What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-09 18:20:48 | Iranian Hackers Update Spear-Phishing Techniques in Recent Campaign (lien direct) | The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, ClearSky's security researchers report. | Threat Conference | APT 35 | |
|
2019-10-09 16:48:57 | Audit Finds Critical Vulnerability in iTerm2 macOS Terminal Emulator (lien direct) | A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator. | Vulnerability | ||
|
2019-10-09 15:04:30 | Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey (lien direct) | Representatives of the utilities industry believe the risk of cyberattacks on the sector has increased and many expect an attack on critical infrastructure in the next year, according to a study conducted by Siemens and the Ponemon Institute. | |||
|
2019-10-09 14:51:37 | Pass the Hash Remains a Poorly Defended Threat Vector (lien direct) | In 2010, SANS reported that knowledge of the Pass the Hash attack first described some thirteen years earlier was still poor. By 2019, knowledge of the threat vector that has now been in the public domain for more than two decades has improved, but is still not complete. | Threat | ||
|
2019-10-09 12:32:11 | Cybersecurity Firms Partner on Open Source Security Technology Development (lien direct) | A group of cybersecurity companies this week announced the Open Cybersecurity Alliance (OCA), a joint effort focused on the development of open source security technologies. | |||
|
2019-10-09 12:07:01 | (Déjà vu) NSA: Multiple State-Sponsored APTs Exploiting Enterprise VPN Flaws (lien direct) | After the UK's National Cyber Security Centre (NCSC) issued an alert, the National Security Agency (NSA) in the United States has also warned organizations that multiple state-sponsored threat actors have been exploiting the recently disclosed vulnerabilities affecting enterprise VPN products from Pulse Secure, Fortinet and Palo Alto Networks. | Threat | ||
|
2019-10-09 10:37:41 | How Blockchain Will Solve Some of IoT\'s Biggest Security Problems (lien direct) | Blockchain Can Protect Systems and Devices While Supporting IoT Devices that Have Few Security Defenses | |||
|
2019-10-09 09:55:22 | Apple Patches 16 Vulnerabilities With macOS Catalina 10.15 (lien direct) | Apple this week released its latest desktop operating system iteration, macOS Catalina 10.15, which includes patches for a total of 16 vulnerabilities. | |||
|
2019-10-09 07:23:10 | No Patch for Critical Code Execution Flaw Affecting D-Link Routers (lien direct) | A critical remote code execution (RCE) vulnerability affecting several D-Link routers that reached their end of life (EOL) remains unpatched. | Vulnerability | ||
|
2019-10-09 02:12:47 | New US-UK Agreement Speeds Law Enforcement\'s Access to User Data (lien direct) | The United States and the United Kingdom have signed an agreement designed to help law enforcement agencies gain faster access to data related to serious crimes. This is the first such agreement based on the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, which was enacted into U.S. federal law on March 23, 2018. | |||
|
2019-10-08 23:45:13 | Twitter Admits Phone Numbers Meant for Security Used for Ads (lien direct) | Twitter on Tuesday apologized after "inadvertently" using phone numbers and email addresses for advertising even though the personal data was provided for account security. Twitter users' phone numbers and email addresses -- submitted to allow for account authentication -- were matched with advertisers' own data to enable targeted ads. | |||
|
2019-10-08 20:28:55 | (Déjà vu) VMware Completes $2.1 Billion Acquisition of Carbon Black (lien direct) | Virtualization and cloud infrastructure giant VMWare (NYSE: VMW) announced on Tuesday that it has completed its acquisition of endpoint security firm Carbon Black (NASDAQ: CBLK) in an all-cash transaction for $26 per share, representing an enterprise value of $2.1 billion. | |||
|
2019-10-08 19:25:28 | Vulnerabilities Expose TwinCAT Industrial Systems to DoS Attacks (lien direct) | A couple of vulnerabilities affecting the TwinCAT PLC runtime from Beckhoff can be exploited for denial-of-service (DoS) attacks, which may be triggered by malicious actors or by accident. | |||
|
2019-10-08 19:18:04 | Email Attacks Using Cloud Services are Increasing (lien direct) | An analysis of more than 2.2 billion emails between April and June (Q2) 2019 exposes the current tactics, techniques and targets of contemporary attackers. | |||
|
2019-10-08 18:48:18 | Microsoft Patches 60 Flaws With October 2019 Security Updates (lien direct) | Microsoft's Patch Tuesday updates for October 2019 fix 60 vulnerabilities, but none of them appear to have been exploited in attacks and only nine are considered critical. | |||
|
2019-10-08 15:41:36 | 2020 Presidential Candidate Campaign Websites Fail On User Privacy (lien direct) | Despite everything that has happened over the last four years, the security posture of the 2020 presidential candidates' campaign websites is little better and often worse than it was in 2016. | |||
|
2019-10-08 14:03:08 | (Déjà vu) Google Patches Remote Code Execution Bugs in Android 10 (lien direct) | Google's October 2019 set of security patches for Android address a total of 26 vulnerabilities in the operating system, including a couple of remote code execution bugs impacting Android 10. | |||
|
2019-10-08 13:45:04 | Code Execution Vulnerability Impacts NSA Reverse Engineering Tool (lien direct) | Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed. | Tool Vulnerability | ||
|
2019-10-08 10:25:29 | Preview: SecurityWeek\'s 2019 ICS Cyber Security Conference (Oct. 21-24 | Atlanta) (lien direct) | SecurityWeek's 2019 ICS Cyber Security Conference, the largest and longest-running event dedicated to industrial and critical infrastructure cybersecurity, is set to take place in Atlanta, Ga. on October 21-24. | |||
|
2019-10-08 10:18:32 | Cloud is Creating Security and Network Convergence (lien direct) | Network Security Expertise is Needed More Than Ever Inside Security Operations Centers and on DevOps Teams | |||
|
2019-10-07 18:23:50 | Magecart Group Tied to Cobalt Hackers (lien direct) | Security researchers were able to link one of the hacking groups operating under the Magecart umbrella to the infamous threat actor known as the Cobalt Group. | Threat | ||
|
2019-10-07 15:58:21 | Patches for Internet Explorer Zero-Day Causing Problems for Many Users (lien direct) | Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy. | Vulnerability | ||
|
2019-10-07 14:24:21 | NIST\'s Zero Trust Taxonomy Introduces Components, Threats and Migration Routes (lien direct) | NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207). The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, and to define ZTA, describe possible deployment scenarios, and highlight threats. | |||
|
2019-10-07 13:44:35 | New Campaign Targets Drupalgeddon2 Flaw to Install Malware (lien direct) | Hackers continue to target the Drupal vulnerability named Drupalgeddon2 to install malware onto unpatched systems, Akamai's security researchers have discovered. | Malware Vulnerability | ||
|
2019-10-07 11:56:08 | CISO Mindshare Is Influencing Tomorrow\'s Platforms (lien direct) | We Need More CISOs To Speak Up | |||
|
2019-10-07 09:44:24 | Signal Rushes to Patch Serious Eavesdropping Vulnerability (lien direct) | The developers of the popular privacy-focused messaging application Signal have rushed to patch a serious vulnerability in the Android version that can be exploited by an attacker to eavesdrop on users. | Vulnerability | ||
|
2019-10-07 01:50:02 | U.S. to Help Secure Baltic Energy Grid Against Cyber Attacks (lien direct) | The United States and Baltic states on Sunday agreed to beef up cooperation to protect the Baltic energy grid from cyber attacks as they disconnect from the Russian electricity grid. | |||
|
2019-10-07 01:34:37 | Iranian Hackers Said to Target Presidential Campaign (lien direct) | Microsoft said Friday that hackers linked to the Iranian government targeted a U.S. presidential campaign, as well as government officials, media targets and prominent expatriate Iranians. | |||
|
2019-10-04 18:12:37 | APTs Exploiting Enterprise VPN Vulnerabilities, UK Govt Warns (lien direct) | Advanced persistent threat (APT) actors have been exploiting recently disclosed vulnerabilities affecting enterprise VPN products from Fortinet, Palo Alto Networks and Pulse Secure, the UK's National Cyber Security Centre (NCSC) warns. | Threat | ||
|
2019-10-04 12:41:51 | Zero-Day Used in the Wild Impacts Pixel 2, Other Android Phones (lien direct) | Fully patched Pixel 2 devices, even those running Android 10 preview, are impacted by a vulnerability that has already been abused in attacks, a Google Project Zero security researcher has discovered. | Vulnerability | ||
|
2019-10-04 12:06:43 | Moe\'s, McAlister\'s, Schlotzsky\'s Restaurants Hit by Payment Card Breach (lien direct) | Restaurant chains Moe's Southwest Grill, McAlister's Deli, and Schlotzsky's were hit earlier this year by a payment card breach that has impacted hundreds of locations. | |||
|
2019-10-04 09:25:09 | WhatsApp Flaw Allows Remote Code Execution via Malicious GIF File (lien direct) | 
Facebook recently patched a vulnerability in WhatsApp for Android that may have allowed hackers to execute arbitrary code and gain access to sensitive user data by sending specially crafted GIF files.
