Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-09-06 04:33:00 |
Ransomware Attack Locks Out New Bedford City Data (lien direct) |
A Massachusetts mayor says hackers demanded $5.3 million from his city in a ransomware attack this summer.
New Bedford Mayor Jon Mitchell disclosed Wednesday that a variant of the Ryuk virus blocked access to information on 158 city computers in July. The Standard-Times reports the city had previously blamed an unspecified virus.
|
Ransomware
|
|
|
|
2019-09-05 14:39:01 |
Palo Alto Networks Acquires IoT Security Firm Zingbox for $75 Million (lien direct) |
Palo Alto Networks on Wednesday announced the acquisition of IoT security firm Zingbox for $75 million in cash, and made public its financial results for the fiscal year 2019.
Zingbox provides a cloud-based lifecycle management solution that uses AI and machine learning technologies to identify, secure and optimize devices.
|
|
|
|
|
2019-09-05 13:37:01 |
CircleCI Customer Data Exposed Through Third-Party Vendor (lien direct) |
CircleCI, a San Francisco-based company that specializes in continuous integration and delivery solutions, on Thursday informed customers that some of their information may have been exposed through a third-party analytics vendor.
|
|
|
|
|
2019-09-05 12:17:00 |
(Déjà vu) WordPress 5.2.3 Patches Several XSS Vulnerabilities (lien direct) |
WordPress developers on Thursday announced the availability of version 5.2.3, a maintenance and security release that includes 29 fixes and enhancements, along with several security patches.
|
|
|
|
|
2019-09-05 11:19:00 |
400 Mn Facebook Users\' Phone Numbers Exposed in Privacy Lapse: Reports (lien direct) |
Phone numbers linked to more than 400 million Facebook accounts were listed online in the latest privacy lapse for the social media giant, US media reported Wednesday.
|
|
|
|
|
2019-09-05 10:43:03 |
The Power of Visualization to Accelerate Security Operations (lien direct) |
Every day we seem to hear of new and interesting linkages discovered by the medical and scientific communities. Just yesterday there was a report that young people who vape are 3.5 times more likely to try or use marijuana, compared to those who don't. Today, I heard another report on the radio stating if a person can keep their blood pressure in check, especially in middle age, it could lower the risk of developing dementia.
|
|
|
|
|
2019-09-05 09:37:04 |
Crimeware Risk Underestimated, Chronicle Finds (lien direct) |
The risk associated with crimeware is underestimated, despite a continuous increase in attacks involving financially motivated malware, a new report from Alphabet-owned security firm Chronicle reveals.
|
|
|
|
|
2019-09-05 07:30:00 |
Tech Firms, US Officials Talk Election Protection at Facebook (lien direct) |
Facebook said technology firms and US officials met at its Silicon Valley headquarters on Wednesday to collaborate on protecting next year's presidential election from cyber threats.
|
|
|
|
|
2019-09-05 07:24:01 |
Twitter Temporarily Disables Tweeting via SMS After CEO Hack (lien direct) |
Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts.
|
Hack
|
|
|
|
2019-09-04 18:17:05 |
TrickBot Makes Heavy Use of Evasion in Recent Attacks (lien direct) |
The operators behind the TrickBot malware have made heavy use of evasion and anti-analysis techniques in recently observed attacks, security researchers warn.
|
Malware
|
|
★★★
|
|
2019-09-04 17:58:04 |
Android\'s September 2019 Patches Fix Nearly 50 Vulnerabilities (lien direct) |
Google this week released a new set of security patches for the Android platform, to address nearly 50 vulnerabilities in multiple components, including two critical flaws impacting the Media framework.
|
|
|
★★
|
|
2019-09-04 17:44:03 |
Vulnerability in Network Provisioning Affects Majority of All Android Phones (lien direct) |
An SMS phishing attack against many modern Android phones could route all internet traffic through a proxy controlled by the attacker. The problem lies in weak (sometimes non-existent) authentication for over-the-air (OTA) provisioning.
