What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-05-08 20:05:03 | Lenovo Patches Secure Boot Vulnerability in Servers (lien direct) | Lenovo has released patches for a High severity vulnerability impacting the Secure Boot function on some System x servers. | |||
|
2018-05-08 19:37:02 | Microsoft Patches Two Windows Zero-Day Vulnerabilities (lien direct) | Microsoft has fixed more than 60 vulnerabilities with its May 2018 Patch Tuesday updates, including two Windows zero-day flaws that can be exploited for remote code execution and privilege escalation. | |||
|
2018-05-06 18:09:00 | Banks Don\'t Want to be Weakest Link in Blockchain Revolution (lien direct) | Blockchain, the cutting-edge technology behind virtual currencies like bitcoin, has the potential to play a disruptive role in the global finance sector, experts say, as banking behemoths seek to connect with its opportunities. | |||
|
2018-05-05 03:21:00 | U.S. Military Bans Huawei, ZTE Phones (lien direct) | Personnel on US military bases can no longer buy phones and other gear manufactured by Chinese firms Huawei and ZTE, after the Pentagon said the devices pose an "unacceptable" security risk. Concerns have heightened at the Pentagon about consumer electronics being used to snoop on or track service members. | |||
|
2018-05-04 15:46:04 | Hackers Target Flaws Affecting a Million Internet-Exposed Routers (lien direct) | Just a few days after they were disclosed, malicious actors started targeting a couple of flaws affecting routers made by South Korea-based Dasan Networks. There are roughly one million potentially vulnerable devices accessible directly from the Internet. | |||
|
2018-05-04 14:38:04 | Backdoored Module Removed from npm Registry (lien direct) | A malicious package masquerading as a cookie parsing library but delivering a backdoor instead was unpublished from the npm Registry along with three other packages. | |||
|
2018-05-04 14:02:02 | Indegy Launches Industrial Security Risk Assessment Service (lien direct) | Industrial cybersecurity firm Indegy on Thursday announced the launch of a risk assessment service designed to help organizations evaluate exposures in their operational technology (OT) environments. | |||
|
2018-05-04 12:50:05 | Google Launches "Asylo" Framework for Confidential Computing (lien direct) | Google this week announced the release of an open-source framework and software development kit (SDK) that allows developers to build applications targeting trusted execution environments. | |||
|
2018-05-04 12:32:05 | Intel Working on Patches for 8 New Spectre-Like Flaws: Report (lien direct) | Researchers have discovered a total of eight new Spectre-like vulnerabilities, including flaws that may be more serious and easier to exploit, according to German magazine c't. | |||
|
2018-05-04 12:22:04 | GandCrab Ransomware Breaks Windows 7 Systems (lien direct) | The latest variant of the GandCrab ransomware breaks infected Windows 7 systems, Fortinet warns. | |||
|
2018-05-04 11:49:05 | Microsoft Makes Hyper-V Debugging Symbols Public (lien direct) | 
|
|||
|
2018-05-04 05:26:01 | Evasive Malware Now a Commodity (lien direct) | I've been deconstructing malware for over 20 years, and it turns out I've chosen a profession where it's hard to feel in a rut -- so much of what is happening with malware continues to feel dramatic and new to me. | |||
|
2018-05-04 05:09:02 | Meltdown Patch in Windows 10 Can Be Bypassed (lien direct) | A researcher has discovered that a mitigation implemented by Microsoft in Windows 10 for the Meltdown vulnerability can be bypassed. The tech giant says it's working on an update. According to Windows internals expert Alex Ionescu, a Meltdown mitigation in Windows 10 has what he describes as “a fatal flaw.” | |||
|
2018-05-03 21:38:02 | Twitter Urges Password Changes After Exposing \'Unmasked\' Credentials (lien direct) | Twitter on Thursday warned its users that an internal software bug unintentionally exposed "unmasked" passwords by storing them in an internal log. | |||
|
2018-05-03 16:36:04 | Commodity Ransomware Declines as Corporate Attacks Increase (lien direct) | 2017 was a landmark year for ransomware, with WannaCry and NotPetya grabbing headlines around the world. Ransomware attacks grew by more than 400% over the year, while the number unique families and variants increased by 62%. These statistics, however, disguise an apparent change in the ransomware industry following the summer of 2017. | NotPetya Wannacry | ||
|
