Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2016-10-06 18:00:00 |
NIST study warns of security fatigue among users (lien direct) |
Most web users are overwhelmed with warning of online threats and suffer from "security fatigue," according to the National Institute of Standards and Technology (NIST). |
|
|
|
|
2016-10-06 17:45:00 |
BuzzFeed targeted by OurMine (lien direct) |
Following its exposé accusing OurMine of web defacements, the website BuzzFeed was itself hit. |
|
|
|
|
2016-10-06 17:34:09 |
Shades of Locky, MarsJoke in new Hades ransomware (lien direct) |
Another new ransomware type called Hades, uncovered this week by Proofpoint, that seems to pull in features from several older malware types. |
|
|
|
|
2016-10-06 17:30:00 |
WordPress site hack highlights emerging \'Windows keys\' redirect scam (lien direct) |
Researchers at Sucuri are monitoring a rise in website compromises in which visitors are redirected to domains that offer to sell Windows product keys. |
|
|
|
|
2016-10-06 17:00:00 |
FBI sought terrorist email in Yahoo sweep (lien direct) |
To comply with a directive from the Foreign Intelligence Surveillance Court to dig through all of its customers' email, Yahoo customized an already existing technology intended to search for child porn and spam. |
|
Yahoo
|
|
|
2016-10-06 15:49:49 |
Russian anti-terrorism law allows security firms to hack Facebook Messenger, Skype, WhatsApp (lien direct) |
A recently passed Russian law has given that country's security firms the green light to crack encrypted communications services. |
|
|
★★★★★
|
|
2016-10-06 15:30:00 |
Researcher finds flaws in industrial control devices (lien direct) |
A number of vulnerabilities found in an industrial automation device could allow hackers to take control of machinery. |
|
|
|
|
2016-10-06 14:11:50 |
Why it\'s so difficult for SOC teams to trust automation (lien direct) |
In the complex corporate security environment, automation is increasingly the "go-to" answer for organizations lost in a sea of alerts, logs and data. |
|
|
|
|
2016-10-06 14:07:46 |
Beyond signatures (lien direct) |
Cyber intrusions are continuing unabated with no end in sight, and the industry is split on what new methods are necessary to combat advanced threats, says Endgame's Mark Dufresne. |
|
|
|
|
2016-10-05 21:28:36 |
Crypt-oh no: Research paper ribs cybercriminals for not doing their homework on encryption (lien direct) |
In their new white paper "Great Crypto Failures," Check Point Software Technologies researchers Ben Herzog and Yaniv Balmas poke fun of common malware encryption errors, and explain why some cybercriminals fail to master the art of encryption. |
|
|
|
|
2016-10-05 21:03:30 |
Researchers discover DNS exploit that can identify Tor users (lien direct) |
A team of researchers discovered a new method that allows actors to deanonymize Tor users by exploiting the domain name system. |
|
|
|
|
2016-10-05 20:19:19 |
And the country with the most bot Infections is... Turkey (lien direct) |
Researchers at Symantec's Norton division found that Turkey has the largest number of "bot" infections with one bot for every 1,139 internet users. |
|
|
|
|
2016-10-05 19:52:05 |
Diversity one key to solving cybersecurity job gap (lien direct) |
The benefits of having a diverse cyber workforce were pounded home on October 4 by CISOs, government officials and academics during the IBM/International Consortium of Minority Cybersecurity Professionals (ICMCP) Town Hall. |
|
|
|
|
2016-10-05 19:30:00 |
Secret compliance with FISA directive, massive breach spell trouble for Yahoo (lien direct) |
Yahoo called a Reuters report that it allowed secret spying of its customers' email "misleading," but the privacy implications are being debated not only by the tech and legal communities but the public as well. |
Guideline
|
Yahoo
|
|
|
2016-10-05 19:18:25 |
NSA contractor nabbed for pilfering agency codes (lien direct) |
Harold T. Martin III, 51, who worked for Booz Allen Hamilton, was arrested after an FBI search of his home and car uncovered an abundance of highly classified documents, which Martin was not authorized to have |
|
|
|
|
2016-10-05 18:17:24 |
Oil \'slick\': Sneaky OilRig malware campaign flows into new territory (lien direct) |
A backdoor malware campaign dubbed OilRig that in May was discovered targeting organizations in Saudi Arabia is now trying to drill into government entities in Turkey, Israel and the U.S., as well as Qatari companies and organizations. |
|
APT 34
|
|
|
2016-10-05 18:13:21 |
