Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-25 14:29:03 |
Questions Mount Over Delay After Cathay Pacific Admits Huge Data Leak (lien direct) |
Hong Kong carrier Cathay Pacific came under pressure Thursday to explain why it had taken five months to admit it had been hacked and compromised the data of 9.4 million customers, including passport numbers and credit card details.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-25 14:23:03 |
Researchers Find Command Injection Flaw in Cisco WebEx (lien direct) |
Cisco's WebEx software is affected by a serious vulnerability that can be exploited to execute arbitrary commands with elevated privileges.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-25 14:19:01 |
\'TimpDoor\' Malware Turns Android Devices into Proxies (lien direct) |
A newly discovered piece of Android malware creates a Socks proxy on infected devices, potentially allowing access to internal networks, McAfee reports.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-25 12:49:03 |
Banking Trojans in Google Play Pose as Utility Apps (lien direct) |
Google recently removed 29 applications from Google Play after learning that they were actually containing code to steal users' banking information.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-25 12:19:00 |
Mac Malware Injects Ads Into Encrypted Traffic (lien direct) |
A newly discovered piece of malware targeting macOS devices is capable of injecting ads into encrypted web traffic, Malwarebytes security researchers warn.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 19:59:00 |
Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers (lien direct) |
Hong Kong flag carrier Cathay Pacific said Wednesday it had suffered a major data leak affecting up to 9.4 million passengers.
The airline admitted data including passport numbers, identity card numbers, email addresses and credit card details was accessed.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 19:51:01 |
Check Point Acquires Dome9 for $175 Million (lien direct) |
Enterprise cybersecurity solutions provider Check Point Software Technologies on Wednesday announced the acquisition of Dome9, a company that specializes in cloud security infrastructure.
Check Point representatives told SecurityWeek that Dome9 was acquired for $175 million in cash, along with restricted stock units (RSUs) and stock options.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 18:40:05 |
Exploit for New Windows Zero-Day Published on Twitter (lien direct) |
A new zero-day vulnerability in Windows was made public on Twitter by the same researcher who published an exploit for a bug in the Windows Task Scheduler at the end of August.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 16:34:00 |
Magecart Hackers Now Targeting Vulnerable Magento Extensions (lien direct) |
After compromising large websites or third-party services they use in order to steal credit card information, the Magecart hackers have now turned to vulnerable Magento extensions.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 14:58:01 |
Yahoo to Pay $50M, Other Costs for Massive Security Breach (lien direct) |
Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history.
|
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 14:14:04 |
Pentagon Launches Continuous Bug Bounty Program (lien direct) |
The Department of Defense announced on Wednesday that its “Hack the Pentagon” bug bounty program will run all year long and will target the organization's high-value assets.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 13:55:02 |
Google Blocks New Ad Fraud Scheme (lien direct) |
Google says it recently blocked a new ad fraud scheme spread across a large number of applications and websites and monetizing with numerous advertising platforms.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 13:28:01 |
Firefox 63 Blocks Tracking Cookies (lien direct) |
Firefox 63 was released on Tuesday with a new cookie policy meant to prevent cross-site tracking by effectively blocking cookies and other site data from third-party tracking resources.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-24 10:42:03 |
The Enduring Password Conundrum (lien direct) |
Earlier this month, the State of California made headlines by passing legislation that will require hardware manufacturers to implement unique hardcoded passwords for every connected device they produce and force users to change it upon first use.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 21:41:05 |
DDoS-Capable IoT Botnet \'Chalubo\' Rises (lien direct) |
A new piece of malware is targeting Internet of Things (IoT) devices in an attempt to ensnare them into a botnet capable of launching distributed denial-of-service (DDoS) attacks, Sophos Labs reports.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 19:22:00 |
Fortinet Tackles Insider Threats with ZoneFox Acquisition (lien direct) |
Cybersecurity solutions provider Fortinet today announced that it has completed the acquisition of insider threat detection and response company ZoneFox.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 18:26:01 |
Triton Malware Linked to Russian Government Research Institute (lien direct) |
The development of the malware tracked as Triton, Trisis and HatMan was supported by a research institute owned by the Russian government, FireEye reported on Tuesday.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 16:01:03 |
Super Micro to Customers: Chinese Spy Chips Story Is Wrong (lien direct) |
A Bloomberg article claiming that tiny chips were inserted in Super Micro Computer Inc. equipment “is wrong,” the California-based server manufacturer says.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 14:24:05 |
