Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-11 16:01:16 |
Highly Targeted Attacks Hit North Korean Defectors (lien direct) |
A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-11 14:31:34 |
Risky Business (Part 2): Why You Need a Risk Treatment Plan (lien direct) |
Performing a Risk Analysis and Taking Due Care Are No Longer Optional
Now hear this: You will always have exposure.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-11 14:21:42 |
Security Flaws Found in Majority of SCADA Mobile Apps (lien direct) |
Researchers from IOActive and Embedi have conducted an analysis of SCADA mobile applications from 34 vendors and found vulnerabilities in a vast majority of them, including flaws that can be exploited to influence industrial processes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-11 14:19:06 |
Don\'t Rely on One Star to Manage Digital Risk, The Key is Total Coverage (lien direct) |
Vince Lombardi, one of the greatest coaches of all time said, “The achievements of an organization are the results of the combined effort of each individual.†Think about the most successful coaches and you'll see a common thread – the ability to bring players and staff together and use their talents effectively and intelligently to defeat opponents. Phil Jackson accomplished this with different NBA franchises and Joe Gibbs with different quarterbacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-11 14:00:28 |
Endgame Lands $1 Million Contract From U.S. Navy (lien direct) |
Endgame, an Arlington, VA-based supplier of advanced endpoint protection software, has been awarded a $1 million contract by the U.S. Fleet Cyber Command/U.S. Tenth Fleet. The purpose of the contract is to protect more than 500,000 computers and ships' hull, mechanical and electrical systems, weapons and navigation systems, aviation systems, and the technology controlling physical devices on bases and facilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-11 12:31:52 |
Hackers Leak Olympic Committee Emails in Response to Russia Ban (lien direct) |
A group of hackers linked to Russia has leaked several emails apparently exchanged between officials of the International Olympic Committee (IOC) and other individuals involved with the Olympics. The leak comes in response to Russia being banned from the upcoming Pyeongchang 2018 Winter Games in South Korea.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-10 21:22:30 |
Let\'s Encrypt Disables TLS-SNI-01 Validation (lien direct) |
Free and open Certificate Authority (CA) Let's Encrypt on Tuesday disabled TLS-SNI-01 validation after learning that users could abuse it to obtain certificates for domains they do not own.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-10 20:50:21 |
NVIDIA Updates GPU Drivers to Mitigate CPU Flaws (lien direct) |
NVIDIA has released updates for its GPU display drivers and other products in an effort to mitigate the recently disclosed attack methods dubbed Meltdown and Spectre.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-10 15:57:07 |
IBM Starts Patching Spectre, Meltdown Vulnerabilities (lien direct) |
IBM has started releasing firmware patches for its POWER processors to address the recently disclosed Meltdown and Spectre vulnerabilities. The company is also working on updates for its operating systems, but those are expected to become available only next month.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-10 15:32:15 |
Android Malware Developed in Kotlin Programming Language Found in Google Play (lien direct) |
Security researchers at Trend Micro have discovered a malicious application in Google Play that was developed using the Kotlin programming language.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-10 13:53:13 |
Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC (lien direct) |
A firmware update released a few weeks ago by Rockwell Automation for its MicroLogix 1400 programmable logic controllers (PLCs) patches a potentially serious vulnerability.
