Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-06-13 05:19:01 |
Cisco IOS XE Software Receives Fix Against High-Severity Flaw (lien direct) |
Cisco today released an updated version for its IOS XE software to patch a high severity cross-site request forgery (CSRF) vulnerability. Demo exploit code is available. [...] |
|
|
|
|
2019-06-13 03:04:03 |
Windows Subsystem for Linux 2 (WSL 2) Released to Insiders (lien direct) |
With the release of the Windows 10 Insider Build 18917, Microsoft has made the Windows Subsystem for Linux version 2 (WSL 2) available for testing. Now insiders can convert their existing WSL 1 distributions to the new version in order to gain access to the increased performance and compatibility. [...] |
|
|
|
|
2019-06-12 20:30:04 |
Windows 10 Insider Build 18917 Tests New Download Throttling Settings (lien direct) |
Microsoft has released Windows 10 Insider Preview Build 18917 to Insiders in the Fast ring. This build includes numerous improvements such as new Windows Update download throttling settings, WSL2, Narrator improvements, and Windows Ink improvements. [...] |
|
|
|
|
2019-06-12 18:15:04 |
DDoS Attack on Telegram Messenger Leaves Users Hanging (lien direct) |
Users of Telegram Messengers in certain parts of the world had trouble exchanging messages through the service today. The problems were caused by a distributed denial-of-service attack aiming at Telegram servers. [...] |
|
|
|
|
2019-06-12 16:51:03 |
Microsoft 365 Business Adds Granular Controls to Company Assets (lien direct) |
Microsoft announced the addition of Azure Active Directory's Conditional Access capability to Microsoft 365 Business, making it simpler for small and medium-sized businesses to control access to company resources conditionally based on user, location, device, data, or app. [...] |
|
|
|
|
2019-06-12 14:53:02 |
Windows 10 v1903, v1809 Updates Break Event Viewer Custom Views (lien direct) |
With the release of Microsoft June 2019 Patch Tuesday updates yesterday, users have noticed that trying to access the Custom Views section of the Windows 10 Event Viewer will cause the program to stop working correctly. [...] |
|
|
|
|
2019-06-12 14:36:03 |
Critical Bug in Infusion System Allows Changing Drug Dose in Medical Pumps (lien direct) |
Researchers discovered two vulnerabilities in Alaris Gateway Workstations that are used to deliver fluid medication. One of them is critical and an attacker could leverage it to take full control of the medical devices connecting to it. [...] |
|
|
|
|
2019-06-12 13:38:01 |
Android\'s Security Key Now Verifies Sign-Ins on iOS Devices (lien direct) |
Google now allows iPad and iPhone users to verify sign-ins into Google and Google Cloud services using the security keys built into Android phones running Android 7.0 or later. [...] |
|
|
|
|
2019-06-12 12:01:04 |
Critical Flaw in Evernote Add-On Exposed Sensitive Data of Millions (lien direct) |
A critical flaw in the Evernote Web Clipper Chrome extension could allow potential attackers to access users' sensitive information from third party online services. [...] |
|
|
|
|
2019-06-12 09:49:04 |
Windows 10 v1903 Upgrade Blocked by USB Drives Partially Fixed (lien direct) |
Microsoft says that it partially resolved an issue which would cause Windows 10 version 1903 upgrades being blocked by improper drive reassignment during installation when external USB device or memory cards are attached. [...] |
|
|
|
|
2019-06-12 03:04:05 |
Intel Updates NUC BIOS, Raid Soft To Patch High Severity Bugs (lien direct) |
Intel today released fixes for high-severity issues that allow privilege escalation, denial of service (DoS), and information disclosure on multiple models of its NUC Kits and the RAID Web Console utility for Windows. [...] |
|
|
|
|
2019-06-11 21:00:05 |
(Déjà vu) Microsoft Releases Sysmon 10 With DNS Query Logging Feature (lien direct) |
Microsoft has released Sysmon 10 today and with it comes the eagerly anticipated DNS Query Logging feature. This feature will allow Sysmon users to log DNS queries performed on a monitored computer, which will also include the executable that performed the query. [...] |
|
|
|
|
2019-06-11 21:00:05 |
(Déjà vu) Sysmon 10 is Released With a DNS Query Logging Feature (lien direct) |
