What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-05-10 20:03:46 | Session Hijacking, Cookie-Stealing WordPress Malware Spotted (lien direct) | Researchers spotted a strain of cookie stealing malware, injected into a legitimate JavaScript file, masquerading as a WordPress core domain. | |||
|
2017-05-10 17:57:27 | Android Permissions Flaw Will Linger Until O Release (lien direct) | Google said a permissions flaw that puts Android users at heightened risk of malware, ransomware and adware attacks will not be fixed until the release of its next mobile OS, Android O. | |||
|
2017-05-10 17:09:37 | Microsoft Makes it Official, Cuts off SHA-1 Support in IE, Edge (lien direct) | Yesterday's Patch Tuesday release also included an update to Microsoft's Internet Explorer and Edge browsers officially ending support for the SHA-1 hash function. | |||
|
2017-05-10 14:10:35 | Cisco Patches IOS XE Vulnerability Leaked in Vault 7 Dump (lien direct) | Cisco released an update that patches a vulnerability in the CMP processing code running in its IOS and IOS XE software in more than 300 of its switches. | |||
|
2017-05-09 21:16:48 | Microsoft Plugs Three Zero Day Holes as Part of May Patch Tuesday (lien direct) | Microsoft patched three zero day vulnerabilities actively under attack today as part of its May Patch Tuesday release. | |||
|
2017-05-09 20:41:29 | Google\'s OSS-Fuzz Finds 1,000 Open Source Bugs (lien direct) | Google said Tuesday that its OSS-Fuzz project has unearthed over 1,000 bugs, a quarter of them potential security vulnerabilities. | |||
|
2017-05-09 16:16:20 | Adobe Patches Seven Critical Vulnerabilities in Flash, AEM (lien direct) | Adobe fixed eight vulnerabilities, seven critical, in Flash Player and Adobe Experience Manager (AEM) Forms product as part of its regularly scheduled updates Tuesday morning. | |||
|
2017-05-09 13:12:49 | Emergency Update Patches Zero Day in Microsoft Malware Protection Engine (lien direct) | Microsoft released an emergency update for a zero-day vulnerability disclosed by Google in the Microsoft Malware Protection Engine bundled with most versions of Windows. | |||
|
2017-05-08 18:56:39 | Hikvision Patches Backdoor in IP Cameras (lien direct) | Hikvision recently patched a backdoor in a slew of its cameras that could have made it possible for a remote attacker to gain full admin access to affected devices. | |||
|
2017-05-08 17:55:43 | HandBrake for Mac Compromised with Proton Spyware (lien direct) | The open source HandBrake project is warning anyone who recently downloaded the Mac version of the software that they're likely infected with malware. | |||
|
2017-05-08 15:28:57 | Wormable Windows Zero Day Reported to Microsoft (lien direct) | Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich found a remotely exploitable Windows vulnerability that Ormandy called he worst in recent memory. | |||
|
2017-05-05 22:17:57 | Researchers Disclose Intel AMT Flaw Research (lien direct) | Security firm Embedi releases further details on the Intel AMT flaw, revealing how it can be exploited and how potentially dangerous it can be. | |||
|
2017-05-05 18:11:31 | Supply Chain Update Software Unknowingly Used in Attacks (lien direct) | Microsoft shuts down hackers who hijacked a software updater with fileless, or in-memory, malware attacks. | |||
|
2017-05-05 17:32:37 | Ultrasonic Beacons Are Tracking Your Every Movement (lien direct) | More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising. | |||
|
2017-05-05 14:45:03 | Threatpost News Wrap, May 5, 2017 (lien direct) | The news of the week is discussed, including the Gmail/Google Docs phishing attack, the Intel AMT vulnerability, IBM's malware-laden USB drives, and drone security. | |||
|
2017-05-05 13:15:14 | Business Email Compromise Losses Up 2,370 Percent Since 2015 (lien direct) | The FBI says Business Email Compromise scams are growing at astronomical rates, and businesses have lost $5.3 billion since 2013; $346 million in the U.S. alone in the second half of 2016. | |||
|
