Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-03-12 21:05:05 |
Federal Focus on Cyber Plays Out in President\'s Budget, IoT Legislation (lien direct) |
Money earmarked for the Defense Department and DHS, and bipartisan bills to address the security of federal IoT devices, showcase growing federal cyber-efforts. |
|
|
|
|
2019-03-12 20:52:03 |
(Déjà vu) Microsoft Patches Two Win32k Bugs Under Active Attack (lien direct) |
Microsoft's March Patch Tuesday updates include 64 fixes, 17 of which are rated critical. |
|
|
|
|
2019-03-12 19:48:02 |
ThreatList: Phishing Attacks Doubled in 2018 (lien direct) |
Scammers used both older, tested-and-true phishing tactics in 2018 - but also newer tricks, such as fresh distribution methods, according to a new report. |
|
|
|
|
2019-03-12 15:09:01 |
Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes (lien direct) |
Microsoft won't be patching the bug, but a proof of concept shows the potential for successful malware implantation. |
Malware
Patching
|
|
|
|
2019-03-12 14:53:01 |
(Déjà vu) Adobe Patches Critical Photoshop, Digital Edition Flaws (lien direct) |
Adobe fixed two arbitrary code execution flaws in its Photoshop and Digital Edition products. |
|
|
|
|
2019-03-11 19:31:04 |
Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix (lien direct) |
IRIDIUM is an APT that uses proprietary techniques to bypass two-factor authentication for critical applications, according to security firm Resecurity. |
|
|
|
|
2019-03-11 19:14:02 |
Google Patches Critical Bluetooth RCE Bug (lien direct) |
In all, Google reported 45 bugs in its March update with 11 ranked critical and 33 rated high. |
|
|
|
|
2019-03-11 17:44:02 |
Forrester: Ransomware Set to Resurge As Firms Pay Off Attacks (lien direct) |
In this video, Josh Zelonis, senior analyst at Forrester Research, discusses the next great security threats to enterprises. |
Ransomware
|
|
|
|
2019-03-11 14:51:01 |
Facebook Alleges Two Ukrainians Scraped Data From 63K Profiles (lien direct) |
Facebook is suing two Ukrainian men who were able to scrape data from 63,000 users' profiles by enticing users to download a malicious browser extension. |
|
|
|
|
2019-03-09 13:00:05 |
RSA Conference 2019: The Expanding Automation Platform Attack Surface (lien direct) |
Hacking into smart homes is becoming increasingly easy and a great way to steal victims' personal information, Trend Micro said at RSA 2019. |
|
|
|
|
2019-03-08 21:25:01 |
RSA Conference 2019: Operational Technology Widens Supply Chain Attack Surfaces (lien direct) |
Between operational technology and open source, the supply chain is rapidly expanding - and companies that can't keep up will be the next security targets, said experts at RSA Conference 2019. |
|
|
|
|
2019-03-08 20:10:02 |
Citrix Falls Prey to Password-Spraying Attack (lien direct) |
International cybercriminals likely exploited weak passwords on an internal network, the FBI said. |
|
|
|
|
2019-03-08 18:04:04 |
RSA Conference 2019: Emotet Takes Aim at Latin America (lien direct) |
RAT activity in Latin America and Asia ramped up at the end of 2018, indicating widespread coordinated targeting by threat actors. |
Threat
|
|
|
|
2019-03-08 15:30:05 |
RSAC 2019: The Dark Side of Machine Learning (lien direct) |
As smart devices permeate our lives, Google sends up a red flag and shows how the underlying systems can be attacked. |
|
|
|
|
2019-03-08 14:50:02 |
RSA Conference 2019 Recap (lien direct) |
From privacy to patches, Threatpost editors discuss the biggest infosec news and trends that they saw this week at RSA Conference 2019. |
|
|
|
|
2019-03-07 21:11:00 |
RSA Conference 2019: Firms Continue to Fail at IoT Security (lien direct) |
IoT is growing more popular in the home - and so too are the attacks that target these devices featuring valuable data, researchers said at RSA 2019. |
|
|
|
|
