Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-06 13:51:00 |
How GDPR is Unintentionally Driving the Next Decade of Technology (lien direct) |
Companies, organizations and sometimes even government agencies have been careless with the personal information they have traditionally collected. In their defense, personally identifiable information, sometimes simply called PII, wasn't historically much of a target for hackers and criminals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-06 11:25:04 |
Flaw in Schneider PLC Allows Significant Disruption to ICS (lien direct) |
A vulnerability discovered in some of Schneider Electric's Modicon programmable logic controllers (PLCs) may allow malicious actors to cause significant disruption to industrial control systems (ICS).
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-06 08:11:03 |
VPN Company AnchorFree Raises $295 Million (lien direct) |
AnchorFree, the company that makes the popular Hotspot Shield virtual private network (VPN) software, on Wednesday announced that it raised $295 million in a new funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-06 03:20:03 |
Man Charged With Cyberstalking Women for Explicit Photos (lien direct) |
LOS ANGELES (AP) - A former NASA contractor who allegedly threatened to publish nude photos of seven women unless they sent him other explicit pictures has been arrested at his Los Angeles home.
Richard Bauer was arrested Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 18:56:02 |
Cisco Patches Serious Flaws in RV, SD-WAN, Umbrella Products (lien direct) |
Cisco informed customers on Wednesday that patches are available for over a dozen critical and high severity vulnerabilities affecting the company's RV series, SD-WAN, Umbrella and other products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 18:35:05 |
Uber Announces Ramped Up Passenger Security (lien direct) |
Uber chief Dara Khosrowshahi said on Wednesday the smartphone-summoned ride service is reinforcing safeguards for passengers and their personal information.
Features to be added to the app in the coming months include "Ride Check," which uses location tracking already built into the service to detect when cars have stopped unexpectedly.
|
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 17:59:03 |
Multiple Vulnerabilities Addressed in Opsview Monitor (lien direct) |
Opsview recently addressed a series of remote code-execution, command-execution and local privilege-escalation vulnerabilities in the Opsview Monitor.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 16:13:01 |
Latest Version of Chrome Improves Password Management, Patches 40 Flaws (lien direct) |
Google this week celebrates 10 years of its Chrome web browser with the release of a new version that provides users with security improvements, new features, and patches for 40 vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 15:08:02 |
Windows Zero-Day Exploited in Targeted Attacks by \'PowerPool\' Group (lien direct) |
A threat group tracked by security firm ESET as “PowerPool” has been exploiting a Windows zero-day vulnerability to elevate the privileges of a backdoor in targeted attacks.
|
Vulnerability
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 14:26:05 |
Knowing When to Trust (lien direct) |
How Can Security Professionals Know When to Trust and When to Hold Their Cards Close?
The Byrds 1965 hit song “Turn! Turn! Turn!” has always been a favorite of mine. The lyrics of the song (which are taken from a well known source) are as follows:
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 14:16:03 |
Iranian Hackers Improve Recently Used Cyber Weapon (lien direct) |
The Iran-linked cyberespionage group OilRig was recently observed using a variant of the OopsIE Trojan that was updated with new evasion capabilities, Palo Alto Networks reports.
|
|
APT 34
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 11:07:01 |
Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey (lien direct) |
Actively Checking Device Integrity Can Detect Changes that Evade IP-based Monitoring
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 02:29:00 |
Facebook Chief Says Internet Firms in \'Arms Race\' for Democracy (lien direct) |
Facebook chief Mark Zuckerberg said late Tuesday that the leading social network and other internet firms are in an arms race to defend democracy.
Zuckerberg's Washington Post op-ed came on the eve of hearings during which lawmakers are expected to grill top executives from Facebook and Twitter.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-05 02:18:02 |
GOBLIN PANDA Targets Vietnam Again (lien direct) |
CrowdStrike security researchers have observed renewed activity associated with GOBLIN PANDA, a threat actor mainly targeting entities in Southeast Asia.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 18:04:01 |
Everything\'s Amazing, Nobody\'s Secure (lien direct) |
One of the best comedic routines I've ever had the opportunity to hear is Louis C.K.'s "Everything's Amazing, Nobody's Happy" piece. He makes some very clear if not painful points about how we as human beings in a modern society take things for granted. For example, we complain when the WiFi on the airplane goes out.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 17:19:04 |
Android System Broadcasts Expose Device Information (lien direct) |
Android device details are being exposed to running applications via Wi-Fi broadcasts in the mobile operating system, Nightwatch Cybersecurity has discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 15:59:05 |
\'Five Eyes\' Agencies Demand Reignites Encryption Debate (lien direct) |
Privacy and human rights organizations expressed concern Tuesday after a coalition of intelligence agencies renewed a call for technology companies to allow so-called "backdoor" access to encrypted content and devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 15:16:05 |
Google Introduces Open Source Cross-Platform Crypto Library (lien direct) |
Google last week took the wraps off Tink, an open source, multi-language, cross-platform cryptographic library designed to help simplify common encryption operations.
