What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-11-06 16:15:39 | Cisco Patches DoS Flaw in BGP over Ethernet VPN Implementation (lien direct) | Cisco has updated its IOS XE software to address a denial of service vulnerability in its implementation of BGP over an Ethernet VPN. | |||
|
2017-11-06 14:45:47 | 1M Downloads Later, Google Pulls Phony WhatsApp From Google Play (lien direct) | An adware-laden phony WhatsApp download has been removed from Google Play and the developer's account suspended, but not before it was downloaded one million times. | |||
|
2017-11-06 13:00:06 | Data Pours from Cloud-And \'The Enemy is Us\' (lien direct) | Enterprises are grappling with widespread incidents of misconfigured servers leaking sensitive data to the public internet. | |||
|
2017-11-04 11:00:48 | Tor Browser Users Urged to Patch Critical \'TorMoil\' Vulnerability (lien direct) | The Tor Project released a patch for a vulnerability that leaks the real IP addresses of macOS and Linux users of its Tor Browser. | |||
|
2017-11-03 18:59:45 | Poisoned Search Results Deliver Banking Malware (lien direct) | Zeus Panda, a banking Trojan designed to steal credentials, is being distributed via poisoned Google search results. | |||
|
2017-11-03 16:30:32 | Threatpost News Wrap Podcast for Nov. 3 (lien direct) | Threatpost editors Mike Mimoso and Tom Spring discuss the week's top information security news stories. | |||
|
2017-11-03 15:00:18 | Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions (lien direct) | Siemens has fixed a remotely executable vulnerability in some versions of its SIMATIC PCS 7 distributed control system, and said that it is working on a fix for remaining affected versions. | |||
|
2017-11-02 18:01:48 | Taking HTTPS Denial to an Absurd Level (lien direct) | Researcher Troy Hunt discovers as far as the internet has come in adopting HTTPS, it still has a ways to go. | |||
|
2017-11-02 17:35:39 | Chain of 11 Bugs Takes Down Galaxy S8 at Mobile Pwn2Own (lien direct) | Researchers from MWR Labs used 11 vulnerabilities across six different mobile applications to execute code on a Samsung Galaxy S8 at Mobile Pwn2Own. | |||
|
2017-11-02 13:44:27 | Devilish ONI Attacks in Japan Use Wiper to Cover Tracks (lien direct) | The ONI ransomware attacks targeting organizations in Japan are also dropping wiper malware which is being used to delete logs and cover the attackers' tracks. | |||
|
2017-11-01 18:35:18 | WordPress Delivers Second Patch For SQL Injection Bug (lien direct) | A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL-injection attack. | |||
|
2017-11-01 16:24:52 | Silence Gang Borrows From Carbanak To Steal From Banks (lien direct) | A cybercrime outfit stealing from as many as 10 banks in Russia, Armenia and Malaysia has borrowed heavily from one of the kingpins in this realm, Carbanak. | |||
|
2017-10-31 21:37:50 | Popular \'Circle with Disney\' Parental Control System Riddled With 23 Vulnerabilities (lien direct) | A popular parental monitoring system, called Circle with Disney, receives 23 patches for a wide range of serious vulnerabilities. | |||
|
2017-10-31 19:12:18 | Apple Patches KRACK Vulnerability in iOS 11.1 (lien direct) | Apple has patched the KRACK vulnerability in iOS and elsewhere in its product line, closing a key re-installation vulnerability in the WPA2 protocol implemented used by its software. | |||
|
2017-10-31 18:15:12 | Firefox Bolsters Privacy, Pulls Plug on Browser Canvas Fingerprinting (lien direct) | Firefox is to stop using the privacy-busting canvas-based browser fingerprinting that allows websites to track users' online activities. | |||
|
2017-10-31 16:48:37 | Emergency Oracle Patch Closes Bug Rated 10 in Severity (lien direct) | Oracle released an emergency patch for a remote code execution vulnerability in Oracle Identity Manager rated a 10 out of 10 in severity. | |||
|
2017-10-30 21:11:01 | Google\'s reCaptcha Cracked Again (lien direct) | Google's reCaptcha service has been cracked by researchers who devised an automated attack called unCaptcha that can break the service with 85 percent accuracy. | |||
