Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-27 08:27:05 |
Mozilla Adding New CSRF Protection to Firefox (lien direct) |
Mozilla announced this week that the upcoming Firefox 60 will introduce support for the same-site cookie attribute in an effort to protect users against cross-site request forgery (CSRF) attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-26 22:54:02 |
Western Digital Cloud Storage Device Exposes Files to All LAN Users (lien direct) |
The default configuration on the new Western Digital My Cloud EX2 storage device allows any users on the network to retrieve files via HTTP requests, Trustwave has discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-26 22:39:05 |
13 Year-Old Configuration Flaw Impacts Most SAP Deployments (lien direct) |
Most SAP implementations continue to be impacted by a security configuration flaw initially documented in 2005, Onapsis warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-26 22:21:00 |
Dutch Police Shut Notorious \'Revenge Porn\' Site, Three Arrested (lien direct) |
Dutch police said Thursday they have arrested three men for stealing explicit pictures of girls and young women from their cloud data, and shut down a globally notorious "revenge porn" site.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-26 07:29:02 |
Microsoft Releases More Microcode Patches for Spectre Flaw (lien direct) |
Microsoft this week released another round of software and microcode updates designed to address the CPU vulnerability known as Spectre Variant 2.
Microsoft has been releasing software mitigations for the Spectre and Meltdown vulnerabilities since January, shortly after researchers disclosed the flaws.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-26 06:06:03 |
Picture This. Now Protect It. (lien direct) |
An astonishing amount of sensitive data – over 12 petabytes – is being exposed publicly. If you're having difficulty visualizing what 12 petabytes is, this might help. One petabyte is the equivalent of 500 billion pages of standard printed text, or over 2,000 years of continuous music, or three and half years of an HD video recorder running day and night. Now multiply by 12.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-26 03:01:02 |
Drupal Patches New Flaw Related to Drupalgeddon2 (lien direct) |
Drupal developers have released updates for versions 7 and 8 of the content management system (CMS) to address a new vulnerability related to the recently patched flaw known as Drupalgeddon2.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-26 01:45:05 |
Internet Exposure, Flaws Put Industrial Safety Controllers at Risk of Attacks (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 18:53:05 |
Authorities Take Down Largest DDoS Services Marketplace (lien direct) |
The |
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 17:29:00 |
Google Ramps Up Gmail Privacy Controls in Major Update (lien direct) |
Google on Wednesday ramped up privacy controls in a Gmail overhaul, aiming first at businesses that use its suite of workplace tools hosted in the internet cloud.
The "all new" Gmail is available to the more than four million businesses that pay for G Suite services.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 17:23:03 |
Ransomware Hits Ukrainian Energy Ministry Website (lien direct) |
Hackers managed to compromise the Ukrainian energy ministry website, encrypt files, and post a ransom demand.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 17:17:03 |
New Advanced Phishing Kit Targets eCommerce (lien direct) |
A new advanced phishing kit has surfaced, which provides miscreants with more than the usual one or two pages used to collect personal and financial data from victims, Check Point warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 12:58:04 |
Hotel Rooms Around the World Susceptible to Silent Breach (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 10:45:03 |
(Déjà vu) Apple Patches macOS, iOS, Safari (lien direct) |
Apple this week released patches to address a handful of security vulnerabilities in macOS, iOS, and Safari.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 08:02:03 |
Webinar Today: OMG! Why Do We Need More Awareness Training? (lien direct) |
Live Webinar: Wednesday, April 25th at 1PM ET
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 07:25:04 |
New Tool Detects Evil Maid Attacks on Mac Laptops (lien direct) |
A security researcher has developed a simple tool that helps Mac laptop owners detect unauthorized physical access to their device, also known as an evil maid attack, by monitoring its lid.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 06:32:02 |
Closing the Gaps that Result in Compromised Credentials (lien direct) |
Closing Gaps in Credential Security Requires Awareness of What Gaps Exist and How to Mitigate Them
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 02:42:04 |
Portugal Joins NATO Cyber-Defence Centre (lien direct) |
Portugal on Tuesday became the 21st country to join NATO's cyber defence centre, the Tallinn-based body said at a flag-raising ceremony.
"We are facing adversaries who target our common values in cyberspace: freedom, truth, trust," centre director Merle Maigre said at the ceremony.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 02:28:00 |
$35 Million Penalty for Not Telling Investors of Yahoo Hack (lien direct) |
US securities regulators on Tuesday announced that Altaba will pay a $35 million penalty for not telling them hackers had stolen Yahoo's "crown jewels."
|
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-25 02:00:03 |
Cambridge Analytica Says it is \'No Bond Villain\' (lien direct) |
Cambridge Analytica claimed Tuesday it was "no Bond villain" as it vehemently denied exploiting Facebook users' data for the election campaign of US President Donald Trump.
The marketing analytics firm stressed it had deleted data about Facebook users obtained in breach of the social network's terms of service.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-16 04:36:05 |
Severe Flaws Expose Moxa Industrial Routers to Attacks (lien direct) |
Cisco's Talos intelligence and research group has reported identifying a total of 17 vulnerabilities in an industrial router from Moxa, including many high severity command injection and denial-of-service (DoS) flaws.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 17:05:05 |
Enterprise App Security Firm Onapsis Raises $31 Million (lien direct) |
Application security firm Onapsis has raised $31 million through a Series C funding round led by new investor LLR Partners, the company announced Friday, bringing the total amount raised to $62 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 16:52:00 |
Google Turns TLS on By Default on Android P (lien direct) |
Applications targeting the next version of Android (Android P) are required to use encrypted connections by default, Google said on Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 16:33:04 |
Researchers Sinkhole Deep-Rooted "EITest" Infection Chain (lien direct) |
Proofpoint on Thursday said that it has managed to sinkhole what could be the oldest “infection chain” out there, which redirected users to exploit kits (EKs), social engineering schemes, and other malicious or fraudulent operations.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 16:10:02 |
Illumio, Qualys Partner on Vulnerability-based Micro-Segmentation (lien direct) |
Vulnerability management has two major components: discovering vulnerabilities, and mitigating those vulnerabilities. The first component is pointless without the second component. So, for example, Equifax, WannaCry, NotPetya, and many other breaches -- if not most breaches -- are down to a failure to patch, which is really a failure in vulnerability management.
|
|
NotPetya
Wannacry
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 15:52:05 |
\'Spectrum\' Service Extends Cloudflare Protection Beyond Web Servers (lien direct) |
Cloudflare on Thursday announced the availability of a new service that extends the company's protection capabilities to gaming, remote access, email, IoT and other types of systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 14:01:01 |
Hackers Start Exploiting Drupalgeddon2 Vulnerability (lien direct) |
Attempts to exploit a recently patched vulnerability in the Drupal content management system (CMS) were spotted by researchers shortly after someone published a proof-of-concept (PoC) exploit.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 13:47:04 |
Why Mass Transit Could Be the Next Big Target for Cyber Attacks-and What to do About it (lien direct) |
The constantly evolving tools and methods of cyber attackers has resulted in specific industries becoming the unfortunate subjects of sudden upswings in incident volume and severity. In recent years, for example, we've seen waves of ransomware attacks in healthcare and large-scale customer data breaches in technology. So, this trend begs the question, who's next? Which unlucky industry will be the latest target caught in the crosshairs of cyber attackers?
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 13:15:03 |
Britain Says Russia Spied on Skripals Before Poisoning (lien direct) |
Russian intelligence was spying on former double agent Sergei Skripal and his daughter Yulia for at least five years before they were poisoned in a nerve agent attack, Britain's National Security Adviser Mark Sedwill said in a letter to NATO on Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 13:09:00 |
25 Million U.S. Individuals Impacted by 2016 Uber Hack (lien direct) |
The 2016 data breach that Uber made public in November 2017 impacted over 25 million riders and drivers in the United States, the Federal Trade Commission (FTC) reveals.
