Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 18:16:04 |
Zyxel Devices Can Be Hacked via DNS Requests, Hardcoded Credentials (lien direct) |
Multiple security vulnerabilities have been discovered by SEC Consult in various Zyxel devices, including flaws that involve sending unauthenticated DNS requests and hardcoded FTP credentials.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 15:07:01 |
Meet Domen, a New and Sophisticated Social Engineering Toolkit (lien direct) |
A new social engineering toolkit has been discovered. The operational premise has been used many times, but the execution of that premise is new and described by security researchers "a beautiful piece of work".
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 14:24:03 |
562,000 Impacted in XKCD Forum Data Breach (lien direct) |
The XKCD forum has been taken offline after suffering a data breach that impacted 562,000 subscribers.
The forum is associated with XKCD, a webcomic that American author Randall Munroe created in 2005, and which is described in its tagline as “A webcomic of romance, sarcasm, math, and language.”
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 14:12:01 |
Cisco Releases Guides for Analyzing Compromised Devices (lien direct) |
Cisco has released new guides to help first responders collect forensic evidence from potentially compromised or tampered with IOS, IOS XE, ASA, and Firepower Threat Defense (FTD) devices.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 12:47:04 |
Pitfalls to Avoid in Ransomware Incident Response Plan (lien direct) |
Targeted ransomware attacks with larger ransom demands have persisted as a fixture of the news cycle and scourge for security practitioners and business leaders alike over the last two years. And because, unfortunately, these types of attacks show no signs of slowing down anytime soon, having an adequate incident response (IR) plan prepared is essential. Here are some common pitfalls to avoid when developing your ransomware IR plan:
|
Ransomware
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 12:18:01 |
\'Heatstroke\' Phishing Campaign Takes Multi-Stage Approach (lien direct) |
A recently observed phishing campaign targeting victims' private email addresses has adopted a multi-stage approach in an attempt to avoid raising suspicion, Trend Micro reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 10:02:02 |
USBAnywhere: BMC Flaws Expose Supermicro Servers to Remote Attacks (lien direct) |
Tens of thousands of servers made by Supermicro could be exposed to remote attacks from the internet due to baseboard management controller (BMC) vulnerabilities identified by researchers at firmware security company Eclypsium.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 07:50:01 |
SIM Swapping Blamed for Hacking of Twitter CEO\'s Account (lien direct) |
Hackers were able to post offensive messages from the Twitter account of Jack Dorsey, the social media company's CEO, after they tricked his mobile services provider into handing over his phone number.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-02 15:14:03 |
TrickBot Tricks U.S. Users into Sharing their PIN Codes (lien direct) |
The threat actor behind the infamous TrickBot botnet has added new functionality to their malware to request PIN codes from mobile users, Secureworks reports.
|
Malware
Threat
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-02 13:57:02 |
Viral Chinese App Loses Face, But Not Fans, Over Privacy Concerns (lien direct) |
A Chinese face-swapping app that allows users to convincingly superimpose their own likeness over characters in movies or TV shows has rapidly become one of the country's most downloaded apps, but has triggered a backlash over privacy fears.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-02 11:24:02 |
Operation Indiscriminately Infects iPhones With Spyware (lien direct) |
Researchers say suspected nation-state hackers infected Apple iPhones with spyware over two years in what security experts on Friday called an alarming security failure for a company whose calling card is privacy.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-31 11:23:05 |
Twitter CEO Account Hacked, Offensive Tweets Posted (lien direct) |
Twitter said Friday the account of chief executive Jack Dorsey had been "compromised" after a series of erratic and offensive messages were posted.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-30 14:56:00 |
iOS Vulnerabilities Allowed Attackers to Remotely Hack iPhones for Years (lien direct) |
Google on Thursday published detailed information on five iOS exploit chains, one of which has been used to remotely hack iPhones for at least two years.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-30 08:04:05 |
Google Offers Big Bounties for Data Abuse Reports (lien direct) |
Google announced on Thursday the launch of a new reward program for data abuse, and the expansion of the Google Play bounty program to include Android applications with over 100 million installs.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-29 14:19:01 |
US Waged Cyberattack on Database Used by Iran to Target Tankers: NY Times (lien direct) |
The United States staged a secret cyberattack in June against a database used by Iran's Islamic Revolutionary Guard Corps to plot attacks on oil tankers in the Gulf, The New York Times reported.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-29 12:57:00 |
Disrupting Cybercriminal Strategy With AI and Automation (lien direct) |
Organizations Need to be Skeptical When Looking at Any Vendor Claiming to Offer AI-based Security
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-29 12:24:02 |
Alleged Capital One Hacker Indicted on Wire Fraud, Computer Data Theft Charges (lien direct) |
Paige Thompson, the 33-year-old from Seattle accused of hacking Capital One and 30 other organizations, has been indicted on two counts of wire fraud and computer fraud and abuse.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-29 10:44:05 |
Pulse Secure Says Majority of Customers Patched Exploited Vulnerability (lien direct) |
Pulse Secure and Fortinet Take Steps to Protect Customers Against Attacks Exploiting Recently Disclosed Vulnerabilities
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-29 07:11:05 |
Bug Hunters Invited to Hack Facebook Devices at Pwn2Own Tokyo 2019 (lien direct) |
Trend Micro's Zero Day Initiative (ZDI) on Wednesday announced the prizes, rules and targets for Pwn2Own Tokyo 2019, which is set to take place on November 6-7 alongside the PacSec conference in Tokyo, Japan.
