What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-05-23 05:32:01 | FBI Inflated Numbers on Unhackable Devices (lien direct) | The FBI claimed it was unable to analyze roughly 7,700 devices last year due to strong encryption, but the actual number is likely much lower and the agency has admitted its mistake. | |||
|
2018-05-23 03:31:05 | Best Practices in Securing DevOps (lien direct) | The growing demand for faster software delivery, using public cloud environments, microservices, and containers, has triggered a discussion on the role of security in the world of DevOps. | |||
|
2018-05-23 00:14:03 | \'I\'m sorry\', Facebook Boss Tells European Lawmakers (lien direct) | Facebook chief Mark Zuckerberg apologized to the European Parliament on Tuesday for the "harm" caused by a huge breach of users' data and by a failure to crack down on fake news. | |||
|
2018-05-22 20:56:05 | As EU Privacy Law Looms, Debate Swirls on Cybersecurity Impact (lien direct) | Days ahead of the implementation of a sweeping European privacy law, debate is swirling on whether the measure will have negative consequences for cybersecurity. The controversy is about the so-called internet address book or WHOIS directory, which up to now has been a public database identifying the owners of websites and domains. | |||
|
2018-05-22 20:30:01 | Critical Flaw Impacts Dell EMC RecoverPoint (lien direct) | Several security flaws were recently found in | |||
|
2018-05-22 18:42:01 | U.S. Lawmakers Denounce Purported ZTE Deal (lien direct) | The United States and China have a tentative deal to save embattled Chinese telecom company ZTE, days after the two nations announced a truce in their trade standoff, The Wall Street Journal reported Tuesday. The report sparked an immediate negative reaction on Capitol Hill, where top Republican and Democrat senators denounced it. | |||
|
2018-05-22 18:32:01 | Cloudflare Improves DDoS Mitigation Tool (lien direct) | Cloudflare announced a series of improvements to its Rate Limiting distributed denial of service (DDoS) protection tool this week. | |||
|
2018-05-22 17:13:01 | Activists Urge Amazon to Drop Facial Recognition for Police (lien direct) | More than 30 activist groups led by the American Civil Liberties Union urged Amazon Tuesday to stop providing facial recognition technology to law enforcement, warning that it could give authorities "dangerous surveillance powers." | ★★★ | ||
|
2018-05-22 15:00:03 | Chinese Researchers Find Vulnerabilities in BMW Cars (lien direct) | 
|
|||
|
2018-05-22 14:15:04 | Top 6 Mistakes That Will Blow Your Online Cover (lien direct) | Perfect Operational Security (OPSEC) Needs to Start From Day One | |||
|
2018-05-22 13:26:05 | Attackers Hide in Plain Sight as Threat Hunting Lags: Report (lien direct) | CISO Survey Shows the Importance of Threat Hunting in the Finance Sector | |||
|
2018-05-22 12:51:00 | Botnets Target Zero-Days in GPON Routers (lien direct) | Two unpatched vulnerabilities in Dasan's Gigabit-capable Passive Optical Network (GPON) routers are being exploited by Internet of Things (IoT) botnets, security researchers warn. | |||
|
2018-05-22 11:04:04 | FireEye Launches OAuth Attack Testing Platform (lien direct) | FireEye on Monday announced the availability of a platform to allow organizations and pentesters check their ability to detect and respond to OAuth abuse attacks. | |||
|
2018-05-22 11:04:02 | (Déjà vu) VMware Patches Fusion, Workstation Vulnerabilities (lien direct) | VMware informed customers on Monday that updates for its Fusion and Workstation products patch important denial-of-service (DoS) and privilege escalation vulnerabilities. | |||
|
2018-05-22 05:34:00 | Tech Firms Coordinate Disclosure of New Meltdown, Spectre Flaws (lien direct) | Intel, AMD, ARM, IBM, Microsoft and other major tech companies on Monday released updates, mitigations and advisories for two new variants of the speculative execution attack methods known as Meltdown and Spectre. | |||
|
2018-05-21 17:43:01 | Dell Patches Vulnerability in Pre-installed SupportAssist Utility (lien direct) | Dell Patches Local Privilege Escalation in SupportAssist Dell recently addressed a local privilege escalation (LPE) vulnerability in SupportAssist, a tool pre-installed on most of all new Dell devices running Windows. | |||
|
2018-05-21 17:03:03 | Attackers Change DNS Settings of DrayTek Routers (lien direct) | Attackers have been targeting a zero-day vulnerability in routers made by DrayTek to change their DNS settings and likely abuse them in future attacks. | |||
|
2018-05-21 16:13:05 | Android Malware Targets North Korean Deflectors (lien direct) | Recent attacks orchestrated by a hacking group referred to as “Sun Team” have targeted North Korean deflectors via malicious applications in the Google Play store, McAfee reports. | |||
|
2018-05-21 13:57:01 | Critical Flaws Patched in Phoenix Contact Industrial Switches (lien direct) | Several vulnerabilities, including ones rated critical and high severity, have been patched in industrial ethernet switches made by Phoenix Contact, a Germany-based company that specializes in industrial automation, connectivity and interface solutions. | |||
|
2018-05-21 13:49:02 | Compliance is Not Synonymous With Security (lien direct) | While the upcoming GDPR compliance deadline will mark an unprecedented milestone in security, it should also serve as a crucial reminder that compliance does not equal security. Along with the clear benefits to be gained from upholding the standards enforced by GDPR, PCI DSS, HIPAA, and other regulatory bodies often comes a shift toward a more compliance-centric security approach. | |||
|
2018-05-21 12:55:02 | Researcher Earns $36,000 for Google App Engine Flaws (lien direct) | An 18-year-old researcher has earned more than $36,000 from Google after finding a critical remote code execution vulnerability related to the Google App Engine. Part of the Google Cloud offering, the App Engine is a framework that allows users to develop and host web applications on a fully managed serverless platform. | |||
|
2018-05-21 10:47:01 | Utimaco to Acquire Atalla Hardware Security Module Business From Micro Focus (lien direct) | Aachen, Germany-based firm Utimaco will acquire the Atalla hardware security module (HSM) and enterprise secure key manager (ESKM) lines from UK-based Micro Focus. | |||
|
2018-05-21 05:55:03 | Hacked Drupal Sites Deliver Miners, RATs, Scams (lien direct) | The Drupal websites hacked by cybercriminals using the vulnerabilities known as Drupalgeddon2 and Drupalgeddon3 deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams. | |||
|
2018-05-21 04:40:03 | (Déjà vu) Two Vulnerabilities Patched in BIND DNS Software (lien direct) | Updates announced on Friday by the Internet Systems Consortium (ISC) for BIND, the most widely used Domain Name System (DNS) software, patch a couple of vulnerabilities. While attackers may be able to exploit both of the flaws remotely for denial-of-service (DoS) attacks, the security holes have been assigned only a “medium” severity rating. | |||
|
2018-05-18 16:40:02 | 200 Million Sets of Japanese PII Emerge on Underground Forums (lien direct) | A dataset allegedly containing 200 million unique sets of personally identifiable information (PII) exfiltrated from several popular Japanese website databases emerged on underground forums, FireEye reports. | |||
|
2018-05-18 16:03:00 | F-Secure Unveils New Endpoint Detection & Response Solution (lien direct) | Finland-based cybersecurity firm F-Secure on Thursday announced the launch of a new endpoint detection and response (EDR) solution that combines human expertise and artificial intelligence. | |||
|
2018-05-18 13:07:00 | Misconfigured CalAmp Server Enabled Vehicle Takeover (lien direct) | A misconfigured server operated by CalAmp, a company offering the backend for a broad range of well-known car alarm systems, provided anyone with access to data and even allowed for account and vehicle takeover. | |||
|
2018-05-18 11:20:03 | Chrome to Issue Red "Not Secure" Warning for HTTP (lien direct) | Google is putting yet another nail in the HTTP coffin: starting with Chrome 70, pages that are not served over a secure connection will be marked with a red warning. | |||
|
2018-05-18 08:39:03 | Man Sentenced to 15 Years in Prison for DDoS Attacks, Firearm Charges (lien direct) | A New Mexico man has been sentenced to 15 years in prison for launching distributed denial-of-service (DDoS) attacks on dozens of organizations and for firearms-related charges. | ★★★★★ | ||
|
2018-05-18 07:26:05 | More Charges Against \'Syrian Electronic Army\' Hackers (lien direct) | The U.S. Justice Department on Thursday announced more charges against two Syrian nationals believed to be members of the “Syrian Electronic Army” hacker group. | |||
|
2018-05-17 18:21:05 | "Wicked" Variant of Mirai Botnet Emerges (lien direct) | A new variant of the Mirai Internet of Things (IoT) botnet has emerged, which features new exploits in its arsenal and distributing a new bot, Fortinet researchers warn. | |||
|
2018-05-17 18:06:02 | Will Your Enterprise Survive the IoT Explosion? (lien direct) | How Can Businesses Minimize the Risk Created by IoT While Ensuring Networks Are Secure? | |||
|
2018-05-17 17:10:03 | DHS Publishes New Cybersecurity Strategy (lien direct) | The U.S. Department of Homeland Security (DHS) this week published its long-delayed Cybersecurity Strategy. It had been mandated by Congress to deliver a strategy by March 2017, and did so on May 15, 2018. | |||
|
2018-05-17 16:36:01 | \'Chrysene\' Group Targets ICS Networks in Middle East, UK (lien direct) | A threat actor with ties to hacker groups believed to be operating out of Iran has been targeting the industrial networks of organizations in the Middle East and the United Kingdom. | |||
