What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-07-25 15:00:26 | Novel Attack Tricks Servers to Cache, Expose Personal Data (lien direct) | Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers. | |||
|
2017-07-25 13:00:32 | Black Hat USA 2017 Preview (lien direct) | Mike Mimoso and Tom Spring preview Black Hat, which starts tomorrow in Las Vegas. | ★★★★★ | ||
|
2017-07-24 18:32:08 | Hacker Admits to Mirai Attack Against Deutsche Telekom (lien direct) | A hacker that goes by the name “BestBuy†admitted to a German court that he was behind an attack last year that knocked over a million Deutsche Telekom customers offline. | ★★★ | ||
|
2017-07-24 13:00:38 | macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities (lien direct) | This week at Black Hat, Mac malware expert Patrick Wardle will describe how he used a custom-built command and control server to analyze new spying capabilities in a variant of the FruitFly backdoor. | ★★★★★ | ||
|
2017-07-21 17:50:03 | Trickbot Malware Now Targets US Banks (lien direct) | Researchers with IBM and Flashpoint warn the Trickbot Trojan is growing more potent and now targeting U.S. banks. | |||
|
2017-07-21 16:31:11 | Motivation Mystery Behind WannaCry, ExPetr (lien direct) | A shift in APT tactics is emerging as characterized by the destructive ExPetr attacks hidden in ransomware, and WannaCry, which also failed to turn a profit. | Wannacry | ||
|
2017-07-20 18:08:46 | Apple Patches BroadPwn Bug in iOS 10.3.3 (lien direct) | Apple released iOS 10.3.3 Wednesday that serves as a cumulative patch update for multiple vulnerabilities including the high-profile BroadPwn bug. | |||
|
2017-07-20 16:32:08 | US, European Law Enforcement Shutter Massive AlphaBay Market (lien direct) | U.S. authorities along with law enforcement Europe and Asia announced today the takedown of the dark web's largest illicit market, AlphaBay. | |||
|
2017-07-20 12:42:05 | Tor Project Opens Bounty Program To All Researchers (lien direct) | The Tor Project is launching a public bug bounty program to encourage security researchers to responsibly report issues they find in the software. | |||
|
2017-07-19 19:46:12 | Senator Calls For Use Of DMARC To Curb Phishing (lien direct) | Senator Ron Wyden is pushing to mandate government-wide use of the email authentication protocol DMARC “to ensure that hackers cannot send emails that impersonate federal agencies.†| |||
|
2017-07-19 13:56:16 | Modified Versions of Nukebot in Wild Since Source Code Leak (lien direct) | Criminals have made use of the leaked source code for the Nukebot banking Trojan, crafting modified versions of the malware to target banks in the U.S. and France. | |||
|
2017-07-19 10:00:19 | Bad Code Library Triggers Devil\'s Ivy Vulnerability in Millions of IoT Devices (lien direct) | Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attacks to remotely gain control over devices or crash them. | |||
|
2017-07-18 20:47:29 | Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched (lien direct) | Oracle's July Critical Patch Update included fixes for 308 vulnerabilities, 165 of which are remotely exploitable. | ★★★ | ||
|
2017-07-18 19:45:27 | Oracle E-Business Suite Flaw Allows Downloads of Documents (lien direct) | Oracle today in its Critical Patch Update addressed a critical vulnerability in its Oracle E-Business Suite of business applications that allows for the download of business documents. | |||
|
2017-07-18 19:02:46 | CoinDash Hacked During its ICO (lien direct) | Hackers hijacked CoinDash's initial coin offering Monday, stealing $7.7 million in cryptocurrency from the nascent trading platform. | |||
|
2017-07-18 18:34:20 | Privacy Activists Suffer Legal Setback In National Security Letter Case (lien direct) | Cloudflare and network operator Credo Mobile suffered a legal defeat when U.S. appeals court ruled to uphold a gag order on FBI surveillance data. | |||
|
