Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-09-27 13:35:30 |
GAO Says Electric Grid Cybersecurity Risks Only Partially Assessed (lien direct) |
A new report from the United States Government Accountability Office (GAO) shows that the Department of Energy (DOE) has yet to fully analyze the electric grid cybersecurity risks.
|
|
|
|
|
2019-09-27 13:08:04 |
German Auto and Defense Firm Rheinmetall Says Malware Hit Several Plants (lien direct) |
Germany-based car parts and defense solutions provider Rheinmetall announced on Thursday that production at its automotive plants in the United States, Brazil and Mexico was disrupted as a result of a malware attack.
|
Malware
|
|
|
|
2019-09-27 11:33:27 |
Researchers Disclose Another SIM Card Attack Possibly Impacting Millions (lien direct) |
A new variant of a recently disclosed SIM card attack method could expose millions of mobile phones to remote hacking, researchers have warned.
|
|
|
|
|
2019-09-27 07:31:42 |
FBI Reviewed Cybersecurity Firm\'s Evidence in 2016 DNC Election Hack (lien direct) |
CLAIM: The FBI only relied on the word of a cybersecurity firm, CrowdStrike, to determine that Russia hacked the emails of the Democratic National Committee.
AP'S ASSESSMENT: False. CrowdStrike provided forensic evidence and analysis for the FBI to review during its investigation into a 2016 hack of DNC emails.
|
Hack
|
|
|
|
2019-09-27 07:11:59 |
Magecart Hackers Target L7 Routers (lien direct) |
One of the financially motivated threat actors operating under the Magecart umbrella appears to be testing malicious code to inject into commercial-grade layer 7 (L7) routers, IBM reports.
|
Threat
|
|
|
|
2019-09-27 06:57:06 |
DoorDash Breach Exposes Data of Nearly 5 Mn Users (lien direct) |
On-demand restaurant meal delivery service DoorDash on Thursday said a breach of its system exposed nearly five million customers, eateries and "Dashers" to a data breach.
|
|
|
|
|
2019-09-26 18:23:05 |
Chinese Hackers Hit Technology Firms in Southeast Asia With PcShare Backdoor (lien direct) |
Attacks conducted by a suspected Chinese threat actor on technology companies in Southeast Asia employ a version of the open-source PcShare backdoor, BlackBerry Cylance security researchers warn.
|
Threat
|
|
|
|
2019-09-26 18:21:28 |
Incident Pruning, Cutting a Path to More Effective Investigations (lien direct) |
Make Sure You do Some Incident Pruning to Maintain Security Operations Efficiency and Focus
|
|
|
|
|
2019-09-26 16:27:05 |
Adopt Insertion Point Security for a Microservices World (lien direct) |
In the old world, applications generally consisted of a web server, an app server and a database. Traffic went from router to switch to firewall. There was a network perimeter, which was our ingress.
|
|
|
|
|
2019-09-26 15:03:06 |
\'Chameleon\' Spam Campaign Employs Randomized Email Headers (lien direct) |
A large number of spam messages recently sent from the same botnet were observed featuring randomized headers and even different templates, with some emails resembling phishing, Trustwave reports.
|
Spam
|
|
|
|
2019-09-26 14:25:42 |
There Is Life for the CISO After a Breach (lien direct) |
A new survey of CISO attitudes conducted by Symantec and Dr Chris Brauer of Goldsmiths, University of London will surprise few CISOs, but should be required reading for other business leaders. It describes adrenaline junkies that fear burnout and worry about being scapegoats in an impossible position, but remain dedicated to their job.
|
Guideline
|
|
|
|
2019-09-26 13:48:56 |
(Déjà vu) Hackers Target Airbus Suppliers in Quest for Commercial Secrets (lien direct) |
European aerospace giant Airbus has been hit by a series of attacks by hackers targeting its suppliers in search of commercial secrets, sources told AFP, adding they suspected a Chinese link.
