Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-06-18 17:57:01 |
macOS QuickLook Feature Leaks Data Despite Encrypted Drive (lien direct) |
Researchers demonstrate how an encrypted macOS hard drive can still leak unprotected data via the operating system's Finder and QuickLook feature. |
|
|
|
|
2018-06-18 16:19:05 |
22K Open, Vulnerable Containers Found Exposed on the Net (lien direct) |
Attackers can remotely access the infrastructure to install, remove or encrypt any application that the affected companies are running in the cloud. |
|
|
|
|
2018-06-18 13:00:00 |
Axis Cameras Riddled With Vulnerabilities Enabling “Full Control” (lien direct) |
The IP cameras have a slew of bugs allowing bad actors to control them, add them to a botnet, or render them useless. |
|
|
|
|
2018-06-15 21:45:00 |
Vermont Librarian Wins Small-Claims Suit Against Equifax (lien direct) |
In a David-and-Goliath moment, the 49-year-old librarian has won satisfaction in the wake of its head-spinningly massive 2017 data breach. |
|
Equifax
|
|
|
2018-06-15 19:26:00 |
WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little (lien direct) |
The Feds say Marcus Hutchins is behind both the UPAS Kit backdoor and the Kronos banking trojan. |
|
Wannacry
|
|
|
2018-06-15 19:14:05 |
New Banking Trojan Can Launch Overlay Attacks on Latest Android Versions (lien direct) |
While other malware families have been searching for new overlay techniques for Android 7 and 8, MysteryBot appears to have found a solution. |
|
|
|
|
2018-06-14 17:27:04 |
Apple Removes iPhone USB Access Feature, Blocking Out Hackers, Law Enforcement (lien direct) |
The move escalates tensions between the phone giant and federal law enforcement when it comes to mobile security. |
|
|
|
|
2018-06-14 13:38:04 |
U.S. Intelligence Cautions World Cup Travelers on Mobile Use (lien direct) |
World Cup travelers should leave their mobile phones, laptops and tablets behind. |
|
|
|
|
2018-06-14 10:11:04 |
Podcast: The Growing Social Media Threat Landscape (lien direct) |
How can we keep up with the social media threat landscape as it grows to include more malware, hacks and scams? We discuss on the latest Threatpost podcast. |
|
|
|
|
2018-06-13 21:55:04 |
Malicious Docker Containers Earn Cryptomining Criminals $90K (lien direct) |
Researchers said over a dozen malicious docker images available on Docker Hub allowed hackers to earn $90,000 in cryptojacking profits. |
|
|
|
|
2018-06-13 21:29:05 |
Microsoft Reveals Which Bugs It Won\'t Patch (lien direct) |
A draft document lays out its criteria for addressing various flaws and notes the exceptions. |
|
|
|
|
2018-06-13 20:55:02 |
Two Bugs in WordPress Tooltipy Plugin Patched (lien direct) |
The bugs include a reflected cross-site scripting glitch and a cross-site request forgery vulnerability. |
|
|
|
|
2018-06-13 16:19:00 |
Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist (lien direct) |
The wiper malware affecting 9,000 workstations and 500 servers inside Chile's largest financial institution turns out to have been a distraction. |
|
|
|
|
2018-06-13 13:30:05 |
Dixons Carphone Cyberattack Targets 5.9M Bank Cards (lien direct) |
Dixons Carphone said it discovered a massive cyberattack on its processing systems that targeted millions of payment cards and personal data records. |
|
|
|
|
2018-06-12 21:36:01 |
June Patch Tuesday: Microsoft Issues Fixes for DNS, Cortana (lien direct) |
One of the most serious issues is a critical remote code execution vulnerability in the Windows DNS, which could allow an attacker to take full control of the targeted machine. |
|
|
|
|
2018-06-12 20:32:03 |
Android Devices With Misconfigured ADB, a Ripe Target for Cryptojacking Malware (lien direct) |
Vendors have been shipping Android products with Android Debug Bridge enabled, making them attractive targets for hackers. |
