Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-08-12 08:33:03 |
Apple Offers Up to $1 Million in Public Bug Bounty Program (lien direct) |
Apple last week announced that it's making some significant changes to its bug bounty program, making it public and expanding the list of covered products.
|
|
|
|
|
2019-08-12 04:29:01 |
\'Saefko\' Multi-Layered RAT Can Spread via USB Drives (lien direct) |
Security researchers from Zscaler have found a new remote access Trojan (RAT) for sale on the Dark Web that includes multiple functions and is able to spread via removable USB drives.
|
|
|
|
|
2019-08-11 15:27:02 |
Vulnerabilities in Device Drivers From 20 Vendors Expose PCs to Persistent Malware (lien direct) |
|
Malware
|
|
|
|
2019-08-09 15:51:04 |
Vulnerability Has Been Lurking in Avaya Phones for 10 Years (lien direct) |
A security vulnerability discovered and patched 10 years ago has remained unaddressed in various Avaya phones until recently, McAfee security researchers have discovered.
|
Vulnerability
|
|
|
|
2019-08-09 15:42:05 |
Hidden Injection Flaws Found in BIG-IP Load Balancers (lien direct) |
In May 2019 (updated in June), F5 issued a security advisory about a potential injection issue in the Tool Command Language (TCL) as used with its BIG-IP load balancers. Load balancers are essential to ensure consistent web services in high volume circumstances, and BIG-IP is popular with banks, governments and large corporations.
|
Tool
|
|
|
|
2019-08-09 15:01:01 |
Repurposing Mac Malware Not Difficult, Researcher Shows (lien direct) |
Repurposing Mac malware is not a difficult task for someone with reverse-engineering skills, and it's a far simpler approach compared to writing malware from scratch, a researcher has demonstrated.
|
Malware
|
|
|
|
2019-08-08 23:18:00 |
Broadcom to Buy Symantec Enterprise Unit for $10.7 Billion (lien direct) |
Broadcom announced plans Thursday to buy the enterprise unit of cybersecurity firm Symantec Corp. for $10.7 billion in a move to further diversify the US semiconductor maker.
|
|
|
|
|
2019-08-08 19:00:01 |
Hackers Can Use Rogue Engineering Stations to Target Siemens PLCs (lien direct) |
Malicious actors could use rogue engineering workstations to take control of Siemens programmable logic controllers (PLCs), and they can hide the attack from the engineer monitoring the system, researchers from two universities in Israel have demonstrated.
|
|
|
|
|
2019-08-08 18:50:04 |
New Windows Process Injection Can Be Useful for Stealthy Malware (lien direct) |
|
Malware
|
|
|
|
2019-08-08 18:10:00 |
Privacy Platform Provider Securiti.ai Emerges From Stealth With $31 Million Funding (lien direct) |
In the past, data protection regulation has largely been concerned with preventing the theft of personal data. Security and security products have focused on preventing breaches -- no breach effectively meant no failure of data protection compliance.
|
|
|
|
|
2019-08-08 17:36:00 |
GM Cruise Releases Automated Firmware Security Analyzer to Open Source (lien direct) |
The growth of IoT devices has highlighted the difficulties in ensuring firmware security -- especially where the device and software are initially sourced from third parties, or developed under time pressures in-house. Now a new firmware analyzer has been released to open source on GitHub.
|
|
|
|
|
2019-08-08 16:14:00 |
Researchers Find Vulnerabilities in Boeing 787 Firmware (lien direct) |
Researchers from security firm IOActive have discovered a series of vulnerabilities and attacks that they believe could be possible on Boeing's 787 Dreamliner.
|
|
|
|
|
2019-08-08 04:43:01 |
Microsoft Says It \'Listens\' to Conversations Only With Permission (lien direct) |
Microsoft said Wednesday its contractors listen to conversations to hone voice translation features offered by Skype and its digital assistant Cortana, but only when obtaining user permission.
|
|
|
★★
|
|
2019-08-07 20:44:05 |
US Formalizes Ban on Government Contracts to China\'s Huawei, Others (lien direct) |
The United States unveiled rules on Wednesday formally banning technology giant Huawei and other Chinese firms from government contracts in the latest move in the countries' escalating trade war.
|
|
|
|
|
2019-08-07 19:36:03 |
Network Shares Are a Primary Target for Ransomware (lien direct) |
The evolution of ransomware from high volume, low return, spray and pray consumer attacks to lower volume, high value, targeted attacks against business is well documented. The intent now is not to simply encrypt local files, but to find and encrypt network shares in order to inflict the greatest harm in the shortest time.
|
Ransomware
|
|
|
|
2019-08-07 16:33:03 |
Cisco Patches Critical Flaws in Network Switches (lien direct) |
Cisco this week released patches to address several vulnerabilities in its Small Business 220 Series Smart Switches, including two bugs rated Critical severity.
|
|
|
|
|
2019-08-07 14:53:00 |
Cyber Hygiene 101: Implementing Basics Can Go a Long Way (lien direct) |
With the number of data breaches skyrocketing in recent years, global cybercrime-related damages are expected to surge in the years ahead. In the last two months alone, we have seen a wave of ransomware attacks wreak havoc and another mega breach that impacted more than 100 million individuals at Capital One whose credit application information was stolen.
|
Ransomware
|
|
|
|
2019-08-07 14:44:00 |
Twitter Again Admits Sharing User Data Without Permission (lien direct) |
Twitter admitted this week that it may have accidentally shared some users' data with third parties without permission.
|
|
|
|
|
2019-08-07 14:09:04 |
The Fundamentals of Developing Effective DevSecOps (lien direct) |
Bolting Security on to DevOps Without Full Integration is Little More Than Keeping Security in its Own Separate Silo
|
|
|
|
|
2019-08-07 12:33:05 |
SQL Injection Vulnerability Exposed Starbucks Financial Records (lien direct) |
A critical SQL injection vulnerability exposed nearly one million financial records stored in a Starbucks enterprise database, a researcher revealed this week.
|
Vulnerability
|
|
|
|
2019-08-07 10:02:05 |
Millions of Devices With Intel CPUs Exposed to SWAPGS Attack (lien direct) |
Researchers have discovered yet another speculative execution vulnerability that can allow attackers to steal potentially sensitive information from devices with Intel processors.
|
Vulnerability
|
|
|
|
2019-08-06 18:47:04 |
Developer Bypasses Chrome\'s Anti-Incognito Detection (lien direct) |
Chrome 76 closed a loophole that allowed sites to detect when the Incognito Mode was being used, but a bypass for it has already been discovered.
The Incognito Mode, or private browsing, allows users to access websites without having unwanted cookies saved on disk and without being tracked by certain websites.
|
|
|
|
|
2019-08-06 18:20:05 |
Baldr Malware: A Short-Lived Star or Info Stealer That Will Return? (lien direct) |
The Baldr malware is a bit of an enigma. Appearing first in late 2018, researchers at Sophos have tracked it through four rapid revisions until suddenly, on May 31, 2019, the distributor (overdot) declared that further development and support had ceased. Users had been expecting the developer -- thought to be LordOdin by Malwarebytes -- to deliver a major upgrade to version 4.0.
|
Malware
|
|
|
|
2019-08-06 18:10:02 |
New \'Lord\' Exploit Kit Emerges (lien direct) |
A newly identified exploit kit is targeting vulnerable versions of Adobe's Flash Player, Malwarebytes security researchers say.
|
|
|
|
|
2019-08-06 17:19:02 |
Slack Unveils New Enterprise Security Tools (lien direct) |
Slack on Tuesday unveiled several new security tools designed to provide administrators of its Enterprise Grid product better control over who can use the platform and how they do it.
|
|
|
|
|
2019-08-06 15:08:00 |
Pakistani Man Bribed AT&T Employees to Unlock Phones, Plant Malware (lien direct) |
A Pakistani national has been charged by U.S. authorities for his role in a scheme that involved bribing employees of telecommunications giant AT&T to help unlock phones and plant malware on the company's network.
|
Malware
|
|
|
|
2019-08-06 14:29:00 |
Cloud Providers Improving Security, But Users Need to Up Their Game (lien direct) |
A new report from the Cloud Security Alliance (CSA) on the top threats to cloud computing suggests that service providers are improving their security. Many of today's threats now stem from organizational management decisions and implementation/configuration weaknesses.
|
|
|
|
|
2019-08-06 14:00:01 |
Russian Hackers Leverage IoT Devices to Access Corporate Networks (lien direct) |
IoT Devices Used as Points of Ingress for Hackers to Establish a Presence on Corporate Network
|
|
|
|
|
2019-08-06 10:54:02 |
Microsoft Offers Up to $300,000 in New Azure Security Lab (lien direct) |
|
|
|
|
|
2019-08-06 10:35:03 |
Cybereason Raises an Additional $200 Million in Funding (lien direct) |
Cybereason, a Boston, Mass.-based EDR/EPP security firm heavily invested in machine learning and AI-based solutions, has raised a further $200 million in a Series E funding round to support its product innovation and strengthen its global reach through its partner program.
|
|
|
|
|
2019-08-06 08:38:03 |
UN Report: North Korea Cyber Experts Raised Up to $2 Billion (lien direct) |
A panel monitoring U.N. sanctions says North Korean cyber experts have illegally raised money for the country's weapons of mass destruction programs “with total proceeds to date estimated at up to $2 billion.”
|
|
|
|
|
2019-08-06 08:32:05 |
Privacy Watchdogs Warn Facebook Over Libra Currency (lien direct) |
Global privacy regulators joined forces Tuesday to demand guarantees from Facebook on how it will protect users' financial data when it launches its planned cryptocurrency, Libra.
|
|
|
|
|
2019-08-06 08:25:01 |
Recovering Wi-Fi Password via Dragonblood Attack Costs $1 of Computing Power (lien direct) |
Some of the mitigations recommended by the Wi-Fi Alliance in response to Dragonblood, a set of WPA3 vulnerabilities that can be exploited to obtain a Wi-Fi network's password, are not efficient in preventing attacks, and launching an attack is much cheaper than initially estimated.
|
|
|
|
|
2019-08-05 16:25:04 |
ID Theft Stings, But it\'s Hard to Pin on Specific Data Hacks (lien direct) |
Equifax 2017. Marriott 2018. Capital One 2019.
|
Data Breach
|
Equifax
|
|
|
2019-08-05 16:02:01 |
Industrial Giants Respond to \'Urgent/11\' Vulnerabilities (lien direct) |
Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.
|
|
|
|
|
2019-08-05 15:59:01 |
JIRA Misconfiguration Leaks Data of Fortune 500 Companies (lien direct) |
A misconfiguration in the popular JIRA project management software exposed a great deal of data on hundreds of companies, security researcher Avinash Jain reveals.
|
|
|
|
|
2019-08-02 16:34:01 |
New Mirai Variant Hides C&C Server on Tor Network (lien direct) |
A recently discovered variant of the Mirai Internet of Things (IoT) malware is using a command and control (C&C) server on the Tor network, Trend Micro's security researchers have discovered.
|
Malware
|
|
|
|
2019-08-02 15:13:03 |
Nine Distinct Threat Groups Targeting Industrial Systems: Dragos (lien direct) |
The number of tracked threat groups targeting industrial control systems (ICS) environments has risen to nine, industrial cybersecurity firm Dragos reveals in a new report.
|
Threat
|
|
|
|
2019-08-02 14:39:05 |
New "LookBack" Malware Used in Attacks Against U.S. Utilities Sector (lien direct) |
A series of phishing attacks have been targeting U.S. companies in the utilities sector in an effort to infect systems with a new remote access Trojan (RAT), Proofpoint reports.
|
Malware
|
|
|
|
2019-08-02 13:01:05 |
Unprotected Database Exposes Details of Honda\'s Internal Network (lien direct) |
An unprotected, internet accessible ElasticSearch database exposed 134 million rows of sensitive data from Honda Motor Company, containing technical details on employee computers, including its CEO, Cloudflare security researcher Justin Paine reveals.
|
|
|
|
|
2019-08-02 10:17:04 |
Congress Wants Capital One, Amazon to Explain Data Breach (lien direct) |
Leaders of House and Senate committees want Capital One and Amazon to explain to Congress how a hacker accessed personal information from more than 100 million Capital One credit card customers and applicants.
|
Data Breach
Guideline
|
|
|
|
2019-08-01 18:52:04 |
Economics of Ransomware - To Pay Or Not To Pay? (lien direct) |
|
Ransomware
|
|
|
|
2019-08-01 18:29:00 |
Faked Facebook Accounts Linked to Saudi Arabia, Mideast Region (lien direct) |
Facebook on Thursday said it derailed a pair of shady online influence campaigns in the Arabic-speaking world including one linked to the Saudi Arabian government.
|
|
|
|
|
2019-08-01 16:21:02 |
Scammers Grab $2.5 Million From North Carolina County in BEC Scam (lien direct) |
Cybercriminals managed to divert $2.5 million in a business email compromise (BEC) scam targeting Cabarrus County, North Carolina. $1.7 million of that has not been recovered and remains missing.
|
|
|
|
|
2019-08-01 16:09:03 |
Google Releases Beta of Anomaly Detection for G Suite Customers (lien direct) |
Google on Wednesday announced the beta availability of Advanced Protection Program for G Suite customers and anomaly detection in the G Suite alert center.
|
|
|
|
|
2019-08-01 15:20:05 |
FTC Warns Cash Option May be Small for Equifax Settlement (lien direct) |
The Federal Trade Commission on Wednesday told consumers affected by the Equifax data breach that they are unlikely to get the full $125 cash payment that many sought.
|
Data Breach
|
Equifax
|
|
|
2019-08-01 14:41:05 |
Former NSA Contractor Edward Snowden Publishing Memoir (lien direct) |
Edward Snowden, the former National Security Agency contractor who fled to Russia after leaking information about the US government's mass surveillance program, is publishing a memoir.
The book, "Permanent Record," will go on sale on September 17. It is being published globally by Macmillan Publishers.
|
|
|
|
|
2019-08-01 12:24:02 |
How to Prep Your Security Strategy for Today\'s Cyber Risks (lien direct) |
There is no shortage of breaking news on data breaches and vulnerabilities that have very real financial and reputational consequences for enterprises. It seems impossible for business leaders and board members to escape the barrage of forewarning headlines and resulting bombardment of experts who line up to share cybersecurity advice on how to avoid such devastation.
|
Guideline
|
|
|
|
2019-08-01 11:01:02 |
\'Hexane\' Threat Actor Targeting Industrial Organizations (lien direct) |
Security researchers from industrial cybersecurity firm Dragos say they have identified a new threat actor targeting industrial control systems (ICS) related entities in the oil and gas and telecommunications sectors.
|
Threat
|
|
|
|
2019-08-01 10:50:00 |
Alleged Capital One Hacker Barely Bothered to Hide (lien direct) |
The 33-year-old former Amazon software engineer accused of hacking Capital One made little attempt to hide her attack. In fact, she effectively publicized it.
|
|
|
|