2018-05-03 16:13:05 | Amazon Introduces AWS Security Specialty Certification Exam (lien direct) | Security professionals looking to demonstrate and validate their knowledge of how to secure the Amazon Web Services (AWS) platform can now do so by taking the new AWS Certified Security – Specialty exam. | |||
|
2018-05-03 16:10:05 | Ex-NSA Director\'s IronNet Raises $78 Million (lien direct) | IronNet Cybersecurity, a company founded by former NSA director Gen. Keith Alexander, announced on Wednesday that it has raised $78 million in a Series B funding round. | |||
|
2018-05-03 15:58:03 | MassMiner Attacks Web Servers With Multiple Exploits (lien direct) | A recently discovered crypto-currency mining malware family is using multiple exploits in an attempt to increase its chances of successfully compromising web servers, AlienVault has discovered. | |||
|
2018-05-03 15:23:04 | Australia\'s Biggest Bank Loses 20 Million Customer Records (lien direct) | Australia's troubled Commonwealth Bank admitted Thursday it had lost financial records for almost 20 million customers in a major security blunder -- but insisted there was no need to worry. | |||
|
2018-05-03 15:03:03 | Android Phones Vulnerable to Remote Rowhammer Attack via GPU (lien direct) | A team of researchers has shown how malicious actors could leverage graphics processing units (GPUs) to launch Rowhammer attacks remotely against Android smartphones. | |||
|
2018-05-03 13:01:04 | Industrial Networks Easy to Hack From Corporate Systems: Study (lien direct) | Hackers could in many organizations easily gain access to industrial environments from the corporate network, according to an analysis conducted by Positive Technologies. | |||
|
2018-05-03 10:16:01 | Why Network and Security Operations Centers Should be Doing More (lien direct) | Effective Network Management Should Never be Restricted to Operations-only or Security-Only Perspectives. | |||
|
2018-05-02 17:56:05 | Mobile Phone Maker Settles With FTC Over Data Collection (lien direct) | Mobile phone maker BLU Products this week reached a settlement with the Federal Trade Commission (FTC) over allegations that software in its devices collected users' personal information. | |||
|
2018-05-02 15:01:03 | Regulus Cyber Aims to Secure Cars, Robots With $6.3 Million Funding (lien direct) | Regulus Cyber emerged from stealth mode this week with $6.3 million in funding and a solution designed to protect sensors, communications and data in autonomous cars and trucks, robots and drones. | |||
|
2018-05-02 13:33:00 | Industry CMO on the Downstream Risks of "Logo Disclosures" (lien direct) | Cybersecurity Marketing Teams Would Benefit From an Ethics Desk | |||
|
2018-05-02 12:12:04 | Schneider Electric Development Tools Affected by Critical Flaw (lien direct) | Security firm Tenable has disclosed the details of a critical remote code execution vulnerability affecting Schneider Electric's InduSoft Web Studio and InTouch Machine Edition products. | |||
|
2018-05-02 11:03:01 | Spring 2018 Password Attacks (lien direct) | The first time I heard about distributed brute-force login attacks was from master web application firewall (WAF) administrator Marc LeBeau. At the time he was defending a hotel chain against attackers who were brute-force guessing customer passwords and withdrawing hotel points. | |||
|
2018-05-02 09:44:04 | 10 Reasons To Break Up With Your Legacy SIEM (lien direct) | The Value Most Organizations Get Out of Their SIEM Deployment is Far Lower Than it Used to Be | |||
|
2018-05-02 09:20:01 | Over a Million Dasan Routers Vulnerable to Remote Hacking (lien direct) | Researchers have disclosed the details of two unpatched vulnerabilities that expose more than one million home routers made by South Korea-based Dasan Networks to remote hacker attacks. | |||
|
2018-05-02 04:09:00 | GitHub Exposed Passwords of Some Users (lien direct) | GitHub has instructed some users to reset their passwords after a bug caused internal logs to record passwords in plain text. | |||
|
2018-05-01 20:12:03 | Privilege Escalation Bug Lurked in Linux Kernel for 8 Years (lien direct) | A security vulnerability in a driver leading to local privilege escalation in the latest Linux Kernel version was introduced 8 years ago, Check Point reveals. | Guideline | ||
|
2018-05-01 16:15:05 | Maritime Cybersecurity: Securing Assets at Sea (lien direct) | The Nature of the Shipping Industry Presents Unique Challenges for Hardening Cybersecurity | |||
|
2018-05-01 16:08:05 | Amazon Boosts Domain Protections in CloudFront (lien direct) | Amazon Web Services (AWS) has unveiled a series of enhancements for the domain protections available in CloudFront, meant to ensure that all requests handled by the service come from legitimate domain owners. | |||
