Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2016-09-30 14:37:58 |
Threatpost News Wrap, September 30, 2016 (lien direct) |
The latest on the Yahoo breach, Germany's problem with WhatsApp-Facebook, Facebook's osquery tool for Windows, and Zerodium's $1.5M iOS bounty are all discussed. |
|
Yahoo
|
|
|
2016-09-29 20:04:20 |
Backdoored D-Link Router Should be Trashed, Researcher Says (lien direct) |
A researcher who found a slew of vulnerabilities in a popular router says it's so hopelessly broken that consumers who own them should throw them away. |
|
|
|
|
2016-09-29 19:08:59 |
Zerodium Triples its iOS 10 Bounty to $1.5 Million (lien direct) |
Zerodium tripled the bounty it offers for an Apple iOS 10 remote jailbreak, boosting the reward to $1.5 million. |
|
|
|
|
2016-09-29 18:15:18 |
Yahoo Challenged on Claims Breach Was State-Sponsored Attack (lien direct) |
Experts challenge Yahoo's assertion that state-sponsored hackers were behind a 2014 breach that resulted in 500 million lost records. |
|
Yahoo
|
|
|
2016-09-29 16:21:16 |
Cisco Warns of Critical Flaw in Email Security Appliances (lien direct) |
Cisco released a patch for a critical flaw that allowed a remote attacker to gain control of one of its email security appliances. |
|
|
★★★★
|
|
2016-09-29 13:10:50 |
Vendetta Brothers Cyber Crooks Adopt Real World Tactics (lien direct) |
The Vendetta Brothers have mastered the real-world art of organized crime - outsourcing, partnerships, diversification and insulating liability. |
|
|
|
|
2016-09-28 21:08:36 |
Microsoft Unveils Cloud-Based Fuzz-Testing Service (lien direct) |
Microsoft announced a cloud-based fuzz testing service called Project Springfield that identifies software bugs in applications that could turn into vulnerabilities. |
|
|
|
|
2016-09-28 20:29:53 |
ISC Patches Critical Error Condition in BIND (lien direct) |
The Internet Systems Consortium patched the BIND domain name system this week, addressing what it calls a critical error condition in the software.
|
|
|
|
|
2016-09-28 17:18:40 |
Congressional Leaders Demand Answers on Yahoo Breach (lien direct) |
A number of Democratic Congressional leaders wrote Yahoo CEO Marissa Mayer a letter seeking answers about the breach of 500 million customer records. |
Guideline
|
Yahoo
|
|
|
2016-09-28 15:43:07 |
Microsoft Edge Adds App Guard Browser Security (lien direct) |
Microsoft is bringing virtualization to its Edge browser with a security tool called Windows Defender Application Guard. The technology, announced this week at Microsoft’s 2016 Ignite conference in Atlanta, takes a virtualization-based approach to isolating browser-based attacks from the internet. Windows Defender Application Guard will be exclusive to enterprise versions of Windows 10 and will […] |
|
|
|
|
2016-09-28 14:42:47 |
Germany Orders Facebook to Stop Collecting Data on WhatsApp Users (lien direct) |
A German privacy regulator issued an order this week prohibiting Facebook to stop collecting user data on German WhatsApp users.
|
|
|
|
|
2016-09-27 16:37:31 |
Signal Adds iPhone Access to Desktop App (lien direct) |
iPhone users can now use Signal's secure messaging app between their iOS device and their Mac OS or Windows desktops. |
|
|
|
|
2016-09-27 16:24:03 |
Facebook Debuts Open Source Detection Tool for Windows (lien direct) |
Facebook finished porting its SQL-powered detection tool, osquery, to Windows this week. |
|
|
|
|
2016-09-27 15:44:23 |
New Google Tools Help Devs Improve Content Security Policy Protection (lien direct) |
Google released CSP Evaluator and CSP Mitigator to aid developers in building better Content Security Policy protections for web applications. |
|
|
|
|
2016-09-26 21:19:54 |
Sofacy APT Targeting OS X Machines with Komplex Trojan (lien direct) |
APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems. |
|
|
|
|
2016-09-26 19:58:18 |
Questions Mount Around Yahoo Breach (lien direct) |
Crypto company Venafi points out potential holes in Yahoo's processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network. |
|
Yahoo
|
|
|
2016-09-26 18:22:21 |
Hancitor Downloader Abusing APIs, PowerShell Commands (lien direct) |
Developers behind the malicious downloader Hancitor have bolstered the malware again, this time with new delivery approaches that make it more difficult to detect. |
|
|
|
|
2016-09-26 16:18:57 |
MarsJoke Ransomware Targets .EDU, .GOV Agencies (lien direct) |
Researchers have identified a new ransomware strain that spoofs tracking services via spam messages and contain URLs that link to malicious files. |
|
|
|
|
2016-09-26 14:45:04 |
OpenSSL Fixes Critical Bug Introduced by Latest Update (lien direct) |
OpenSSL's most recent update introduced a critical vulnerability in the crypto library, forcing an emergency update today. |
|
|
|
|
2016-09-23 19:47:13 |
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack (lien direct) |
OpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack. |
|
|
|
|
2016-09-23 17:32:41 |
Researchers Find \'Severe\' Password Security Hole with iOS 10 Backups (lien direct) |
Security firm claims to have found a new weakness in Apple's iOS 10 that makes it possible to crack password-protected local backups of data for iOS 10 devices. |
|
|
|
|
2016-09-23 16:59:15 |
Threatpost News Wrap, September 23, 2016 (lien direct) |
The massive Yahoo breach, this week's Security of Things Forum, Mamba ransomware, and Google Allo are discussed. |
|
Yahoo
|
|
|
2016-09-23 14:37:12 |
Medical Devices Should Withstand Rigor, Expert Says (lien direct) |
In a keynote at the Internet of Things Forum Dr. Kevin Fu said that medical devices should be subjected to rigor so patients can make clinically relevant decisions. |
|
|
|
|
2016-09-22 19:47:01 |
500 Million Yahoo Accounts Stolen By State-Sponsored Hackers (lien direct) |
Yahoo confirmed that in 2014 state-sponsored hackers stole information associated with 500 million accounts from its network. |
|
Yahoo
|
|
|
2016-09-22 19:05:16 |
Drupal Patches Three Vulnerabilities in Core Engine (lien direct) |
Three vulnerabilities were patched Wednesday in the Drupal content management system's core engine, two of which were rated critical. |
|
|
|
|
2016-09-22 17:07:46 |
Cisco Warns of Command Injection Flaw in Cloud Platform (lien direct) |
Cisco rolls out a bevy of patches tied to vulnerabilities found in its cloud services platform, IOS software and Prime Home products. |
|
|
|
|
2016-09-22 16:54:39 |
DHS Announces Intent to Draft IoT Security Framework (lien direct) |
The Department of Homeland Security formally announced its plan to develop a set of strategic principles for the Internet of Things.
|
|
|
|
|
2016-09-22 16:31:27 |
Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials (lien direct) |
Yahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back to 2012. |
|
Yahoo
|
|
|
2016-09-22 13:00:23 |
Malware Evades Detection with Novel Technique (lien direct) |
Document-based macro malware flies under the security radar by first detecting existing documents on PC. |
|
|
|
|
2016-09-21 21:06:44 |
SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool (lien direct) |
SWIFT's chief information security officer said Wednesday that the cooperative is still seeing cases in which its customers' environments have been compromised. |
|
|
|
|
2016-09-21 18:13:17 |
Google Retreats on Some Allo Privacy Promises (lien direct) |
Google released its smart messaging app called Allo, but a decision to log chats indefinitely has privacy advocates worried. |
|
|
|
|
2016-09-21 18:06:21 |