|
|
|
|
|
2019-09-26 12:36:59 |
Cylance Founder Stuart McClure Leaves BlackBerry (lien direct) |
Stuart McClure, the co-founder and CEO of Cylance, has decided to leave following BlackBerry's recent acquisition of his company.
|
|
|
|
|
2019-09-26 11:38:46 |
VMware Patches Critical Harbor Vulnerability (lien direct) |
VMware this week released patches to address a critical vulnerability in Harbor, which was found to impact VMware Cloud Foundation and VMware Harbor Container Registry for PCF.
|
Vulnerability
|
|
|
|
2019-09-26 11:13:01 |
Airbus Hit by Series of Cyber Attacks on Suppliers: Security Sources (lien direct) |
European aerospace giant Airbus has been hit by a series of attacks by hackers who have targeted its suppliers in their search for technical secrets, security sources told AFP, adding they suspected a China link.
There have been four major attacks on Airbus in the last 12 months, according to two security sources involved in investigating the hacking.
|
|
|
|
|
2019-09-26 08:46:48 |
iOS 13 Bug Gives Third-Party Keyboards "Full Access" Permissions (lien direct) |
An update that Apple will soon release for iOS 13 and iPadOS should resolve an issue that leads to third-party keyboard apps getting elevated permissions without the user's approval.
|
Guideline
|
|
|
|
2019-09-26 07:14:27 |
vBulletin Patches Vulnerability Exploited in the Wild (lien direct) |
Developers of the vBulletin forum software have rushed to release a patch for a recently disclosed remote command execution vulnerability, but the flaw has already been exploited in the wild, with some claiming that its existence has been known for years.
|
Vulnerability
|
|
|
|
2019-09-25 18:37:40 |
Czech Intelligence Blames China for Major Cyber Attack (lien direct) |
China was behind a major cyber attack at a key government institution in the Czech Republic last year, the EU member's intelligence agency said in a report Wednesday.
|
|
|
|
|
2019-09-25 18:32:12 |
POISON CARP Threat Actor Targets Tibetan Groups (lien direct) |
A threat actor referred to as POISON CARP has targeted senior members of Tibetan groups via WhatsApp for around six months, Citizen Lab reveals.
The attacks, carried out between November 2018 and May 2019, employed individually tailored WhatsApp text exchanges, where the attackers were posing as NGO workers, journalists, and other fake personas.
|
Threat
|
|
|
|
2019-09-25 15:39:34 |
Honeywell Launches \'Forge\' Industrial Cybersecurity Platform (lien direct) |
Honeywell on Wednesday announced the launch of a new industrial cybersecurity platform designed to help organizations protect their operational technology (OT) and industrial internet of things (IIoT) assets from cyber threats.
|
|
|
|
|
2019-09-25 14:22:23 |
Organizations Warned of Dual Threat Posed by RDP and Disruptive Ransomware (lien direct) |
In a paper warning about the evolution of what it calls 'disruptionware', the Institute for Critical Infrastructure Technology (ICIT) highlights ransomware and RDP access as the current focus of a new development that "sees adversaries disrupting business continuity" posing "an existential threat to critical infrastructure operators."
|
Threat
Ransomware
|
|
|
|
2019-09-25 13:49:48 |
60% of Major US Firms Have Been Hacked in Cloud: Study (lien direct) |
Hackers have penetrated cloud computing networks of some 60 percent of top US companies, with virtually all industry sectors hit, security researchers said Tuesday.
|
|
|
|
|
2019-09-25 12:27:59 |
Tortoiseshell Targets U.S. Military Veterans in New Campaign (lien direct) |
A recently discovered attack group referred to as Tortoiseshell has been targeting job seekers in the United States, especially military veterans, Cisco Talos' security researchers have discovered.
|
|
|
|
|
2019-09-25 11:58:06 |
Microsoft Makes Azure Sentinel Generally Available (lien direct) |
Microsoft this week announced the general availability of Azure Sentinel, a cloud-based security information and event management (SIEM) platform aimed at identifying and blocking threats.
|
|
|
|
|
2019-09-25 11:18:27 |
Dell Unveils New Data Protection Appliances (lien direct) |
Dell on Tuesday unveiled new EMC PowerProtect appliances and announced improvements to existing data protection and recovery products.
|
|
|
|
|
2019-09-25 08:30:45 |
Hacker Releases Exploit for vBulletin Zero-Day Vulnerability (lien direct) |
A hacker has released an exploit for an unpatched remote command execution vulnerability affecting the vBulletin forum software.
|
Vulnerability
|
|
|
|
2019-09-25 07:25:52 |
\'xHunt\' Campaign Targets Kuwait Transportation and Shipping Sector (lien direct) |
A campaign targeting transportation and shipping organizations based in Kuwait was observed employing previously undocumented tools, Palo Alto Networks reports.
|
|
|
|
|
2019-09-24 18:56:47 |
North Korean-Linked Dtrack RAT Discovered (lien direct) |
An investigation into banking malware targeting India has led to the discovery of a new remote access Trojan (RAT) employed by the North Korean-linked Lazarus group, Kaspersky reports.
|
Malware
Medical
|
APT 38
|
|
|
2019-09-24 18:32:14 |
Adobe Patches Critical Command Injection, Path Traversal Flaws in ColdFusion (lien direct) |
Updates released by Adobe on Tuesday for its ColdFusion web application development platform address three vulnerabilities, including two that have been classified “critical.”
|
|
|
|
|
2019-09-24 15:42:37 |
Russian Pleads Guilty to Hacking U.S. Financial Firms (lien direct) |
A Russian man this week pleaded guilty in a Manhattan federal court to the hacking of various financial institutions in the United States, including JPMorgan Chase and Dow Jones.
|
Guideline
|
|
|
|
2019-09-24 14:19:40 |
Additional U.S. Utilities Targeted With LookBack Malware (lien direct) |
Proofpoint security researchers have observed a new series of phishing attacks targeting entities in the United States utilities sector in an attempt to deliver the LookBack remote access Trojan (RAT).
|
Malware
|
|
|
|
2019-09-24 13:20:33 |
Source Code Security Firm Cycode Launches With $4.6 Million in Funding (lien direct) |
Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.
|
|
|
|
|
2019-09-24 13:03:50 |
Cyber Insurance Firm Cowbell Emerges From Stealth With $3.3 Million Seed Funding (lien direct) |
Pleasanton, California-based cyber insurance firm Cowbell Cyber has emerged from stealth, announcing its Cowbell Factor product with $3.3 million seed funding from leading insurance, cybersecurity and artificial intelligence venture funds, including ManchesterStory Group, Holmes Murphy & Associates, Tri-Valley Ventures and the Global Insurance Accelerator.
|
Guideline
|
|
|
|
2019-09-24 11:54:21 |
Lion Air Data Leak Came From Contractor\'s Ex-Staff, Airline Says (lien direct) |
A massive data breach at Indonesian airline Lion Air that affected millions of customers stolen was the fault of staff at a contractor, the airline's Malaysia subsidiary said Monday.
|
|
|
|
|
2019-09-24 11:50:14 |
Google Wins EU Fight Against Worldwide \'Right to be Forgotten\' (lien direct) |
Google is not required to apply an EU "right to be forgotten" to its search engine domains outside Europe, the EU's top court ruled Tuesday in a landmark decision.
|
|
|
|
|
2019-09-24 07:07:23 |
Microsoft Patches Internet Explorer Vulnerability Exploited in Attacks (lien direct) |
Microsoft on Monday released patches for two vulnerabilities, including an Internet Explorer zero-day and a denial-of-service (DoS) flaw affecting Microsoft Defender.
|
Vulnerability
|
|
|
|
2019-09-23 18:32:55 |
Critical Vulnerability Addressed in Jira Service Desk (lien direct) |
Atlassian has released a security update for Jira Service Desk and Jira Service Desk Data Center to address a critical vulnerability resulting in information disclosure.
|
Vulnerability
|
|
|
|
2019-09-23 18:19:46 |
Microsoft to Provide Free Security Updates for Voting Systems Running Windows 7 (lien direct) |
Microsoft will continue to provide some Windows 7 machines with security updates beyond the January 2020 end-of-support date, and voting systems are among them, the company has announced.
|
|
|
|
|
2019-09-23 15:42:17 |
0patch Promises Support for Windows 7 Beyond January 2020 (lien direct) |
Windows 7 and Windows Server 2008 will officially reach end-of-support on January 14, 2020, but they will continue to receive security patches past that date, unofficially.
|
|
|
★★★★★
|
|
2019-09-23 15:28:11 |
Being CISO Is No Longer a Dead-End Job (lien direct) |
A decade ago, being named as CISO was considered the highest rung achievable from within the security function. This is changing, driven by increasing cyber awareness in the boardroom, the embedding of cyber risk in every part of the business through digitization and industry 4.0, and increasingly intrusive cyber regulations.
|
|
|
|
|
2019-09-23 13:48:26 |
Use Case-Centric Threat Intelligence Requires a Considered Approach (lien direct) |
One of the most promising developments I've seen in threat intelligence over the last year or so is a greater emphasis on use cases.
|
Threat
|
|
|
|
2019-09-23 12:57:41 |
Wyoming Hospital\'s Services Disrupted by Ransomware (lien direct) |
Gillette, Wyoming-based Campbell County Memorial Hospital continues to experience service disruptions after a ransomware attack hit Campbell County Health's computer systems on Friday.
|
Ransomware
|
|
|
|
2019-09-23 12:32:31 |
Flaw Gives Hackers Remote Access to Files Stored on D-Link DNS-320 Devices (lien direct) |
D-Link DNS-320 ShareCenter network-attached storage (NAS) devices are affected by a critical vulnerability that can be exploited remotely to take complete control of a device and access the files stored on it.
|
Vulnerability
|
|
|
|
2019-09-23 10:23:20 |
Digital Threats Multiply Ahead of 2020 US Elections (lien direct) |
It could be a manipulated video embarrassing a candidate. Or a computer voting system locked by ransomware. Or doubts about electronic voting machines with no paper backups.
|
|
|
|
|
2019-09-23 08:58:00 |
Google Awards $40,000 for Chrome Sandbox Escape Vulnerabilities (lien direct) |
Google has paid out a total of $40,000 for a couple of vulnerabilities that can be exploited to escape Chrome's sandbox.
|
|
|
|
|
2019-09-23 07:32:10 |
Mac Malware Poses as Trading App (lien direct) |
A Mac Trojan focused on stealing users' information was found masquerading as a legitimate trading application, Trend Micro's security researchers report.
|
Malware
|
|
|
|
2019-09-23 07:04:27 |
Alleged Hacker Faces 154 Charges in Football Leaks Case (lien direct) |
Portuguese prosecutors are bringing 154 charges against an alleged local hacker they believe is linked to the publication of internal documents that embarrassed top European clubs and soccer officials in the Football Leaks case.
|
|
|
|
|
2019-09-21 14:18:32 |
Payouts From Insurance Policies May Fuel Ransomware Attacks (lien direct) |
Experts Worry That Cyber Insurance Policies Designed to Limit Damage of Ransomware Attacks Might Actually be Encouraging Hackers
|
Ransomware
|
|
|
|
2019-09-21 11:55:47 |
Iran Denies Successful Cyber Attacks on Oil Sector (lien direct) |
Iran denied on Saturday its oil infrastructure had been successfully attacked by a cyber operation, after reports of disruptions to the sector online.
|
|
|
|
|
2019-09-20 19:13:43 |
Facebook Suspends \'Tens of Thousands\' of Apps in Privacy Review (lien direct) |
Facebook said Friday it suspended "tens of thousands" of apps on its platform as a result of its review on privacy practices launched following the scandal involving Cambridge Analytica.
|
|
|
|