The MicroLogix PLC family is used worldwide by organizations in the critical infrastructure, food and agriculture, and water and wastewater sectors for controlling processes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-10 13:49:20 |
Industrial Cybersecurity Firm Nozomi Networks Raises $15 Million (lien direct) |
Industrial cybersecurity firm Nozomi Networks has raised $15 million in a Series B funding round, the company announced Wednesday. The new funding brings the total amount raised by the company to date to $23.8 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-10 13:14:05 |
How Antivirus Software Can be the Perfect Spying Tool (lien direct) |
Your antivirus product could be spying on you without you having a clue. It might be intentional but legitimate behavior, yet (malicious) intent is the one step separating antivirus software from a cyber-espionage tool. A perfect one, experts argue.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-10 09:13:54 |
Microsoft, Intel Share Data on Performance Impact of CPU Flaw Patches (lien direct) |
Microsoft and Intel have shared more information on the performance impact of the patches released for the recently disclosed attack methods known as Spectre and Meltdown.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-09 20:33:14 |
Microsoft Patches Zero-Day Vulnerability in Office (lien direct) |
Microsoft's January 2018 Patch Tuesday updates address more than 50 vulnerabilities, including a zero-day vulnerability in Office related to an Equation Editor flaw that has been exploited by several threat groups in the past few months.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-09 17:59:42 |
WPA3 to Bring Improved Wireless Security in 2018 (lien direct) |
Wi-Fi Alliance Announces WPA3, the Successor to Wi-Fi's WPA2 Security Protocol
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-09 17:25:56 |
VirusTotal Launches Visualization Tool (lien direct) |
VirusTotal this week announced the availability of a visualization tool designed to help with malware investigations.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-09 16:45:14 |
Adobe Patch Tuesday Updates Fix Only One Flash Player Flaw (lien direct) |
Adobe's Patch Tuesday updates for January 2018 resolve only an information disclosure vulnerability affecting Flash Player.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-09 15:22:32 |
Working Smarter, Not Harder: Bridging the Cyber Security Skills Gap (lien direct) |
The Most Effective Security Teams Aren't Necessarily the Largest or the Most Experienced
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-09 06:09:56 |
Apple Adds Spectre Protections to Safari, WebKit (lien direct) |
Updates released by Apple on Monday for iOS, macOS and Safari should mitigate the effects of the vulnerabilities exploited by the recently disclosed attack method named Spectre.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-08 18:48:12 |
Monero Miner Sends Cryptocurrency to North Korean University (lien direct) |
An application compiled just weeks ago was found to be an installer for a Monero miner designed to send the mined currency to a North Korean university, AlienVault reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-08 17:16:31 |
Cybersecurity\'s Venture Capital and Private Equity Money-go-Round (lien direct) |
Access to Money at the Right Time is Essential for Cybersecurity Firms Given the Volatility of the Market
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-08 16:22:48 |
Microsoft Patches for CPU Flaws Break Windows, Apps (lien direct) |
Users have complained that the updates released by Microsoft last week for the Spectre and Meltdown vulnerabilities cause Windows to break down on some computers with AMD processors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-08 14:44:14 |
Hardcoded Backdoor Found on Western Digital Storage Devices (lien direct) |
Firmware updates released by Western Digital for its MyCloud family of devices address a series of security issues, including a hardcoded backdoor admin account.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-08 14:20:30 |
Lawsuits Filed Against Intel Over CPU Vulnerabilities (lien direct) |
At least three class action lawsuits have been filed against Intel in the past days over the recently disclosed vulnerabilities that could allow malicious hackers to obtain potentially sensitive information from computers.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-08 11:26:38 |
Serious Flaws Affect Dell EMC, VMware Data Protection Products (lien direct) |
Data protection products from both Dell EMC and VMware are impacted by three potentially serious vulnerabilities discovered by researchers at Digital Defense.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-08 08:36:03 |
Qualcomm Working on Mitigations for Spectre, Meltdown (lien direct) |
Qualcomm has confirmed that some of its products are affected by the recently disclosed Spectre and Meltdown vulnerabilities, but the company says mitigations are being deployed.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-07 15:47:36 |
NSA Contractor Pleads Guilty in Embarrassing Leak Case (lien direct) |
A former contractor for the US National Security Agency's elite hacking group has agreed to plead guilty to removing classified documents in a case that highlighted a series of disastrous leaks of top-secret NSA materials.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-07 15:41:09 |
US National Security Agency Chief to Retire (lien direct) |
National Security Agency Director Admiral Mike Rogers, the US signals intelligence czar, plans to retire within months after a four-year term scarred by damaging leaks, US intelligence sources confirmed Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-07 15:21:47 |
ZeuS Variant Abuses Legitimate Developer\'s Website (lien direct) |
The official website of Ukraine-based accounting software developer Crystal Finance Millennium (CFM) was abused for the distribution of a variant of the ZeuS banking Trojan, Talos reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-06 21:47:42 |