iSpy Keylogger Targets Passwords, Skype, Webcams (lien direct) |
Zscater identified a keylogger on steroids that targets passwords, webcam and software licenses. |
|
|
|
|
2016-09-21 13:29:38 |
RIG Picks Up Where Neutrino Left Off, Pushes CrypMIC Ransomware (lien direct) |
Researchers said they've seen an uptick in RIG Exploit Kit traffic and that attackers have begun using the kit to peddle CrypMIC ransomware. |
|
|
|
|
2016-09-21 12:58:18 |
Mozilla Patches Certificate Pinning Vulnerability in Firefox (lien direct) |
A remote code execution in Firefox caused by the expiration of certificate pins was patched by Mozilla in Firefox 49 and Firefox ESR 45.4. |
|
|
★★
|
|
2016-09-20 19:29:41 |
Mamba Ransomware Encrypts Hard Drives Rather Than Files (lien direct) |
A new ransomware strain called Mamba opts to encrypts hard drives rather than individual files and folders stored on the local disk. |
|
|
|
|
2016-09-20 18:41:08 |
Experts Want Transparency From Government\'s Vulnerabilities Equities Process (lien direct) |
Security and policy experts make another call for additional transparency around the government's Vulnerabilities Equities Process and the zero days it has in its possession. |
|
|
|
|
2016-09-20 17:06:22 |
Tesla Fixes Critical Remote Hack Vulnerability (lien direct) |
Researchers were able to remotely brake Tesla model cars as well as freeze control panels and open the rear hatch while driving. |
|
Tesla
|
|
|
2016-09-20 15:40:27 |
Android Banking Trojan First to Gain Root Privileges (lien direct) |
The first mobile banking Trojan that obtains root privileges on Android devices has been seen in the wild. |
|
|
|
|
2016-09-20 14:22:19 |
Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads (lien direct) |
A vulnerability has been patched in a popular WordPress theme called Neosense that allows an attacker to upload code without authentication. |
|
|
|
|
2016-09-19 20:03:14 |
Mozilla Patching Firefox Certificate Pinning Vulnerability (lien direct) |
Mozilla is expected tomorrow to patch a critical certificate pinning vulnerability in Firefox's automated update process for extensions. |
|
|
★★★★★
|
|
2016-09-19 19:04:23 |
Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K (lien direct) |
Facebook quickly resolved a vulnerability in its Business Manager late last month that could have let an attacker take over any Facebook page.
|
|
|
|
|
2016-09-19 18:03:50 |
Spyware Targeting Overseas Travelers Removed from Google Play (lien direct) |
Spyware targeting overseas travelers seeking embassy information gets the boot from Google Pay store after a security firm identifies four rogue apps. |
|
|
|
|
2016-09-19 15:41:38 |
Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack (lien direct) |
Cisco has issued an advisory warning its customers that products running its IOS software are vulnerable to attacks disclosed by the ShadowBrokers |
|
|
|
|
2016-09-17 13:00:37 |
Snowden Slammed in House Committee Report (lien direct) |
A House Committee report slammed the former U.S. defense contractor saying he has done "tremendous damage" to the United States national security. |
|
|
|
|
2016-09-16 18:46:56 |
FBI Encouraging Ransomware Victims To Report Infections (lien direct) |
The Federal Bureau of Investigation this week urged victims of ransomware to report infections to federal law enforcement in hopes of better understanding the threat.
|
|
|
|
|
2016-09-16 18:11:16 |
Bugs in Signal Messaging App Corrupt Attachments, Crash App (lien direct) |
Signal has fixed bugs in its Android messaging app that allow an attacker to corrupt an encrypted attachment and remotely crash the application. |
|
|
★★
|
|
2016-09-16 17:15:55 |
Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions (lien direct) |
A researcher from Cambridge University successfully bypassed an iPhone 5c's passcode restrictions using NAND mirroring. |
|
|
|
|
2016-09-16 15:30:41 |
Threatpost News Wrap, September 16, 2016 (lien direct) |
The news of the week is discussed, including Schneier's DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google's Project Zero prize. |
|
|
★★★★★
|
|
2016-09-15 19:52:24 |
Neverquest Trojan Gets Big Summer Update (lien direct) |
Developers behind Neverquest have had a busy summer adding new features to the potent Trojan. |
|
|
|
|
2016-09-15 18:54:46 |
Attack Leverages Windows Safe Mode (lien direct) |
Researchers say a proof-of-concept attack using Windows Safe Mode can lead to credential theft and allow hackers to move laterally within a corporate network. |
Guideline
|
|
|