Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-26 14:37:00 |
ASUS releases fix for Live Update tool abused in ShadowHammer attack (lien direct) |
ASUS releases Live Update 3.6.8. Also says that "a very small" number of users were impacted. |
Tool
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-26 12:14:01 |
Facebook takes down thousands of pages, groups, and accounts in fake news war (lien direct) |
“Inauthentic” behavior was linked to entities in Iran, Russia, Macedonia, and Kosovo. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-26 12:08:00 |
Facebook rolls out \'Whitehat Settings\' to help bug hunters analyze traffic in its mobile apps (lien direct) |
New "Whitehat Settings" option available in Facebook, Messenger, and Instagram Android apps. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-26 09:19:00 |
iOS 12.2 fixes bug that granted apps hidden access to the microphone (lien direct) |
Apple fixes 51 iOS security bugs, including a whopping 13 WebKit code execution flaws. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-26 01:27:05 |
LockerGoga bug crashes ransomware before encrypting files (lien direct) |
Bug could be used to create (temporary) LockerGoga vaccines. |
Ransomware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-25 22:05:01 |
Android ecosystem of pre-installed apps is a privacy and security mess (lien direct) |
Extensive academic study finds data-harvesting and malware-laced pre-installed apps. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-25 16:20:05 |
Google fixes Chrome \'evil cursor\' bug abused by tech support scam sites (lien direct) |
Evil cursor trick was being abused by Partnerstroka gang to trap users on tech support sites. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-25 14:27:03 |
Hijacked ASUS Live Update software installs backdoors on countless PCs worldwide (lien direct) |
ASUS reportedly distributed the hijacked software to users last year. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-25 11:39:02 |
VirusTotal debuts retro, simplified interface for legacy systems (lien direct) |
The interface is suitable for older browsers and systems. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-25 10:50:02 |
Telegram now lets you remotely delete private chats from both devices (lien direct) |
The Unsend feature has received a boost in the name of privacy. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-23 16:30:00 |
Tesla car hacked at Pwn2Own contest (lien direct) |
Research duo who hacked Tesla car win the competition's overall standings. They also get to keep the car. |
|
Tesla
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-23 13:15:00 |
FEMA \'unnecessarily\' shared data of 2.3 million disaster victims with contractor (lien direct) |
FEMA says accidental data leak has been dealt with and user data removed from contractor's systems. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-23 08:00:00 |
Researchers find 36 new security flaws in LTE protocol (lien direct) |
South Korean researchers apply fuzzing techniques to LTE protocol and find 51 vulnerabilities, of which 36 were new. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-22 15:14:00 |
Norsk Hydro will not pay ransom demand and will restore from backups (lien direct) |
Microsoft employees have arrived in Norway to help Norsk Hydro recover after ransomware attack. |
Ransomware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-22 12:28:03 |
Facebook allegedly knew of Cambridge Analytica activity months prior to public reports (lien direct) |
Court filings indicate that Facebook may have been well aware of what was going on before the scandal erupted. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-22 10:42:03 |
Critical flaw revealed in Facebook Fizz TLS project (lien direct) |
The DoS vulnerability is trivially easy to trigger. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-22 05:30:00 |
Microsoft tech support scammer pleads guilty to defrauding victims of $3 million (lien direct) |
Suspect admits role in criminal operation within a week after being arrested. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-21 23:21:00 |
Over 100,000 GitHub repos have leaked API or cryptographic keys (lien direct) |
Thousands of new API or cryptographic keys leak via GitHub projects every day. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-21 16:33:02 |
Nokia firmware blunder sent some user data to China (lien direct) |
Company behind Nokia smartphones accidentally left a data collection package inside some Nokia 7 Plus devices' firmware. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-21 13:46:00 |
Zero-day in WordPress SMTP plugin abused by two hacker groups (lien direct) |
Hacker groups are creating backdoor admin accounts on vulnerable sites and redirecting users to tech support scams. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-21 12:17:02 |
OceanLotus adopts public exploit code to abuse Microsoft Office software (lien direct) |
APT32 is using a public exploit to abuse Office and compromise targeted systems. |
|
APT 32
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-21 10:49:00 |
MyPillow and Amerisleep wake up to Magecart card theft nightmare (lien direct) |
The US firms may have a few sleepless nights over the security breaches. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-21 05:30:00 |
PewDiePie fans keep making junk ransomware (lien direct) |
Please, YouTube! Just hide PewDiePie and T-Series' followers count and put this competition to bed. |
Ransomware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-20 20:54:00 |
Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million (lien direct) |
Man posed as hardware vendor to trick Google and Facebook into sending payments to his bank accounts. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-20 19:22:02 |
AT&T, Comcast successfully test SHAKEN/STIR protocol for fighting robocalls (lien direct) |