2017-05-05 10:00:07 | Carbanak Attackers Devise Clever New Persistence Trick (lien direct) | Hackers behind the Carbanak criminal gang have devised a clever way to gain persistence on targeted systems to more effectively pull off financially motivated crimes. | |||
|
2017-05-04 19:55:12 | Stealthy RAT Targeting North Korea Since 2014 (lien direct) | Cisco has uncovered a remote administration tool called Konni that it says has been used in attacks against government agencies and public organizations linked to North Korea. | |||
|
2017-05-04 19:54:31 | Many Commercial Drones \'Insecure by Design\' (lien direct) | Drones, many readily available on e-commerce shops like Amazon, are plagued by vulnerabilities that could give attackers full root access to the device, read or delete files, or crash the device. | |||
|
2017-05-04 17:34:47 | 1 Million Gmail Users Impacted by Google Docs Phishing Attack (lien direct) | Researchers said good social engineering and users' trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday's Google Docs phishing attacks would spread quickly. | |||
|
2017-05-04 16:46:02 | Unpatched WordPress Password Reset Vulnerability Lingers (lien direct) | A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user's password and in turn, gain access to their account. | |||
|
2017-05-03 22:28:59 | Google Shuts Down Docs Phishing Spree (lien direct) | Google has removed offending accounts involved in a widespread phishing attack today impersonating Google Docs. | |||
|
2017-05-03 19:44:30 | Sabre Corp. Investigating Breach of Reservation System (lien direct) | Travel services company Sabre Corp. said in a SEC filing that its investigating a data breach in its Hospitality Solutions reservation system. | |||
|
2017-05-03 19:39:07 | Researcher: \'Baseless Assumptions\' Exist About Intel AMT Vulnerability (lien direct) | Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify "baseless assumptions" being made about the flaw. | |||
|
2017-05-03 17:55:53 | Proposed NIST Password Guidelines Soften Length, Complexity Focus (lien direct) | NIST's latest password guidelines focus less on length and complexity of secrets and more on other measures such as 2FA, throttling, and blacklists. | |||
|
2017-05-02 21:52:49 | Shamoon Collaborator Greenbug Adopts New Communication Tool (lien direct) | New clues surface on Shamoon's ability steal credentials ahead of attacks. | |||
|
2017-05-02 20:07:12 | IBM: Destroy USBs Infected with Malware Dropper (lien direct) | USB drives shipped with some IBM's Storwize storage products are infected with malware, and the tech giant advises customers destroy the devices. | |||
|
2017-05-02 19:04:39 | DDoS Attacks Can Cost Businesses Up to $2.5M Per Attack, Report Says (lien direct) | Neustar's annual DDoS attack report says businesses can lose $2.5M on average detecting and mitigating DDoS attacks. | |||
|
2017-05-02 18:39:01 | Malware Hunter Crawls Internet Looking for RAT C2s (lien direct) | A new crawler from Shodan and Recorded Future called Malware Hunter seeks out command and control servers managing endpoints infected with remote access Trojans and other malware. | |||
|
2017-05-02 16:40:57 | Google Patches Six Critical Mediaserver Bugs in Android (lien direct) | Google pushed out its monthly Android patches Monday, addressing 17 critical vulnerabilities, six of which are tied to the Android Mediaserver component and four addressing problems with Qualcomm chipsets. | |||
|
2017-05-02 13:05:08 | Fuze Patches Bug That Exposed Recordings of Private Business Meetings (lien direct) | Fuze addressed two issues that publicly exposed recordings of private business meetings made over the collaboration platform. | |||
|
2017-05-02 13:04:17 | Intel Patches Nine-Year-Old Critical CPU Vulnerability (lien direct) | Intel warns business PC customers of a critical vulnerability found in its Active Management Technology that allows for escalation of privilege attacks. | |||
|
2017-05-01 21:57:53 | Apple Revokes Certificate Used By OSX/Dok Malware (lien direct) | Apple takes countermeasures to neutralize OSX/Dok HTTPS-snooping malware by revoking a hijacked certificate updating its XProtect built-in anti-malware software. | ★★★ | ||
|
2017-05-01 19:50:22 | Dan Geer: Cybersecurity, Humanity\'s Future \'Conjoined\' (lien direct) | Dan Geer's Source Boston keynote included a declaration that cybersecurity and humanity's future are forever conjoined. | ★★★ | ||
|
2017-05-01 16:08:01 | Flickr Vulnerability Worth $7K Bounty to Researcher (lien direct) | Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty. | Yahoo | ||
|
2017-04-28 22:52:20 | WikiLeaks Reveals CIA Tool \'Scribbles\' For Document Tracking (lien direct) | The CIA is planting web beacons inside Microsoft Word documents to track whistleblowers, journalists and informants, according to WikiLeaks. | |||
|
2017-04-28 14:28:55 | Threatpost News Wrap, April 28, 2017 (lien direct) | Mike Mimoso and Chris Brook recap this year's SOURCE Boston Conference and discuss the week in news, including the long term implications of the NSA's DoublePulsar exploit, and the HipChat breach. | |||
|
2017-04-27 22:19:55 | Ransomware, Cyberespionage Dominate Verizon DBIR (lien direct) | Verizon's Data Breach Investigations Report for 2017 shows big growth in the reported number of ransomware attacks and incidents involving cyberespionage. | |||
|
2017-04-27 21:12:06 | Lack of Communication Achilles\' Heel for Ransomware Fighters (lien direct) | A member of law enforcement acknowledged at SOURCE Boston that the lack of communication around ransomware remains a serious problem. | |||
|
2017-04-27 18:27:15 | Chrome to Mark More HTTP Pages \'Not Secure\' (lien direct) | Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, and any HTTP page visited in incognito mode | |||
|
2017-04-27 15:47:45 | The Time Has Arrived to Embrace Hackers (lien direct) | Source Boston keynoter Keren Elazari sounded a call to action for industry to extend an acceptance of hackers. | |||
|
2017-04-27 14:02:39 | Attack Method Highlights Weaknesses in Microsoft CFG (lien direct) | As Microsoft hardens its defenses with tools such as Control Flow Guard, researchers at Endgame are preparing for the reality of Counterfeit Object-Oriented Programming attacks to move from theoretical to real. | |||
|
2017-04-26 19:43:45 | Air Force Hopes To Attract Hackers With Bug Bounty Program (lien direct) | The Hack the Air Force bug bounty program invites white hats from inside and outside the U.S. to hack its websites. | |||
|
2017-04-26 15:39:40 | Lack of Security Talent Afflicts Healthcare (lien direct) | At Source Boston, Josh Corman of the Atlantic Council said that healthcare is suffering from a lack of security talent, devices rife with vulnerabilities, and government incentivizing bad behavior. | |||
|
2017-04-26 13:15:09 | Auto Lender Exposes Loan Data For Up To 1 Million Applicants (lien direct) | A trove of consumer auto loan data-some 1 million records-has been locked down after a researcher found an exposed and accessible database online. | |||
|
2017-04-25 19:34:18 | Atlassian Resets HipChat Passwords Following Breach (lien direct) | Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service. | |||
|
2017-04-25 17:45:07 | xDedic Market Spilling Over With School Servers, PCs (lien direct) | Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities based in United States. | |||
|
2017-04-25 16:36:08 | ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs (lien direct) | Adobe released an important security hotfix for several versions of Coldfusion, resolving two bugs, Tuesday morning. | |||
|
2017-04-25 14:30:30 | Zimperium Acquisition Program Publishes Exploits for Patched Android Bugs (lien direct) | Exploits for patched Android elevation of privilege vulnerabilities were published through the Zimperium N-Days Exploit Acquisition Program. | |||
|
2017-04-25 13:05:20 | Hyundai Patches Leaky Blue Link Mobile App (lien direct) | Hyundai Motor America patched its Blue Link mobile app after researchers found a cleartext encryption key that could be use to expose user and vehicle information. |
To see everything:
Our RSS (filtrered)