Microsoft has released Sysmon 10 today and with it comes the eagerly anticipated DNS Query Logging feature. This feature will allow Sysmon users to log DNS queries performed on a monitored computer, which will also include the executable that performed the query. [...] |
|
|
|
|
2019-06-11 20:10:03 |
Bad Cert Vulnerability Can Bring Down Any Windows Server (lien direct) |
A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsoft's operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above. [...] |
Vulnerability
|
|
|
|
2019-06-11 18:55:02 |
MyBB Forum Patches Vulnerabilities That Allow Site Takeover (lien direct) |
MyBB has released updates today that fix vulnerabilities version 1.8.20 and older that could allow an attacker to take complete control over a site and potentially the server. [...] |
|
|
|
|
2019-06-11 18:38:04 |
Apple\'s New Windows 10 iCloud App Now Available in MS Store (lien direct) |
Apple has brought their new iCloud app to the Microsoft Store for Windows 10 devices. This app is deeply integrated into Windows 10 and offers features such as accessing iCloud files within your normal Windows 10 applications. [...] |
|
|
|
|
2019-06-11 17:01:03 |
The Official ISOs for Windows 10 20H1 Now Available (lien direct) |
Microsoft has finally released the first official ISO files of Windows 10 20H1, allowing users in the Windows Insider program or non-Insiders to clean-install the next big Windows 10 update. [...] |
|
|
|
|
2019-06-11 16:45:01 |
Windows 10 April 2018 Update Support Ending in November 2019 (lien direct) |
In a support document, Microsoft states that Windows 10 April 2018 Update will reach the end of servicing on November 12, 2019. This applies to Windows 10 Home, Pro, Pro for Workstations and Core users. It's worth noting that enterprise, Education and IoT Enterprise editions will reach the end of support in November of 2020. [...] |
|
|
|
|
2019-06-11 16:16:01 |
(Déjà vu) Microsoft Releases June 2019 Office Updates With Security Fixes (lien direct) |
Microsoft released the June 2019 Office Updates today, which consist of 13 security updates and 13 non-security updates. Given that some of the Microsoft Office security updates issued today also resolve critical vulnerabilities, it is strongly advised to install them as soon as possible. [...] |
|
|
|
|
2019-06-11 15:13:03 |
Microsoft Releases Windows 7 & 8.1 Cumulative Updates KB4503292 & KB4503276 (lien direct) |
The June 2019 updates are also available for Windows 7 and 8.1 devices. Microsoft is pushing the latest cumulative updates to Windows 7 and 8.1 devices through Windows Update and Microsoft Update Catalog. [...] |
|
|
|
|
2019-06-11 15:04:04 |
Windows 10 June 2019 Cumulative Updates Released With Fixes (lien direct) |
Microsoft has released the first June 2019 cumulative updates for compatible Windows 10 versions, including May 2019 Update. Windows 10 May 2019 Update, Windows 10 October 2018 Update and April 2018 Update are also receiving new cumulative updates today. [...] |
|
|
|
|
2019-06-11 14:51:02 |
VIP WordPress Sites Currently Experiencing Availability Issues (lien direct) |
Websites hosted on WordPress.com's VIP GO platform are currently experiencing various issues from 503 "Service Unavailable" errors and displaying content with a default theme to showing their visitors a blank page. [...] |
|
|
★★
|
|
2019-06-11 14:42:00 |
(Déjà vu) Microsoft\'s June 2019 Patch Tuesday Fixes 88 Vulnerabilities (lien direct) |
Today is Microsoft's June 2019 Patch Tuesday, which means that Windows admins are pulling their hair out as they get ready to test or install the latest patches and security updates released by Microsoft. Included in this month's updates are fixes for four publicly disclosed vulnerabilities. [...] |
|
|
|
|
2019-06-11 14:26:00 |
Microsoft Blocks Some Bluetooth Devices Due to Security Risks (lien direct) |
Microsoft says that certain Bluetooth devices might start experiencing pairing and connectivity issues after Windows users apply cumulative, security, or monthly rollup updates released today. [...] |
|
|
|
|
2019-06-11 13:05:00 |
Microsoft NTLM Flaws Expose All Windows Machines to RCE Attacks (lien direct) |
Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version. [...] |
|
|
|
|
2019-06-11 13:00:00 |
