Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-09-12 16:07:02 |
WatchBog Crypto-Mining Botnet Relies on Pastebin for C&C (lien direct) |
The WatchBog cryptocurrency-mining botnet is heavily reliant on the Pastebin website for command and control (C&C) operations, Cisco Talos' security researchers reveal.
|
|
|
|
|
2019-09-12 15:49:02 |
Simjacker: SIM Card Attack Used to Spy on Mobile Phone Users (lien direct) |
Researchers at AdaptiveMobile Security, a firm that specializes in cyber telecoms security, have disclosed a new SIM card attack method that could work against over 1 billion mobile phones, and they claim it has already been exploited by a surveillance company to track users.
|
|
|
|
|
2019-09-12 15:00:04 |
Securing a Connected Future: 5G and IoT Security (lien direct) |
Organizations Must be Wary of the Security Implications of Transitioning to 5G
|
|
|
|
|
2019-09-12 13:31:01 |
Iran-Linked Hackers Again Target Universities (lien direct) |
Iran-linked threat actor COBALT DICKENS has launched a new phishing campaign targeting universities around the world, similar to an operation launched in August 2018, Secureworks reveals.
|
Threat
|
|
|
|
2019-09-12 13:24:01 |
Cloud Security Firm Lacework Raises $42 Million (lien direct) |
Funding Will Help Company Expand DevOps and Workload Security Offerings for Cloud, Container, and Hybrid Environments
|
|
|
|
|
2019-09-12 13:13:01 |
North Korean Hackers Use New Tricks in Attacks on U.S. (lien direct) |
Hackers linked to North Korea have been targeting entities in the United States using evasion techniques that involve an uncommon file format, U.S.-based business compromise intelligence startup Prevailion reported on Wednesday.
|
|
|
|
|
2019-09-12 10:02:03 |
(Déjà vu) Microsoft Makes Automated Incident Response in Office 365 ATP Generally Available (lien direct) |
The Automated Incident Response feature in Office 365 Advanced Threat Protection (ATP) is now generally available, Microsoft has announced.
|
Threat
|
|
|
|
2019-09-12 08:33:05 |
Credential Leaking Vulnerabilities Impact Comba, D-Link Routers (lien direct) |
Trustwave security researchers have discovered five new credential leaking vulnerabilities, two in a D-Link DSL modem and three in multiple Comba Telecom WiFi devices.
|
|
|
|
|
2019-09-12 08:20:04 |
Chinese Woman Guilty of Trespassing at Trump\'s Mar-a-Lago (lien direct) |
A Chinese woman who stirred fears of espionage when she entered President Donald Trump's Mar-a-Lago resort carrying multiple mobile phones and a malware-spiked thumb drive was found guilty of trespassing and lying in a Florida court Wednesday.
|
|
|
|
|
2019-09-11 17:03:01 |
DNS-over-HTTPS Coming to Chrome 78 (lien direct) |
In an attempt to improve the privacy and security of its users, Google is getting ready to bring DNS-over-HTTPS (DoH) to the Chrome browser.
|
|
|
|
|
2019-09-11 16:20:02 |
Loss to BEC Fraud Now Claimed to be $26 Billion (lien direct) |
The FBI has published upgraded figures from the Internet Crime Complaint Center (IC3) describing business email compromise (BEC) as a $26 billion scam. The figure is aggregated from 166,349 domestic and international victim complaints received by IC3 between June 2016 and July 2019 comprising a total loss of $26,201,775,589.
|
|
|
|
|
2019-09-11 15:30:01 |
Telegram Failed to Delete Removed Images From Local Storage (lien direct) |
The Telegram secure messaging application was found to breach users' privacy by failing to properly remove images from a device's local storage when the sender selects to delete them for all recipients.
|
|
|
|
|
2019-09-11 15:16:00 |
(Déjà vu) Chrome 77 Released with 52 Security Fixes (lien direct) |
Google this week released Chrome 77 in the stable channel with various fixes and improvements, including 52 security patches.
|
|
|
|
|
2019-09-11 14:43:03 |
SAP Patches Critical Vulnerability in NetWeaver (lien direct) |
Four of the Security Notes published by SAP as part of the September 2019 Security Patch Day are rated Hot News, the same as last month.
|
Vulnerability
|
|
|
|
2019-09-11 14:32:02 |
18 Years later, America Vows to \'Never Forget\' 9/11 (lien direct) |
Americans commemorated 9/11 with solemn ceremonies and vows Wednesday to “never forget” 18 years after the deadliest terror attack on American soil.
|
|
|
|
|
2019-09-11 12:57:02 |
Siemens Issues Advisories for DejaBlue, SACK Panic Vulnerabilities (lien direct) |
Siemens on Tuesday released several security advisories, including ones covering recently disclosed vulnerabilities tracked as DejaBlue, Urgent/11 and SACK Panic.
|
|
|
|
|
2019-09-11 09:51:05 |
NetCAT Attack: Hackers Can Remotely Steal Data From Servers With Intel CPUs (lien direct) |
Researchers have discovered yet another side-channel attack method that can be exploited to steal potentially sensitive data from devices powered by Intel processors.
|
|
|
|
|
2019-09-11 05:21:04 |
Hundreds Arrested in Joint US-Nigeria Crackdown on Cyber Scams (lien direct) |
Nigerian and US authorities said Tuesday that nearly 300 people had been arrested in a months-long global crackdown on online scams to hijack wire transfers from companies and individuals.
|
|
|
|
|
2019-09-11 02:10:05 |
Ransomware Attack Hits School District Twice in 4 Months (lien direct) |
A Connecticut school district's teachers are working without computer access less than a week after a second malware attack targeted the district's servers.
The Republican American reports the district shut any computers connected to the Wolcott school district networks Sept. 4 after a staff member reported suspicious activity on a district computer.
|
Ransomware
Malware
|
|
|
|
2019-09-10 20:12:03 |
SD-WAN: Disruptive Technology That Requires Careful Security Consideration (lien direct) |
A recent survey has shown that software defined wide area network (SD-WAN) is the most disruptive of the current crop of disruptive technologies. An August 2019 survey found that SD-WAN disruption is affecting companies of all sizes, although at a greater rate among smaller companies with a revenue size of less than $10 million.
|
|
|
|
|
2019-09-10 18:51:04 |
(Déjà vu) Microsoft Patches Two Privilege Escalation Flaws Exploited in Attacks (lien direct) |
Microsoft's Patch Tuesday updates for September 2019 fix 80 vulnerabilities, including two Windows flaws that have been exploited in attacks.
|
|
|
|
|
2019-09-10 16:27:02 |
New Stealth Falcon Backdoor Discovered (lien direct) |
ESET security researchers have discovered a new backdoor associated with the United Arab Emirates (UAE)-linked Stealth Falcon threat actor.
|
Threat
|
|
|
|
2019-09-10 15:35:04 |
Adobe Patches Two Code Execution Vulnerabilities in Flash Player (lien direct) |
Adobe's September 2019 Patch Tuesday updates fix two code execution vulnerabilities in Flash Player and a DLL hijacking flaw in Application Manager.
|
|
|
|
|
2019-09-10 13:17:02 |
Vulnerabilities Exposed 2 Million Verizon Customer Contracts (lien direct) |
Vulnerabilities discovered by a security researcher in Verizon Wireless systems could have been exploited by hackers to gain access to 2 million customer contracts.
|
|
|
★★★★★
|
|
2019-09-10 13:07:04 |
Stop Using CVSS to Score Risk (lien direct) |
The mechanics of prioritizing one vulnerability's business risk over another has always been fraught with concern. What began as securing business applications and infrastructure from full-disclosure bugs a couple of decades ago, has grown to encompass vaguely referenced flaws in insulin-pumps and fly-by-wire aircraft with lives potentially hanging in the balance.
