Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-29 15:20:04 |
Researcher Escalates Privileges on Exchange 2013 via NTLM Relay Attack (lien direct) |
Microsoft Exchange 2013 and newer versions allow an attacker to escalate privileges when performing a NT LAN Manager (NTLM) relay attack, a security researcher warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-29 15:08:01 |
Crypto Hardware Maker nCipher Re-Emerges From Thales After 20 Years (lien direct) |
nCipher re-emerged from Thales as a separate stand-alone company manufacturing and marketing hardware security modules (HSMs) on January 7, 2019, and was officially launched on January 26, 2019. It had been acquired by Thales for just over $100 million in July 2008, after being founded by Alex and Nicko Nicko van Someren in 1996.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-29 14:43:03 |
2019 Singapore ICS Cyber Security Conference Call for Presentations Closes Jan. 31 (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-29 14:43:00 |
Salt Security Emerges From Stealth With API Protection Solution (lien direct) |
Salt Security emerged from stealth mode on Tuesday with a solution designed to identify and prevent API attacks, and $10 million in funding.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-29 13:43:04 |
(Déjà vu) Japan to Survey 200 Million Gadgets for Cyber Security (lien direct) |
Japan is preparing a national sweep of some 200 million network-connected gadgets for cyber-security lapses ahead of the 2020 Tokyo Olympic Games, an official said on Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-29 13:09:01 |
How CISOs Can Demonstrate Business Value (lien direct) |
CISOs Must Clearly Demonstrate Their Value to the Business in Dollars and Cents
If you're the typical CISO or other level of information security officer, chances are this job description sounds about right:
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-29 12:01:00 |
(Déjà vu) Medical Device Security Firm Medigate Raises $15 Million (lien direct) |
Medigate, a company that provides medical device security and asset management solutions, on Tuesday announced that it raised $15 million in a Series A funding round, which brings the total raised to date to over $20 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-29 07:10:01 |
Apple Working on Patch to Prevent FaceTime Spying (lien direct) |
A critical vulnerability in Apple's FaceTime chat application can be exploited to spy on people. The tech giant has disabled a FaceTime feature in an effort to prevent abuse until a patch is made available.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-26 16:26:04 |
Trump Ally Stone Charged With Lying About Hacked Emails (lien direct) |
President Donald Trump's confidant Roger Stone has been charged with lying about his pursuit of Russian-hacked emails damaging to Hillary Clinton's 2016 election bid. Prosecutors allege that senior Trump campaign officials sought to leverage the stolen material into a White House victory.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-26 16:21:02 |
Ursnif Trojan Uses Fileless Persistence and CAB for Stealthily Data Exfiltration (lien direct) |
In addition to employing a fileless attack technique, the Ursnif Trojan has been using CAB files to compress harvested data before exfiltration in recent attacks, Cisco Talos security researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-26 15:37:03 |
Undercover Agents Target Cybersecurity Watchdog (lien direct) |
The researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi's inner circle before his gruesome death are being targeted in turn by international undercover operatives, The Associated Press has found.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 19:16:00 |
Skill Squatting: The Next Consumer IoT Nightmare? (lien direct) |
Connected devices are proliferating at a rapid rate, and this growth means that we're only just beginning to scratch beneath the surface with potential use cases for Internet of Things (IoT) technology. IoT has quickly moved beyond basic internet-connected gadgets and wearables to more sophisticated interactive features like voice processing, which in turn has led to a significant rise in voice-activated devices such as smart speakers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 17:52:00 |
Flood of Complaints to EU Countries Since Data Law Adopted (lien direct) |
More than 95,000 complaints have been filed with EU countries since the bloc's flagship data protection laws took effect eight months ago, the executive European Commission said Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 17:46:00 |
Check Point ZoneAlarm Flaw Allows Privilege Escalation (lien direct) |
A vulnerability in Check Point's popular ZoneAlarm antivirus and firewall allows attackers to escalate their privileges on a system running the security software. The vendor has released an update that should address the flaw.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 17:36:04 |
"Cobalt" Hackers Use Google App Engine in Recent Attacks (lien direct) |
Infamous "Cobalt" hacking group has been using Google App Engine for the delivery of malware through PDF decoy documents, Netskope's security researchers say.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 16:21:02 |
Hackers Using RDP Are Increasingly Using Network Tunneling to Bypass Protections (lien direct) |
Threat actors conducting Remote Desktop Protocol (RDP) attacks are increasingly using network tunneling and host-based port forwarding to bypass network protections, FireEye reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 15:34:05 |
Flaws Expose Phoenix Contact Industrial Switches to Attacks (lien direct) |
The latest firmware updates released by Phoenix Contact for its FL SWITCH industrial ethernet switches address a total of six vulnerabilities that can be exploited to obtain credentials for the web interface, conduct unauthorized activities, cause a denial-of-service (DoS) condition, and launch man-in-the-middle (MitM) attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 15:19:04 |