Under development for the past two years, the cryptographic library has been available on GitHub since its early days and has already attracted a few external contributors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 14:38:01 |
Automating in Security With Intelligence (lien direct) |
No Automated Tool is Capable of Providing the Full Context in Which a Threat Was Developed and Deployed
|
Tool
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 14:37:03 |
Thousands of 3D Printers Exposed to Remote Attacks (lien direct) |
Malicious actors could take control of thousands of 3D printers that can be accessed directly from the Internet without requiring any authentication.
According to the SANS Internet Storm Center, a Shodan search reveals over 3,700 instances of OctoPrint interfaces exposed to the Web, including nearly 1,600 in the United States.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 14:15:03 |
The Continuing Problem of Aligning Cybersecurity With Business (lien direct) |
Aligning security policy with business practices is generally considered to be a key imperative for a successful company. This must necessarily start with security teams understanding the business, and business leaders understanding security requirements.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 12:06:00 |
Lawsuit Lays Bare Israel-made Hack Tools in Mideast, Mexico (lien direct) |
PARIS (AP) - One day late last year, Qatari newspaper editor Abdullah Al-Athbah came home, removed the SIM card from his iPhone 7 and smashed it to pieces with a hammer.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 11:34:03 |
Will Russian Hackers Affect This Year\'s US Election? (lien direct) |
Nearly a year after Russian government hackers meddled in the 2016 U.S. election, researchers at cybersecurity firm Trend Micro zeroed in on a new sign of trouble: a group of suspect websites.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 10:42:02 |
Twitter to Verify Those Behind Hot-button US Issue Ads (lien direct) |
Twitter on Thursday started requiring those behind hot-button issue ads in the US to be vetted as part of the effort by the social network to thwart stealth campaigns aimed at influencing politics.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 10:22:05 |
(Déjà vu) Oracle Products Affected by Exploited Apache Struts Flaw (lien direct) |
Oracle informed customers over the weekend that some of the company's products are affected by a critical Apache Struts 2 vulnerability that has been exploited in the wild.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-09-04 05:13:00 |
Google Fights Tech Support Scams With New Ad Restrictions (lien direct) |
Google announced late last week that it's preparing a new verification program designed to keep tech support scams off its advertising platform.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-31 14:49:01 |
(Déjà vu) Third-Party Patch Released for Windows Zero-Day (lien direct) |
A patch is available for a |
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-31 14:29:04 |
Critical Vulnerability Patched in PHP Package Repository (lien direct) |
A critical remote code execution vulnerability was recently addressed in packagist.org |
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-31 14:04:04 |
Hackers Hit Air Canada Mobile App (lien direct) |
Air Canada this week notified customers of malicious activity around its mobile app and prompted users to reset their passwords, as a precautionary measure.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-31 12:34:04 |
Researchers Draw Connections Between APTs (lien direct) |
A newly discovered threat group shares similarities with three advanced persistent threats (APTs), Trend Micro security researchers have discovered.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-30 17:32:00 |
New Cobalt Campaign Targets Russian and Romanian Banks (lien direct) |
A new campaign by the Russia-based Cobalt hacking group was observed on August 13, 2018. Cobalt is best-known for targeting financial institutions, and this campaign is no different. Two targets have been identified to date: NS Bank in Russia and Carpatica/Patria in Romania.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-30 14:17:05 |
How Cybercriminals Are Using Blockchain to Their Advantage (lien direct) |
Cybercriminals Have Been Experimenting With a Blockchain Domain Name System (DNS)
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-30 13:53:02 |
Loki Bot Attacks Target Corporate Mailboxes (lien direct) |
Loki Bot's operators have been targeting corporate mailboxes with their spam messages, Kaspersky Lab reports.