|
|
|
|
2018-06-12 17:26:01 |
Bypass Glitch Allows Malware to Masquerade as Legit Apple Files (lien direct) |
Malware can to worm its way onto Macs thanks to a recently discovered code-signing bypass flaw. |
|
|
|
|
2018-06-12 14:12:03 |
FBI\'s BEC Crackdown Leads To 74 Arrests Globally (lien direct) |
The operation also resulted in the seizure of nearly $2.4 million and the recovery of about $14 million in fraudulent wire transfers, said the FBI. |
|
|
|
|
2018-06-08 21:50:03 |
Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets (lien direct) |
Lenovo patches several popular tablet models to protect against BlueBorne vulnerabilities first identified in September 2017. |
|
|
|
|
2018-06-08 20:31:04 |
Creative Spam Thinks Outside the Macro with .IQY Attachments (lien direct) |
The ability of these simple files to open Excel and download any data from the internet makes them extremely dangerous. |
|
|
|
|
2018-06-08 17:33:00 |
Google Tackles AI Principles: Is It Enough? (lien direct) |
AI offers an immense capacity for good -- and for unintended consequences. |
|
|
|
|
2018-06-08 15:43:04 |
Threatpost News Wrap Podcast for June 8 (lien direct) |
Threatpost editors discuss the stories behind the biggest news that broke this week. |
|
|
|
|
2018-06-08 15:25:03 |
Facebook Software Bug Made Some Private Posts Public: 14 Million Affected (lien direct) |
A Facebook glitch in May set millions of posts that users composed to “public" for ten days. |
|
|
|
|
2018-06-07 20:05:05 |
Zero-Day Flash Exploit Targeting Middle East (lien direct) |
Adobe patched the Flash Player vulnerability (CVE-2018-5002) earlier on Thursday. |
|
|
|
|
2018-06-07 19:51:01 |
GDPR: A Compliance Quagmire, for Now (lien direct) |
Experts say the devil is in the details when it comes to complying with the swath of new privacy and cybersecurity laws enforced by the European Union's General Data Protection Regulation. |
|
|
|
|
2018-06-07 19:43:03 |
Targeted Spy Campaign Hits Russian Service Centers (lien direct) |
The payload is a commercial version of the Imminent Monitor tool, which is marketed as legitimate software. |
|
|
|
|
2018-06-07 18:46:03 |
Shipping Industry Cybersecurity: A Shipwreck Waiting to Happen (lien direct) |
Pen Test Partners demonstrates how to send vessels off-course or even onto a path to collision -- fairly easily. |
|
|
|
|
2018-06-07 17:06:05 |
Operation Prowli Profits On Weak IoT Devices, Servers (lien direct) |
A new malicious campaign has compromised more than 40,000 machines globally to monetize via traffic hijacking and cryptomining.
|
|
Prowli
|
|
|
2018-06-07 15:48:03 |
CloudPets May Be Out of Business, But Security Concerns Remain (lien direct) |
Amazon, Target and Walmart have pulled the bears from their online markets; but it's the installed base of the connected cuddlies that should be of greater concern. |
|
|
|
|
2018-06-07 15:35:05 |
Baby Cam Creeper Actively Watched New Mom (lien direct) |
It's the latest example of the hackability of off-the-shelf IoT devices - even when default passwords are changed. |
|
|
|
|
2018-06-07 13:14:02 |
Adobe Patches Critical Flash Player Bug With Active Exploit (lien direct) |
A critical Adobe flaw is being exploited in targeted attacks against Windows users. |
|
|
|
|
2018-06-06 21:26:04 |
PageUp Malware Scare Sheds Light On Third-Party Risks (lien direct) |
The incident is another reminder that third-party software and services are an easy way for attackers to steal sensitive data. |
|
|
|
|
2018-06-06 21:21:04 |
VPNFilter Malware Impact Larger Than Previously Thought (lien direct) |
Researchers said they now believe the malware has infected twice the number of router brands than previously stated and that the malware packs a much deadlier punch. |
|
VPNFilter
|
|
|
2018-06-06 20:58:05 |
Zip Slip Flaw Affects Thousands of Open-Source Projects (lien direct) |