Data Leak in Ghostscript Could Allow Command Execution (lien direct) |
Data leak vulnerabilities in Ghostscript could allow an attacker to take over a routine and even execute commands on systems, Google Project Zero researcher Tavis Ormandy has discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 13:44:00 |
CISSP Price Hike Dismays Certified Security Professionals (lien direct) |
(ISC)² has increased its annual membership fee (AMF) for security professionals by 47% from $85 to $125. This will include holders of the most popular professional certification, CISSP. The new fee is fixed, whether the professional holds one or multiple (ISC)² certifications. For individual cert holders it is an increase; for multiple cert holders it will be a decrease.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 12:16:01 |
Microsoft Chief Calls for \'Global Standard\' on Privacy (lien direct) |
Microsoft Joins Apple in Calling for Strong Privacy Legislation
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 10:06:05 |
GDPR Compliance Brings Other Benefits: Cisco Study (lien direct) |
Companies that are ready for the EU's General Data Protection Regulation (GDPR) have reported shorter sales delays and fewer or less serious data breaches, according to Cisco's 2019 Data Privacy Benchmark Study.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-25 05:33:00 |
Google to Appeal 50-Million-Euro French Data Consent Fine (lien direct) |
Google said Wednesday it would appeal a record 50-million-euro fine imposed by France's data regulator for failing to meet the EU's strict new General Data Protection Regulation (GDPR).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-24 18:59:03 |
AWS Provides Secure Access to Internal Assets With Amazon WorkLink (lien direct) |
Amazon Web Services (AWS) on Wednesday announced the launch of Amazon WorkLink, a service that enables organizations to provide employees easy and secure access to internal websites and applications from their mobile devices without the need for a VPN or custom browser.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-24 18:01:04 |
Ongoing Campaign Delivers Redaman Banking Trojan (lien direct) |
Spam campaigns that have active during the last several months have been distributing the Redaman banking malware, Palo Alto Networks security researchers say.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-24 17:05:01 |
Georgia Official Seeks to Replace Criticized Voting Machines (lien direct) |
Georgia's new elections chief asked lawmakers Wednesday for $150 million to replace the state's outdated electronic voting machines. In doing so, he all but closed the door on a hand-marked paper balloting system that experts say is cheapest and most secure.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-24 16:17:03 |
State of Malware: Attacks on Business Grow as Threats Become More Sophisticated (lien direct) |
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-24 16:06:00 |
Identity Management Firm Keyfactor Raises $77 Million (lien direct) |
Identity management solutions provider Keyfactor on Thursday announced that it raised $77 million in a growth funding round with venture capital and private equity firm Insight Venture Partners.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-24 15:49:00 |
U.S. Senators Voice Cyber Concerns Over China-Made Metro Rail Cars (lien direct) |
A group of United States Senators have written a letter to the Washington Metropolitan Area Transit Authority (WMATA) to express safety and security concerns regarding the acquisition of metro rail cars built by a Chinese company.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-24 15:21:00 |
Link Found Between GreyEnergy and Zebrocy Attacks (lien direct) |
Researchers from Kaspersky Lab's Industrial Control Systems Cyber Emergency Response Team (ICS CERT) have found significant overlaps in GreyEnergy and Zebrocy activity, both of which were previously linked to Russia.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-24 12:03:00 |
Cisco Patches Flaws in Webex, SD-WAN, Other Products (lien direct) |
Cisco on Wednesday informed customers that security updates are available for several of the company's products, including SD-WAN, Webex, Firepower, IoT Field Network Director, Identity Services Engine, and Small Business routers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 17:15:05 |
Community Project Crushes 100,000 Malware Sites in 10 Months (lien direct) |
Nearly 100,000 malware distribution websites have been identified and taken down over the course of 10 months as part of an abuse.ch project called URLhaus.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 16:21:03 |
Unofficial Patches Released for Three Unfixed Windows Flaws (lien direct) |
ACROS Security's 0patch service has released unofficial patches for three Windows vulnerabilities that Microsoft has yet to address, including denial-of-service (DoS), file read, and code execution issues.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 16:20:00 |
GDPR Complaints Filed Against Eight International Streaming Companies (lien direct) |
European NGO noyb ('none of your business') filed ten GDPR-related complaints against eight international streaming services on January 18, 2019. The complaints allege that the concerned streaming services have not fully -- and in some cases not at all -- responded to the lawful 'right of access by the data subject' (Article 15 of GDPR) with 'transparent information, communication and modalities' (Article 12); and are therefore in breach of GDPR.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 16:03:00 |
Let\'s Encrypt Begins Retirement of TLS-SNI-01 Validation (lien direct) |
Free and open Certificate Authority (CA) Let's Encrypt today started the process of completely retiring TLS-SNI-01 validation support.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 15:39:04 |
Proposed Law Classifies Ransomware Infection as a Data Breach (lien direct) |
The newly announced Act to Strengthen Identity Theft Protections in North Carolina proposes that ransomware attacks be treated as data breaches.
|
Ransomware
Data Breach
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 15:13:04 |
WhatsApp Fights Fake News With Message Forwarding Limit (lien direct) |
WhatsApp, the popular messaging application that has roughly 1.5 billion users, now only allows messages to be forwarded to a maximum of 5 people in an effort to block attempts to abuse the platform for spreading false information.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 14:22:04 |
Adobe Patches Information Disclosure Flaws in Experience Manager (lien direct) |
Updates released on Tuesday by Adobe for its Experience Manager and Experience Manager Forms products address several vulnerabilities that can lead to information disclosure.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 13:17:05 |
Russian Watchdog Launches \'Administrative Proceedings\' Against Facebook, Twitter (lien direct) |
Russia's media watchdog Roskomnadzor launched "administrative proceedings" Monday against US social media giants Facebook and Twitter, accusing them of not complying with Russian law, news agencies reported.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 12:03:01 |
The Geopolitical Influence on Business Risk Management (lien direct) |
Report Maps Out Ten Major Geopolitical Risks That Businesses Will Face in 2019
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-22 07:10:05 |
Mitsubishi Develops Cybersecurity Technology for Cars (lien direct) |
Japanese electronics and electrical equipment giant Mitsubishi Electric Corporation on Monday unveiled new technology designed to protect connected vehicles against cyber threats.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-21 19:11:03 |
VLC Responds to Criticism Over Lack of HTTPS for Updates (lien direct) |
The developers of the popular open source video player VLC, which recently surpassed 3 billion downloads, have responded to criticism over the use of HTTP for software updates.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-21 18:24:00 |
France Hits Google With 50 Million Euro Data Consent Fine (lien direct) |
France's data watchdog on Monday announced a fine of 50 million euros ($57 million) for US search giant Google, using the EU's strict General Data Protection Regulation (GDPR) for the first time.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-21 18:16:02 |
DarkHydrus Hackers Use Google Drive in Recent Attacks (lien direct) |
The DarkHydrus threat group has added new functionality to the payloads used in recent attacks and is also leveraging Google Drive for command and control (C&C) purposes, Palo Alto Networks security researchers say.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-21 16:56:02 |
Websites Can Exploit Browser Extensions to Steal User Data (lien direct) |
Web applications can exploit browser extensions to access privileged capabilities and steal sensitive user information, including credentials, a researcher has discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-21 16:09:05 |
Report: Facebook\'s Privacy Lapses May Result in Record Fine (lien direct) |
Facebook may be facing the biggest fine ever imposed by the U.S. Federal Trade Commission for privacy violations involving the personal information of its 2.2 billion users.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-21 15:55:03 |
Former Employee Hacks Popular WordPress Plugin\'s Website (lien direct) |
The website for a popular WordPress plugin was hacked over the weekend, when a former employee abused a previously implemented backdoor to take over the domain.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-21 11:51:00 |
Flaws in Omron HMI Product Exploitable via Malicious Project Files (lien direct) |
Japan-based electronics company Omron has released an update for its CX-Supervisor product to address several vulnerabilities that can be exploited for denial-of-service (DoS) attacks and remote code execution.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-21 09:50:01 |
DNC: Russian Hackers Attacked Us Again After Midterm Elections (lien direct) |
Hackers believed to be associated with the Russian government targeted the US Democratic National Committee (DNC) shortly after the 2018 midterm elections, court documents show.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-19 13:57:01 |
Bulgaria Extradites Russian Hacker to US: Embassy (lien direct) |
Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-01-18 20:30:00 |
Exploit for Recent Flash Zero-Day Added to Fallout Exploit Kit (lien direct) |
An updated version of the Fallout exploit kit recently emerged with an exploit for a recent Flash zero-day included in its arsenal, Malwarebytes Labs security researchers warn.
|
|
|
|