|
2018-05-01 14:49:03 | Microsoft Unveils New Solution for Securing Critical Infrastructure (lien direct) | Microsoft last week unveiled Trusted Cyber Physical Systems (TCPS), a new solution designed to help protect critical infrastructure against modern cyber threats. | |||
|
2018-05-01 13:05:03 | Trend Micro Scan Engine Used by North Korea\'s SiliVaccine Antivirus (lien direct) | Researchers have analyzed an older version of North Korea's SiliVaccine antivirus and discovered that it uses an outdated scanning engine from Japanese security solutions provider Trend Micro. | |||
|
2018-05-01 12:39:04 | Microsoft Brings Application Guard to Windows 10 Pro (lien direct) | Microsoft of Monday made Windows 10 April 2018 Update available to users, which brings new features, enhancements and security updates, along with improvements to Windows Defender Security Center. | |||
|
2018-05-01 11:37:00 | Has Your Company\'s Infrastructure Been Hijacked by Bitcoin Miners? (lien direct) | Crypto-mining Malware Exposes Organizations to a Host of Monetary and Reputational Risks | |||
|
2018-05-01 05:01:02 | Slack Releases Open Source Secure Development Lifecycle Tool (lien direct) | Team collaboration solutions provider Slack last week announced that one of the secure development lifecycle (SDL) tools used internally by the company has been released as open source. | |||
|
2018-04-30 19:56:03 | All Chrome OS Devices Now Protected Against Meltdown (lien direct) | The latest version of Chrome OS now keeps all devices protected from Meltdown, Google says. | |||
|
2018-04-30 15:50:01 | NATO Exercise Tests Skills of National Cyber Defenders (lien direct) | More than 1,000 experts from nearly 30 countries have tested their ability to protect IT systems and critical infrastructure networks at NATO's Locked Shields 2018 live-fire cyber defense exercise. | ★★★★★ | ||
|
2018-04-30 13:20:02 | NCSC Joins Secure Chorus to Promote End-to-End Secure Communications (lien direct) | The UK's National Cyber Security Center (NCSC) has become the first government agency to join Secure Chorus, a not-for-profit private company limited by guarantee, whose ownership rests with its members. The purpose of Secure Chorus is to develop a secure interoperable cross-platform multimedia communications ecosystem suitable for government and industry use. | |||
|
2018-04-30 12:53:02 | Hackers Target Poorly Patched Oracle WebLogic Flaw (lien direct) | Hackers have been scanning the Internet for Oracle WebLogic Server installations that can be taken over using a recently addressed vulnerability. While patched systems should be protected against attacks, experts claim the fix implemented by Oracle can be bypassed. | |||
|
2018-04-30 12:19:00 | PDF Files Can Silently Leak NTLM Credentials (lien direct) | NTML credentials can be stolen via malicious Portable Document Format (PDF) files without any user interaction, Check Point security researchers warn. | |||
|
2018-04-30 12:12:02 | Managing Risk a Must in Third-Party Relationships (lien direct) | Conducting Thorough Due Diligence on a Prospective Vendor's Security is Essential | |||
|
2018-04-30 11:54:01 | Security Pros Not Confident in Endpoint Defense: Survey (lien direct) | Endpoint Protection is Barely Keeping Pace With Endpoint Attacks | |||
|
2018-04-30 11:41:04 | PyRoMine Crypto-Miner Spreads via NSA-Linked Exploit (lien direct) | A remote code execution exploit supposedly stolen from the National Security Agency-linked Equation Group is currently being used by a new crypto-currency miner to spread to vulnerable Windows machines. | |||
|
2018-04-30 11:07:02 | EU, US Police Cripple Islamic State Media Mouthpieces (lien direct) | European and US police forces have struck at the heart of Islamic State's propaganda machine, seizing servers and "punching a hole" in its ability to spread its radical jihadist message online. | |||
|
2018-04-30 06:33:01 | Uber Updates Bug Bounty Program (lien direct) | 
|
Uber | ||
|
2018-04-28 10:46:03 | Researchers Dissect Tool Used by Infamous Russian Hacker Group (lien direct) | Sofacy's First-Stage Malware Zebrocy Analyzed ESET security researchers have taken a deep dive into one of the tools heavily used by the Russian threat actor Sofacy over the past couple of years. | |||
|
2018-04-28 10:22:01 | Amazon Alexa Can Be Used for Snooping, Researchers Say (lien direct) | Amazon's Alexa cloud-based virtual assistant for Amazon Echo can be abused to eavesdrop on users, Checkmarx security researchers have discovered. |
To see everything:
