Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-02-14 15:42:50 |
Nation States Distancing Themselves from APTs (lien direct) |
Increasingly, governments are outsourcing state-sponsored attacks to mitigate risk and maximize intelligence. |
|
|
|
|
2017-02-13 17:02:48 |
Updated Firmware Due for Serious TP-Link Router Vulnerabilities (lien direct) |
A researcher disclosed vulnerabilities in TP-Link C2 and C20i routers that allow for remote code execution and denial-of-service attacks with authentication. |
|
|
|
|
2017-02-13 16:00:57 |
Open Databases a Juicy Extortion Target (lien direct) |
A sudden wave of attacks against insecure databases resulting in ransom demands points to wave of data hijacking attacks. |
|
|
|
|
2017-02-13 14:00:16 |
Threatpost News Wrap, February 13, 2017 (lien direct) |
RSA 2017 is previewed and last week's report on iOS apps being vulnerable to interception attacks, macro malware coming to MacOS, and new Uber open source module are discussed. |
|
Uber
|
|
|
2017-02-10 16:45:53 |
1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure (lien direct) |
WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability. |
|
|
|
|
2017-02-09 18:13:41 |
High Severity BIND Vulnerability Can Lead to A Crash (lien direct) |
The Internet Systems Consortium patched the BIND domain name system this week, addressing a remotely exploitable vulnerability it said could lead to a crash. |
Guideline
|
|
|
|
2017-02-09 16:06:10 |
CryptoShield Infections from RIG EK Picking Up (lien direct) |
Researchers have spotted an increase in CryptoShield ransomware infections coming from the RIG Exploit Kit used by EITest delivery campaigns. |
|
|
|
|
2017-02-09 14:45:22 |
Dino Dai Zovi on Securing Linux in Modern Workloads (lien direct) |
Security researcher Dino Dai Zovi talks about a new company he cofounded called Capsule8 that will help IT organizations counter threats to Linux infrastructures. |
|
|
|
|
2017-02-08 21:37:23 |
Fileless Memory-Based Malware Plagues 140 Banks, Enterprises (lien direct) |
Attackers have been using fileless malware to hide in the memory of enterprises, steal data, and vanish without a trace. |
|
|
|
|
2017-02-08 17:00:29 |
Valve Patches Trivial XSS Bug in Steam (lien direct) |
A cross-site scripting vulnerability on the Steam gaming platform has been patched. The flaw could be exploited by simply viewing a crafted profile. |
|
|
|
|
2017-02-08 15:30:56 |
Uber Debuts SSH Key Authentication Module (lien direct) |
Developers at Uber have unveiled a new module to help users enable the continuous re-authentication of SSH keys. |
|
Uber
|
|
|
2017-02-08 14:00:11 |
Consortium Publishes Manifesto on Autonomous Vehicle Security (lien direct) |
A new industry consortium publishes a manifesto it hopes will foster cooperation on the security of autonomous vehicles. |
|
|
|
|
2017-02-08 13:21:26 |
Macro Malware Comes to macOS (lien direct) |
Cybercriminals have developed macro malware for the macOS, the first time this technique has been spotted on the Apple platform. |
|
|
|
|
2017-02-07 21:07:22 |
Attackers Capitalizing on Unpatched WordPress Sites (lien direct) |
WordPress sites slow to update to the recent 4.7.2 security release run the risk of falling victim to a handful of defacement attacks spotted by Sucuri. |
|
|
|
|
2017-02-07 19:13:49 |
Popular iOS Apps Vulnerable to TLS Interception Attacks (lien direct) |
More than 70 iOS apps are vulnerable to man-in-the-middle attacks where TLS connections can be intercepted and sensitive data stolen. |
|
|
|
|
2017-02-07 18:31:29 |
Smart TV Manufacturer Vizio Fined $2.2M for Tracking Customers (lien direct) |
Smart TV manufacturer Vizio settled with the FTC on Monday over charges the company collected data on 11 million consumer TVs. |
|
|
|
|
2017-02-07 18:15:06 |
St. Jude Patches Additional Cardiac Device (lien direct) |
St. Jude Medical added another Merlin@home Transmitter medical device to its list of equipment vulnerable to a man-in-the-middle attack. |
|
|
|
|
2017-02-06 19:46:19 |
InterContinental Hotels Confirms Credit Card Breach (lien direct) |
InterContinental Hotels Group confirmed and released addition details pertaining to a breach that targeted payment card systems used in 12 of its hotels. |
|
|
|
|
2017-02-06 19:20:34 |
ICS, SCADA Security Woes Linger On (lien direct) |
A recent batch of vulnerabilities in Honeywell building automation system software epitomize the linger security issues around SCADA and industrial control systems. |
|
|
|
|
2017-02-03 20:03:05 |
Honeywell SCADA Controllers Exposed Passwords in Clear Text (lien direct) |
A series of remotely exploitable vulnerabilities - including clear text passwords - exist in a set of Honeywell SCADA systems.
|
|
|
|
|
2017-02-03 19:45:40 |
Locky Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns (lien direct) |
Locky ransomware and Kovter click-fraud malware are being spread in the same email campaign for the first time, with malicious .lnk files being used to infect computers. |
|
|
|
|
2017-02-03 16:20:04 |
Threatpost News Wrap, February 3, 2017 (lien direct) |
Mike Mimoso and Chris Brook recap the news of the week, including a Microsoft SMB zero day, the latest Netgear router vulnerability, and a new HTTPS milestone. |
|
|
|
|
2017-02-03 15:23:05 |
Cisco Patches Authentication Bypass in Cisco Prime Home (lien direct) |
Cisco patched a critical remote authentication bypass vulnerability in its Prime Home remote management tool used by service providers. |
|
|
|
|
2017-02-03 13:36:13 |
Microsoft Waits for Patch Tuesday to Fix SMB Zero Day (lien direct) |
Microsoft said a Windows SMB zero day, which has a public proof-of-concept exploit available, is low risk and won't be patched until an upcoming Patch Tuesday. |
|
|
|
|
2017-02-02 19:57:18 |
WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update (lien direct) |
WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week
|
|
|
|
|
2017-02-02 19:56:06 |
Printing and Marketing Firm Leaks High-Profile Customers\' Data (lien direct) |
MacKeeper says it has found gigabytes of sensitive personal data stored by PIP Printing and Marketing Services and accessible online. |
|
|
|
|
2017-02-02 17:33:33 |
Google Adds Security Key Enforcement to G Suite Apps, Hosted S/MIME to Gmail (lien direct) |
Google pumped more life into the use of physical keys as a second form of authentication when it added Security Key enforcement support to G Suite. |
|
|
|
|
2017-02-01 20:08:50 |
HTTPS Hits 50 Percent Traffic Milestone (lien direct) |
This week HTTPS hit a huge milestone. According to a two-week survey of telemetry data from the Mozilla Firefox browser, 50 percent of page loads used HTTPS. |
|
|
★★★
|
|
2017-02-01 19:50:11 |
Latest Ubuntu Update Includes OpenSSL Fixes (lien direct) |
Ubuntu users are encouraged to update their operating systems to the latest OpenSSL package versions to address a collection of vulnerabilities. |
|
|
★★
|
|
2017-02-01 14:40:28 |
Zimperium Program Buys Exploits for Patched Mobile Vulnerabilities (lien direct) |
Zimperium announced Tuesday its N-Days Exploit Acquisition Program that will reward researchers for Android and iOS exploits. |
|
|
★★★
|
|
2017-02-01 12:00:54 |
Trump Cyber Executive Order Calls for 60-Day Review (lien direct) |
President Donald Trump postponed the release and signing of an Executive Order around cybersecurity that calls for a 60-day review systems and critical infrastructure. |
|
|
|
|
2017-01-31 20:27:38 |
Flaws Found in Popular Printer Models (lien direct) |
Researchers have found a half-dozen flaws in popular printer models that allow attackers to do everything from steal print jobs to conduct buffer overflow attacks. |
|
|
|
|
2017-01-31 18:02:59 |
Ugly Password Gaffe Plagues Cryptkeeper Encryption App (lien direct) |
Debian developers are recommending that the Cryptkeeper Linux encryption app be pulled from the distribution after a universal password was found. |
|
|
|
|
2017-01-31 15:01:55 |
Nicolas Brulez on Malware Reverse Engineering Tips and Tricks (lien direct) |
Kaspersky Lab Principal Security Researcher Nico Brulez talks with Ryan Naraine about his upcoming SAS 2017 training on the ins and outs of malware reverse engineering and how attendees can benefit for a wide range of tips and tricks. |
|
|
|
|
2017-01-31 12:00:45 |
NATO Members Targeted by Unique Macro Malware (lien direct) |