AT&T and Comcast successfully test first SHAKEN/STIR-authenticated call between two different networks. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-20 17:00:00 |
Global threat group Fin7 returns with new SQLRat malware (lien direct) |
Previously unseen malware and a new admin panel have been tied to the notorious group. |
Malware
Threat
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-20 16:01:04 |
Google bans VPN ads in China (lien direct) |
Google cites "local legal restrictions" as the cause for its Chinese VPN ads ban. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-20 13:00:00 |
Google Photos vulnerability could have let hackers retrieve image metadata (lien direct) |
Browser side-channel leaks are emerging as the next big threat for per-target stalking ops. |
Vulnerability
Threat
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-20 12:15:00 |
CUJO Smart Firewall vulnerabilities exposed home networks to critical attacks (lien direct) |
Remote code execution bugs were among those found. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-20 10:06:00 |
Bank hackers team up to spread financial Trojans worldwide (lien direct) |
The gang agreements focus on theft, malware capabilities, and territory grabs. |
Malware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-19 22:52:03 |
Kaspersky files antitrust complaint against Apple in Russia (lien direct) |
After Spotify complained about Apple's unfair App Store policies to EU authorities, Kaspersky does the same in Russia. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-19 17:15:00 |
Severe security bug found in popular PHP library for creating PDF files (lien direct) |
Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-19 12:14:00 |
EU government websites infested with third-party adtech scripts (lien direct) |
Ironic as it may be, EU websites might not be compliant with the EU's own data protection rules. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-19 12:14:00 |
Aluminum producer switches to manual operations after ransomware infection (lien direct) |
UPDATE: Cyber-attack identified as LockerGoga ransomware infection. |
Ransomware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-19 09:44:05 |
Facebook blocked over 1.2 million New Zealand shooting videos at upload (lien direct) |
Facebook has released new figures relating to the live-streamed attacks. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-19 01:16:03 |
Google open-sources project for sandboxing C/C++ libraries on Linux (lien direct) |
Support for other programming languages to be added in future releases. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-18 23:01:00 |
Hacked tornado sirens taken offline in two Texas cities ahead of major storm (lien direct) |
City officials took hacked tornado sirens offline ahead of major storm. Luckily, they weren't needed. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-18 17:22:03 |
New Mirai malware variant targets signage TVs and presentation systems (lien direct) |
Security researchers spot new Mirai botnet with an enhanced arsenal of IoT exploits. |
Malware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-18 11:23:00 |
Is it still a good idea to publish proof-of-concept code for zero-days? (lien direct) |
Time and time again, the publication of PoC code for zero-days and recently patched security bugs often helps hackers more than end-users. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-18 10:44:02 |
UK code breakers release Enigma war machine simulator (lien direct) |
You can also try out Bombe and Typex code-cracking for yourself. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-17 18:15:00 |
Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web (lien direct) |
Gnosticplayers returns with new user records, most of which he obtained by hacking companies last month. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-17 16:43:04 |
Microsoft releases Application Guard extension for Chrome and Firefox (lien direct) |
Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-17 02:59:02 |
Dutch hacker who DDoSed the BBC and Yahoo News gets no jail time (lien direct) |
Hacker used a Mirai botnet to DDoS companies and ask for ransoms to stop attacks. |
|
Yahoo
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-16 16:44:02 |
Android Q to get a ton of new privacy features (lien direct) |
Coming to Android Q: MAC address randomization, new location data permission popup, no more clipboard sniffing. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-15 23:53:03 |
Fujitsu wireless keyboard model vulnerable to keystroke injection attacks (lien direct) |
There are slim chances that Fujitsu will release a patch. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-15 20:15:00 |
Database leaks 250K legal documents, some marked \'not designated for publication\' (lien direct) |
Database taken down two weeks later. Owner never identified. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-15 17:00:00 |
Microsoft to fix \'novel bug class\' discovered by Google engineer (lien direct) |
Fixes to be included with Windows 10 19H1, scheduled for release in a few weeks. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-15 12:41:03 |
\'100 unique exploits and counting\' for latest WinRAR security bug (lien direct) |
As expected, the recent WinRAR vulnerability is now being abused en-masse by multiple threat actors. |
Vulnerability
Threat
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-15 12:00:00 |
Facebook debuts AI tool to tackle revenge porn (lien direct) |
A new support service has also been launched to tackle the spread of intimate images without consent. |
Tool
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2019-03-15 09:24:02 |
Former Mt. Gox CEO found guilty of record tampering, but likely to avoid prison (lien direct) |
Mark Karpeles has been found guilty of fiddling accounts but not embezzlement in the Mt. Gox case. |
|
|
|