RAMBleed Attack Can Steal Sensitive Data From Computer Memory (lien direct) |
Researchers found a new method to impact the confidentiality of the data stored in the computer memory, successfully extracting a signing key from an OpenSSH server with nothing by normal user permissions. [...] |
|
|
|
|
2019-06-11 10:40:04 |
(Déjà vu) Adobe Releases Security Updates for Flash Player, ColdFusion, and Campaign (lien direct) |
Adobe has published their monthly Patch Tuesday updates for the month of June 2019. These updates includes fixes for vulnerabilities in Adobe ColdFusion, Adobe Campaign, and Adobe Flash Player. [...] |
|
|
|
|
2019-06-11 09:36:00 |
Radiohead Releases OK Computer Sessions After Hack, Won\'t Pay Ransom (lien direct) |
Alternative rock band Radiohead released 18 tracks of OK Computer sessions after hackers stole several archived mini discs from Thom Yorke, the band's lead singer and main songwriter. [...] |
Guideline
|
|
|
|
2019-06-11 09:00:00 |
Mozilla Makes Firefox its Own Brand Name, Releases New Logos (lien direct) |
Mozilla has announced that "Firefox" is becoming its own brand name that encompasses the Firefox Browser, Firefox Send, Firefox Lockwise, and Firefox Monitor products. Along with this new umbrella name, Mozilla has released redesigned icons that represent the future of this brand. [...] |
|
|
|
|
2019-06-11 05:30:00 |
Finding Windows Systems Affected by BlueKeep Remote Desktop Bug (lien direct) |
Researchers have created tools and scripts that can be used to find Windows machines vulnerable to the BlueKeep vulnerability so that they can be patched. In this article we discuss two of these tools. [...] |
Vulnerability
|
|
|
|
2019-06-11 03:09:00 |
Food Bank Hit By Ransomware, Needs Your Charity to Rebuild (lien direct) |
Ransomware attacks hit indiscriminately and sometimes they may affect charitable organizations that can't afford to surrender to the demand. Auburn Food Bank in King County, Washington, fell victim to a ransomware strain known as GlobeImposter 2.0, which encrypted all computers on their network. [...] |
Ransomware
|
|
|
|
2019-06-10 16:35:01 |
WordPress Chat Plugin Bug Lets Hackers Inject Text, Steal Logs (lien direct) |
Admins of websites with WP Live Chat Support for Wordpress installations should immediately update the plugin to version 8.0.33 or later to patch a critical authentication bypass which can be exploited by attackers without valid credentials. [...] |
|
|
|
|
2019-06-10 15:32:00 |
New Spam Campaign Controlled by Attackers via DNS TXT Records (lien direct) |
A new finance spam campaign with HTML attachments has been discovered that utilizes Google's public DNS resolver to retrieve JavaScript commands embedded in a domain's TXT record. These commands will then redirect a user's browser to a aggressive trading advertisement site, which has been reported as a scam. [...] |
Spam
|
|
|
|
2019-06-10 14:29:05 |
Microsoft is Bringing Predictive Typing to All Windows 10 Apps (lien direct) |
A new predictive typing feature has been found hidden in the latest Windows 10 20H1 builds. This feature displays suggestions of words that Windows predicts you are going to write so that you can quickly select them. [...] |
|
|
|
|
2019-06-10 11:56:03 |
FBI Issues Warning on \'Secure\' Websites Used For Phishing (lien direct) |
FBI issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns to trick users into trusting attacker-controlled sites and handing over sensitive personal information. [...] |
|
|
|
|
2019-06-10 11:16:01 |
\'jesushelpme\' Password Sums Up CyberSec Agency Security State (lien direct) |
Agents of the Information Network Security Agency (INSA) - the top-level cyber security agency in Ethiopia, used laughingly weak credentials to protect their email accounts. [...] |
|
|
|
|
2019-06-10 10:35:03 |
MuddyWater Updates POWERSTATS Backdoor For Multi-Stage Attacks (lien direct) |
The Iranian-backed MuddyWater cyber-espionage group is continuously upgrading and improving its tools lately, with the group's POWERSTATS backdoor being the last to receive an update. [...] |
|
|
|
|
2019-06-10 01:30:01 |
Gaming Site Emuparadise Suffered Data Breach of 1.1M Accounts (lien direct) |
The Emuparadise retro gaming site has been reported to have suffered a data breach in April 2018. This breach exposed account information for approximately 1.1 million Emuparadise forum members. [...] |
Data Breach
|
|
|
|
2019-06-09 20:31:04 |
Sysmon Getting DNS Query Logging with Querying Process Name (lien direct) |
To the delight of Windows system administrators everywhere, Microsoft has announced that a new version of Sysmon is coming out this week that will include the ability to log DNS queries performed on a monitored computer. Even better, Sysmon will also log the executable that performed the query. [...] |
|
|
|
|
2019-06-09 17:03:00 |
VLC 3.0.7 is Biggest Security Release Due to EU Bounty Program (lien direct) |
VLC Media Player 3.0.7 was released on Friday and contained the most security updates ever in one release of the program. The president of the VideoLan non-profit organization states that this was due to their inclusion in the EU-FOSSA bug bounty program. [...] |
|
|
|
|
2019-06-09 11:05:04 |
Google Chrome 75 Has a Working Tab Hover Card Feature (lien direct) |
If you are like me and lose track of the dozens of tabs you have open at the same time in Google Chrome, you will be happy to know that a working implementation of the browser 's Tab Hover Tab feature is available as an experimental flag. [...] |
|
|
|
|
2019-06-08 14:05:01 |
New Extortion Scam Threatens to Ruin a Website\'s Reputation (lien direct) |
A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site's reputation and get them blacklisted for spam. [...] |
|
|
|
|
2019-06-08 12:03:01 |
China Routed Traffic from European Carriers for Two Hours (lien direct) |
Mobile internet traffic from multiple carriers in Europe took an unintended turn through China Telecom for over two hours on June 6 because of a route leak incident. [...] |
|
|
|
|
2019-06-08 10:00:00 |
Quest, LabCorp, AMCA Sued For Breach Impacting Over 19 Million (lien direct) |
Multiple class action lawsuits have been filed against Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) since they disclosed that personal information of over 19 million of their customers was exposed in a data breach. [...] |
|
|
|
|
2019-06-07 22:24:05 |
Microsoft Issues Warning on Spam Campaign Using Office Exploits (lien direct) |
Microsoft has issued a warning Friday night about an active spam campaign targeting European languages that is utilizing an exploit that could infect users simply by opening the attached document. [...] |
Spam
|
|
|
|
2019-06-07 18:10:05 |
The Week in Ransomware - June 7th 2019 - GandCrab Retires (lien direct) |
While there have been quite a few variants of existing ransomwar released this week, by far the biggest news is the retirement of the GandCrab ransomware and the continuing struggles of Baltimore and their RobbinHood infection. [...] |
Ransomware
|
|
|
|
2019-06-07 16:19:04 |
Nine Major VPNs Could Get Blocked by Russia in 30 Days (lien direct) |
Nine VPN providers could get banned in Russia within 30 days if they fail to enforce the country's list of banned websites by connecting their systems to the Russian State Information System (FGIS) to automatically block their users' access to blacklisted websites. [...] |
|
|
|
|
2019-06-07 15:55:05 |
Google Search Ads Infiltrated Again by Tech Support Scams (lien direct) |
If you are planning on doing any shopping over the weekend, you may want to be careful when doing searches in Google. This is because scammers have infiltrated Google's ad network to redirect users to tech support scams when they click on popular search terms such as Lowes and PayPal. [...] |
|
|
|
|
2019-06-07 14:35:01 |
Man Gets 51 Months in Prison for $10M BEC Fraud, Romance Scam (lien direct) |
Muftau Adamu was sentenced today to 51 months in prison - 4 years and three months - for stealing more than $10 million through romance scams and business email compromise (BEC) fraud schemes aided by four other co-conspirators, between 2014 and 2018. [...] |
|
|
|
|
2019-06-07 14:01:04 |
Google Chrome to Limit Referer Header Size to Block Attacks (lien direct) |
In order to prevent attacks such as cache probing, Google Chrome will begin to limit the HTTP Referer header to 4KiB in size. Other browsers such as Microsoft Edge and Mozilla Firefox have indicated that they will adopt this change as well. [...] |
|
|
|