Researchers say NATO member were targeted over the holidays by macro malware that used advanced utilized an advanced workflow and was able to avoid analysis. |
|
|
|
|
2017-01-31 12:00:45 |
Nested, Targeted Attacks Built for Reconnaissance (lien direct) |
Researchers say NATO members were targeted for reconnaissance over the holidays by attacks using malicious OLE objects. |
|
|
|
|
2017-01-30 21:48:28 |
Hundreds of Thousands of Netgear Routers Vulnerable to Password Bypass (lien direct) |
Hundreds of thousands–potentially more than one million–Netgear routers are susceptible to a pair of vulnerabilities that can lead to password disclosure. |
Guideline
|
|
|
|
2017-01-30 20:56:18 |
Facebook Tackles Account Recovery with Delegated Recovery Protocol (lien direct) |
Facebook's Delegated Recovery delegates account-recovery permissions to third-party accounts controlled by the user. GitHub is the program's first partner. |
|
|
|
|
2017-01-30 19:22:28 |
Telemarketing Firm Leaks 400,000 Recorded Calls (lien direct) |
Credit card data and personal information in the form of recorded telephone sales pitches and sales confirmations were leaked online by telemarketer. |
|
|
|
|
2017-01-30 17:25:40 |
Many Android VPN Apps Breaking Privacy Promises (lien direct) |
Academics studying 283 Android VPN apps quantified a number of problems associated with native platform support for VPN clients through the BIND_VPN_SERVICE. |
|
|
|
|
2017-01-28 14:15:06 |
Cisco Warns of Critical Flaw in Teleconferencing Gear (lien direct) |
Cisco Systems is warning customers of a critical vulnerability affecting three of its TelePresence MCU platform models. |
|
|
★★★
|
|
2017-01-27 20:19:03 |
WordPress 4.7.2 Update Fixes XSS, SQL Injection Bugs (lien direct) |
WordPress fixed three security issues, including a XSS and SQL injection, with WordPress 4.7.2 this week. |
|
|
|
|
2017-01-27 18:56:37 |
Dridex Returns With Windows UAC Bypass Method (lien direct) |
Dridex banking malware returns with a new bypass technique that allows the malware to execute without triggering a Windows UAC alert to the user. |
|
|
|
|
2017-01-27 17:30:06 |
Threatpost News Wrap, January 27, 2017 (lien direct) |
The Star Wars Twitter botnet, the return of Lavabit, a critical Cisco Webex flaw, and the St. Louis Library ransomware story are discussed. |
|
|
|
|
2017-01-27 17:07:52 |
Google to Operate its Own Root CA (lien direct) |
Google announced that it will operate its own root Certificate Authority, stood up by the acquisition of two root CAs from GlobalSign. |
|
|
|
|
2017-01-26 19:38:18 |
Facebook Touts \'Safer\' Security Key Login (lien direct) |
Facebook is letting users tie a physical security key to their account as an added layer of security. |
|
|
|
|
2017-01-26 18:55:03 |
Bill Calls for Study of Cybersecurity Standards for Cars (lien direct) |
A bipartisan bill was introduced this week in the House calling for the NHTSA to conduct a study that would determine appropriate cybersecurity standards for motor vehicles. |
|
|
|
|
2017-01-26 16:16:02 |
Uber.com Backup Bug Nets Researcher $9K (lien direct) |
A researcher earned $9K for identifying a XXE vulnerability in third party backup software used by Uber. |
|
Uber
|
|
|
2017-01-26 14:53:42 |
(Déjà vu) Google to Block .js Attachments in Gmail (lien direct) |
Citing security concerns, Google announced that it will soon block JavaScript (.js) file attachments in Gmail. |
|
|
|
|
2017-01-26 14:00:11 |
High-Severity Chrome Vulnerabilities Earn Researcher $32K in Rewards (lien direct) |
Researcher Mariusz Mlynski found and disclosed four high-severity vulnerabilities in Chrome's Blink rendering engine, earning himself $32,000 through the Chrome Rewards program. |
|
|
|