What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-11-03 18:50:52 | GitLab Patches Command Execution Vulnerability (lien direct) | Developers with GitLab fixed a critical vulnerability in the open source repository manager that could have allowed the theft of application files, tokens, or secrets. | |||
|
2016-11-03 15:06:28 | Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Server (lien direct) | Cisco Systems has issued two critical advisories addressing flaws in its 900 Series Routers and its Cisco Prime Home server. | |||
|
2016-11-02 21:36:43 | Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk (lien direct) | Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user's websites. | |||
|
2016-11-02 18:24:05 | Mitigations Available for PanelShock Vulnerabilities in Schneider Electric Magelis HMIs (lien direct) | Schneider Electric has recommended a number of mitigations to ward off two critical vulnerabilities in its Magelis HMI products. | |||
|
2016-11-02 18:02:10 | Critical MySQL Vulnerabilities Can Lead to Server Compromise (lien direct) | Critical vulnerabilities in MySQL and database servers MariaDB and PerconaDB can lead to arbitrary code execution, root privilege escalation, and server compromise. | Guideline | ||
|
2016-11-02 16:25:10 | Belkin\'s WeMo Gear Can Hack Android Phones (lien direct) | Vulnerabilities in WeMo home automation devices can be used to attack the Android apps used to manage devices remotely. | ★★★ | ||
|
2016-11-02 11:00:34 | Sundown Exploit Kit \'Larger Threat Than People Realize\' (lien direct) | Cisco Talos identified the Sundown exploit kit as an up-and-coming contender that may soon rival RIG in terms of size and volume. | |||
|
2016-11-01 21:50:14 | Microsoft Says Russian APT Group Behind Zero-Day Attacks (lien direct) | Microsoft said Russian APT group Sofacy, which has ties to the country's military intelligence operations, has been using Windows kernel and Adobe Flash zero day vulnerabilities in targeted attacks. | |||
|
2016-11-01 17:58:44 | Google to Distrust WoSign, StartCom Certs in 2017 (lien direct) | Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017. | |||
|
2016-11-01 16:48:34 | New IoT Botnet Malware Borrows From Mirai (lien direct) | IoT devices are being infected by new DDoS malware called Linux/IRCTelnet that borrows heavily from Aidra, Bashlite and Mirai. | |||
|
2016-11-01 15:32:28 | Phony Android Flash Player Installs Banking Malware (lien direct) | Researchers have found a phony Flash Player download for Android that installs banking malware and steals banking credentials. | |||
|
2016-10-31 21:00:40 | Google Reveals Windows Kernel Zero Day Under Attack (lien direct) | Google today disclosed the existence of a Windows zero-day vulnerability under attack. The flaw was reported to Microsoft 10 days ago; Microsoft says the disclosure puts users at risk. | |||
|
2016-10-31 19:57:30 | Nymaim Dropper Updates Delivery, Obfuscation Methods (lien direct) | A variant of the Nymaim dropper has surfaced, and it includes new delivery methods, obfuscation techniques, and the use of PowerShell to download payloads. | |||
|
2016-10-31 17:50:40 | ShadowBrokers Dumps Lists of Equation Group Hacked Servers (lien direct) | The Shadowbrokers dumped lists of hacked servers compromised by the Equation Group and allegedly used in its campaigns. | |||
|
2016-10-31 17:45:26 | WhatsApp Blasted by EU Data Protection Group Over Facebook Sharing (lien direct) | The Article 29 Working Party, an EU privacy coalition urges WhatsApp to clarify that user information shared between the company and Facebook is compliant with data protection laws on the books in Europe. | |||
|
2016-10-29 10:00:39 | Google to Make Certificate Transparency Mandatory By 2017 (lien direct) | In a move to bolster security for the Chrome browser, Google sets a date for making Certificate Transparency mandatory for website owners. | |||
|