|
Vulnerability | ||
|
2019-10-04 06:40:37 | Turkey Fines Facebook for Breach of Data Protection Laws (lien direct) | Turkey's data protection authority says it has imposed a 1.6 million Turkish lira ($280,000) fine on Facebook for contravening the country's data laws. | |||
|
2019-10-04 05:08:37 | Officials Push Facebook for Way to Peek at Encrypted Messages (lien direct) | Officials are calling on Facebook not to use encryption in its messaging services that does not provide authorities a way to see what is being sent. | |||
|
2019-10-03 16:09:07 | How to Choose an Authenticator. Or Two. Or Three. (lien direct) | When it Comes to Proving Users Are Who They Say They Are, There's no Single Solution That Will Meet All Your Needs. | |||
|
2019-10-03 15:46:01 | Researcher Shows How Adversaries Can Gather Intel on U.S. Critical Infrastructure (lien direct) | A researcher has used a free tool that he created and open source intelligence (OSINT) to demonstrate how easy it is for adversaries to gather intelligence on critical infrastructure in the United States. | Tool | ||
|
2019-10-03 14:49:58 | Adwind Malware Used in Attacks Against U.S. Petroleum Firms (lien direct) | Attackers using the Adwind remote access Trojan (RAT) are targeting petroleum firms in the United States in a recent campaign, researchers from Netskope report. | Malware | ||
|
2019-10-03 14:30:31 | Alabama Hospital System Halts Admissions Amid Malware Attack (lien direct) | A hospital system that serves a large part of rural west Alabama temporarily quit accepting new patients after a ransomware attack crippled some of its computer systems Tuesday. | Ransomware Malware | ||
|
2019-10-03 07:28:01 | Zendesk Discloses Old Data Breach Affecting 10,000 Accounts (lien direct) | Customer support company Zendesk revealed on Wednesday that it has become aware of a security incident impacting thousands of accounts activated before November 2016. | Data Breach | ||
|
2019-10-03 01:23:55 | U.S. to Collect DNA of All Undocumented Migrants (lien direct) | 
The US government plans to collect the DNA of all migrants detained after entering the country illegally, officials said Wednesday.
|
|||
|
2019-10-02 18:59:10 | MasterMana Campaign Combines Stealth, Free Services and Old Malware (lien direct) | An ongoing cybercrime campaign that started as early as December 2018, has avoided widespread detection through a combination of stealth tactics and hiding in plain sight. | Malware | ||
|
2019-10-02 15:16:09 | Google Expands Use of Password Checkup Tool, Unveils New Privacy Features (lien direct) | Google on Wednesday announced that its Password Checkup tool has been added to the Account password manager, and the company has unveiled some new security and privacy features for YouTube, Maps and Assistant. | Tool | ||
|
2019-10-02 14:19:37 | US Warns Italy Over China and 5G (lien direct) | US Secretary of State Mike Pompeo warned Italy Wednesday of China's "predatory approach" to trade and investment, but Rome insisted its special powers over 5G supply deals would protect it. | |||
|
2019-10-02 13:52:18 | Let\'s Get Serious About Security Metrics (lien direct) | There are many topics in security that generate quite a bit of discussion when someone brings them up. Unfortunately, metrics isn't one of those topics. Sadly, more often than not, bringing up the topic of metrics is a great way to create awkward silence in a room. | |||
|
2019-10-02 12:40:55 | Urgent/11 Flaws Impact More RTOS Used by Medical, Industrial Devices (lien direct) | IoT security firm Armis has confirmed that the recently disclosed vulnerabilities tracked as Urgent/11 affect several real time operating systems (RTOS) other than VxWorks. | |||
|
2019-10-02 12:20:57 | Advanced ICS/SCADA Hacking Training Offered at SecurityWeek\'s 2019 ICS Cyber Security Conference (lien direct) | SecurityWeek has announced that it will offer an Advanced ICS/SCADA Hacking Training program at its 2019 Industrial Control Systems (ICS) Cyber Security Conference, which takes place October 21-24 in Atlanta. | |||
|
2019-10-02 10:35:16 | Perception vs. Reality in Federal Government Security Practices (lien direct) | Focusing on Data Security Controls Will Not Provide the Most Robust Protection Against Data Breaches | |||
|
2019-10-02 08:45:36 | Ransomware Hits Hundreds of US Schools, Local Governments: Study (lien direct) | Hundreds of US municipalities, schools and health organizations have been hit by ransomware in 2019, leading to massive service disruptions, researchers said Tuesday. | Ransomware Guideline | ||
|
2019-10-02 08:39:30 | Singapore Lays Out Plans for Operational Technology Cybersecurity (lien direct) | Singapore's Cyber Security Agency (CSA) on Tuesday unveiled the country's Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems. | |||
|
2019-10-02 06:27:31 | Iranian Official Denies Plans to Interfere With US Election (lien direct) | Iranian Foreign Minister Mohammad Javad Zarif is denying his country would interfere with the upcoming U.S. presidential election and says his government doesn't have a preference in the race. |
To see everything:
Our RSS (filtrered)
