
★★★★
|
|
2019-04-02 15:48:04 |
Mobile-First Phishing Kit Targets Verizon Customers (lien direct) |
The kit's authors demonstrate a knowledge of Verizon's infrastructure. |
|
|
|
|
2019-04-02 15:32:03 |
(Déjà vu) Google\'s April Android Security Bulletin Warns of 3 Critical Bugs (lien direct) |
Google's April Android Security update fixed 12 Android-specific vulnerabilities including three critical remote code execution flaws. |
|
|
|
|
2019-04-02 09:01:04 |
Financial Apps are Ripe for Exploit via Reverse Engineering (lien direct) |
White hat hacker reverse engineers financial apps and finds a treasure trove of security issues. |
|
|
|
|
2019-04-01 20:15:03 |
March Madness Scams Give Attackers Fast Break (lien direct) |
Researchers have seen March Madness-related phishing scams, fake domains and adware spike as cybercriminals take a pass at tournament viewers. |
|
|
|
|
2019-04-01 17:45:01 |
Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps (lien direct) |
Google said in 2018 it tracked a rise in the number of potentially harmful apps found on Android devices that were either pre-installed or delivered via over-the-air updates. |
|
|
|
|
2019-04-01 15:40:03 |
ThreatList: Game of Thrones, a Top Malware Conduit for Cybercriminals (lien direct) |
As Game of Thrones' eighth season gets ready to kick off, a new report says the popular TV show accounted for 17 percent of all infected pirated content in the last year. |
Malware
|
|
|
|
2019-03-29 16:26:00 |
Magento Patches Critical SQL Injection and RCE Vulnerabilities (lien direct) |
Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site. |
Vulnerability
|
|
|
|
2019-03-29 14:13:05 |
Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk (lien direct) |
A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive's physical process and or even stop it. |
|
|
|