Hackers Already Targeting Pyeongchang Olympics: Researchers (lien direct) |
Hackers have already begun targeting the Pyeongchang Olympic Games with malware-infected emails which may be aimed at stealing passwords or financial information, researchers said Saturday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 19:27:46 |
Gifts and Data - Personalization Brings Meaning (lien direct) |
The holidays are now behind us and we're getting back to our routines. As we do, we start putting to use all the gifts we've received from family, friends, colleagues and neighbors. Each year I'm impressed by the people who always seem to nail it and find the perfect thing. It's as if they could read your mind. They know your interests and hobbies, perhaps your favorite teams and players.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 16:08:04 |
Microsoft Word subDoc Feature Allows Password Theft (lien direct) |
A feature in Microsoft Word that allows for the loading of sub-documents from a master document can be abused by attackers to steal a user's credentials, according to Rhino Security Labs.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 15:13:27 |
Several Vulnerabilities Patched in Advantech WebAccess (lien direct) |
Taiwan-based industrial automation company Advantech has released an update for its WebAccess product to address several vulnerabilities, including ones rated high severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 14:27:42 |
Ubuntu Preps Patches for Meltdown, Spectre CPU Flaws (lien direct) |
Ubuntu security updates planned for January 9 will patch the recently disclosed Meltdown and Spectre CPU vulnerabilties, Canonical has announced.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 13:58:06 |
Industry Reactions to Meltdown, Spectre Attacks: Feedback Friday (lien direct) |
Researchers disclosed this week the details of two new attack methods allowing malicious actors to gain access to sensitive information stored in a device's memory by exploiting security holes in Intel, AMD and ARM processors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 13:53:44 |
Inside McAfee\'s Acquisition of Skyhigh Networks (lien direct) |
McAfee Completes Acquisition of Skyhigh Networks
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 13:02:22 |
Ransomware and Bitcoin Enter New Phase (lien direct) |
The phenomenal appreciation in Bitcoin's value against the dollar, up roughly 18x in 2017 and 4x since September, gives us pause to consider – from a security perspective – what this might mean for ransomware in the near and distant future.
Ransomware and Bitcoin Codependency
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 12:56:05 |
An Open Letter to the New Year on My Five Cybersecurity Resolutions (lien direct) |
Dear, New Year,
My, how time flies. I can't believe you're already here, spurring me to make resolutions –presuming I have room to improve.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 12:03:26 |
Industrial Firms Increasingly Hit With Targeted Attacks: Survey (lien direct) |
An increasing number of companies in the industrial sector have experienced a targeted attack, according to a survey conducted by Kaspersky Lab and B2B International.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-05 07:53:23 |
Intel Patches CPUs Against Meltdown, Spectre Exploits (lien direct) |
Intel has been working with its partners to release software and firmware updates that should protect systems against the recently disclosed CPU attacks. The company expects patches to become available for a majority of its newer products by the end of next week.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-04 18:44:23 |
Google Apps Script Allowed Hackers to Automate Malware Downloads (lien direct) |
Researchers at Proofpoint discovered recently that Google Apps Script could have been abused by malicious hackers to automatically download malware hosted on Google Drive to targeted devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-04 17:29:42 |
Hackers Expected to Remotely Exploit CPU Vulnerabilities (lien direct) |
Security experts believe hackers will soon start to remotely exploit the recently disclosed vulnerabilities affecting Intel, AMD and ARM processors, if they haven't done so already.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-04 16:34:29 |
Andromeda Botnet to Die Slow, Painful Death (lien direct) |
Following a takedown operation in early December 2017, the Andromeda botnet is expected to slowly disappear from the threat landscape, ESET says.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-04 14:29:31 |
Crypto-Miner Botnet Spreads over SSH (lien direct) |
A recently discovered Linux crypto-miner botnet spreading over the SSH protocol is based on the Python scripting language, which makes it difficult to detect, F5 Networks has discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-04 14:01:54 |
Solving Security Problems Isn\'t Sexy (lien direct) |
Many Security Professionals Find Themselves Trapped in a Cycle of “Sexy†- What Can We Do About It?
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-04 13:21:51 |
Tech Giants Address Critical CPU Vulnerabilities (lien direct) |
Several major tech companies have started releasing patches and mitigations for the recently disclosed Meltdown and Spectre vulnerabilities affecting CPUs from Intel, AMD and ARM.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-04 12:01:59 |
247,000 DHS Employees Affected by Data Breach (lien direct) |
Information on nearly a quarter million Department of Homeland Security (DHS) employees was exposed as part of an "unauthorized transfer of data", the DHS announced.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-03 22:20:25 |
Intel, AMD Chip Vulnerabilities Put Billions of Devices at Risk (lien direct) |
Details of "Meltdown" and "Spectre" Attacks Against Intel and AMD Chips Disclosed
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-01-03 19:10:01 |
LockPoS Adopts New Injection Technique (lien direct) |
The LockPoS Point-of-Sale (PoS) malware has been leveraging a new code injection technique to compromise systems, Cyberbit researchers say.
|
|
|
|