|
Vulnerability
|
|
★★
|
|
2019-09-04 14:06:02 |
FireEye Releases Open Source Persistence Toolkit \'SharPersist\' (lien direct) |
FireEye on Tuesday announced the release of SharPersist, a free and open source Windows persistence toolkit designed for Red Teams, which help organizations test the efficiency of their protection systems and improve their security posture by assuming the role of an adversary.
|
|
|
★★★
|
|
2019-09-04 13:49:02 |
(Déjà vu) What the Segway Can Teach Us About Information Security (lien direct) |
The Segway Can Offer More Security Insight Than You Might Realize
|
|
|
|
|
2019-09-04 12:36:04 |
Twitter CEO Hack Highlights Dangers of \'SIM Swap\' Fraud (lien direct) |
Even with considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his phone number.
|
Hack
|
|
|
|
2019-09-04 12:35:01 |
MITRE ATT&CK Used for Cybersecurity Skills Development (lien direct) |
By Mapping Skills and Training to MITRE ATT&CK, Skill Levels Can be Visualized in Real-Time
|
|
|
|
|
2019-09-04 12:29:00 |
Code Execution Flaws Found in EZAutomation PLC, HMI Software (lien direct) |
Researchers discovered that two pieces of software made by U.S.-based industrial automation solutions provider EZAutomation are affected by potentially serious vulnerabilities that can be exploited for remote code execution.
|
|
|
|
|
2019-09-04 11:27:02 |
Huawei Accuses US of Cyberattacks, Coercing Employees (lien direct) |
Chinese telecom equipment maker Huawei accused U.S. authorities on Wednesday of attempting to break into its information systems and of trying to coerce its employees to gather information on the company.
|
|
|
|
|
2019-09-04 04:50:03 |
Over 328,000 Users Hit by Foxit Data Breach (lien direct) |
PDF solutions provider Foxit last week informed customers that it had recently detected unauthorized access to data associated with its “My Account” service.
|
Data Breach
|
|
|
|
2019-09-04 04:30:00 |
Zerodium Offers Up to $2.5 Million for Android Exploits (lien direct) |
Exploit acquisition firm Zerodium announced on Tuesday that it's offering up to $2.5 million for powerful Android exploits, more than what it's offering for the same type of exploit on iOS.
|
|
|
|
|
2019-09-03 21:28:04 |
Facial Recognition Becomes Opt-in Feature at Facebook (lien direct) |
Facebook on Tuesday said facial recognition technology applied to photos at the social network will be an opt-in feature.
|
|
|
|
|
2019-09-03 18:16:04 |
Zyxel Devices Can Be Hacked via DNS Requests, Hardcoded Credentials (lien direct) |
Multiple security vulnerabilities have been discovered by SEC Consult in various Zyxel devices, including flaws that involve sending unauthenticated DNS requests and hardcoded FTP credentials.
|
|
|
|
|
2019-09-03 15:07:01 |
Meet Domen, a New and Sophisticated Social Engineering Toolkit (lien direct) |
A new social engineering toolkit has been discovered. The operational premise has been used many times, but the execution of that premise is new and described by security researchers "a beautiful piece of work".
|
|
|
|
|
2019-09-03 14:24:03 |
562,000 Impacted in XKCD Forum Data Breach (lien direct) |
The XKCD forum has been taken offline after suffering a data breach that impacted 562,000 subscribers.
The forum is associated with XKCD, a webcomic that American author Randall Munroe created in 2005, and which is described in its tagline as “A webcomic of romance, sarcasm, math, and language.”
|
Data Breach
|
|
|
|
2019-09-03 14:12:01 |
Cisco Releases Guides for Analyzing Compromised Devices (lien direct) |
Cisco has released new guides to help first responders collect forensic evidence from potentially compromised or tampered with IOS, IOS XE, ASA, and Firepower Threat Defense (FTD) devices.
|
Threat
|
|
|
|
2019-09-03 12:47:04 |
Pitfalls to Avoid in Ransomware Incident Response Plan (lien direct) |
Targeted ransomware attacks with larger ransom demands have persisted as a fixture of the news cycle and scourge for security practitioners and business leaders alike over the last two years. And because, unfortunately, these types of attacks show no signs of slowing down anytime soon, having an adequate incident response (IR) plan prepared is essential. Here are some common pitfalls to avoid when developing your ransomware IR plan:
|
Ransomware
Guideline
|
|
|
|
2019-09-03 12:18:01 |
\'Heatstroke\' Phishing Campaign Takes Multi-Stage Approach (lien direct) |
A recently observed phishing campaign targeting victims' private email addresses has adopted a multi-stage approach in an attempt to avoid raising suspicion, Trend Micro reveals.
|
|
|
|
|
2019-09-03 10:02:02 |
USBAnywhere: BMC Flaws Expose Supermicro Servers to Remote Attacks (lien direct) |
Tens of thousands of servers made by Supermicro could be exposed to remote attacks from the internet due to baseboard management controller (BMC) vulnerabilities identified by researchers at firmware security company Eclypsium.
|
|
|
|
|
2019-09-03 07:50:01 |
SIM Swapping Blamed for Hacking of Twitter CEO\'s Account (lien direct) |
Hackers were able to post offensive messages from the Twitter account of Jack Dorsey, the social media company's CEO, after they tricked his mobile services provider into handing over his phone number.
|
|
|
|
|
2019-09-02 15:14:03 |
TrickBot Tricks U.S. Users into Sharing their PIN Codes (lien direct) |
The threat actor behind the infamous TrickBot botnet has added new functionality to their malware to request PIN codes from mobile users, Secureworks reports.
|
Malware
Threat
|
|
★★★
|
|
2019-09-02 13:57:02 |
Viral Chinese App Loses Face, But Not Fans, Over Privacy Concerns (lien direct) |
A Chinese face-swapping app that allows users to convincingly superimpose their own likeness over characters in movies or TV shows has rapidly become one of the country's most downloaded apps, but has triggered a backlash over privacy fears.
|
|
|
★★★
|
|
2019-09-02 11:24:02 |
Operation Indiscriminately Infects iPhones With Spyware (lien direct) |
Researchers say suspected nation-state hackers infected Apple iPhones with spyware over two years in what security experts on Friday called an alarming security failure for a company whose calling card is privacy.
|
|
|
★★
|
|
2019-08-31 11:23:05 |
Twitter CEO Account Hacked, Offensive Tweets Posted (lien direct) |
Twitter said Friday the account of chief executive Jack Dorsey had been "compromised" after a series of erratic and offensive messages were posted.
|
|
|
|
|
2019-08-30 14:56:00 |
iOS Vulnerabilities Allowed Attackers to Remotely Hack iPhones for Years (lien direct) |
Google on Thursday published detailed information on five iOS exploit chains, one of which has been used to remotely hack iPhones for at least two years.
|
Hack
|
|
|
|
2019-08-30 08:04:05 |
Google Offers Big Bounties for Data Abuse Reports (lien direct) |
Google announced on Thursday the launch of a new reward program for data abuse, and the expansion of the Google Play bounty program to include Android applications with over 100 million installs.
|
|
|
|
|
2019-08-29 14:19:01 |
US Waged Cyberattack on Database Used by Iran to Target Tankers: NY Times (lien direct) |
The United States staged a secret cyberattack in June against a database used by Iran's Islamic Revolutionary Guard Corps to plot attacks on oil tankers in the Gulf, The New York Times reported.
|
|
|
|
|
2019-08-29 12:57:00 |
Disrupting Cybercriminal Strategy With AI and Automation (lien direct) |
Organizations Need to be Skeptical When Looking at Any Vendor Claiming to Offer AI-based Security
|
|
|
|
|
2019-08-29 12:24:02 |
Alleged Capital One Hacker Indicted on Wire Fraud, Computer Data Theft Charges (lien direct) |
Paige Thompson, the 33-year-old from Seattle accused of hacking Capital One and 30 other organizations, has been indicted on two counts of wire fraud and computer fraud and abuse.