|
Spam
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-30 13:39:04 |
Advanced Android Spyware Remained Hidden for Two Years (lien direct) |
A newly detailed Android spyware that has an incredibly wide-ranging protocol has been active since May 2016, Kaspersky Lab warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-30 12:12:05 |
China Probes Suspected Customer Data Leak at Accor Partner (lien direct) |
Shanghai police said they were investigating a suspected data leak at NASDAQ-listed Chinese hotelier Huazhu Group, the local partner of France-based AccorHotels.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-30 11:35:04 |
CEIDPageLock Rootkit Hijacks Web Browsers (lien direct) |
A new rootkit that has been distributed via the RIG exploit kit over the past few weeks can manipulate web browsers and also contains sophisticated defense mechanisms, Check Point says.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-29 19:35:00 |
FBI: No Evidence Clinton Server Hacked Despite Trump Tweet (lien direct) |
WASHINGTON (AP) - The FBI said Wednesday that it has no evidence Hillary Clinton's private email server was compromised even though President Donald Trump tweeted a news report that alleged the Chinese had hacked it.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-29 19:30:03 |
Hacktivist Drama \'Mr. Robot\' to End With 4th Season in 2019 (lien direct) |
LOS ANGELES (AP) - The hacktivist thriller "Mr. Robot" is coming to an end.
USA Network said Wednesday the drama series starring Emmy Award-winner Rami Malek will air its fourth and final season in 2019.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-29 19:07:03 |
The Expected Spike in Post-GDPR Spam Activity Hasn\'t Happened (lien direct) |
For many months it was expected that privacy protections afforded to consumers by GDPR would also benefit the bad guys.
|
Spam
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-29 13:53:03 |
Lithuanian Media Sign Pact With Govt to Counter Hackers (lien direct) |
Lithuania's major online media outlets on Tuesday signed an agreement to work with the defence ministry as they try to fend off a growing barrage of cyber attacks, largely blamed on Russia.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-29 13:48:01 |
Instagram Introduces New Account Safety Features (lien direct) |
Instagram this week announced new features to boost account security and provide users with increased visibility into accounts with a large number of followers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-29 13:43:04 |
Three Ways of Looking at Security Operations (lien direct) |
The term “security operations” is often interpreted to be synonymous with a security operations center (SOC). In fact, a web search on security operations results mostly in links to SOC content. But that's a narrow view.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-29 11:46:03 |
Twitter Suspends Accounts Engaged in Manipulation (lien direct) |
Twitter this week announced the suspension of a total of 770 accounts for “engaging in coordinated manipulation.”
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-28 16:48:05 |
Lacework Raises $24 Million to Expand Cloud Security Business (lien direct) |
Mountain View, Calif-based Lacework has closed a $24 million Series B funding round with Sutter Hill Ventures, bringing the total raised, including Series A early stage venture funding, to $32 million.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-28 16:22:01 |
Industrial Cybersecurity Firm Indegy Raises $18 Million (lien direct) |
Industrial cybersecurity firm Indegy on Tuesday announced that is has raised $18 million through a Series B funding round, bringing the total amount raised by the company to $36 million. The new funding adds to a $12 million Series A round announced by the company in July 2016.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-28 15:50:03 |
Man Accused of Hacking Into Bank Account, Stealing $300,000 (lien direct) |
HARTFORD, Conn. (AP) - Police have arrested a Connecticut man they allege hacked into someone's retirement account and stole more than $300,000.
Hartford police say 36-year-old Kwadjo Osei-Wusu, of Manchester, was arrested Friday and charged with money laundering, larceny and conspiracy to commit identity theft.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-28 14:49:03 |
Hackers Breach Cryptocurrency Platform Atlas Quantum (lien direct) |
260,000 Impacted in Cryptocurrency Investment Platform Breach
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-28 14:07:03 |
Critical Apache Struts Vulnerability Exploited in Live Attacks (lien direct) |
A Critical remote code execution vulnerability in Apache Struts 2 that was patched last week is already being abused in malicious attacks, threat intelligence firm Volexity warns.
|
Vulnerability
Threat
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-28 11:35:02 |
Notorious Cybercriminal Released From Prison (lien direct) |
Earlier this month, Belarusian authorities released from prison Sergey Yarets, a notorious cybercriminal and co-developer of the Andromeda botnet.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-08-28 11:29:03 |
Email Impersonation Attacks Increase by 80% (lien direct) |
The latest ESRA report from Mimecast indicates just why email attacks are so loved by cybercriminals, and why organizations need to take email security more seriously.
|
|
|
★★
|