|
2018-05-17 15:38:03 | Critical Flaws in Cisco DNA Center Allow Unauthorized Access (lien direct) | Cisco has found and patched three critical unauthorized access vulnerabilities in its Digital Network Architecture (DNA) platform. Cisco DNA is a solution that helps enterprises automate network operations, making it easy to design, provision and apply policies across their environments. | |||
|
2018-05-17 13:40:04 | U.S. Energy Department Unveils Multiyear Cybersecurity Plan (lien direct) | The U.S. Department of Energy this week announced its strategy to reduce cyber risks in the energy sector and outlined its goals, objectives and activities for the next five years. | |||
|
2018-05-17 13:38:01 | Net Neutrality: Party Politics and Consumer Concerns (lien direct) | Net neutrality in the U.S. is a bi-partisan issue being fought in a very partisan manner. It was introduced in the Democrat Obama-years, and abandoned by the Republican Trump-installed FCC chairman Ajit Pau. Sen. Edward Markey, D-Mass. filed a procedural petition that would allow a debate on overturning the FCC ruling via the Congressional Review Act. | |||
|
2018-05-17 10:16:05 | Google Offers Free DDoS Protection for U.S. Political Organizations (lien direct) | Jigsaw, an incubator run by Google parent Alphabet, this week announced the availability of Project Shield – which offers free distributed denial of service (DDoS) protections – for the U.S. political community. | |||
|
2018-05-17 09:59:02 | Hackers Steal \'$15.3 Million\' From Mexico Financial System (lien direct) | Hackers who targeted Mexico's interbank payment system made off with more than $15 million in the past several weeks, the Bank of Mexico said Wednesday. The amount of funds involved in the irregular activity totaled "approximately 300 million pesos ($15.3 million)," central bank governor Alejandro Diaz de Leon told reporters. | |||
|
2018-05-17 09:54:05 | Deleted WHOIS Data: An Unintended Consequence of GDPR (lien direct) | GDPR Will Impact the Availability of WHOIS Data to Security Researchers and Investigators | |||
|
2018-05-17 06:14:01 | U.S. Jury Convicts Operator of Counter AV Service Scan4You (lien direct) | A 37-year-old Latvian resident was convicted by a U.S. jury on Wednesday for his role in the operation of a counter antivirus service named Scan4You. Sentencing is scheduled for September 21. | |||
|
2018-05-16 20:15:03 | U.S. Senate Votes to Restore \'Net Neutrality\' Rules (lien direct) | The US Senate voted Wednesday to restore so-called "net neutrality" rules aimed at requiring all online data to be treated equally, the latest step in a years-long battle on internet regulation. | |||
|
2018-05-16 17:09:01 | 10 Security Behaviors That Anger Us (lien direct) | Why Do We Get Angry With People for Doing What We Incentivize Them to Do? | |||
|
2018-05-16 16:32:03 | (Déjà vu) Critical Code Execution Flaws Patched in Advantech WebAccess (lien direct) | Taiwan-based industrial automation company Advantech has released an update for its WebAccess product to address nearly a dozen vulnerabilities, including critical flaws that allow arbitrary code execution. | ★★★ | ||
|
2018-05-16 15:37:01 | Auth0 Secures $55 Million in New Funding Round (lien direct) | Identity-as-a-Service (IDaaS) company Auth0 | |||
|
2018-05-16 15:22:03 | Cambridge Analytica Shared Data With Russia: Whistleblower (lien direct) | Political consulting group Cambridge Analytica used Russian researchers and shared data with companies linked to Russian intelligence, a whistleblower told a congressional hearing on interference in the 2016 US election Wednesday. | |||
|
2018-05-16 14:41:02 | Firefox Saves Screenshots to Publicly Accessible Cloud Servers (lien direct) | Mozilla's Firefox browser allows users to take screenshots of entire pages or sections of pages and save them to the cloud, but is making them publicly accessible by default, an ethical hacker has discovered. | |||
|
2018-05-16 13:38:04 | Serbia Arrests FBI-sought Cybercrime Suspect (lien direct) | Serbian police said Wednesday they had arrested a man sought by the FBI under suspicion of being part of a group of cybercriminals who called themselves "The Dark Overlord". | |||
|
2018-05-16 13:31:02 | Critical Command Injection Flaw Patched in Red Hat Linux (lien direct) | A critical vulnerability in the DHCP client in Red Hat Enterprise Linux could allow an attacker to execute arbitrary commands on impacted systems. | |||
|
2018-05-16 12:32:04 | Malicious PDF Leads to Discovery of Adobe Reader, Windows Zero-Days (lien direct) | Researchers at ESET recently came across a malicious PDF file set up to exploit two zero-day vulnerabilities affecting Adobe Reader and Microsoft Windows. |
To see everything:
