Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-10-11 20:24:05 |
New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors (lien direct) |
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. |
Vulnerability
|
|
|
|
2018-10-11 20:19:04 |
ThreatList: Credential Theft Spikes by Triple Digits in U.S. (lien direct) |
Meanwhile, the LokiPWS (a.k.a. Lokibot) malware family distribution is surging. |
Malware
|
|
|
|
2018-10-11 18:11:00 |
Adaptable, All-in-One Android Trojan Shows the Future of Malware (lien direct) |
GPlayed may be the new face of malware -- flexible and adaptable, with a Swiss Army knife-like toolbox that can be used to target pretty much anyone. |
Malware
|
|
|
|
2018-10-11 14:19:00 |
Fake Adobe Flash Updates Hide Malicious Crypto Miners (lien direct) |
A fake Adobe update actually updates victims' Flash - but also installs malicious cryptomining malware. |
|
|
|
|
2018-10-11 14:03:05 |
Calif. Law Takes Aim at Weak IoT Passwords (lien direct) |
Concerns over data privacy and security push California to roll out the first legislation on connected devices. |
|
|
|
|
2018-10-10 21:52:01 |
FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw (lien direct) |
This is the second local privilege-escalation zero-day this APT group has exploited. |
|
|
|
|
2018-10-10 16:07:05 |
Innovative Phishing Tactic Makes Inroads Using Azure Blob (lien direct) |
A brand-new approach to harvesting credentials hinges on users' lack of cloud savvy. |
|
|
|
|
2018-10-10 13:57:02 |
Four Critical Flaws Patched in Adobe Digital Edition (lien direct) |
Adobe Digital Edition has four critical bugs enabling arbitrary code execution. |
|
|
|
|
2018-10-10 11:26:00 |
Podcast: Key Takeaways For DevOps in BSIMM9 (lien direct) |
From supply chain to orchestration tools, here are the new trends that DevOps should pay attention to in this year's BSIMM report. |
|
|
★★★★★
|
|
2018-10-09 21:24:05 |
Microsoft Patches Zero-Day Under Active Attack by APT (lien direct) |
A zero-day vulnerability tied to the Window's Win32k component is under active attack, warns Microsoft. |
Vulnerability
|
|
|
|
2018-10-09 19:37:03 |
New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants (lien direct) |
New Intel Coffee Lake CPUs offer hardware-based protections against some -but not all- Spectre and Meltdown variants. |
|
|
|
|
2018-10-09 18:40:05 |
Slideshow: Intel from Virus Bulletin 2018 (lien direct) |
This year's Virus Bulletin conference featured top-tier research from some of the world's best threat intelligence experts. |
Threat
|
|
|
|
2018-10-09 15:26:05 |
How Shared Pools of Cloud Computing Power Are Changing the Way Attackers Operate (lien direct) |
Cloud computing is creating new challenges among security professionals as attackers embrace the "as-a-service model", giving unsophisticated cybercriminals a leg up in carrying out attacks. |
|
|
★★★★★
|
|
2018-10-09 15:11:03 |
Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape (lien direct) |
Google was caught not disclosing a potential data breach -- leaving questions as to whether a lack of transparency is the new normal. |
Data Breach
|
|
★★★
|
|
2018-10-09 15:10:00 |
ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume (lien direct) |
Most of the attacks originated in China. |
|
|
|
|
2018-10-09 13:16:05 |
Magecart Group Targets Shopper Approved in Latest Attack (lien direct) |
The breach also impacted hundreds of Shopper Approved's customers. |
|
|
|
|
2018-10-08 00:07:00 |
PoC Attack Escalates MikroTik Router Bug to \'As Bad As It Gets\' (lien direct) |
Researchers say a medium severity bug should now be rated critical because of a new hack technique that allows for remote code execution on MikroTik edge and consumer routers. |
Hack
|
|
|
|
2018-10-05 21:23:02 |
Sony Smart TV Bug Allows Remote Access, Root Privileges (lien direct) |
Software patching becomes a new reality for smart TV owners. |
Patching
|
|
|
|
2018-10-05 20:43:01 |
Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat (lien direct) |
A spyware attack on a Saudi dissident living in Canada made headlines this week, but Citizen Lab warns that simpler attacks are the real epidemic. |
Threat
|
|
|
|
2018-10-05 19:07:04 |
D-Link Patches RCE Bugs in Wireless Access Point Gear (lien direct) |
D-Link has released the beta version of the controller which addresses the reported vulnerabilities. |
|
|
|
|
2018-10-05 17:14:02 |
Threatpost New Wrap Podcast For Oct. 5 (lien direct) |
Threatpost editors discuss the highlights and biggest breaking news from this past week. |
|
|
|
|
2018-10-05 16:16:00 |
Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem (lien direct) |
The business of fake likes and followers turns out to be a sprawling enterprise -- likely tied back to IoT botnet activity. |
|
|
★★★★★
|
|
2018-10-04 19:25:05 |
ThreatList: 83% of Routers Contain Vulnerable Code (lien direct) |
Five out of six name brand routers, such as Linksys, NETGEAR and D-Link, contain known open-source vulnerabilities. |
|
|
|
|
2018-10-04 19:14:04 |
Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets (lien direct) |
Russian-speaking Turla has also racked up more victims in its latest APT campaign. |
|
|
|
|
2018-10-04 16:10:00 |
Apple, Amazon Strongly Refute Server Infiltration Report (lien direct) |
An explosive Bloomberg report, if true, would highlight the largest supply chain attack to have been launched against American corporations. |
|
|
|
|
2018-10-03 23:43:05 |
Virus Bulletin 2018: macOS Flaw Allows Attackers to Hijack Installed Apps (lien direct) |