2016-10-28 18:17:21 | Mirai Vulnerability Disclosed, But Exploits May Constitute Hacking Back (lien direct) | A buffer overflow found in the Mirai botnet could eliminate its ability to carry out HTTP flood attacks. But exploiting that vulnerability puts defenders in a gray area with regard to hacking back. | |||
|
2016-10-28 15:52:43 | Apple Patches iTunes, iCloud for Windows, Xcode Server (lien direct) | Apple addressed vulnerabilities in iTunes and iCloud for Windows, and Xcode Server on Thursday. | ★★ | ||
|
2016-10-28 15:22:17 | Threatpost News Wrap, October 28, 2016 (lien direct) | Mike Mimoso and Chris Brook recap the news of the week, including the storylines around last week's Dyn DDoS attack, Keen Team winning big again at Pwn2Own, and a fake Windows installer. | |||
|
2016-10-27 21:31:53 | Cisco Patches Critical Vulnerability in Facility Events Response System (lien direct) | Cisco warns of 16 flaws in its latest security bulletin, mostly impacting its Cisco AsyncOS software used in its Email Security Appliances. | |||
|
2016-10-27 20:27:48 | Microsoft Extends Malicious Macro Protection to Office 2013 (lien direct) | Microsoft announced it has extended a feature in Office 2016 that protects against malicious macros to Office 2013. | |||
|
2016-10-27 18:48:34 | Dyn DDoS Could Have Topped 1 Tbps (lien direct) | Analysis by DNS provider Dyn hints that more than 1 terabyte per second of traffic may have been used in last week's massive DDoS attack that impacted Internet service on the East Coast. | |||
|
2016-10-27 18:42:08 | Keen Lab Takes Down iPhone 6S, Nexus 6P at Mobile Pwn2Own (lien direct) | Hackers with Keen Team identified vulnerabilities in iOS 10.1 and Android Nougat at Mobile Pwn2Own this week. | |||
|
2016-10-27 15:31:27 | Windows Atom Tables Can Be Abused for Code Injection Attacks (lien direct) | Attackers can leverage a design weakness in all versions of Windows to carry out code injection attacks that bypass detection by security software. | |||
|
2016-10-26 18:19:29 | Joomla Update Fixes Two Critical Issues, 2FA Error (lien direct) | Joomla fixed two critical issues in the content management system and is strongly encouraging users to update their sites immediately. | |||
|
2016-10-26 16:34:20 | Remote Code Execution Vulnerabilities Plague LibTIFF Library (lien direct) | Three vulnerabilities, all which can lead to remote code execution, exist in the LibTIFF library. | Guideline | ||
|
2016-10-26 15:24:12 | Adobe Patches Flash Zero Day Under Attack (lien direct) | Adobe released an emergency Flash Player update that patches a use-after-free vulnerability being exploited in targeted attacks. | |||
|
2016-10-26 15:00:26 | Lawmakers Asking What ISPs Can Do About DDoS Attacks (lien direct) | Sen. Mark Warner of Virginia wrote a letter to the heads of the FCC, FTC and DHS asking whether ISPs have the power to keep insecure connected devices off the public Internet. | |||
|
2016-10-26 11:00:46 | Major Vulnerability Found In Schneider Electric Unity Pro (lien direct) | Researchers find a vulnerability in industrial control system manufacturer Schneider Electric's flagship software for managing and programing industrial controls. | |||
|
2016-10-25 19:00:20 | Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers (lien direct) | Researchers at Flashpoint said Friday's DDoS attack against DNS provider Dyn was likely the work of script kiddies and not advanced attackers. | |||
|
2016-10-25 17:13:09 | Following Lull, New Campaigns Pushing Retooled \'Pumpkin\' Locky (lien direct) | Researchers said they observed three separate spam campaigns pushing an updated version of Locky on Monday. | |||
|
2016-10-25 16:47:34 | Apple Patches iOS Flaw Exploitable by Malicious JPEG (lien direct) | Apple on Monday rolled out dozens of patches for nearly all of its recently released Sierra operating systems, OS X, iOS 10.1, watchOS, and Apple TV's tvOS, along with fixes for Safari. | |||
|
2016-10-25 14:20:57 | Election Leaks Failed to Move Needle on Polls (lien direct) | The barrage of information leaks, state-sponsored espionage and hacktivism related to the U.S. presidential election has had a mixed bag of effects on the race and voter confidence. | |||
