What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-11-08 07:21:03 | New Android API Lets Developers Push Updates Within their Apps (lien direct) | You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true.
Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional.
Along with the launch of a number of new tools and features at its Android Dev Summit 2018, Google has
|
|||
|
2018-11-08 03:13:00 | StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users (lien direct) | Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using.
ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websites that were bundled with the traffic tracking code from the leading web analytics platform
|
Malware Guideline | ||
|
2018-11-08 01:25:03 | Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online (lien direct) | An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox-a popular open source virtualization software developed by Oracle-that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine.
The vulnerability occurs due to memory corruption issues and affects
|
Vulnerability | ||
|
2018-11-07 01:01:00 | Popular WooCommerce WordPress Plugin Patches Critical Vulnerability (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store.
Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the
|
Vulnerability | ||
|
2018-11-06 01:21:04 | Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data (lien direct) | We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully.
Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected data without knowing the
|
|||
|
2018-11-04 01:24:00 | New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data (lien direct) | A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.
The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other
|
Vulnerability | ||
|
2018-11-02 02:16:05 | Accused CIA Leaker Faces New Charges of Leaking Information From Prison (lien direct) | Joshua Adam Schulte, a 30-year-old former CIA computer programmer who was indicted over four months ago for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges.
The news comes just hours after Schulte wrote a letter to the federal judge presiding over his case, accusing officials at Manhattan Metropolitan Correctional Center of
|
|||
|
2018-11-01 11:48:01 | Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks (lien direct) | Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world.
Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including
|
|||
|
2018-10-31 06:26:01 | Apple\'s New MacBook Disconnects Microphone "Physically" When Lid is Closed (lien direct) | Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations.
Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its
|
|||
|
2018-10-30 13:01:03 | New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1 (lien direct) | It's only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts' private information on a locked iPhone.
Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS
|
|||
|
2018-10-30 07:33:01 | Windows 10 Bug Let UWP Apps Access All Files Without Users\' Consent (lien direct) | Microsoft silently patched a bug in its Windows 10 operating system with the October 2018 update (version 1809) that allowed Microsoft Store apps with extensive file system permission to access all files on users' computers without their consent.
With Windows 10, Microsoft introduced a common platform, called Universal Windows Platform (UWP), that allows apps to run on any device running
|
|||
|
2018-10-30 03:16:01 | Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer (lien direct) | Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers.
Discovered by researchers at Cymulate, the bug abuses the 'Online Video' option in Word documents, a feature that allows users to embedded an online
|
Malware | ||
|
2018-10-30 01:18:05 | Signal Secure Messaging App Now Encrypts Sender\'s Identity As Well (lien direct) | Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication.
Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are fully end-to-end encrypted as they transmit across their servers, each message leaves behind some of
|
|||
|
2018-10-29 07:51:02 | Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON (lien direct) | Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment.
Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its
|
|||
|
2018-10-29 01:17:05 | IBM Buys "Red Hat" Open-Source Software Company for $34 Billion (lien direct) | It's been quite a year for the open source platforms.
Earlier this year, Microsoft acquired popular code repository hosting service GitHub for $7.5 billion, and now IBM has just announced the biggest open-source business deal ever.
IBM today confirmed that it would be acquiring open source Linux firm Red Hat for $190 per share in cash, working out to a total value of approximately $34 billion.
|
|||
|
2018-10-26 06:59:03 | New Privilege Escalation Flaw Affects Most Linux Distributions (lien direct) | An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.
Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an
|
|||
|
2018-10-25 06:26:00 | Facebook Fined £500,000 for Cambridge Analytica Data Scandal (lien direct) | Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users.
The fine has been imposed by the UK's Information Commissioner's Office (ICO) and was calculated using the UK's old Data Protection Act 1998 which can levy a maximum penalty of £500,000 - ironically that's
|
|||
|
2018-10-25 02:57:04 | Google Makes 2 Years of Android Security Updates Mandatory for Device Makers (lien direct) | When it comes to security updates, Android is a real mess.
Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their customers.
To deal with this issue, Google at its I/O Developer Conference May 2018 revealed the
|
|||
|
2018-10-24 04:32:02 | FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware (lien direct) | Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia.
TRITON, also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety
|
Malware | ||
|
2018-10-24 01:53:04 | Hacker Discloses New Windows Zero-Day Exploit On Twitter (lien direct) | A security researcher with Twitter alias SandboxEscaper-who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler-has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability.
SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege
|
Vulnerability | ||
|
2018-10-19 07:12:00 | Critical Flaw Found in Streaming Library Used by VLC and Other Media Players (lien direct) | Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library-which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media.
LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to
|
Vulnerability | ||
|
2018-10-19 01:35:04 | Critical Flaws Found in Amazon FreeRTOS IoT Operating System (lien direct) | A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems-called FreeRTOS-and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers.
What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)?
FreeRTOS is a leading open source real-time operating system (RTOS) for embedded
|
Guideline | ||
|
2018-10-17 11:16:00 | Tumblr Patches A Flaw That Could Have Exposed Users\' Account Info (lien direct) | Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts.
The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email
|
Vulnerability | ||
|
2018-10-17 07:18:02 | LuminosityLink Hacking Tool Author Gets 30-Months Prison Sentence (lien direct) | A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan (RAT) called LuminosityLink has now been sentenced to 30 months in prison.
According to a press release published Monday by U.S. Attorney's Office, Colton Grubbs, who used online moniker 'KFC Watermelon,' was pleaded guilty for three counts--unlawfully accessing
|
Tool Guideline | ||
|
2018-10-17 03:39:03 | LibSSH Flaw Allows Hackers to Take Over Servers Without Password (lien direct) | A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.
The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in
|
Vulnerability | ||
|
2018-10-17 02:08:04 | Google Will Charge Android Phone Makers to Use Its Apps In Europe (lien direct) | Would you prefer purchasing an Android device that doesn't have any apps or services from Google? No Google Maps, No Gmail, No YouTube!
And NOT even the Google Play Store-from where you could have installed any Android apps you want
Because if you live in Europe, from now on, you have to spend some extra cash on a smartphone with built-in Google services, which were otherwise until now
|
|||
|
2018-10-16 00:54:05 | New iPhone Bug Gives Anyone Access to Your Private Photos (lien direct) | A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week.
Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts
|
Vulnerability | ★★★★★ | |
|
2018-10-15 11:43:05 | Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020 (lien direct) | All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols.
Developed initially as Secure Sockets Layer (SSL) protocol, Transport Layer Security (TLS) is an updated cryptographic protocol used to
|
|||
|
2018-10-15 02:20:00 | Google to Encrypt Android Cloud Backups With Your Lock Screen Password (lien direct) | In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it.
Google allows Android users to automatically backup their essential app data and settings to their Google account, allowing them to simply restore it
|
|||
|
2018-10-13 03:24:00 | 30 Million Facebook Accounts Were Hacked: Check If You\'re One of Them (lien direct) | Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the 'View As' feature.
At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by
|
|||
|
2018-10-12 05:11:00 | Fortnite for Android Released, But Make Sure You Don\'t Download Malware (lien direct) | Yes, it is official. The massively popular battle royale video game from Epic Games, Fortnite: Battle Royale is finally available for Android devices.
Epic announced Thursday that the Android version of Fortnite is now available for everyone to download for free, so you no longer require an invite to play the most popular battle royale game on your phone.
Epic Games have provided a list of
|
Malware | ||
|
2018-10-12 02:07:00 | Google Adds Control-Flow Integrity to Beef up Android Kernel Security (lien direct) | Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities.
In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored
|
|||
|
2018-10-11 02:19:05 | French Dark-Web Drug Dealer Sentenced to 20 Years in US Prison (lien direct) | A dark web drugs kingpin who was arrested last year when he arrived in the United States to compete in the World Beard and Mustache Championships has now been sentenced to 20 years in prison.
On Tuesday, U.S. District Judge Robert N. Scola sentenced 36-year-old French national Gal Vallerius, aka "OxyMonster," after pleading guilty to conspiracy to possess with the intent to distribute
|
Guideline | ||
|
2018-10-10 00:43:04 | Just Answering A Video Call Could Compromise Your WhatsApp Account (lien direct) | What if just receiving a video call on WhatsApp could hack your smartphone?
This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app.
The vulnerability is a memory heap overflow issue
|
Hack Vulnerability | ||
|
2018-10-09 11:40:04 | Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities (lien direct) | Microsoft has just released its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products.
This month's security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server.
Out of 49 flaws
|
|||
|
2018-10-09 10:43:03 | Adobe Releases Security Patch Updates for 11 Vulnerabilities (lien direct) | Adobe has released its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity.
Adobe has also released updated versions for Flash Player, but surprisingly this month the software received no security patch update.
Also, none of the
|
|||
|
2018-10-09 01:37:00 | From Now On, Only Default Android Apps Can Access Call Log and SMS Data (lien direct) | A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident.
Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving users more control over what type of data they choose to share with each app.
The changes are part of
|
Data Breach | ||
|
2018-10-08 12:31:00 | Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users\' Data (lien direct) | Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers.
According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their
|
Data Breach Vulnerability | ||
|
2018-10-08 08:34:05 | New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access (lien direct) | A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought.
A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year.
The vulnerability, identified as CVE-2018-14847, was initially rated
|
Vulnerability | ||
|
2018-10-08 06:01:00 | How to Start a Career in Cybersecurity: All You Need to Know (lien direct) | Cybersecurity is one of the most dynamic and exciting fields in tech, combining cutting-edge information technology with crime fighting. It's also an industry in serious need of qualified professionals.
Estimates show that there are over one million unfilled cybersecurity jobs. The U.S. Bureau of Labor Statistics projects that employment of information security analysts will grow 28 percent
|
|||
|
2018-10-08 05:57:05 | 13 Free Movie Download Websites - Watch HD Movies Online (lien direct) | When you search for free movie download or watch free movies online, search engines serve you a long list of best free movie websites.
But you need to beware, as most free movies files and free movie site could end you up into downloading links to nasty computer viruses. They could infect or, at worst case, take control over your computer.
One more thing I have learned in these years is that
|
|||
|
2018-10-06 00:52:04 | Silk Road Admin Pleads Guilty – Could Face Up to 20 Years in Prison (lien direct) | An Irish national who helped run the now-defunct dark web marketplace Silk Road pleaded guilty on Friday to drug trafficking charges that carry a maximum sentence of 20 years in prison.
Gary Davis, also known as Libertas, was one of Silk Road's site administrators and forum moderators for Silk Road, then-largest underground marketplace on the Internet used by thousands of users to sell and
|
Guideline | ||
|
2018-10-04 06:03:05 | Chinese Spying Chips Found Hidden On Servers Used By US Companies (lien direct) | A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state.
According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a grain of rice, has been found hidden in the servers used by nearly 30 American companies, including
|
|||
|
2018-10-03 11:36:00 | Wi-Fi Gets Simplified Version Numbers and Next Version is Wi-Fi 6 (lien direct) | Do you know what is the latest version of Wi-Fi? It's okay if you don't know.
It is - Wi-Fi is 802.11ac.
I am sure many of us can't answer this question immediately because the Wi-Fi technology doesn't have a traditional format of version numbers… at least until yesterday.
The Wi-Fi Alliance-the group that manages the implementation of Wi-Fi-has today announced that the next version of WiFi
|
|||
|
2018-10-03 04:18:05 | Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash (lien direct) | The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations,
|
Medical | APT 38 | |
|
2018-10-03 00:27:02 | Facebook Finds \'No Evidence\' Hackers Accessed Connected Third-Party Apps (lien direct) | When Facebook last weekend disclosed a massive data breach-that compromised access tokens for more than 50 million accounts-many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login.
Good news is that Facebook found no evidence "so far" that proves such claims.
In a blog post published Tuesday,
|
|||
|
2018-10-02 09:29:03 | Google Announces 5 Major Security Updates for Chrome Extensions (lien direct) | Google has made several new announcements for its Chrome Web Store that aims at making Chrome extensions more secure and transparent to its users.
Over a couple of years, we have seen a significant rise in malicious extensions that appear to offer useful functionalities, while running hidden malicious scripts in the background without the user's knowledge.
However, the best part is that
|
|||
|
2018-10-02 02:36:05 | New iPhone Passcode Bypass Hack Exposes Photos and Contacts (lien direct) | Looking for a hack to bypass the passcode or screen lock on iPhones?
Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple's new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locked iPhone XS and other recent iPhone models.
Rodriguez, who also discovered iPhone lock screen
|
Hack Vulnerability | ||
|
2018-10-01 05:50:03 | GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers (lien direct) | Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to redirect users to malicious web pages-especially if they visit banking sites-and steal their login credentials.
Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing
|
Malware | ★★★★ | |
|
2018-10-01 01:56:01 | Telegram Calling Feature Leaks Your IP Addresses-Patch Released (lien direct) | The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram, has been found leaking both users' private and public IP addresses by default during voice calls.
With 200 million monthly active users as of March 2018, Telegram promotes itself as an ultra-secure instant messaging service that lets its users make end-to-end encrypted chat and voice call
|
To see everything:
Our RSS (filtrered)
