What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-07-16 14:47:02 | Thousands of Legacy Lenovo Storage Devices Exposed Millions of Files (lien direct) | Cybersecurity firms Vertical Structure and WhiteHat Security on Tuesday reported that their researchers discovered a serious vulnerability that gave remote attackers access to millions of files stored on thousands of exposed Lenovo network-attached storage (NAS) devices. | Vulnerability | ★★★★★ | |
|
2019-07-16 13:52:01 | Russia-linked Hackers Use New Trojans in Recent Attacks (lien direct) | Russia-linked threat group Turla has released new variants of the KopiLuwak Trojan in attacks detected since the beginning of this year, Kaspersky's security researchers reveal. | Threat | ★★★★★ | |
|
2019-07-16 12:10:01 | Security Teams Often Struggle to Get Developers on Board: GitLab Study (lien direct) | A GitLab study based on responses from over 4,000 software professionals shows a disconnect between developer and security teams, and suggests that good DevOps can be the solution to security problems. | ★★★ | ||
|
2019-07-16 10:48:03 | Why We Shouldn\'t Ignore The Male Majority When Pursuing an Inclusive Workplace (lien direct) | Cultural Change is Key to Making Hard-Earned Gains Persist Over Time | ★★★ | ||
|
2019-07-16 05:15:01 | (Déjà vu) Symantec Shares Plunge After Reports of Broadcom Deal Stall (lien direct) | Shares of cybersecurity giant Symantec plunged on Monday following reports that the company's acquisition talks with Broadcom have stalled due to a disagreement over price. Several major news outlets reported in early July that chipmaker Broadcom had been in advanced talks to acquire Symantec in a deal that could exceed $15 billion. | |||
|
2019-07-16 04:19:04 | (Déjà vu) Old Software Makes New Electoral Systems Ripe for Hacking (lien direct) | Pennsylvania's message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems. | |||
|
2019-07-15 12:42:03 | Instagram Account Takeover Vulnerability Earns Hacker $30,000 (lien direct) | A researcher claims to have received $30,000 from Facebook after discovering a critical vulnerability that could have been exploited to easily hack Instagram accounts. India-based bug bounty hunter Laxman Muthiyah discovered the security hole while analyzing Instagram's password recovery system for mobile devices. | Hack Vulnerability | ||
|
2019-07-15 10:37:04 | Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram (lien direct) | Hackers can manipulate media files transferred by users through the WhatsApp and Telegram messaging applications due to the way the Android operating system allows apps to access files in external storage, Symantec warned on Monday. | |||
|
2019-07-15 10:20:03 | As Ransomware Rages, Debate Heats Up on Response (lien direct) | 
|
Ransomware | ||
|
2019-07-15 01:15:05 | Huawei Planning Major Job Cuts in US: WSJ (lien direct) | Chinese telecoms giant Huawei, which is subject to US sanctions over concerns about its ties to the government in Beijing, is planning to make major job cuts at its US operations, The Wall Street Journal reported Sunday. | ★★ | ||
|
2019-07-14 01:23:01 | $5 Billion US Fine Set for Facebook on Privacy Probe: Report (lien direct) | US regulators have approved a $5 billion penalty to be levied on Facebook to settle a probe into the social network's privacy and data protection lapses, the Wall Street Journal reported Friday. | |||
|
2019-07-12 17:55:02 | Magecart Hackers Infect 17,000 Domains via Insecure S3 Buckets (lien direct) | The Magecart hackers have managed to infect over 17,000 domains by targeting improperly secured Amazon S3 buckets, RiskIQ reports. | |||
|
2019-07-12 16:15:04 | Adoption of AI-enhanced Cybersecurity is Growing Rapidly: Report (lien direct) | The pace of machine learning adoption for cybersecurity is increasing. This may appear to be obvious (virtually no new security product or version is released without claim to artificial intelligence), but a new report confirms this with hard figures. While around 20% of firms used ML prior to 2019, closer to 60% will be using it by the end of the year. | |||
|
2019-07-12 15:36:01 | Bipartisan Legislation to Require DHS Alerts on Election Hacking (lien direct) | Bipartisan legislation formally unveiled this week would require the Department of Homeland Security to send notifications on breaches affecting the election systems. | |||
|
2019-07-12 15:28:05 | Mac Zoom Web Server Allows for Remote Code Execution (lien direct) | The web server that the Zoom Client installs on Macs can be abused to execute code remotely, security researchers have discovered. | |||
|
2019-07-12 13:39:05 | FIRST Announces CVSS Version 3.1 (lien direct) | The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws. | Vulnerability | ||
|
2019-07-12 12:20:03 | U.S. Mayors Pledge Not to Give in to Ransomware Demands (lien direct) | The United States Conference of Mayors has promised that its members will “stand united” against paying ransoms in case their systems are hit by ransomware. | Ransomware | ||
|
2019-07-12 09:12:05 | Incident Response is Changing, Here\'s Why and How (lien direct) | Organizations can no longer simply dust off their incident response (IR) plan when a breach happens. If you haven't gone through the rigors of various exercises to know what to expect and what to do, pulling out your IR plan during a cyber attack or after a breach has occurred has little impact. Zero-dollar IR retainers aren't the best path forward either. They're cost effective if you aren't breached, but breaches happen. | |||
|
2019-07-12 09:02:04 | Japan Firm Says $32 Million Missing in Cryptocurrency Hack (lien direct) | Tokyo-based cryptocurrency exchange said Friday it had halted all services after losing cryptocurrency worth more than $32 million in the latest apparent hack involving virtual money. | Hack | ||
|
2019-07-12 07:43:02 | Flaw in Walkie-Talkie App on Apple Watch Allows Spying (lien direct) | Apple has disabled the Walkie-Talkie app on the Apple Watch after learning of a serious vulnerability that can be exploited to spy on users. | Vulnerability | ||
|
2019-07-12 06:51:00 | Premera Blue Cross Pays States $10 Million Over Data Breach (lien direct) | Premera Blue Cross, the largest health insurer in the Pacific Northwest, has agreed to pay $10 million to 30 states following an investigation into a data breach that exposed confidential information on more than 10 million people across the country. | Data Breach | ||
|
2019-07-12 04:36:05 | Human Workers Can Listen to Google Assistant Recordings (lien direct) | Google contractors regularly listen to and review some recordings of what people say to artificial-intelligence system Google Assistant, via their phone or through smart speakers such as the Google Home. | |||
|
2019-07-11 19:31:00 | Mozilla Introduces Grizzly Browser Fuzzing Framework (lien direct) | Mozilla this week made public a new browser fuzzing framework designed to enable the fast deployment of fuzzers at scale. | |||
|
2019-07-11 17:25:03 | (Déjà vu) Mozilla Moves to Deny UAE Firm\'s Root Inclusion Request (lien direct) | Mozilla is taking the first step toward denying a request by United Arab Emirates-based DarkMatter to be included as a top-level certificate authority in Mozilla's root certificate program. | |||
|
2019-07-11 17:05:02 | State of the Industry: Interoperability and Putting Security First (lien direct) | Cybersecurity spending has outpaced general IT spend for the last few years, and in 2019 with budgets growing up to 5 percent according to some analysts, this trend is clearly continuing. | ★★★★★ | ||
|
2019-07-11 16:53:05 | Apple Steps in: Removes Zoom Web Server From All Macs (lien direct) | Apple on Wednesday released an update to remove the Zoom web server from all Macs, following controversy that it puts users' security at risk. | |||
|
2019-07-11 16:47:03 | In an Interconnected World, Data Security is a Shared Responsibility (lien direct) | Taking active steps to safeguard your organization's digital presence on and offline is not a new recommendation; if anything, elaborate security measures are emblematic of our times. Passwords, multi-factor access protocols, biometrics and other forms of user authentication have become standard, and for good reason: the incidence of data loss, theft and misuse is huge. | |||
|
2019-07-11 16:00:00 | Users Unable to Log on to Windows Due to McAfee Update (lien direct) | An update released recently by McAfee for one of its products is preventing Windows users from logging on to their systems, and some major organizations appear to have been affected. | |||
|
2019-07-11 14:15:01 | Archive Server of Pale Moon Open Source Browser Hacked (lien direct) | Developers of the open source web browser Pale Moon revealed on Wednesday that the project's archive server was compromised and all executable files were infected with malware. | |||
|
2019-07-11 13:30:02 | Widely Used Kiosks Compromised by Hardcoded Credentials (lien direct) | Hardcoded Credentials in Kiosk Software Allowed Remote Attackers to Compromise API | |||
|
2019-07-11 12:21:04 | enSilo Raises $23 Million in Series B Funding (lien direct) | Endpoint security firm enSilo on Thursday announced new capabilities for its platform, a $23 million Series B funding round, and significant revenue growth. | |||
|
2019-07-11 12:10:02 | SAP Patches Critical Flaw in Diagnostics Agent (lien direct) | SAP this week released 11 Security Notes as part of the Patch Day – July 2019, one of which was a Hot News Note addressing a Critical vulnerability in Diagnostics Agent. Tracked as CVE-2019-0330 and featuring a CVSS score of 9.1, the bug is an OS command injection that could lead to the compromise of the entire SAP system. | Guideline Vulnerability | ||
|
2019-07-11 09:47:02 | Buhtrap Group Used Windows Zero-Day in Government Attack (lien direct) | One of the two Windows zero-day vulnerabilities fixed by Microsoft with its July 2019 Patch Tuesday updates was used by a threat group known as Buhtrap to target a government organization in Eastern Europe, according to cybersecurity firm ESET. | Threat | ||
|
2019-07-11 04:34:04 | Ex-IT Worker Who Hacked Former Company\'s Website Gets Prison (lien direct) | An Arizona man has been sentenced to 27 months in federal prison for hacking into computer systems operated by his former California employer and then deleting its website and marketing materials. | |||
|
2019-07-10 16:03:02 | Intel Patches Serious Vulnerability in Processor Diagnostic Tool (lien direct) | Intel's Patch Tuesday updates for July 2019 fix a serious vulnerability in the company's Processor Diagnostic Tool and a less serious issue in its Solid State Drives (SSD) for Data Centers (DC) product. | Tool Vulnerability | ||
|
2019-07-10 15:55:01 | Sea Turtle\'s DNS Hijacking Continues Despite Exposure (lien direct) | In April 2019, Cisco Talos researchers reported on an ongoing state-sponsored DNS hijacking campaign that had compromised at least 40 different organizations in 13 countries. They named the campaign Sea Turtle, and described the group as brazen and persistent. If discovered, they do not simply give up and go away. | |||
|
2019-07-10 14:41:00 | Flaw in Rockwell PanelView Allows Root-Level Access to Devices (lien direct) | A serious vulnerability in Rockwell Automation's PanelView graphics terminals allows a remote, unauthenticated attacker to gain root-level access to the device's file system. | Vulnerability | ||
|
2019-07-10 12:47:01 | Privacy Compliance Firm TrustArc Raises $70 Million (lien direct) | San Francisco-based privacy compliance and data protection firm TrustArc on Wednesday announced that it raised $70 million in a Series D funding round. | |||
|
2019-07-10 12:04:00 | Marriott to Contest $124 Million Fine Imposed by UK Data Protection Regulator (lien direct) | Marriott International says it will fight a large fine resulting from a massive data breach that was discovered in 2018. | Data Breach | ||
|
2019-07-10 10:52:04 | ChatOps is Your Bridge to a True DevSecOps Environment (lien direct) | The way we build, provision, maintain and secure apps continues to evolve. As agile development practices put pressure on operations, organizations move to DevOps where both functions are synchronized. This in turn puts pressure on the app security organization, and so we see more companies today adopting a DevSecOps model. | |||
|
2019-07-10 10:42:00 | Researchers Find 17,490 Anubis Android Malware Samples (lien direct) | Two related servers were recently found hosting 17,490 samples of the same Android malware, Trend Micro's security researchers say. | Malware | ||
|
2019-07-10 06:09:01 | GE Says Anesthesia Machine Vulnerability Poses No Risk to Patients (lien direct) | Researchers have discovered a vulnerability that can be used to hack some of GE Healthcare's hospital anesthesia devices, but the vendor says it does not pose a direct risk to patients. | Hack Vulnerability | ||
|
2019-07-10 01:32:04 | Marriott Faces $123 Million Fine in UK for Data Breach (lien direct) | Marriott says it will fight a $123 million U.K. government fine related to its massive data breach. Marriott has the right to respond to the proposed fine before a final determination is made by the U.K.'s Information Commissioner's Office. The agency says the breach violated the European Union's data protection regulations. | Data Breach | ||
|
2019-07-09 20:09:01 | In the Detection and Response Era, a Unified SOC is the Path to Success (lien direct) | This may be cheesy, and half of you reading this may not have been alive at the time to remember, but President Ronald Reagan's appeal more than 30 years ago to “tear down this wall” is advice security professionals should heed as well. A reunified Germany is now an economic powerhouse, affording its citizens a better quality of life. | |||
|
2019-07-09 19:48:01 | Two Windows Privilege Escalation Vulnerabilities Exploited in Attacks (lien direct) | Microsoft's July 2019 Patch Tuesday updates fix nearly 80 vulnerabilities, including two Windows zero-day flaws and six issues whose details were previously made public. | |||
|
2019-07-09 18:25:04 | Vulnerability Gives Attackers Remote Access to Zoom Users\' Cameras (lien direct) | A vulnerability in the Zoom Client for Mac allows a remote attacker to force a user into joining a video call with the video camera active, a security researcher has discovered. | Vulnerability | ||
|
2019-07-09 16:20:02 | UK Spy Agency Decrypts Some Secrets With New Exhibition (lien direct) | Historic gadgets used by British spies will be revealed for the first time later this week, as one of the country's intelligence agencies steps out the shadows to mark its centenary -- and to educate people about the risks of cyber-attacks. | |||
|
2019-07-09 15:55:05 | Adobe Fixes Low Priority Flaws With July 2019 Patch Tuesday Updates (lien direct) | Adobe's Patch Tuesday updates for July 2019 address vulnerabilities in the company's Bridge CC, Experience Manager and Dreamweaver products, but none of the security holes appear serious. | |||
|
2019-07-09 15:39:01 | Malware Isolation Firm Menlo Security Raises $75 Million (lien direct) | Menlo Security, a provider of zero-trust internet isolation services, has raised $75 million in a Series D funding round led by clients advised by JP Morgan Asset Management. Existing investors, including Sutter Hill Ventures, American Express Ventures, HSBC and JP Morgan Chase also participated in the funding. | Malware | ||
|
2019-07-09 15:32:03 | Fileless Attack Attempts to Run Astaroth Backdoor Directly in Memory (lien direct) | Microsoft says it recently detected and stopped a fileless campaign looking to deliver the Astaroth Trojan to unsuspecting victims. |
To see everything:
Our RSS (filtrered)
