Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-10-30 15:47:00 |
Google Updates reCAPTCHA: No More Boxes to Check (lien direct) |
Puzzles and check-boxes have been replaced with in-the-background behavioral analysis. |
|
|
|
|
2018-10-30 15:39:03 |
ThreatList: Dead Web Apps Haunt 70 Percent of FT 500 Firms (lien direct) |
Abandoned web applications used by FT 500 Global Companies have exploitable flaws and weaknesses. |
|
|
|
|
2018-10-29 20:50:01 |
IoT Flaw Allows Hijacking of Connected Construction Cranes (lien direct) |
An attacker can send spoofed commands to the crane's controller. |
|
|
|
|
2018-10-29 18:16:03 |
Girl Scouts Issues Data Breach Warning to 2,800 Members (lien direct) |
Someone gained access to an email account for the Orange County chapter, which was rife with personal data. |
Data Breach
|
|
★★★★★
|
|
2018-10-29 16:25:05 |
Nation-State Phishing: A Country-Sized Catch (lien direct) |
Sophisticated nation-state groups now integrate phishing as a core component of their statecraft. |
|
|
|
|
2018-10-29 16:13:02 |
X.Org Flaw Allows Privilege Escalation in Linux Systems (lien direct) |
The issue impacts many large distros with GUI interfaces. |
|
|
|
|
2018-10-26 22:13:05 |
ThreatList: 1 Out of 5 Would Ditch a Business After a Data Breach (lien direct) |
A full 21 percent of survey respondents would walk away from a business permanently after a major hack. |
Data Breach
|
|
|
|
2018-10-26 19:56:00 |
PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware (lien direct) |
Microsoft has been notified, but no patch is yet available. |
Malware
|
|
|
|
2018-10-26 15:42:00 |
British Airways Data Breach Takes Off Again with 185K More Victims (lien direct) |
The news comes on the heels of a breach at Cathay Pacific exposing 9.4 million people. |
Data Breach
|
|
|
|
2018-10-26 15:36:04 |
DemonBot Fans DDoS Flames with Hadoop Enslavement (lien direct) |
An unsophisticated but effective botnet is targeting exposed cloud servers and racking up millions of infections. |
|
|
|
|
2018-10-25 15:32:04 |
UK Slaps Facebook with $645K Fine Over Cambridge Analytica Scandal (lien direct) |
The amount is the max allowed under pre-GDPR regulation, but is barely a financial slap on the risk for the social-media giant. |
|
|
|
|
2018-10-25 15:27:03 |
Pentagon Expands Bug-Bounty Program to Include Physical Systems (lien direct) |
The news comes shortly after the DoD was called out for having rampant bugs in its weapons systems. |
|
|
|
|
2018-10-25 15:13:00 |
Debunking AI\'s Impact on the Cybersecurity Skills Gap (lien direct) |
There is no argument artificial intelligence will have an impact on the cybersecurity skills gap. The question is how. |
|
|
|
|
2018-10-24 20:17:02 |
Magecart Cybergang Targets 0days in Third-Party Magento Extensions (lien direct) |
Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign. |
|
|
|
|
2018-10-24 20:04:01 |
Windows \'Deletebug\' Zero-Day Allows Privilege Escalation, Destruction (lien direct) |
The unpatched flaw allows an attacker to delete any kind of file on a victim machine, including system data. |
|
|
|
|
2018-10-24 16:32:05 |
sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting (lien direct) |
The sLoad downloader is an example of the stealthy, smart malware trend. |
Malware
|
|
★★★★
|
|
2018-10-24 16:18:05 |
ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends (lien direct) |
After a two-quarter lull in the action, malware activity resurged in the third quarter of the year, especially on the business front. |
Malware
|
|
★★★
|
|
2018-10-23 20:54:01 |
City Pays $2K in Ransomware, Stirs \'Never Pay\' Debate (lien direct) |
Many municipalities hit with ransomware don't have much of a choice when it comes to paying up, experts say. |
Ransomware
|
|
|
|
2018-10-23 16:00:05 |
StrongPity APT Changes Tactics to Stay Stealthy (lien direct) |
After being exposed, the APT made minor adjustments in their tactics to stay off the security radar. |
|
|
|
|
2018-10-23 14:58:00 |
ThreatList: 3 Out of 4 Employees Pose a Security Risk to Businesses (lien direct) |
Finance-sector employees fared the worst in an awareness survey, with 85 percent showing some lack of cybersecurity and data privacy knowledge. |
|
|
★★★★★
|
|
2018-10-23 14:48:02 |
Adult Website Hack Exposes 1.2M \'Wife Lover\' Fans (lien direct) |
A 40-year-old, easily cracked encryption method was used to protect the 98MB database of user information. |
Hack
|
|
|
|
2018-10-23 12:31:00 |
Thousands of Applications Vulnerable to RCE via jQuery File Upload (lien direct) |
The flaw has existed for eight years thanks to a security change in Apache. |
|
|
|
|
2018-10-22 15:52:05 |
The Danger and Opportunity in 5G Connectivity and IoT (lien direct) |
The advent of 5G presents an opportunity for us to think the exploding number of IoT devices and how we securely connect to the digital world. |
|
|
★★★★
|
|
2018-10-22 14:41:04 |
Critical Bug Impacts Live555 Media Streaming Libraries (lien direct) |
A critical streaming bug impacts Live Networks LIVE555 RTSPServer, but not the popular VLC and MPLayer client-side software. |
|
|
|
|
2018-10-20 17:09:04 |