2017-07-17 21:17:54 | Botnet Tweeting, Spamming Porn Shut Down (lien direct) | Researchers discovered an active Twitter botnet made up of 38,000 bots, generating 8.5 million tweets and netting over 30 million clicks from its victims. | ★★★★★ | ||
|
2017-07-17 20:26:34 | Cisco Patches Another Critical Ormandy Bug in WebEx Extension (lien direct) | Researchers Tavis Ormandy and Cris Neckar privately disclosed a critical vulnerability in Cisco's WebEx extension for Chrome and Firefox that allows for remote code execution. | ★★★ | ||
|
2017-07-17 18:09:42 | FreeRADIUS Update Patches Bugs Static Analysis Tools Missed (lien direct) | FreeRADIUS today released an update that patches a number of vulnerabilities uncovered in a commissioned engagement using a customer fuzzer. | ★★★★ | ||
|
2017-07-14 16:37:18 | Siemens Patches Authentication Bypass Flaw in SiPass Server (lien direct) | Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server. | ★★ | ||
|
2017-07-14 15:01:03 | Cisco Patches Publicly Disclosed SNMP Vulnerabilities in IOS, IOS XE (lien direct) | Cisco patched nine publicly disclosed remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software. | |||
|
2017-07-14 14:00:17 | Threatpost News Wrap, July 14, 2017 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including the Verizon breach, the Oracle session hijacking attack, a Telegram-based hacking tool, and a free EternalBlue scanner. | |||
|
2017-07-14 13:00:43 | Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data (lien direct) | An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data. | |||
|
2017-07-13 18:35:51 | Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines (lien direct) | Data collected from the freely available scanner called EternalBlues shows that tens of thousands of computers remain vulnerable to the SMBv1 vulnerability that spawned WannaCry and ExPetr. | Wannacry | ★★★★★ | |
|
2017-07-13 18:24:52 | Attackers Using Automated Scans to Takeover WordPress Installs (lien direct) | Attackers have been carrying out WPSetup attacks, taking advantage of users who have installed WordPress but not yet configured it. | ★★★ | ||
|
2017-07-13 15:12:12 | Google Changes How it Analyzes Misbehaving Mobile Apps (lien direct) | Google has a new machine-learning algorithm it uses to compare new apps to known secure apps, improving the way it classifies submissions to Google Play. | ★★★★ | ||
|
2017-07-12 19:02:03 | Third Party Exposes 14 Million Verizon Customer Records (lien direct) | Data belonging to 14 million Verizon customers was exposed by a partner, which misconfigured a repository storing the personal information it had access to. | |||
|
2017-07-12 18:56:01 | New Point-of-Sale Malware LockPoS Hitches Ride with FlokiBot (lien direct) | Botnets distributing FlokiBot point-of-sale malware are back in business spewing a new malware dubbed LockPoS. | |||
|
2017-07-12 16:36:35 | Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution (lien direct) | Uber patched an authentication bypass vulnerability in its homegrown SSO solution that allowed attackers to take over subdomains and steal session cookies. | Uber | ||
|
2017-07-12 16:25:39 | SAP Patches High-Risk Flaws in SAP POS, Host Agent (lien direct) | SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws in SAP POS and SAP Host Agent. | |||
|
2017-07-12 12:18:30 | Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking (lien direct) | Version 10g of Oracle Access Manager suffers from vulnerabilities that could allow an attacker to hijack sessions. | ★★★ | ||
|
2017-07-11 20:55:56 | Telegram-Controlled Hacking Tool Targets SQL Injection at Scale (lien direct) | The Katyusha Scanner can find SQL injection bugs at scale, and is managed via the Telegram messenger on any smartphone. | |||
|
2017-07-11 20:36:23 | Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities (lien direct) | Microsoft releases a total of 57 security patches, part of its July Patch Tuesday, with 20 rated critical. | |||
|