|
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 12:34:04 |
Hackers Can Stealthily Exfiltrate Data via Power Lines (lien direct) |
Researchers have created proof-of-concept (PoC) malware that can stealthily exfiltrate data from air-gapped computers using power lines.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-13 10:23:00 |
U.K. Launched Major Cyberattack on Islamic State: Spy Chief (lien direct) |
The head of Britain's Government Communications Headquarters (GCHQ) revealed this week that the U.K. has launched a major cyberattack on the Islamic State (IS) group, significantly disrupting its operations.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 17:54:04 |
Multi-Purpose Proxy Botnet Ensnares 65,000 Routers (lien direct) |
More than 65,000 routers exposed to the Internet via the Universal Plug and Play (UPnP) protocol are being abused by cybercriminals as part of a large, multi-purpose proxy botnet, Akamai has discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 17:22:01 |
Key Points From Facebook-Zuckerberg Hearings (lien direct) |
Facebook chief Mark Zuckerberg testified for nearly 10 hours over two days on Facebook's privacy and data protection issues before committees of the Senate and House on Tuesday and Wednesday. Here are key points:
Protecting the platform
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 16:58:05 |
\'Operation Parliament\' Imitates Another Actor to Stay Undetected (lien direct) |
A series of geopolitically motivated attacks ongoing since early 2017 and targeting high profile organizations worldwide appear to be a symptom of escalating tensions in the Middle East region, Kaspersky Labs reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 16:05:01 |
Mocana Launches Supply Chain Integrity Platform to Secure IoT, ICS Devices (lien direct) |
Mocana TrustCenter Manages Security Across IoT and ICS Device Lifecycles
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 14:36:02 |
LimeSurvey Flaws Expose Web Servers to Attacks (lien direct) |
A couple of vulnerabilities affecting the popular online survey tool LimeSurvey can be exploited by remote attackers to execute malicious code and take control of web servers with little or no user interaction, researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 13:48:04 |
Have We Reached Data Breach Fatigue? (lien direct) |
With RSA Conference about to convene, it's a good time to think about the year (OK, this time it is 14 months) that has passed since the last RSA Conference and wonder if we have made any real, discernible progress.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 13:10:00 |
OPAQ Networks Raises $22.5 Million in Series B Funding (lien direct) |
Northern Virginia-based network security cloud company OPAQ Networks on Wednesday announced that it has secured $22.5 million in a Series B funding round, bringing the total raised by the firm to date to $43.5 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 12:04:02 |
Palo Alto Networks Acquires Incident Response Firm Secdo (lien direct) |
Palo Alto Networks this week announced that it has entered a definitive agreement to acquire Israel-based incident response firm Secdo. Financial terms of the deal have not been disclosed, but some reports say Palo Alto is prepared to pay $100 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 11:17:01 |
Czech Antivirus Targets London\'s Biggest Tech Float (lien direct) |
Czech antivirus software maker Avast announced Thursday that it will float on the London stock market next month in the British capital's biggest ever technology IPO.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-12 05:40:02 |
Carbon Black Prepares for $100 Million IPO (lien direct) |
Endpoint security solutions provider Carbon Black this week announced that it has filed an S-1 registration statement with the U.S. Securities and Exchange Commission (SEC) for a proposed initial public offering (IPO) of its common stock.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-11 16:41:02 |
Container Security Firm StackRox Raises $25 Million (lien direct) |
Container security firm StackRox announced this week that it has secured $25 million in a Series B funding round, bringing the total raised to date by the company to more than $39 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-11 16:00:05 |
Mobile Phishing Attacks Up 85 Percent Annually (lien direct) |
The rate at which users are receiving and clicking on phishing URLs on their mobile devices has increased at an average rate of 85% per year since 2011, mobile security firm Lookout reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-11 15:53:05 |
Considering The Complexities of Hack Back Laws (lien direct) |
Are the 'Hack Back' Laws Being Proposed by Congress a Good Idea?
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-11 14:51:05 |
Industrial Internet Consortium Develops New IoT Security Maturity Model (lien direct) |
The Industrial Internet Consortium (IIC) has developed a new IoT Security Maturity Model (SMM), building on its own security framework and reference architecture. This week it has published the first of two papers: IoT Security Maturity Model: Description and Intended Use.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-11 14:09:03 |
New Authentication Standard Coming to Major Web Browsers (lien direct) |
Web browsers from Google, Microsoft, and Mozilla will soon provide users with a new, password-less authentication standard built by the FIDO Alliance and the World Wide Web Consortium (W3C) and currently in the final approval stages.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-11 13:32:01 |
SAP Patches Critical Flaws in Business Client (lien direct) |
SAP this week released its April 2018 set of security patches, which include fixes for critical vulnerabilities in web browser controls delivered with SAP Business Client.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-11 13:09:04 |
Electrical Substations Exposed to Attacks by Flaws in Siemens Devices (lien direct) |
Electrical substations and other power supply facilities are exposed to hacker attacks due to several potentially serious vulnerabilities discovered by researchers in some Siemens protection relays.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-04-11 05:34:00 |
AMD, Microsoft Release Spectre Patches (lien direct) |
AMD and Microsoft on Tuesday released microcode and operating system updates that should protect users against Spectre attacks.
|
|
|
|