|
|
|
|
|
2019-08-29 10:44:05 |
Pulse Secure Says Majority of Customers Patched Exploited Vulnerability (lien direct) |
Pulse Secure and Fortinet Take Steps to Protect Customers Against Attacks Exploiting Recently Disclosed Vulnerabilities
|
Vulnerability
|
|
|
|
2019-08-29 07:11:05 |
Bug Hunters Invited to Hack Facebook Devices at Pwn2Own Tokyo 2019 (lien direct) |
Trend Micro's Zero Day Initiative (ZDI) on Wednesday announced the prizes, rules and targets for Pwn2Own Tokyo 2019, which is set to take place on November 6-7 alongside the PacSec conference in Tokyo, Japan.
This year's event targets 17 devices and over $750,000 in cash and prizes are being offered to researchers who can hack them.
|
Hack
|
|
|
|
2019-08-28 21:09:02 |
Apple Apologizes for Listening to Siri Talk, Sets New Rules (lien direct) |
Apple on Wednesday apologized for its digital assistant Siri sharing some of what it heard with quality control workers as it unveiled new rules for handling data from conversations.
|
|
|
|
|
2019-08-28 20:36:02 |
(Déjà vu) Malware Found in Google Play App With 100 Million Downloads (lien direct) |
Security researchers have discovered malicious code in an Android application that has gathered over 100 million downloads on Google Play.
|
Malware
|
|
|
|
2019-08-28 20:31:01 |
Malware Takes Down Lumber Liquidators\' Network (lien direct) |
North American hard-surface flooring retailer Lumber Liquidators this week revealed that it managed to restore most of its network after a malware attack disabled parts of it for nearly a week.
|
Malware
|
|
|
|
2019-08-28 16:28:02 |
Cisco UCS Vulnerabilities Allow Complete Takeover of Affected Systems (lien direct) |
A researcher has disclosed the details and created Metasploit modules for Cisco UCS vulnerabilities that can be exploited to take complete control of affected systems.
|
|
|
|
|
2019-08-28 14:59:00 |
Researchers Analyze Tools Used by \'Hexane\' Attackers Against Industrial Firms (lien direct) |
Security researchers from Secureworks have analyzed several tools used by the Hexane threat actor in attack campaigns against industrial organizations over the past several months.
|
Threat
|
|
|
|
2019-08-28 13:52:03 |
DLL Hijacking Flaw Patched in Check Point Endpoint Security (lien direct) |
Researchers at SafeBreach discovered that Check Point's Endpoint Security product is affected by a DLL hijacking vulnerability that can be exploited for privilege escalation and other purposes.
|
Vulnerability
|
|
|
|
2019-08-28 11:27:03 |
Avast, French Police Remove Retadup Malware From 850,000 PCs (lien direct) |
Cybersecurity firm Avast and French police have neutralized the Retadup malware on over 850,000 computers after taking control of its command and control (C&C) server.
|
Malware
|
|
|
|
2019-08-28 10:36:02 |
Australia Tries to Curb Foreign Interference at Universities (lien direct) |
Australia announced Wednesday that it has formed a task force to crack down on attempts by foreign governments to meddle in Australian universities.
|
|
|
|
|
2019-08-27 19:51:05 |
Low Budgets, Limited Expertise Plague SMB Cybersecurity (lien direct) |
In 2013, a Faronics/Ponemon study found that lack of budget and poor security capability skills were the primary causes behind the generally poor state of cybersecurity in small and medium-sized businesses (SMBs). But, said Dmitry Shesterin, Faronics' VP of product management at the time, "the main reason I see," suggested Shesterin, "genuinely and honestly, they do not care -- they concentrate on business."
|
|
|
|
|
2019-08-27 17:49:04 |
Imperva Notifies Cloud WAF Customers of Security Incident (lien direct) |
California-based cybersecurity firm Imperva revealed on Tuesday that it recently learned of a security incident affecting some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.
|
|
|
|