MasterCard debuts biometric app for online shopping (lien direct) |
MasterCard on Wednesday rolled out Identity Check Mobile, a new app that allows cardholders to pay for online purchases using biometrics to authenticate their identity. |
|
|
|
|
2016-10-05 17:45:00 |
SANS calls for admins to secure IoT devices as manufacturers drag feet (lien direct) |
SANS Institute researchers are calling on system admins to do their part in securing connected devices. |
|
|
|
|
2016-10-05 17:30:00 |
IP EXPO: Kaspersky speaks on CNI and says we\'re living in \'scary times\' (lien direct) |
Eugene Kaspersky, CEO of Kaspersky Lab speaks at IP EXPO Europe 2016 and explains why he believes cyber-attackers are now turning their attention to critical national infrastructure. |
|
|
|
|
2016-10-05 17:22:42 |
Spotify serving malicious ads to freemium users (lien direct) |
Several Spotify users are reporting that the streaming music service is serving malware to its users through its advertiser network. |
|
|
|
|
2016-10-05 17:00:00 |
ATM malware gang member arrested in Romania (lien direct) |
The City of London Police have arrested a man in Romania charged with involvement in a campaign that installed malware on to ATMs around the UK |
|
|
|
|
2016-10-05 16:30:00 |
ICO fines TalkTalk £400K for theft of customer data last year (lien direct) |
Due to its poor data security, which led to the theft of the personal data of over 150,000 customers last year, TalkTalk has been fined £400,000 by the Information Commissioner's Office (ICO). |
|
|
|
|
2016-10-05 16:00:00 |
Orgs must address the possibility of data leakage to prepare for GDPR (lien direct) |
With the GDPR set to change cyber-security regulation in Europe and more than nine in 10 organisations reporting a data breach in the last five years, businesses need to quickly put measures in place to prevent the loss of Personal Identifiable Information (PII). |
|
|
|
|
2016-10-05 12:30:00 |
Facebook Messenger caught up to WhatApp security with opt-in encryption (lien direct) |
Facebook Messenger quietly added the opt-in option to use encrypted messages in its latest update. |
|
|
|
|
2016-10-05 12:00:00 |
Insulin pump from Animas can be sabotaged to deliver overdose; risk \'extremely low\' (lien direct) |
The OneTouch Ping Insulin Pump system from Animas Corporation contains three vulnerabilities that could allow a remote attacker to trigger an overdose, warned Internet security firm Rapid7, in an announcement later confirmed by the device manufacturer. |
|
|
|
|
2016-10-04 20:30:00 |
Yahoo, complying with U.S. intelligence directive, searched emails (lien direct) |
At the behest of a directive handed down by U.S. intelligence officials, Yahoo built a custom software program in secret to dig through the emails of all of its customers. |
|
Yahoo
|
|
|
2016-10-04 19:15:00 |
ALERT: Yahoo scanned all arriving customer email at gov\'t intel\'s behest, Reuters (lien direct) |
Reuters is reporting that Yahoo complied with a government request for information by scanning Yahoo Mail accounts via custom-built software. |
|
Yahoo
|
|
|
2016-10-04 18:43:59 |
Researchers spot remote code execution flaw in FreeImage (lien direct) |
Cisco Talos researchers spotted a remote code execution vulnerability in the FreeImage Library XMP Image Handling affecting version 3.17.0. |
|
|
|
|
2016-10-04 16:29:22 |
Al Jazeera game simulates journalists\' risky role in Syrian cyber conflict (lien direct) |
Al Jazeera has launched a new mobile game #Hacked - Syria's Electronic Armies, in which the player assumes the role of an investigative journalist tasked with discovering the identities of pro-Syrian government hackers. |
|
|
|
|
2016-10-04 16:13:57 |
No takers for stolen NSA tools, Shadow Brokers rant (lien direct) |
The Shadow Brokers Saturday posted a rant to voice their discontent over the lack of bids for the stolen goods. |
|
|
|
|
2016-10-04 15:30:00 |
Attack on South Korean "vaccine" router blamed on North Korea (lien direct) |
North Korea is suspect number one in an attack against South Korea's cyber command last month, according to a member of the main opposition party, Minjoo. |
|
|
|
|
2016-10-04 15:00:00 |
SecuritySerious - seriously, are we speaking to ourselves? (lien direct) |
Cyber-Security Month kicked off this morning with the SecuritySerious conference, with a group of information security professionals gathering to discuss pertinent IT security issues. |
|
|
|
|
2016-10-04 14:59:05 |
General says U.S. soldiers need better cyber training (lien direct) |