2019-03-07 21:01:05 |
RSA Conference 2019: Ultrasound Hacked in Two Clicks (lien direct) |
In a proof-of-concept hack, researchers penetrated an ultrasound and were able to download and manipulate patient files, then execute ransomware. |
|
|
|
|
2019-03-07 17:00:02 |
RSAC 2019: For Domestic Abuse, IoT Devices Pose New Threat (lien direct) |
When it comes to domestic abuse, smart products around the house are turning into new threats, a panel of experts said at RSA. |
Threat
|
|
|
|
2019-03-07 12:53:00 |
RSA Conference 2019: NIST\'s Privacy Framework Starts to Take Shape (lien direct) |
The Privacy Framework is being developed to be risk-based/outcome-based and non-prescriptive, unlike the GDPR. |
|
|
|
|
2019-03-06 21:30:04 |
RSA Conference 2019: UniKey Patches BleedingBit Flaws Granting Access To Hotel Rooms, Cars (lien direct) |
BleedingBit's impact continues to spread across various devices, researchers at RSA Conference 2019 said. |
|
|
|
|
2019-03-06 19:45:01 |
RSA Conference 2019: The Sky\'s the Limit For Satellite Hacks (lien direct) |
Satellites are spotted with vulnerabilities and design flaws - and hackers are taking note, researchers report at the RSA Conference. |
|
|
|
|
2019-03-06 19:42:00 |
RSA Conference 2019: How to Defend Against an AI vs AI \'Flash War\' (lien direct) |
Offensive cyber attack chains are accelerating rapidly thanks to a combination of artificial intelligence, machine learning and broadening threat landscape. |
Threat
|
|
|
|
2019-03-06 13:42:01 |
RSA Conference 2019: Cryptographers\' Panel Decries Adi Shamir\'s Visa Issues (lien direct) |
Panelists react to missing noted cryptographer Adi Shamir who was denied a visa to enter the US to attend RSA Conference 2019. |
|
|
|
|
2019-03-06 13:00:02 |
RSAC 2019: Data-Wiping Cyberattacks Plague Financial Firms (lien direct) |
A new report outlines the cyberattacks and threats that financial firms are facing. |
|
|
|
|
2019-03-06 11:00:01 |
RSA Conference 2019: Microsoft, Google, Twitter on Federal Privacy Regs (lien direct) |
Public policy honchos for the tech giants discussed what they would like to see in sweeping GDPR-like federal data privacy legislation. |
|
|
|
|
2019-03-06 08:01:02 |
RSAC 2019: TLS Markets Flourish on the Dark Web (lien direct) |
The certificates are often paired with ancillary products, like Google-indexed “aged” domains, after-sale support, web design services and even integration with a range of payment processors. |
|
|
|
|
2019-03-05 20:56:05 |
RSA Conference 2019: How to Be Better, on Trust, AI and IoT (lien direct) |
Tuesday's keynotes kicking off RSA tackled both light and dark visions of the future, the imperative to become obsessed with trust, IoT and AI, and they even featured Helen Mirren and a flash mob. |
|
|
|
|
2019-03-05 19:00:01 |
RSA Conference: BEC Scammer Gang Takes Aim at Boy Scouts, Other Nonprofts (lien direct) |
A scammer ring dubbed Scarlet Widow has targeted nonprofits, schools and universities with an array of business email compromise (BEC) attacks over the past few months. |
|
|
|
|
2019-03-05 14:00:01 |
RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure (lien direct) |
The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module. |
Vulnerability
|
|
|
|
2019-03-05 13:00:03 |
RSAC 2019: Most Consumers Say \'No\' to Cumbersome Data Privacy Practices (lien direct) |
Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems. |
|
|
|
|
2019-03-05 11:40:00 |
RSAC 2019: Picking Apart the Foreshadow Attack (lien direct) |
Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws. |
|
|
|
|
2019-03-05 11:00:01 |
RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase (lien direct) |
At least 463,546 malicious URLs contained in the 28.4 million analyzed emails made it through to corporate in-boxes in Q4 of 2018. |
|
|
|
|
2019-03-05 11:00:00 |
RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes (lien direct) |