|
|
|
★★★★★
|
|
2019-09-10 07:39:02 |
(Déjà vu) HackerOne Raises $36.4 Million in Series D Funding Round (lien direct) |
Pentesting and bug bounty platform provider HackerOne on Monday announced that it raised $36.4 million in a Series D funding round, which brings the total raised by the company to date to more than $110 million.
|
|
|
|
|
2019-09-09 19:08:01 |
DNS-over-HTTPS Coming to Firefox (lien direct) |
Mozilla this week announced plans to gradually roll-out DNS-over-HTTPS (DoH) in Firefox starting this month, though only users in the United States will receive it in the beginning.
|
|
|
|
|
2019-09-09 15:46:01 |
Swedish GDPR Fine Highlights Legal Challenges in Use of Biometrics (lien direct) |
A small fine of $20,000 in Sweden highlights a potential problem for the use of biometrics in security throughout Europe, including American firms with offices in Europe.
|
|
|
|
|
2019-09-09 15:17:01 |
Cyberattack Disrupted Firewalls at U.S. Power Utility (lien direct) |
A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization.
|
Vulnerability
|
|
|
|
2019-09-09 14:09:05 |
U.S. Cyber Command Adds North Korean Malware Samples to VirusTotal (lien direct) |
The U.S. Cyber Command (USCYBERCOM) this week released 11 malware samples to VirusTotal, all of which appear related to the notorious North Korean-linked threat group Lazarus.
|
Malware
Threat
|
APT 38
|
|
|
2019-09-09 13:57:00 |
BlueKeep Exploit Added to Metasploit (lien direct) |
An initial public exploit targeting the recently addressed BlueKeep vulnerability in Microsoft Windows has been added to Rapid7's Metasploit framework.
|
Vulnerability
|
|
|
|
2019-09-09 13:29:02 |
Man Pleads Guilty for Trying to Access Trump\'s Tax Returns (lien direct) |
A Philadelphia man has pleaded guilty to trying to hack the IRS to obtain President Donald Trump's tax returns.
Andrew Harris pleaded guilty Thursday to two computer fraud counts in federal court. The 23-year-old faces up to two years in prison and $200,000 fine.
|
Hack
Guideline
|
|
|
|
2019-09-09 13:00:03 |
Private Equity Firms Interested in Buying Symantec for $16 Billion: Report (lien direct) |
Private equity firms Permira and Advent International are interested in acquiring Symantec's consumer business for more than $16 billion, The Wall Street Journal reports.
|
|
|
|
|
2019-09-09 12:04:01 |
Several Vulnerabilities Found in Red Lion HMI Software (lien direct) |
Researchers have discovered several vulnerabilities, including ones that have been classified as serious, in a human-machine interface (HMI) programming software made by U.S.-based Red Lion.
|
|
|
|
|
2019-09-09 10:07:02 |
China-Linked \'Thrip\' Cyberspies Continue Attacks on Southeast Asia (lien direct) |
The China-linked threat actor tracked by Symantec as Thrip has continued to target entities in Southeast Asia even after the cybersecurity firm exposed its operations.
|
Threat
|
|
|
|
2019-09-09 08:09:02 |
Cisco Releases GhIDA and Ghidraaas Tools for IDA Pro (lien direct) |
Cisco Talos has released two new open source tools for IDA Pro, namely GhIDA, an IDA Pro plugin, and Ghidraaas (Ghidra as a Service), a docker container.
|
|
|
|
|
2019-09-09 04:42:01 |
Parts of Wikipedia Offline After \'Malicious\' Attack (lien direct) |
Popular online reference website Wikipedia went down in several countries after the website was targeted by what it described as a "malicious attack".