This code-signing issue represents a new attack vector, according to the researcher. |
|
|
|
|
2018-10-03 20:38:05 |
Cloud, Containers, Orchestration Big Factors in BSIMM9 (lien direct) |
A converged architecture that brings independent software vendors, cloud vendors and IoT vendors together is reshaping the security landscape. |
|
|
|
|
2018-10-03 18:46:01 |
Virus Bulletin 2018: Microsoft\'s Lambert on How Cloud is Changing Security (lien direct) |
Supply-chain attacks are on the rise, but machine learning provides the edge that the security industry needs to keep up. |
|
|
|
|
2018-10-03 15:59:02 |
Facebook Breach Sparks Concerns Around Third-Party Apps, Website Security (lien direct) |
Experts say Friday's breach remains a dangerous potential access point to even more third-party apps and websites. |
|
|
|
|
2018-10-03 13:37:00 |
Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad (lien direct) |
Attractive to both white-hats and cybercriminals, AI's role in security has yet to find an equilibrium between the two sides. |
Tool
|
|
★★★★
|
|
2018-10-03 13:36:02 |
Pumping the Brakes on Artificial Intelligence (lien direct) |
Businesses are increasingly adopting artificial intelligence, but all too often these platforms don't feature security-by-design. |
|
|
|
|
2018-10-02 21:19:01 |
Foxit PDF Reader Fixes High-Severity Remote Code Execution Flaws (lien direct) |
Foxit Software has patched over 100 vulnerabilities in its popular Foxit PDF Reader. Many of the bugs tackled by the company include a wide array of high severity remote code execution vulnerabilities. Foxit on Friday released fixes for Foxit Reader 9.3 and Foxit PhantomPDF 9.3, which addressed a whopping 124 vulnerabilities. It’s important to note […] |
|
|
|
|
2018-10-02 19:23:03 |
NOKKI Malware Sports Mysterious Link to Reaper APT Group (lien direct) |
The relationship between the malware and the APT group remains somewhat murky. |
Malware
|
APT 37
|
|
|
2018-10-02 16:47:03 |
Google Patches Critical Vulnerabilities in Android OS (lien direct) |
The most dire vulnerability targets the Android framework and could allow an adversary to execute arbitrary code on targeted devices. |
Vulnerability
|
|
|
|
2018-10-02 14:49:04 |
Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration (lien direct) |
The free online office suite software is used by more than 30 million people and is a ripe target for criminals. |
|
|
|
|
2018-10-02 14:01:04 |
Google Cracks Down on Malicious Chrome Extensions in Major Update (lien direct) |
Starting today, extensions with obfuscated code are banned and developers must go through a stricter extensions review process. |
|
|
|
|
2018-10-02 13:47:00 |
ThreatList: Password Hygiene Remains Lackluster in Global Businesses (lien direct) |
Password-sharing persists, but at least multifactor authentication usage is up. |
|
|
|
|
2018-10-01 21:22:00 |
Adobe Patches 47 Critical Flaws in Acrobat and DC (lien direct) |
The update includes a security bypass bug that enables privilege escalation. |
|
|
|
|
2018-10-01 18:55:03 |
Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack (lien direct) |
Rated as high-risk vulnerabilities, these privilege-escalation flaws could allow an unauthenticated attacker to access protected content. |
|
|
|
|
2018-10-01 17:52:04 |
California, U.S. Government Battle Over Net Neutrality State Law (lien direct) |
The Department of Justice has filed a lawsuit after SB 822 was passed, enforcing net neutrality laws, on Sunday. |
|
|
|
|
2018-10-01 11:56:01 |
Dark Web Azorult Generator Offers Free Binaries to Cybercrooks (lien direct) |
The Gazorp online builder makes it easy to start stealing passwords, credit-card information, cryptocurrency wallet data and more. |
|
|
|
|
2018-09-28 18:32:02 |
Facebook Data Breach Impacts Almost 50 Million Accounts (lien direct) |
Hackers exploited a flaw in Facebook's code impacting its “View As” feature. |
Data Breach
|
|
|
|
2018-09-28 18:11:01 |
Another Linux Kernel Bug Surfaces, Allowing Root Access (lien direct) |
Android, Debian and Ubuntu users are still at risk. |
|
|
|
|
2018-09-28 17:26:05 |
iPhone XS Passcode Bypass Hack Exposes Contacts, Photos (lien direct) |
Bypass works on iOS 12 and Apple's latest iPhone XS model phones allowing an attacker to access contacts and photos. |
Hack
|
|
|
|
2018-09-28 13:22:01 |
Android App Verification Issues Pave Way For Phishing Attacks (lien direct) |
A research team suggested a new secure-by-design API after discovering design flaws in the way Android apps are verified by password managers. |
|
|
|
|
2018-09-27 20:47:02 |
Perimeter Defenses are Dead, So Now What? (lien direct) |
Over time, both enterprise and government networks have seen the network perimeter blur uncontrollably. |
|
|
★★★★★
|
|
2018-09-27 20:08:00 |
ThreatList: Hackers Turn to Python as Attack Coding Language of Choice (lien direct) |
More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python. |
Tool
|
|
|
|
2018-09-27 16:00:02 |
Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access (lien direct) |
Researchers said the vulnerability "is very easy to exploit." |
Vulnerability
|
|
|
|
2018-09-27 14:49:04 |
Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info (lien direct) |
A lack of authentication in Apple's Device Enrollment Program could allow attackers to scoop up Wi-Fi passwords and VPN configurations. |
Tool
|
|
|
|
2018-09-26 20:48:04 |
2018 Has Been Open Season on Open Source Supply Chains (lien direct) |
Hackers see green field opportunities in vulnerable software supply chains. |
|
|
|