Researchers say that Microsoft won't issue a patch for the issue. |
|
|
|
|
2019-03-05 05:02:02 |
BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained (lien direct) |
Users of Logitech's Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack. |
|
|
|
|
2019-03-04 23:36:00 |
Teen Becomes First to Earn $1M in Bug Bounties with HackerOne (lien direct) |
He is also the all-time top-ranked hacker on HackerOne's leaderboard, out of more than 330,000 hackers competing for the top spot. |
Guideline
|
|
|
|
2019-03-04 19:41:03 |
Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data (lien direct) |
A rash of security flaws in the Outdoor Tech CHIPS smart headphones, which fit in ski helmets, allow bad actors to collect data like emails, passwords, GPS location - and even listen to conversations in real time. |
|
|
|
|
2019-03-04 16:29:03 |
Project Zero Discloses High-Severity Apple macOS Flaw (lien direct) |
Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline. |
|
|
|
|
2019-03-04 14:00:01 |
RSAC 2019: 58% of Orgs Have Unfilled Cyber Positions (lien direct) |
The workforce and skills gap in cybersecurity continues to plague organizations. |
|
|
|
|
2019-03-04 13:30:01 |
Container Escape Hack Targets Vulnerable Linux Kernel (lien direct) |
A proof-of-concept hack allows adversaries to tweak old exploits, have code jump containers and attack underlying infrastructure. |
Hack
|
|
|
|
2019-03-04 11:00:03 |
RSAC 2019: An Antidote for Tech Gone Wrong (lien direct) |
As many ponder the big ethical questions around cyber, some are proposing public interest technologist as a solution. |
|
|
|
|
2019-03-04 11:00:03 |
Visitor Kiosk Access Systems Riddled with Bugs (lien direct) |
Student researchers working with IBM X-Force Red team find security holes in five leading visitor management systems. |
Guideline
|
|
|
|
2019-03-04 02:00:02 |
RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope (lien direct) |
New look at server data behind a previously-identified espionage campaign shows that it has exceeded researchers' expectations in complexity, scope and breadth. |
|
|
|
|
2019-03-03 15:26:05 |
How the Dark Web Data Bazaar Fuels Enterprise Attacks (lien direct) |
What does the age of near-ubiquitous data breaches, deep fakes, and fallible biometric authentication mean for enterprise security? |
|
|
|
|
2019-03-01 20:22:04 |
Adobe Patches Critical ColdFusion Vulnerability With Active Exploit (lien direct) |
Adobe has hurried out a patch for a critical arbitrary code execution vulnerability in its ColdFusion product. |
Vulnerability
|
|
|
|
2019-03-01 18:11:00 |
Podcast: RSA Conference 2019 Preview (lien direct) |
The Threatpost team talks about the biggest cybersecurity stories, trends and research we'll see at RSA this year. |
|
|
|
|
2019-03-01 15:41:00 |
Necurs Botnet Evolves to Hide in the Shadows, with New Payloads (lien direct) |
Using an on-again, off-again strategy of C2 communication helps it hide from researchers. |
|
|
★★★
|
|
2019-02-28 16:11:05 |
Coinhive to Mine Its Last Monero in March (lien direct) |
The controversial cryptomining service is shutting down. |
|
|
|
|
2019-02-28 14:27:01 |
Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers (lien direct) |
Cisco said that CVE-2019-1663, which has a CVSS score of 9.8, allows unauthenticated, remote attackers to execute arbitrary code. |
|
|
|
|
2019-02-27 17:24:02 |
Card-Skimming Scripts Hide Behind Google Analytics, Angular (lien direct) |
The campaign is marked by a significant level of customization, with an “individualized yet very consistent approach to every compromise. |
|
|
|
|
2019-02-27 17:19:04 |
Ring Doorbell Flaw Opens Door to Spying (lien direct) |
Researchers are urging Ring users to update to the latest version of the smart doorbell after a serious flaw triggered privacy concerns. |
|
|
|