An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine. |
|
|
|
|
2018-06-06 14:45:04 |
Auth0 Glitch Allows Attackers to Launch Phishing Attacks (lien direct) |
A glitch in Auth0 could allow attackers to spoof a legitimate website and collect sensitive information from visitors. |
|
|
|
|
2018-06-06 12:18:04 |
World Cup, Vacation Scams Lead in Phishing Trips this Summer (lien direct) |
Scammers recently targeted Booking.com customers via WhatsApp messages and texts asking them for full payment for holidays. |
|
|
|
|
2018-06-05 21:12:03 |
DNA Testing Service MyHeritage Leaks User Data of 92 Million Customers (lien direct) |
An unspecified "private" server was found with the account data of users who signed up for the service, in the largest breach since Equifax last year. |
|
Equifax
Heritage
|
|
|
2018-06-05 20:38:01 |
WARDroid Uncovers Mobile Threats to Millions of Users Worldwide (lien direct) |
An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – thanks to inconsistencies between app and server logic in web APIs. |
|
|
|
|
2018-06-05 18:24:02 |
Drupalgeddon 2.0 Still Haunting 115K+ Sites (lien direct) |
More than 115,000 sites are still vulnerable to a highly critical Drupal bug - even though a patch was released three months ago. |
|
|
|
|
2018-06-05 17:30:04 |
(Déjà vu) Google Patches 11 Critical Android Bugs in June Update (lien direct) |
Remote code execution vulnerabilities dominate this month's critical Android patches. |
|
|
|
|
2018-06-05 14:23:04 |
Social Media Privacy Dominates Apple iOS 12, macOS Launches (lien direct) |
Social media data privacy controls were the top security topic at Apple's WWDC on Monday. |
|
|
★★
|
|
2018-06-04 21:09:02 |
Federal Agencies Face an Uphill Battle in Cyber-Preparedness (lien direct) |
In the wake of the elimination of the federal cybersecurity czar position, it turns out that three-quarters of agencies are unprepared for an attack. |
|
|
|
|
2018-06-04 19:17:01 |
Cloudflare Gets Transparent on DNS Resolver Outage (lien direct) |
It's a cautionary tale for those coding the complex algorithms that go into automated mitigation. |
|
|
|
|
2018-06-04 17:17:01 |
Facebook Defends Against Device-Integrated APIs Policy, But Concerns Remain (lien direct) |
Facebook is again in hot water after an article alleged it struck deals with device-makers to access users' data. |
|
|
|
|
2018-06-01 21:24:01 |
Researchers Warn of Microsoft Zero-Day RCE Bug (lien direct) |
A Microsoft Windows vulnerability enables remote attackers to execute arbitrary code – and there's no patch yet. |
|
|
|
|
2018-06-01 20:47:05 |
Browser Side-Channel Flaw De-Anonymizes Facebook Data (lien direct) |
An attacker can pick up the profile picture, username and the "likes" of unsuspecting visitors who find themselves landing on a malicious website. |
|
|
|
|
2018-06-01 19:24:00 |
Public Google Groups Leaking Sensitive Data at Thousands of Orgs (lien direct) |
The exposed information includes accounts payable and invoice data, customer support emails, password-recovery mails, links to employee manuals, staffing schedules and other internal resources. |
|
|
|
|
2018-06-01 14:58:04 |
Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders (lien direct) |
The Honda mistake affects 50,000 users of the Honda Connect App, while UMG exposed corporate keys to the kingdom. |
|
|
|
|
2018-06-01 13:12:05 |
Ticketfly, Major Concert Venues Still Offline After Hack (lien direct) |
A cyber-attack has brought the websites of both ticket distribution service Ticketfly – and the major venues it services – offline on Thursday. |
|
|
|
|
2018-05-31 21:36:03 |
ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS (lien direct) |
WHOIS, the searchable "phonebook" of contact data for internet domains, may violate GDPR -- or it may not. A lawsuit seeks to find out which it is. |
|
|
|