2017-07-11 17:43:16 | Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks (lien direct) | Microsoft today addressed two NTLM-related vulnerabilities privately disclosed by Preempt Security. The flaws allow for credential relay attacks. | |||
|
2017-07-11 16:33:17 | Adobe Fixes Six Vulnerabilities in Flash, Connect with July Update (lien direct) | Adobe only fixed six vulnerabilities in two products, making it the company's smallest security bulletin of the year. | |||
|
2017-07-10 21:59:01 | Micro Market Vendor Warns of Bankcard And Biometric Data Breach (lien direct) | Avanti Markets notified customers of a possible breach of personal and payment card data as well as biometric user information that likely occurred July 4. | ★★★ | ||
|
2017-07-10 20:30:52 | Telcos Singled Out for Prioritizing Government Requests for Data Over Privacy (lien direct) | The EFF's annual Who Has Your Back report singles out giant telecommunications providers for their prioritization of government requests for data over privacy. | |||
|
2017-07-10 18:34:03 | Energy, Nuclear Targeted with Template Injection Attacks (lien direct) | Adversaries are using the SMB communications channel to launch template injection attacks against the energy sector, including nuclear facilities. | |||
|
2017-07-10 18:28:56 | Google to Fully Distrust WoSign/StartCom SSL Certs in Chrome 61 (lien direct) | Google has put websites signed with WoSign/StartCom SSL certificates on notice that it will no longer trust certs from the Chinese CA starting in Chrome 61. | |||
|
2017-07-10 17:27:36 | International Investigatory Group Also Target of Government Spyware (lien direct) | An international group of investigators were infected by Pegasus spyware while in Mexico, Citizen Lab reports. | |||
|
2017-07-07 20:56:49 | Hard Rock, Loews Hotels Among Sabre Corp Hospitality Breach Victims (lien direct) | Victims of Sabre Corp's SynXis reservation system breach reportedly include both the Hard Rock Hotel and Casino chain and the Loews Hotel chain. | |||
|
2017-07-07 16:32:52 | Leaky WWE Database Exposes Personal Data of 3M Wrestling Fans (lien direct) | Personal data of 3 million wrestling fans were left exposed on a database owned by World Wide Entertainment. | |||
|
2017-07-07 13:11:31 | Decryption Key to Original Petya Ransomware Released (lien direct) | The key to decrypt the original Petya ransomware has been reportedly released by the ransomware's author. | |||
|
2017-07-06 20:04:15 | Let\'s Encrypt to Offer Wildcard Certificates in 2018 (lien direct) | Certificate authority Let's Encrypt said this week it will begin offering wildcard certificates in 2018. | |||
|
2017-07-06 17:49:02 | CopyCat Malware Infected 14M Android Devices, Rooted 8M, in 2016 (lien direct) | Over the course of two months last year the Copycat malware infected 14 million Android devices and rooted more than half of them, roughly eight million devices. | |||
|
2017-07-06 16:30:16 | Google Patches Critical \'Broadpwn\' Bug in July Security Update (lien direct) | The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed 'Broadpwn' that impacts both Android and iOS devices. | |||
|
2017-07-05 18:56:53 | Threat Actors Target Chinese Language News Sites (lien direct) | Citizen Lab investigates the targeting of Chinese language news websites in a phishing attack that leveraged the NetWire remote access Trojan. | |||
|
2017-07-05 17:48:09 | Libgcrypt \'Sliding Right\' Attack Allows Recovery of RSA-1024 Keys (lien direct) | GnuPG recently patched cryptographic library Libgcrypt, preventing a local side-channel attack; something that could have allowed full key recovery for RSA-1024. | |||
|
2017-07-03 18:31:16 | Researchers Find BlackEnergy APT Links in ExPetr Code (lien direct) | Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month's global attacks. | |||
|
2017-07-03 18:10:53 | Classic Ether Wallet Compromised via Social Engineering (lien direct) | Developers of Classic Ether Wallet said an attacker managed to hijack the domain for the wallet via social engineering late Thursday evening. |
To see everything:
Our RSS (filtrered)