Two Critical RCE Bugs Patched in Drupal 7 and 8 (lien direct) |
Drupal's advisory also included three patches for "moderately critical" bugs. |
|
|
|
|
2018-10-19 15:24:00 |
AWS FreeRTOS Bugs Allow Compromise of IoT Devices (lien direct) |
The bugs let hackers crash IoT devices, leak their information, and completely take them over. |
|
|
|
|
2018-10-19 14:22:04 |
Trivial Post-Intrusion Attack Exploits Windows RID (lien direct) |
Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise. |
|
|
|
|
2018-10-18 19:17:05 |
New APT Could Signal Reemergence of Notorious Comment Crew (lien direct) |
A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew's proprietary code. |
Malware
|
APT 1
|
|
|
2018-10-18 15:08:03 |
GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure (lien direct) |
The group is a successor to BlackEnergy and a subset of the TeleBots gang--and its activity is potentially a prelude to a much more destructive attack. |
|
|
|
|
2018-10-17 18:49:00 |
Oracle Fixes 301 Flaws in October Critical Patch Update (lien direct) |
The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0. |
|
|
|
|
2018-10-17 17:08:04 |
libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers (lien direct) |
The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected. |
|
|
|
|
2018-10-17 16:06:02 |
Podcast: A Utility Ransomware Attack, Post-Hurricane (lien direct) |
A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data […] |
Ransomware
|
|
|
|
2018-10-17 15:24:02 |
Multiple D-Link Routers Open to Complete Takeover with Simple Attack (lien direct) |
The vendor only plans to patch two of the eight impacted devices, according to a researcher. |
|
|
|
|
2018-10-17 14:04:04 |
On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy (lien direct) |
The update also features 23 security fixes. |
|
|
|
|
2018-10-17 11:00:01 |
Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers (lien direct) |
The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors. |
|
|
|
|
2018-10-16 21:29:02 |
As End of Life Nears, More Than Half of Websites Still Use PHP V5 (lien direct) |
Support for PHP 5.6 drops on December 31 - but a recent report found that almost 62 percent of websites are still using version 5. |
|
|
|
|
2018-10-16 18:29:04 |
Anthem, Apple and the Pentagon: A Data-Breach Cornucopia (lien direct) |
A record fine and two new compromises kick off the autumn compromise season. |
|
|
|
|
2018-10-16 17:00:03 |
In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack (lien direct) |
The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority. |
Ransomware
|
|
|
|
2018-10-16 15:36:05 |
ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident (lien direct) |
Deloitte estimates cybercrime costs to reach $6 trillion annually -- but companies still lag in preparedness. |
|
Deloitte
|
|
|
2018-10-16 15:26:04 |
Facebook Expands Efforts to Squash Voter Suppression (lien direct) |
The social network will crack down on those spreading disinformation in an effort to keep people away from the polls. |
|
|
|
|
2018-10-16 14:45:05 |
Privacy Regulation Could Be a Test for States\' Rights (lien direct) |
As more states take cybersecurity and privacy issues into their own hands, experts worry that big tech will push for preemption. |
|
|
|
|
2018-10-15 19:57:01 |
Up to 35 Million 2018 Voter Records For Sale on Hacking Forum (lien direct) |
Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web. |
|
|
|
|
2018-10-15 15:38:02 |
NotPetya Linked to Industroyer Attack on Ukraine Energy Grid (lien direct) |
Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT. |
|
NotPetya
|
|
|
2018-10-15 14:35:03 |
Facebook Offers Details on \'View As\' Breach, Revises Numbers (lien direct) |
Facebook's VP of product management was able to discuss more specifics about how the breach itself occurred. |
|
|
★★
|
|
2018-10-12 21:09:01 |
ICS Security Plagued with Basic, Avoidable Mistakes (lien direct) |
A survey of ICS security posture found outdated firewalls, improper segmentation password mistakes and more. |
|
|
★★★★★
|
|
2018-10-12 19:38:05 |
(Déjà vu) Threatpost News Wrap Podcast For Oct. 12 (lien direct) |
Threatpost's editors discuss the top news of this week. |
|
|
|
|
2018-10-12 17:01:01 |
Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm (lien direct) |
The official update from Microsoft only limits the vulnerability, according to 0Patch. |
|
|
|
|
2018-10-12 15:25:03 |
Shining a Light on a New Technique for Stealth Persistence (lien direct) |
Researchers devise post-intrusion attack that use existing system binaries to achieve arbitrary code execution to maintain stealth and persistence. |
|
|
|
|
2018-10-12 14:19:04 |
Facebook Bans More Than 800 Accounts in Disinformation Purge (lien direct) |
The move comes a month before the November midterm elections – and at a time when all eyes are on Facebook to see how it protects against disinformation. |
|
|
|
|
2018-10-11 21:11:02 |
FitMetrix Exposes Millions of Customer Details, Accessed by Criminals (lien direct) |
Gym customer data, including contact information, birth dates and height/weight data, opens the door to convincing follow-on social-engineering attacks. |
|
|
|