(Déjà vu) Oracle Adds New Security Services to Cloud Platform (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 14:15:00 |
Mozilla Offers VPN Service to Firefox Users (lien direct) |
Mozilla and ProtonVPN this week announced a partnership aimed at keeping users safe while navigating the Internet.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 12:01:02 |
(Déjà vu) Plaintext Passwords Often Put Industrial Systems at Risk: Report (lien direct) |
ATLANTA - SECURITYWEEK 2018 ICS CYBER SECURITY CONFERENCE - Plaintext passwords crossing the network, outdated operating systems, direct connections to the Internet, and the lack of automated updates for security solutions often put industrial systems at risk of attacks, according to a new report published on Tuesday by industrial cybersecurity firm CyberX.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 10:29:01 |
The Rise of The Virtual Security Officer (lien direct) |
The market for virtual security officers is growing. We've had virtual chief information security officers for a few years (vCISOs), and we can expect to see virtual data protection officers (vDPOs) in the next few. The demand for both is higher than it has ever been, and it is likely to grow.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-23 00:15:04 |
Japan Orders Facebook to Improve Data Protection (lien direct) |
The Japanese government on Monday ordered Facebook to improve protection of users' personal information following data breaches affecting tens of millions of people worldwide.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-22 19:24:02 |
Cisco, F5 Networks Investigate libssh Vulnerability Impact (lien direct) |
Cisco and F5 Networks are investigating the possible impact of the recently patched libssh vulnerability on their products, while other vendors have concluded similar investigations.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-22 18:40:01 |
Flaw in Media Library Impacts VLC, Other Software (lien direct) |
A serious vulnerability in the LIVE555 Streaming Media RTSP server affects popular applications, including VLC, MPlayer and others, Cisco Talos has discovered.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-22 18:08:03 |
Hackers Deface Website of Saudi Investment Forum (lien direct) |
A website for a Saudi investment summit was down on Monday after an apparent cyber attack, just a day before the three-day conference overshadowed by the murder of journalist Jamal Khashoggi begins.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-22 16:39:01 |
Securing the Vote Against Increasing Threats (lien direct) |
With the U.S. mid-term elections just a couple of weeks away, there are continuing concerns over the security of the electronic voting procedures used by many states. These concerns range from the integrity of state voter registration databases through the compromise of individual voting machines to the accuracy of their calibration without a paper audit trail to confirm accurate vote tallying.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-22 16:35:03 |
Recent Branch.io Patch Creates New XSS Flaw (lien direct) |
The patch for a recently disclosed cross-site scripting (XSS) vulnerability in Branch.io introduced another similar flaw, a security researcher revealed last week.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-22 15:27:02 |
Cyberbit Launches Portable ICS Security Assessment Solution (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-22 14:12:01 |
Google Boosts Android Security with Protected Confirmation (lien direct) |
Google further improved the security of Android with the inclusion of a new API in the latest operating system release.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-20 20:21:05 |
Hackers Breach HealthCare.gov System, Get Data on 75,000 (lien direct) |
A government computer system that interacts with HealthCare.gov was hacked earlier this month, compromising the sensitive personal data of some 75,000 people, officials said Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 18:39:04 |
NSA-Linked \'DarkPulsar\' Exploit Tool Detailed (lien direct) |
Kaspersky Lab security researchers have analyzed another exploit tool that was supposedly stolen from the National Security Agency-linked Equation Group.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 18:09:04 |
0-Day in jQuery Plugin Impacts Thousands of Applications (lien direct) |
Thousands of projects are possibly impacted by a jQuery File Upload plugin vulnerability that has been actively exploited in the wild, a security researcher has discovered.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 15:22:04 |
City Pays $2,000 in Computer Ransomware Attack (lien direct) |
A Connecticut city has paid $2,000 to restore access to its computer system after a ransomware attack.
West Haven officials said Thursday they paid the money to anonymous attackers through the digital currency bitcoin to unlock 23 servers and restore access to city data.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 13:53:01 |
Chinese Hackers Use \'Datper\' Trojan in Recent Campaign (lien direct) |
A China-linked cyber espionage group known as Tick was observed using the Datper malware in a recent campaign, Cisco Talos security researchers reveal.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 13:41:05 |
Server With National Guard Personnel Data Target of Attack (lien direct) |
The Indiana National Guard says a state, non-military computer server containing personal information on civilian and military Guard personnel was the target of a recent ransomware attack.
