Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-04-20 18:34:55 |
Chrome, Firefox, and Opera users beware: This isn\'t the apple.com you want (lien direct) |
Unicode sleight of hand makes it hard for even savvy users to detect impostor sites. |
|
|
|
|
2017-04-20 15:44:46 |
Tanium CEO admits using real hospital data in sales demos [Updated] (lien direct) |
CEO Hindawi: "Viewers didn't connect demo to that customer for years." |
|
|
|
|
2017-04-20 09:01:09 |
Windows bug used to spread Stuxnet remains world\'s most exploited (lien direct) |
Code-execution flaw is triggered by plugging a booby-trapped USB into vulnerable PCs. |
|
|
|
|
2017-04-19 21:11:14 |
Tanium exposed hospital\'s IT while using its network in sales demos (lien direct) |
CEO used client hospital's network in demo "hundreds of times," reports WSJ. |
|
|
|
|
2017-04-19 16:03:00 |
Microsoft turns two-factor authentication into one-factor by ditching password (lien direct) |
As long as you can log in to your phone, you can log in to your Microsoft Account. |
|
|
|
|
2017-04-19 13:29:43 |
Scammers mine online recruiter for patsies in package reship scheme (lien direct) |
One job-seeker applied for real job, got an offer from scammer posing as CEO.
|
|
|
|
|
2017-04-19 01:41:37 |
Vigilante botnet infects IoT devices before blackhats can hijack them (lien direct) |
Hajime battles with Mirai for control over the Internet of poorly secured things. |
|
|
|
|
2017-04-18 21:32:56 |
Two members of ATM skimming ring plead guilty to bank fraud (lien direct) |
A total of 13 charged in PNC and Bank of America card-cloning scheme. |
|
|
|
|
2017-04-18 17:20:51 |
Meet PINLogger, the drive-by exploit that steals smartphone PINs (lien direct) |
Sensors in phones running both iOS and Android reveal all kinds of sensitive info. |
|
|
|
|
2017-04-15 17:50:17 |
Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers (lien direct) |
Microsoft fixed critical vulnerabilities in uncredited update released in March. |
|
|
|
|
2017-04-14 17:27:41 |
NSA-leaking Shadow Brokers just dumped its most damaging release yet (lien direct) |
Windows zero-days, SWIFT bank hacks, slick exploit loader among the contents. |
|
|
|
|
2017-04-13 17:41:15 |
New processors are now blocked from receiving updates on old Windows (lien direct) |
The promised update block is now in effect. |
|
|
|
|
2017-04-12 21:35:50 |
Microsoft Word 0-day was actively exploited by strange bedfellows (lien direct) |
Same exploit used by malware crooks and nation-sponsored hackers targeting Russians. |
|
|
|
|
2017-04-11 20:59:28 |
Critical Word 0-day is only 1 of 3 Microsoft bugs under attack (lien direct) |
In-the-wild exploits bring additional urgency to this month's update routine. |
|
|
|
|
2017-04-11 06:01:08 |
Microsoft Word 0day used to push dangerous Dridex malware on millions (lien direct) |
Blast could give a boost to Dridex, one of the Internet's worst bank-fraud threats. |
|
|
|
|
2017-04-10 23:15:28 |
Feds deliver fatal blow to botnet that menaced world for 7 years (lien direct) |
Alleged Kelihos kingpin arrested while his family traveled from Russia to Spain. |
|
|
|
|
2017-04-10 13:58:40 |
In slap at Trump, Shadow Brokers release NSA EquationGroup files (lien direct) |
"Master" archive contains older hack tools-some decades old. |
|
|
|
|
2017-04-10 13:01:19 |
Found in the wild: Vault7 hacking tools WikiLeaks says come from CIA (lien direct) |
WikiLeaks dump identical to operation that has been hacking governments since 2011. |
|
|
|
|
2017-04-09 18:55:26 |
Hackers set off Dallas\' 156 emergency sirens over a dozen times (lien direct) |
Twice the normal volume of 911 calls came into the system early Saturday morning. |
|
|
|
|
2017-04-08 20:00:41 |
Booby-trapped Word documents in the wild exploit critical Microsoft 0day (lien direct) |
There's currently no patch for the bug, which affects most or all versions of Word. |
|
|
|
|
2017-04-07 19:13:23 |
WikiLeaks just dropped the CIA\'s secret how-to for infecting Windows (lien direct) |
Latest batch of documents details how CIA infects targets' Windows-based computers. |
|
|
|
|
2017-04-07 15:41:15 |
Do you want to play a game? Ransomware asks for high score instead of money (lien direct) |
Creator apologizes for a “joke†that really requires expert play to unlock files. |
|
|
|
|
2017-04-06 21:15:54 |
Rash of in-the-wild attacks permanently destroys poorly secured IoT devices (lien direct) |
Ongoing "BrickerBot" attacks might be trying to kill devices before they can join a botnet. |
|
|
|
|
2017-04-06 18:55:34 |
Researchers find China tried infiltrating companies lobbying Trump on trade (lien direct) |
"ScanBox" Web malware used compromised National Foreign Trade Council website. |
|
|
|
|
2017-04-05 19:46:43 |
Android devices can be fatally hacked by malicious Wi-Fi networks (lien direct) |
Broadcom chips allow rogue Wi-Fi signals to execute code of attacker's choosing. |