|
2017-10-30 20:39:30 | Flaw in Google Bug Tracker Exposed Reports About Unpatched Vulnerabilities (lien direct) | Google's Issue Tracker contained until recently a vulnerability that would allow an external party access to any unpatched bug listed and described in the database. | |||
|
2017-10-30 18:17:50 | Google to Ditch Public Key Pinning in Chrome (lien direct) | Google says upcoming version of Chrome will deprecate the browser's support for HTTP public key pinning. | |||
|
2017-10-30 17:45:13 | Malicious Chrome Extension Steals Data Posted to Any Website (lien direct) | A malicious Google Chrome extension being spread in phishing emails steals any data posted online by victims. | |||
|
2017-10-28 11:00:08 | Apache OpenOffice Update Patches Four Vulnerabilities (lien direct) | Apache OpenOffice patches four vulnerabilities tied its suite of free office applications impacting it word processing and graphics applications. | |||
|
2017-10-27 16:28:13 | Google Patches \'High Severity\' Browser Bug (lien direct) | Google began pushing out updates to its desktop browser Friday with a patch that repairs a stack-based buffer overflow vulnerability. | |||
|
2017-10-27 16:23:26 | Rockwell Automation Patches Wireless Access Point against Krack (lien direct) | Rockwell Automation has patched its Stratix wireless access point against the KRACK vulnerability, joining a growing list of vendors in the commercial and industrial controls spaces moving quickly to reduce their exposure. | |||
|
2017-10-27 12:00:32 | Slack Plugs \'Severe\' SAML User Authentication Hole (lien direct) | Cloud-based communications platform Slack finished patching a severe security hole Thursday affecting portions of its platform that used Security Assertion Markup Language for user authentication. | |||
|
2017-10-26 17:53:40 | EternalRomance Exploit Found in Bad Rabbit Ransomware (lien direct) | Researchers at Cisco found a modified version of the leaked NSA exploit EternalRomance in this week's Bad Rabbit attack. | |||
|
2017-10-26 17:51:20 | Ursnif Banking Trojan Spreading In Japan (lien direct) | Threat actors behind the pervasive banking Trojan Ursnif made Japan one of their number one targets with fresh waves malspam attacks spotted last month. | |||
|
2017-10-26 12:00:43 | Two Critical Vulnerabilities Found In Inmarsat\'s SATCOM Systems (lien direct) | Global satellite telecommunications company Inmarsat is warning customers of two critical vulnerabilities that could allow attackers to infiltrate a ship's on-board computer system. | |||
|
2017-10-25 18:33:18 | Hackers Prepping IOTroop Botnet with Exploits (lien direct) | Researchers warn that hackers have weaponized a vulnerability that could be used in an IOTroop (or Reaper) attack, bringing the likelihood of an attack one step closer. | Cloud | APT 37 | |
|
2017-10-25 18:03:40 | Bad Rabbit Linked to ExPetr/Not Petya Attacks (lien direct) | Researchers have linked the Bad Rabbit ransomware attack to this summer's ExPetr/Not Petya outbreak. | |||
|
2017-10-25 12:28:31 | Malvertising Campaign Redirects Browsers To Terror Exploit Kit (lien direct) | Hackers behind the Terror exploit kit ramp up distribution via a two-month long malvertising campaign. | |||
|
2017-10-24 19:37:20 | BadRabbit Ransomware Attacks Hitting Russia, Ukraine (lien direct) | A ransomware attack called BadRabbit has put a halt to business inside a handful of Russian and Ukrainian businesses. | |||
|
2017-10-24 18:23:09 | Whois Maintainer Accidentally Makes Password Hashes Available For Download (lien direct) | Whois maintainer for Asia Pacific notifies customers of an error where hashed authentication details for were inadvertently available for download. | |||
|
2017-10-24 16:44:05 | DUHK Attack Exposes Gaps in FIPS Certification (lien direct) | The DUHK Attack leverages a 20-year-old random number generator flaw to recover private keys. More pertinent, researchers said, is that the flaw exposes gaps in the FIPS certification process. | |||
|