The U.S. Army must begin training its soldiers to endure and then continue to fight after suffering a cyberattack on the battlefield. |
|
|
|
|
2016-10-04 14:54:27 |
Apple pushing out OS update automatically (lien direct) |
Apple is pushing out its new macOS Sierra as an automatic download. |
|
|
|
|
2016-10-03 21:11:00 |
Secure your devices, Mirai source code release means mayhem (lien direct) |
The malware spreads by continuously scanning the web for vulnerable devices using default or hard-coded usernames and passwords. |
|
|
★★
|
|
2016-10-03 20:49:44 |
Multilingual ransomware Polyglot talks good game, but can\'t match CTB-Locker (lien direct) |
A recently discovered ransomware program known as Polyglot tries very hard to imitate the menacing cryptor CTB-Locker, but ultimately falls short in its encryption strength and can be defeated, according to Kaspersky Lab. |
|
|
|
|
2016-10-03 20:13:20 |
Trump vows strong cybersecurity at rally, criticizes Obama, Clinton (lien direct) |
At a rally in Virginia, Donald Trump pledged to make cybersecurity a top priority. |
|
|
|
|
2016-10-03 15:38:42 |
Google Chrome update corrects use-after-free vulnerability (lien direct) |
Google last week announced the impending rollout of Chrome version 53.0.2785.143, which addresses three security issues affecting the Windows, Mac and Linux operating systems. |
|
|
|
|
2016-10-03 15:07:44 |
DressCode spotted in 3K Android apps, 400 in Google Play (lien direct) |
DressCode malware spotted in thousands of apps and could pose a serious threat to enterprise networks. |
|
|
|
|
2016-10-03 15:00:00 |
C&C attacks used plain text to drop malware on Quora and Yahoo! Answers (lien direct) |
Security researchers discovered a series of attacks that use written text on answers forums and other legitimate web sites to launch command and control instructions in order to implant malware and evade detection. |
|
Yahoo
|
|
|
2016-10-03 14:47:24 |
Vast majority of Americans unsettled about data breaches (lien direct) |
A new study found significant concerns around data breaches among 1,200 American survey participants. |
|
|
|
|
2016-10-03 10:00:00 |
(Déjà vu) Cybersecurity preparedness requires threat intelligence information sharing (lien direct) |
Threat intelligence information sharing efforts have become increasingly important as breaches become more pervasive. Karen Epper Hoffman reports. |
|
|
|
|
2016-10-03 10:00:00 |
(Déjà vu) Sharing is caring: Public-private (lien direct) |
Threat intelligence information sharing efforts have become increasingly important as breaches become more pervasive. Karen Epper Hoffman reports. |
|
|
|
|
2016-10-03 10:00:00 |
Early warning: Actionable intelligence (lien direct) |
Like a canary in a coal mine, automated threat intelligence can sound early warnings of toxic threats to the network, reports Steve Zurier. |
|
|
|
|
2016-09-30 18:47:59 |
SSH brute force attacks compromise servers for DDoS attacks (lien direct) |
Sucuri researcher Daniel Cid found that it only took an attacker 12 minutes to compromise an IPv4 server, and shortly after launch DDoS attacks. |
|
|
|
|
2016-09-30 18:30:33 |
Ransomware\'s busy week with new varieties and updates being debuted (lien direct) |
With the massive Yahoo! data breach grabbing the cybersecurity headlines of late, it might be easy to forget criminals are still busy pushing ransomware with two new varieties being recently introduced and a one older type being revamped. |
|
Yahoo
|
|
|
2016-09-30 16:25:17 |
Privacy orgs file brief against U.S., allies on bulk surveillance (lien direct) |
A coalition of privacy organizations are suing the United States and its allies for involvement in a bulk data collection program, which they say violates the European Convention on Human Rights. |
|
|
|
|
2016-09-30 15:47:21 |
(Déjà vu) Zerodium offerng $1.5 million for a Apple iOS 10 remote jailbreak (lien direct) |
The security firm Zerodium announced an increase in bounty prices for zero-day exploits with the top prize now being $1.5 million for and Apple iOS 10 remote jailbreak, a $1 million increase. |
|
|
|
|
2016-09-30 15:47:21 |
(Déjà vu) Zerodium offering $1.5 million for a Apple iOS 10 remote jailbreak (lien direct) |
The security firm Zerodium announced an increase in bounty prices for zero-day exploits with the top prize now being $1.5 million for and Apple iOS 10 remote jailbreak, a $1 million increase. |
|
|
|
|
2016-09-30 14:30:00 |
Linux.Mirai Trojan causing mayhem with DDoS attacks (lien direct) |
A Trojan named Linux.Mirai has been found to be carrying out DDoS attacks. |
|
|
|