|
|
|
|
2017-04-04 18:16:50 |
Samsung\'s Tizen is riddled with security flaws, amateurishly written (lien direct) |
Researcher calls it the "worst code [he's] ever seen." |
|
|
|
|
2017-04-03 23:47:46 |
Found: Quite possibly the most sophisticated Android espionage app ever (lien direct) |
Discovery of Pegasus for Android comes 8 months after similar iOS app was found. |
|
|
|
|
2017-04-03 17:53:43 |
iOS 10.3.1 includes bug fixes and improves the security of your iPhone or iPad (lien direct) |
Bugs? Fixed 'em. Security? Improved it. |
|
|
|
|
2017-04-02 16:21:49 |
Wikileaks releases code that could unmask CIA hacking operations (lien direct) |
"Marble" libraries include code used to obfuscate-and unscramble- CIA malware. |
|
|
|
|
2017-03-31 21:07:12 |
Smart TV hack embeds attack code into broadcast signal-no access required (lien direct) |
Demo exploit is inexpensive, remote, scalable-and opens door to more advanced hacks. |
|
|
|
|
2017-03-30 12:55:12 |
How many NSA spy hubs are scooping up your Internet data? I counted 7 (lien direct) |
Not that knowing NSA's sigint locations will actually help you much... |
|
|
|
|
2017-03-30 00:24:54 |
Someone is putting lots of work into hacking Github developers (lien direct) |
Dimnie recon trojan has flown under the radar for three years ... until now. |
|
|
|
|
2017-03-28 19:06:20 |
Potent LastPass exploit underscores the dark side of password managers (lien direct) |
Developers are scrambling to fix flaw that allows theft, malicious code execution. |
|
LastPass
|
|
|
2017-03-28 00:44:03 |
Ransomware scammers exploited Safari bug to extort porn-viewing iOS users (lien direct) |
Apple fixes flaw attackers used to trick uninformed users into paying a fine. |
|
|
|
|
2017-03-27 15:31:05 |
Doxed by Microsoft\'s Docs.com: Users unwittingly shared sensitive docs publicly (lien direct) |
Thousands of docs with sensitive data still reachable from search engines, including health data. |
|
|
|
|
2017-03-23 23:25:53 |
Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs (lien direct) |
Chrome to immediately stop recognizing EV status and gradually nullify all certs. |
|
|
|
|
2017-03-23 20:11:00 |
New WikiLeaks dump: The CIA built Thunderbolt exploit, implants to target Macs (lien direct) |
"Sonic Screwdriver" leveraged a now-patched vulnerability. |
|
|
|
|
2017-03-23 17:17:29 |
Shielding MAC addresses from stalkers is hard and Android fails miserably at it (lien direct) |
Only an estimated 6% of Android phones randomize MACs, and they do it poorly. |
|
|
|
|
2017-03-21 00:15:41 |
Firefox gets complaint for labeling unencrypted login page insecure (lien direct) |
Sorry! That's a feature not a bug. |
|
|
|
|
2017-03-20 16:35:03 |
A simple command allows the CIA to commandeer 318 models of Cisco switches (lien direct) |
Bug relies on telnet protocol used by hardware on internal networks. |
|
|
|
|
2017-03-17 23:10:08 |
Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated] (lien direct) |
Hack worked by stitching together three separate exploits. |
|
|
|
|
2017-03-16 19:46:09 |
Microsoft\'s silence over unprecedented patch delay doesn\'t smell right (lien direct) |
Canceling Patch Tuesday at the last minute warrants an explanation, not platitudes. |
|
|
|
|
2017-03-15 21:13:05 |
How did Yahoo get breached? Employee got spear phished, FBI suggests (lien direct) |
Unwitting sysadmin or other employee was conned out of credentials, FBI theorizes. |
|
Yahoo
|
|
|
2017-03-15 16:26:07 |
US charges two Russian agents with ordering hack of 500m Yahoo accounts (lien direct) |
Russian law enforcement agency that works with FBI hired Yahoo hackers. |
|
Yahoo
|
|
|
2017-03-14 19:53:10 |
In-the-wild exploits ramp up against high-impact sites using Apache Struts (lien direct) |
Hackers are still exploiting the bug to install malware on high-impact sites. |
|
|
|
|
2017-03-13 15:51:58 |
Yahoo to give Marissa Mayer $23 million parting gift after sale to Verizon (lien direct) |
Mayer will leave as what remains of Yahoo becomes Altaba holding company. |
|
Yahoo
|
|
|
2017-03-10 21:03:33 |
(Déjà vu) Malware found preinstalled on 38 Android phones used by 2 companies (lien direct) |
Malicious apps were surreptitiously added somewhere along the supply chain. |
|
|
|
|
2017-03-09 19:13:43 |
Dear Confide: “We would never†isn\'t the same as “we can\'t†(lien direct) |
Confidential messenger service provides no authentication or integrity assurances. |
|
|
|
|
2017-03-09 19:08:16 |
Assange accuses CIA of “historic act of devastating incompetence†(lien direct) |
Assange: Cache of cyber weapons was passed around "out of control" by contract hackers. |
|
|
|
|
2017-03-09 07:04:24 |
Critical vulnerability under “massive†attack imperils high-impact sites (lien direct) |
Exploits for easy-to-spot bug are trivial, reliable, and publicly available. |
|
|
|