The Guard said Thursday it is notifying the affected personnel that they should be alert for suspicious activity or fraudulent accounts being opened in their name.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 13:38:00 |
FreeRTOS Vulnerabilities Expose Many Systems to Attacks (lien direct) |
Vulnerabilities discovered in the FreeRTOS operating system can expose a wide range of systems to attacks, including smart home devices and critical infrastructure, researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 11:13:02 |
EU Leaders Vow Tough Action on Cyber Attacks (lien direct) |
EU leaders on Thursday condemned the attempted hack on the global chemical weapons watchdog and vowed to step up the bloc's efforts to tackle cyber attacks.
With concerns growing about the malign cyber activities of several countries around the world, notably Russia, the bloc's leaders called for work to begin to set up sanctions to punish hackers.
|
Hack
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 10:40:05 |
Mozilla Brings Encrypted SNI to Firefox Nightly (lien direct) |
Mozilla says Firefox Nightly now supports encrypting the Transport Layer Security (TLS) Server Name Indication (SNI) extension, several weeks after Cloudflare announced it turned on Encrypted SNI (ESNI) across all of its network.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 09:21:00 |
(Déjà vu) Remote Code Execution Flaws Patched in Drupal (lien direct) |
Developers of the Drupal content management system (CMS) have patched several vulnerabilities in the 7 and 8 branches, including serious flaws that can be exploited for remote code execution.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-19 05:37:05 |
Splunk Patches Several Flaws in Enterprise, Light Products (lien direct) |
Splunk recently patched several vulnerabilities in its Enterprise and Light products, including flaws that have been rated “high severity.”
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 18:22:00 |
Flaws Open Telepresence Robots to Prying Eyes (lien direct) |
Vulnerabilities in telepresence robots could provide an attacker not only with command execution capabilities, but also with access to a live video stream from the device, Zingbox reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 17:35:04 |
NFCdrip Attack Proves Long-Range Data Exfiltration via NFC (lien direct) |
Researchers have demonstrated that the near-field communication (NFC) protocol can be used to exfiltrate small amounts of data, such as passwords and encryption keys, over relatively long distances.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 13:57:05 |
Apple\'s Revamped Privacy Website Offers Users Access to Their Data (lien direct) |
Apple users can now get a copy of the data the tech giant has on them, directly from a refreshed and expanded privacy website rolled out this week.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 13:24:02 |
Google Pixel 3 Improves Data Protection with Security Chip (lien direct) |
Google has packed the recently launched Pixel 3 and Pixel 3 XL devices with Titan M, a hardened security microcontroller that can better protect information at hardware level.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 12:03:00 |
\'Operation Oceansalt\' Reuses Code from Chinese Group APT1 (lien direct) |
A recently observed cyber-espionage campaign targeting South Korea, the United States and Canada is reusing malicious code previously associated with state-sponsored Chinese group APT1, McAfee reports.
|
|
APT 32
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 11:58:00 |
3 Public Cloud Security Myths Debunked (lien direct) |
As more and more organizations embrace the migration to the cloud, there are the inevitable questions that arise around its safety. Specifically, enterprises need to know that their data is going to be secure if they choose to embrace a cloud-based model, particularly a public cloud.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 10:45:02 |
Facebook Launches \'War Room\' to Combat Manipulation (lien direct) |
In Facebook's "War Room," a nondescript space adorned with American and Brazilian flags, a team of 20 people monitors computer screens for signs of suspicious activity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 10:37:05 |
Ex-Virginia Teacher Charged in 2014 \'Celebgate\' Hacking (lien direct) |
A former Virginia high school teacher is the fifth person charged in an investigation into the 2014 "celebgate" scandal in which hackers obtained nude photographs and other private information from more than 200 people, including celebrities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-10-18 05:37:03 |
Tumblr Vulnerability Exposed User Account Information (lien direct) |
Tumblr on Wednesday disclosed a vulnerability that could have been exploited to obtain user account information, including email addresses and protected passwords.
|
Vulnerability
|
|
|