|
2016-10-25 13:05:45 | Find Your Keys, Lose Your Privacy (lien direct) | Small Bluetooth-enabled trackers from TrackR, iTrack and Nut are the latest connected devices to pose a privacy risk to users. | |||
|
2016-10-24 21:15:16 | St. Jude Faces New Claim Heart Implants are Hackable (lien direct) | In a lawsuit against short seller Muddy Waters and security firm MedSec, plaintiff St. Jude Medical faces fresh claims that its heart devices are vulnerable to hacks. | |||
|
2016-10-24 18:46:30 | Chinese Manufacturer Recalls IOT Gear Following Dyn DDoS (lien direct) | Millions of IP-enabled cameras built on gear manufactured by Hangzhou Xiongmai of China is being recalled after DDoS attacks powered by compromised IOT devices took down a major DNS provider last week. | |||
|
2016-10-24 18:30:04 | Fake Microsoft Installer Leads to Malware, Support Call Scam (lien direct) | An installer purporting to be Microsoft Security Essentials is malware that can lead to a support call scam. | Guideline | ||
|
2016-10-22 10:00:39 | Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providers (lien direct) | Ten percent of the 550,000 IoT nodes in the Mirai botnet are involved in ongoing DDoS attacks against DNS provider Dyn and others. | |||
|
2016-10-21 18:49:08 | Mozilla Turning TLS 1.3 On By Default With Firefox 52 (lien direct) | Martin Thomson, a Principle Engineer at Mozilla confirmed TLS 1.3 will be turned on by default in Firefox 52. | |||
|
2016-10-21 15:21:36 | Serious Dirty Cow Linux Vulnerability Under Attack (lien direct) | A privilege escalation vulnerability, nicknamed Dirty Cow and present in Linux since 2007, has been used in public attacks against web-facing Linux servers. | |||
|
2016-10-21 15:11:49 | Threatpost News Wrap, October 21, 2016 (lien direct) | The dangers of Skyping and typing, the fingerprint warrant story, hiding credit card numbers in images, and more are discussed. | |||
|
2016-10-21 14:01:14 | Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others (lien direct) | DNS providers Dyn suffered a DDoS attack this morning that affected many of its major customers including Twitter, Spotify, Github and others. | |||
|
2016-10-20 18:12:35 | iCloud Phishing Campaign Zycode Back From the Dead (lien direct) | A phishing campaign aimed at Apple users in China that relies heavily on typosquatting has resurfaced. | |||
|
2016-10-20 17:57:53 | Locky Ransomware Learns New Evasive Tricks (lien direct) | Microsoft malware researchers say Locky ransomware authors are changing tactics again to evade detection. | |||
|
2016-10-20 16:24:33 | Yahoo Asks DNI to De-Classify Email Scanning Order (lien direct) | Yahoo wrote DNI James Clapper asking the government to confirm and declassify an order to scan email for intelligence surveillance purposes. | Yahoo | ★★★ | |
|
2016-10-20 14:31:55 | Bypassing ASLR in 60 Milliseconds (lien direct) | An academic paper demonstrates a new ASLR bypass executed through a side-channel attack against the branch target buffer in an Intel Haswell CPU. | |||
|
2016-10-20 13:48:04 | Mobile Applications Leak Device, Location Data (lien direct) | A study finds risky apps leave mobile devices open to SMS denial-of-service attack and remote SIM card rooting. | |||
|
2016-10-20 11:00:01 | FruityArmor APT Group Used Recently Patched Windows Zero Day (lien direct) | The FruityArmor APT group was using one of the Windows zero days patched by Microsoft last week to escape sandboxes and carry out targeted attacks. | |||
|
2016-10-19 18:10:23 | Skyping and Typing the Latest Threat to Privacy (lien direct) | A research paper explains how attackers can use recordings of keystroke sounds captured in a Skype conversation to guess what's being typed. | |||
|
2016-10-19 17:39:40 | Oracle Fixes 253 Vulnerabilities in Last CPU of 2016 (lien direct) | Oracle fixed 253 vulnerabilities across 76 different products with its quarterly Critical Patch Update. |
To see everything:
Our RSS (filtrered)