2017-10-23 17:00:41 | Latest Sofacy Campaign Targeting Security Researchers (lien direct) | Sofacy has been using a lure document connected to a cyber conflict conference to target researchers and others interested in cybersecurity. | |||
|
2017-10-23 14:52:02 | DHS Alert on Dragonfly APT Contains IOCs, Rules Likely to Trigger False Positives (lien direct) | A joint Technical Alert, TA17–293A, describing the activities of a Russian APT may contain signatures and rules likely to trigger false positives in some security systems. | |||
|
2017-10-21 14:00:04 | New Magniber Ransomware Targets South Korea, Asia Pacific (lien direct) | Researchers identified a new ransomware family called Magniber that uniquely only targets users in South Korea and the Asia Pacific regions. | |||
|
2017-10-20 18:17:27 | \'IOTroop\' Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher (lien direct) | Malware dubbed IOTroop that researchers say is "worse than Mirai" has already infected one million businesses worldwide. | |||
|
2017-10-20 16:05:12 | Necurs-Based DDE Attacks Now Spreading Locky Ransomware (lien direct) | Researchers have spotted Locky ransomware infections emanating from the Necurs botnet via Word attachments using a DDE technique that Microsoft says is an Office feature and does not merit a security patch. | |||
|
2017-10-20 14:15:38 | Threatpost News Wrap, Oct. 20, 2017 (lien direct) | This week's Threatpost News Wrap Podcast recaps the ROCA, KRACK and Boundhook attacks, as well as the release of Google Advanced Protection for Gmail. | |||
|
2017-10-20 11:00:59 | Cisco Warns 69 Products Impacted by KRACK (lien direct) | Cisco patched a critical bug in its Cloud Services Platform 2100 hardware and at the same time told customers 96 of its products are vulnerable to KRACK vulnerabilities. | |||
|
2017-10-19 19:26:44 | Google Play Bounty Promises $1,000 Rewards for Flaws in Popular Apps (lien direct) | Google announced a public bug bounty for Google Play that brings developers and researchers together to find and patch flaws in popular apps. | |||
|
2017-10-19 18:26:42 | Hackers Take Aim at SSH Keys in New Attacks (lien direct) | SSH private keys are being targeted by hackers who have stepped up the scanning of thousands of WordPress website in search of private keys. | |||
|
2017-10-19 13:51:21 | Google Advanced Protection Trades Ease-of-Use for Security (lien direct) | Experts applaud a new Google service, Advanced Protection, which beefs up account password protection and limits access to a user's Gmail and Drive. | |||
|
2017-10-18 20:08:46 | FBI Asks Businesses to Share Details About DDoS Attacks (lien direct) | The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents. | |||
|
2017-10-18 17:37:57 | BoundHook Attack Exploits Intel Skylake MPX Feature (lien direct) | A new attack method takes advantage a feature in Intel's Skylake microprocessor allowing for post-intrusion application hooking and stealth manipulation of applications. | |||
|
2017-10-18 13:51:04 | Critical Code Execution Flaw Patched in PeopleSoft Core Engine (lien direct) | Organizations running PeopleSoft exposed to the internet should pay attention to a remote code execution vulnerability patched in the latest Oracle Critical Patch Update. | |||
|
2017-10-17 22:13:09 | Oracle Patches 250 Bugs in Quarterly Critical Patch Update (lien direct) | Three critical SQL injection vulnerabilities in Oracle's popular E-Business Suite make up a part of 250 bugs patched for the company's quarterly Critical Patch Update, | |||
|
2017-10-17 13:00:10 | Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones (lien direct) | Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices. | |||
|
2017-10-16 18:05:51 | Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible (lien direct) | A flawed Infineon Technology chipset left HP, Lenovo and Microsoft devices open to what is called a 'practical factorization attack,' in which an attacker computes the private part of an RSA key. | |||
|
2017-10-16 15:46:13 | Adobe Patches Flash Zero Day Exploited by Black Oasis APT (lien direct) | Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group called Black Oasis. |
To see everything:
Our RSS (filtrered)