The server of the Wikimedia Foundation, which hosts the site, suffered a "massive" Distributed Denial of Service (DDoS) attack, the organization's German account said in a tweet late Friday.
|
|
|
|
|
2019-09-07 17:02:04 |
Apple: Security Report on iPhone Hack Created \'False Impression\' (lien direct) |
Apple hit back Friday at a Google research report suggesting iPhones may have been targeted by a long-running hacking operation, calling it inaccurate and misleading.
|
Hack
Guideline
|
|
|
|
2019-09-06 18:34:02 |
Three Strategies to Combat Anti-Analysis and Evasion Techniques (lien direct) |
“What happens if our network is compromised?” is a question that security professionals have been asking for some time. But for a variety of reasons – ranging from network transformation efforts to more sophisticated attack methods – this question has now become, “how do we even know if our network has been compromised?”
|
|
|
|
|
2019-09-06 18:26:02 |
"Splintering" Makes Hacking Passwords 14 Million Percent Harder (lien direct) |
Tide Foundation Creating Marketplace Where PII Can be Safely Sold
|
|
|
|
|
2019-09-06 18:20:01 |
Industrial Manufacturing Firm DK-LOK Exposes Emails, Customer Data (lien direct) |
South Korean-based manufacturer DK-LOK was found to leak internal and external communications, including data on clients, vpnMentor's researchers warn.
An industrial pipe, valve, and fittings manufacturer, DK-LOK has clients all around the world, and also has branches in various countries, including the United States.
|
|
|
|
|
2019-09-06 18:00:04 |
Oklahoma Pension Fund Reports $4.2 Million Cyber Theft (lien direct) |
Officials with the pension system for retired Oklahoma Highway Patrol troopers and other state law enforcement officers say the FBI is investigating after computer hackers stole $4.2 million in funds.
A notice posted on the Oklahoma Law Enforcement Retirement System website on Friday said no pension benefits of any members are at risk.
|
|
|
|
|
2019-09-06 15:32:04 |
Industry Reactions to Iranian Mole Planting Stuxnet: Feedback Friday (lien direct) |
Yahoo News reported this week that an Iranian mole recruited by Dutch intelligence helped the United States and Israel sabotage Iran's nuclear program by planting the |
|
Yahoo
|
|
|
2019-09-06 14:16:04 |
Exim Vulnerability Allows Remote Code Execution as Root (lien direct) |
Exim mail servers are vulnerable to attacks due to a security hole that allows a local or remote attacker to execute arbitrary code with root privileges.
|
Vulnerability
|
|
|
|
2019-09-06 12:49:03 |
Cisco Patches Remote Command Execution in Webex Teams Client (lien direct) |
Cisco this week addressed a High severity vulnerability in the Webex Teams client for Windows that could allow an attacker to execute commands remotely.
The issue is created “due to improper restrictions on software logging features used by the application on Windows operating systems.”
|
Vulnerability
|
|
|
|
2019-09-06 12:34:01 |
Unpatched Privilege Escalation Vulnerability Impacts Android (lien direct) |
The Android operating system is affected by a zero-day privilege escalation bug residing in the V4L2 driver, Trend Micro's Zero Day Initiative (ZDI) reveals.
|
Vulnerability
|
|
|
|
2019-09-06 11:19:00 |
PerimeterX Raises Another $14 Million in Series C Round (lien direct) |
Website and mobile application protection company PerimeterX this week announced a $14 million extension to the Series C funding round it completed in February 2019.
|
|
|
|
|
2019-09-06 11:04:05 |
Firefox 69 Patches Critical Code Execution Flaw (lien direct) |
Mozilla this week released Firefox 69 in the stable channel with patches for 20 vulnerabilities, including one code execution bug rated Critical severity.
|
|
|
|
|
2019-09-06 10:50:03 |
No Ransom Paid in Recent Attack, Texas Says (lien direct) |
The Texas Department of Information Resources (DIR) says it is not aware of any ransom being paid to recover systems affected by a recent ransomware attack.
|
Ransomware
|
|
|
|
2019-09-06 10:21:01 |
Data Protection Firm BigID Raises $50 Million (lien direct) |
Data protection firm BigID announced on Thursday that it has raised $50 million in a Series C funding round, which brings the total raised by the company to nearly $100 million.
|
|
|
|