This year's event targets 17 devices and over $750,000 in cash and prizes are being offered to researchers who can hack them.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-28 21:09:02 |
Apple Apologizes for Listening to Siri Talk, Sets New Rules (lien direct) |
Apple on Wednesday apologized for its digital assistant Siri sharing some of what it heard with quality control workers as it unveiled new rules for handling data from conversations.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-28 20:36:02 |
(Déjà vu) Malware Found in Google Play App With 100 Million Downloads (lien direct) |
Security researchers have discovered malicious code in an Android application that has gathered over 100 million downloads on Google Play.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-28 20:31:01 |
Malware Takes Down Lumber Liquidators\' Network (lien direct) |
North American hard-surface flooring retailer Lumber Liquidators this week revealed that it managed to restore most of its network after a malware attack disabled parts of it for nearly a week.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-28 16:28:02 |
Cisco UCS Vulnerabilities Allow Complete Takeover of Affected Systems (lien direct) |
A researcher has disclosed the details and created Metasploit modules for Cisco UCS vulnerabilities that can be exploited to take complete control of affected systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-28 14:59:00 |
Researchers Analyze Tools Used by \'Hexane\' Attackers Against Industrial Firms (lien direct) |
Security researchers from Secureworks have analyzed several tools used by the Hexane threat actor in attack campaigns against industrial organizations over the past several months.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-28 13:52:03 |
DLL Hijacking Flaw Patched in Check Point Endpoint Security (lien direct) |
Researchers at SafeBreach discovered that Check Point's Endpoint Security product is affected by a DLL hijacking vulnerability that can be exploited for privilege escalation and other purposes.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-28 11:27:03 |
Avast, French Police Remove Retadup Malware From 850,000 PCs (lien direct) |
Cybersecurity firm Avast and French police have neutralized the Retadup malware on over 850,000 computers after taking control of its command and control (C&C) server.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-28 10:36:02 |
Australia Tries to Curb Foreign Interference at Universities (lien direct) |
Australia announced Wednesday that it has formed a task force to crack down on attempts by foreign governments to meddle in Australian universities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 19:51:05 |
Low Budgets, Limited Expertise Plague SMB Cybersecurity (lien direct) |
In 2013, a Faronics/Ponemon study found that lack of budget and poor security capability skills were the primary causes behind the generally poor state of cybersecurity in small and medium-sized businesses (SMBs). But, said Dmitry Shesterin, Faronics' VP of product management at the time, "the main reason I see," suggested Shesterin, "genuinely and honestly, they do not care -- they concentrate on business."
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 17:49:04 |
Imperva Notifies Cloud WAF Customers of Security Incident (lien direct) |
California-based cybersecurity firm Imperva revealed on Tuesday that it recently learned of a security incident affecting some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 17:30:02 |
Dridex Operator Updates Tactics and Targets (lien direct) |
The threat actor behind the infamous Dridex and Locky malware families has updated tactics and expanded its target list in recent campaigns, Trend Micro reports.
|
Malware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 17:04:01 |
Bug Bounty Program Launched for Facebook\'s Libra Cryptocurrency (lien direct) |
The Libra Association, the organization in charge of Facebook's Libra cryptocurrency, has launched a public bug bounty program with rewards of up to $10,000.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 14:48:05 |
VMware Unveils Security Enhancements in Virtual Cloud Network Offering (lien direct) |
On the second day of its 2019 VMworld conference, VMware unveiled a series of new and enhanced network and security capabilities for the company's Virtual Cloud Network offering.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 13:32:04 |
Nearly Half of SMBs, Enterprises Still Using Windows 7: Kaspersky (lien direct) |
Data collected by Kaspersky shows that many businesses are still using Windows 7, for which Microsoft plans on ending extended support in just a few months from now.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 13:31:04 |
Apple Patches Re-Introduced Jailbreak Vulnerability (lien direct) |
Apple this week released patches that address a recently re-introduced vulnerability that allows hackers to jailbreak devices.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 13:11:03 |
Free Windows 7 Extended Security Updates for Some Microsoft Customers (lien direct) |
Microsoft will be providing some of its customers with one year of free Windows 7 Extended Security Updates (ESU) after January 2020, when extended support for the platform officially ends.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 06:31:05 |
Code Execution Flaw in QEMU Mostly Impacts Development, Test VMs (lien direct) |
The open source machine emulator QEMU is affected by a vulnerability that can lead to a denial-of-service (DoS) condition or arbitrary code execution, but developers say users should not be too concerned about its impact.
|
Vulnerability
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 16:12:01 |
Senators Question NHTSA on Risks of Connected Vehicles (lien direct) |
Two United States senators have sent a letter to the National Highway Traffic Safety Administration (NHTSA) to inquire about cyber-risks associated with connected vehicles.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 15:22:04 |
Hacker Finds Instagram Account Takeover Flaw Worth $10,000 (lien direct) |
A researcher says he has received $10,000 from Facebook after finding another critical vulnerability that could have been exploited to hack Instagram accounts.
|
Hack
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 15:03:00 |
Hostinger Resets User Passwords Following System Breach (lien direct) |
Web hosting provider Hostinger reset all customer passwords over the weekend, after learning that an attacker gained unauthorized access to one of its internal systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 14:36:01 |
Company Sues Black Hat Conference Over Mocked Presentation (lien direct) |
California-based cryptography firm Crown Sterling has filed a lawsuit against UBM, the organizer of the Black Hat cybersecurity conference, after the company's talk at the latest event in the United States was disrupted by some attendees.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 14:34:02 |
The Growing Threat of Deepfake Videos (lien direct) |
Deepfakes are a growing threat. They are primarily a social engineering tool. That means they will increasingly be used in phishing attacks, BEC attacks, reputation attacks, and public opinion attacks (such as election meddling). Existing methods in all these areas are already successful; but the arrival of deepfake videos will take them to a different level.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 11:17:03 |
Airlines That Manage Booking Systems Themselves Expose Customer Data (lien direct) |
Some of the airlines that manage booking systems themselves have failed to implement important protection mechanisms, exposing their customers' personal information, a researcher has warned.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 04:58:05 |
Judge Orders Woman in Capital One Case to Remain in Custody (lien direct) |
A U.S. judge on Friday ordered a woman accused of hacking Capital One and at least 30 other organizations to remain in custody pending trial because she is a flight risk and poses a physical danger to herself and others.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-24 11:10:05 |
Vulnerability Found in SimpleMDM Apple Device Management Solution (lien direct) |
An XML external entity (XXE) vulnerability has been found and patched in the SimpleMDM Apple device management solution, but the researcher who found the flaw and the vendor disagree on its impact.
SimpleMDM is an increasingly popular mobile device management (MDM) solution used by companies such as FedEx, Deloitte and the Discovery Channel.
|
Vulnerability
|
FedEx
Deloitte
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 18:07:02 |
Cyberattacks on Texas Cities Put Other Governments on Guard (lien direct) |
Cyberattacks that recently crippled nearly two dozen Texas cities have put other local governments on guard, offering the latest evidence that hackers can halt routine operations by locking up computers and public records and demanding steep ransoms.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 17:48:05 |
Kubernetes Patches Recent HTTP/2 Vulnerabilities (lien direct) |
Software updates released by Kubernetes this week address HTTP/2 implementation vulnerabilities that were disclosed earlier this month.
|
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 17:36:00 |
US Wants Woman Accused in Capital One Hack to Stay Locked Up (lien direct) |
A woman accused of hacking Capital One and at least 30 other organizations is a flight risk, a threat and should be kept locked up until her trial, U.S. prosecutors said in court documents filed ahead of a Friday detention hearing in Seattle.
|
Hack
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 17:23:05 |
Asruex Malware Exploits Old vulnerabilities to Infect PDF, Word Docs (lien direct) |
A recently observed variant of the Asruex backdoor acts as an infector by targeting old vulnerabilities in Microsoft Office and Adobe Reader and Acrobat 9.x, Trend Micro reports.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 16:49:04 |
New Tool From Cisco Hunts Flaws in Automotive Computers (lien direct) |
Cisco has released a new hardware tool designed to help researchers, developers and automakers discover vulnerabilities in automobile computers.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 15:52:05 |
U.S. Charges 80 in Massive Online Fraud Scheme (lien direct) |
The United States Department of Justice this week unsealed an indictment that charges 80 defendants, most of them Nigerians, for their roles in a massive fraud and money laundering scheme.
|
|
|
|