What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-10-19 17:12:29 | Adult FriendFinder Vulnerability Leaves Millions Exposed (lien direct) | Security experts are reporting popular adult website Adult FriendFinder has been compromised by hackers who have gained access to the site's backend servers. | |||
|
2016-10-19 13:00:32 | Mirai Bots More Than Double Since Source Code Release (lien direct) | Level 3 Communications said the Mirai botnet has recruited close to 500,000 IoT devices since the malware's source code was released. | |||
|
2016-10-18 20:58:06 | Experts \'Outraged\' by Warrant Demanding Fingerprints to Unlock Smartphones (lien direct) | Legal scholars say the government is testing the limits of the Fifth Amendment in a landmark search warrant case. | |||
|
2016-10-18 20:14:32 | Attackers Hiding Stolen Credit Card Numbers in Images (lien direct) | Researchers say attackers are embedding malicious code in poorly configured Magento sites that hides stolen payment card data in images. | |||
|
2016-10-18 17:42:22 | VeraCrypt Patches Critical Vulnerabilities Uncovered in Audit (lien direct) | An audit of open source file and disk encryption software VeraCrypt wrapped up and a number of critical vulnerabilities uncovered in the assessment were patched. | |||
|
2016-10-17 20:30:19 | TrickBot Banking Trojan Could Be Dyre Rewrite (lien direct) | Researchers at Fidelis report there are similarities in coding and behavior between a new banking Trojan called TrickBot and the notorious Dyre malware. | |||
|
2016-10-17 19:25:15 | Free SSL Providers Spark Unprecedented Growth in Encrypted Traffic (lien direct) | For the first time, more than half of traffic on the Internet is encrypted, and experts say free SSL certificate providers are playing a big role. | |||
|
2016-10-17 16:49:36 | US Reps Requesting Further Intel Around Yahoo Surveillance Story (lien direct) | U.S. representatives are asking Yahoo for clarity around a surveillance program mentioned in reports earlier this month. | Yahoo | ||
|
2016-10-15 13:00:45 | Sierra Wireless Warns Cellular Data Gear Targeted by Mirai Malware (lien direct) | Sierra Wireless warns that its AirLink gateways are being infected by the Mirai malware, and urges customers to change default passwords on devices. | |||
|
2016-10-14 21:24:21 | Ghost Push Trojan Flourishing Via Malicious Links (lien direct) | Cheetah Mobile reports the origins of mobile Trojans are still coming from Ghost Push, which can root devices, show ads and install unwanted apps. | |||
|
2016-10-14 14:38:40 | Threatpost News Wrap, October 14, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including the nuclear power plant 'disruption,' the StrongPity APT group, and the proliferation of IoT botnets. | |||
|
2016-10-14 13:00:36 | Leftover Factory Debugger Doubles as Android Backdoor (lien direct) | A researcher has found a backdoor, which he calls Pork Explosion, in an Android bootloader built by Foxconn. | |||
|
2016-10-14 12:00:37 | Popular Android App Leaks Microsoft Exchange User Credentials (lien direct) | A popular Android app called Nine leaks Microsoft Exchange user credentials when users are tricked into connecting to rogue wireless access points. | |||
|
2016-10-13 18:54:38 | Google Plugs 21 Security Holes in Chrome (lien direct) | Bug hunters earned $30,000 in rewards for reporting 21 security flaws that were fixed in Chrome 54. | |||
|
2016-10-13 17:43:39 | Google Handles Record Number of Government Requests for Data (lien direct) | Google updated its Transparency Report, reporting a record number of government requests for data, and that it received at least one National Security Letter during the second half of 2015. | |||
|
2016-10-13 16:56:19 | Facebook Bug Bounty Program Pays Out $5 Million in Five Years (lien direct) | Facebook announced this week that its paid out more than $5 million to 900 researchers in the five years since it implemented its bug bounty program. | |||
|
2016-10-13 15:56:30 | Cisco Patches Critical Bug In Video Conferencing Server Hardware (lien direct) | A vulnerability in Cisco's meeting server software allows a remote attacker to masquerade as legit user. | |||
|
2016-10-13 15:27:58 | Old SSH Vulnerability at Center of Credential-Stuffing Attacks (lien direct) | Akamai warns that attackers are compromising IOT devices and using them as proxies to test stolen credentials against web-based applications. | |||
|
2016-10-13 14:38:22 | Android Fragmentation Sinks Patching Gains (lien direct) | One year after kicking off monthly Android security updates and Google still is way behind Apple when it comes to patching. | |||
|
2016-10-12 21:25:26 | Vera Bradley Retail Chain Breached (lien direct) | Women's accessories giant Vera Bradley is reporting a breach of its retail store point-of-sale system. | |||
|
2016-10-12 17:05:48 | Disappearing Messages Added to Signal App (lien direct) | Open Whisper Systems announced that it has added the disappearing messages feature to the Signal encrypted messaging app. | |||
|
2016-10-12 15:45:33 | Gary McGraw on BSIMM7 and Secure Software Development (lien direct) | Mike Mimoso talks to Cigital CTO and software security pioneer Gary McGraw about the latest results pulled from the Building Security In Maturity Model (BSIMM). | |||
|
2016-10-11 21:08:15 | Nuclear Power Plant Disrupted by Cyber Attack (lien direct) | The head of an international nuclear energy consortium said this week that a cyber attack caused a 'disruption' at a nuclear power plant in the last several years. | |||
|
2016-10-11 19:18:35 | Microsoft Patches Five Zero Days Under Attack (lien direct) | Microsoft released 10 security bulletins on Patch Tuesday that included patches for five zero day vulnerabilities under attack that had not been publicly disclosed until today. | |||
|
2016-10-11 18:02:38 | Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flash (lien direct) | Adobe patched 81 vulnerabilities, including a handful of critical bugs, in Acrobat, Reader, and Flash on Tuesday. | |||
|
2016-10-11 15:52:07 | IoT Botnet Uses HTTP Traffic to DDoS Targets (lien direct) | The IoT botnet behind the some of the largest publicly recorded DDoS attacks is flooding its targets with HTTP traffic in Layer 7 attacks. | |||
|
2016-10-10 13:54:49 | StrongPity APT Covets Secrets of Crypto Users (lien direct) | Kaspersky Lab researchers have uncovered the StrongPity APT, a group that uses watering hole attacks to infect machines of users seeking encryption technologies such as WinRAR and TrueCrypt. | |||
|
2016-10-10 13:00:50 | When DVRs Attack: A Post IoT Attack Analysis (lien direct) | Researchers sort out what went wrong when an estimated 500,000 DVRs and IP-based cameras were used in a series of massive DDoS attacks in September. | |||
|
2016-10-07 15:30:30 | Threatpost News Wrap, October 7, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss this week's Virus Bulletin conference in Denver and CNBC's Cambridge Cyber Summit at MIT, the NSA contractor arrest, APT false flags, and more. | |||
|
2016-10-07 15:00:11 | The Ethics and Morality Behind APT Reports (lien direct) | Investigating state-sponsored espionage and counterterrorism is one thing. Writing public reports about these activities is another. | |||
|
2016-10-07 14:55:27 | Cisco Warns of Critical Flaws in Nexus Switches (lien direct) | Networking giant Cisco issued five security bulletins this week with two critical bugs allowing remote execute code. | |||
|
2016-10-07 11:00:37 | Free Tool Protects Mac Users from Webcam Surveillance (lien direct) | Mac security researcher Patrick Wardle released a tool called OverSight that monitors when malware may be recording a webcam or audio session on a macOS machine. | |||
|
2016-10-06 20:26:19 | Web-Based Keylogger Used to Steal Credit Card Data from Popular Sites (lien direct) | Researchers estimate thousands of ecommerce sites are under attack by a single threat actor that has infected servers with a web-based keylogger. | |||
|
2016-10-06 17:49:28 | EFF: NSA\'s Support of Encryption \'Disingenuous\' (lien direct) | Cindy Cohn, the EFF's Executive Director, called the NSA's support of strong encryption disingenuous during a cybersecurity conference panel Wednesday. | |||
|
2016-10-06 14:00:25 | Mobile App Collusion Can Bypass Native Android Security (lien direct) | At Virus Bulletin, researchers explain how Android mobile applications can collude to share data and synchronize payload execution. | |||
|
2016-10-06 13:00:58 | Juan Andres Guerrero-Saade and Brian Bartholomew on APT False Flags and Attribution (lien direct) | Mike Mimoso talks to Kaspersky Lab Global Research and Analysis Team researchers Juan Andres Guerrero-Saade and Brian Bartholomew about a paper released at Virus Bulletin on deception tactics and false flags flown by APT groups to frustrate analysis. | |||
|
2016-10-06 12:00:44 | Abandoned Mobile C&C Servers Present Opportunity to Attackers (lien direct) | At Virus Bulletin, researchers explained the risks associated with abandoned SDK master servers that present attackers with an opportunity to assume control of these communication channels. | |||
|
2016-10-05 22:31:08 | NSA Contractor Charged With Stealing Classified Hacking Secrets (lien direct) | A NSA contractor working for Booz Allen Hamilton was arrested and charged with stealing secret documents from the U.S. spy agency. | |||
|
2016-10-05 16:30:51 | Yahoo Slams Email Surveillance Story: Experts Demand Details (lien direct) | Yahoo calls a bombshell email surveillance story “misleading†as legal, civil liberties and security experts demand answers. | Guideline | Yahoo | |
|
2016-10-05 12:51:57 | IoT Botnets Are The New Normal of DDoS Attacks (lien direct) | DVR's, IP-enabled cameras, home cable equipment and many other IOT connected devices are that latest in potent DDoS tools available to attackers. | |||
|
2016-10-05 10:00:00 | Subpoena for Signal Messaging Data Renders Little (lien direct) | Open Whisper Systems, the group behind Signal, was served with a subpoena earlier this year but was unable to produce most of the data it was asked for. | |||
|
2016-10-04 18:32:09 | Cloud, IoT Big Factors in Annual BSIMM 7 Report (lien direct) | In Cigital's seventh annual Building Security in Maturity Model report cloud, agile software development and IoT factor into maturing secure software movement. | |||
|
2016-10-04 17:16:58 | Vulnerabilities in Insulin Pumps Can Lead to Overdose (lien direct) | Researchers are warning patients who use insulin pumps made by Johnson & Johnson this week that vulnerabilities in the devices could be exploited to trigger an overdose. | |||
|
2016-10-03 21:06:16 | Hack Crashes Linux Distros with 48 Characters of Code (lien direct) | A Linux admin and open source developer has come up with a 48-character attack that crashes Linux servers, but experts argue the security implications of the bug. | |||
|
2016-10-03 16:06:44 | Apple To Block WoSign Intermediate Certificates (lien direct) | Apple said over the weekend it would soon distrust certificates issued by WoSign's Free SSL Certificate G2 intermediate CA on macOS. | |||
|
2016-10-03 14:58:25 | Source Code Released for Mirai DDoS Malware (lien direct) | An attacker known as Anna-senpai released source code for the Mirai malware, which was used in a 620 Gbps DDoS attack against Krebs on Security. | |||
|
2016-10-03 12:45:20 | Mozilla Reduces Threat of Export-Grade Crypto to Firefox (lien direct) | The Firefox browser will now deny TLS connections to servers using weak Diffie-Hellman keys. | |||
|
2016-10-03 09:00:56 | Researchers Break MarsJoke Ransomware Encryption (lien direct) | Victims infected with the MarsJoke ransomware can now decrypt their files; researchers cracked the encryption in the CTB-Locker lookalike last week. | |||
|
2016-09-30 19:45:00 | Academics Put Another Dent in Online Anonymity (lien direct) | Academics from Stanford and Princeton release an online tool called Footprints that correlates browsing history with Twitter feeds to reveal a users identity. | |||
|
2016-09-30 16:23:06 | Report a Grim Reminder of State of Critical Infrastructure Security (lien direct) | Government ICS report reveals access control a major issue for sector along with nagging issues around poor code quality and cryptography. |
To see everything:
