What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-11-23 14:00:10 | InPage Zero Day Used in Attacks Against Banks (lien direct) | Banks in Asia and Africa have been targeted with exploits for a zero-day vulnerability in InPage publishing software popular in Arabic-speaking nations. | |||
|
2016-11-22 18:23:47 | Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11 (lien direct) | Microsoft confirmed Feb. 14, 2017 is the cutoff date for SHA-1 support in its Microsoft Edge and Internet Explorer 11 browsers. | |||
|
2016-11-22 15:30:41 | Exploit Code Released for NTP Vulnerability (lien direct) | NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet. | |||
|
2016-11-22 14:55:29 | WordPress Plugins Leave Black Friday Shoppers Vulnerable (lien direct) | Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws. | |||
|
2016-11-22 13:57:22 | DoD Publishes Vulnerability Disclosure Policy (lien direct) | In the wake of the Pentagon and Army bug bounties, the government continues to engage researchers with the publication of the DoD's vulnerability disclosure program. | |||
|
2016-11-21 20:20:02 | Backdoor Found in Firmware of Some Android Devices (lien direct) | Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack. | |||
|
2016-11-21 17:10:52 | Credentials Accessible in Siemens-Branded CCTV Cameras (lien direct) | A firmware update is available for Siemens-branded IP-based CCTV cameras that patches a vulnerability that puts admin credentials at risk. | ★★★★ | ||
|
2016-11-21 16:48:44 | Nemucod Infections Spreading Over Facebook (lien direct) | Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware. | |||
|
2016-11-18 18:56:49 | Drupal Fixes \'Moderately Critical\' Vulnerabilities in Core Engine (lien direct) | Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition. | |||
|
2016-11-18 17:45:04 | Qualcomm and HackerOne Partner on Bounty Program (lien direct) | Qualcomm and HackerOne are partnering for a bug bounty program that pays out up to $15,000 for vulnerabilities found in chipsets used in smartphones made by Samsung, LG and HTC. | ★★★ | ||
|
2016-11-18 14:15:42 | Threatpost News Wrap, November 18, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including this week's House hearing on the Internet of Things, Samy Kamkar's PoisonTap tool, and Windows 10's ransomware protections. | |||
|
2016-11-17 20:39:07 | Google Removing SHA-1 Support in Chrome 56 (lien direct) | Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates. | |||
|
2016-11-17 19:38:44 | iOS 10 Passcode Bypass Can Access Photos, Contacts (lien direct) | A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone. | |||
|
2016-11-17 18:51:53 | iPhone Call History Synced to iCloud Without User Consent, Knowledge (lien direct) | Security experts warn iPhone call history data may be synced to iCloud accounts without user knowledge, making personal phone records an easy target for a determined third-party. | |||
|
2016-11-17 15:18:59 | Gang Up on the Problem, Not Each Other (lien direct) | The security community often thrives on controversy, but when it comes to vulnerability disclosures in life-saving medical devices, ego and attention-grabbing must be put aside. | |||
|
2016-11-16 23:04:24 | IBM Opens Attack Simulation Test Center (lien direct) | IBM introduced on Wednesday a new Cyber Range attack simulator during the opening of its global security headquarters in Cambridge, Mass. | |||
|
2016-11-16 21:42:04 | Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50 (lien direct) | Mozilla addressed 29 vulnerabilities, three critical, when it released the latest iteration of its flagship browser, Firefox 50 on Tuesday. | ★★★★★ | ||
|
2016-11-16 18:10:17 | Regulation May Be Best Answer to IoT Insecurity (lien direct) | Technologists, including Bruce Schneier, testifying before a House committee today on IoT security said that regulation could be the only answer to solving existing vulnerabilities. | ★★ | ||
|
2016-11-16 17:55:11 | PoisonTap Steals Cookies, Drops Backdoors on Password-Protected Computers (lien direct) | Samy Kamkar's latest hacking device, PoisonTap, can steal HTTP cookies from millions of websites and install persistent web-based backdoors. | ★★★ | ||
|
2016-11-15 20:57:17 | Carbanak Attacks Shift to Hospitality Sector (lien direct) | The Carbanak cybercrime gang has shifted strategy and targets the hospitality and restaurant industries with new techniques and malware. | |||
|
2016-11-15 20:28:18 | Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems (lien direct) | A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. | |||
|
2016-11-15 17:11:30 | Lobbyists Press Trump to Support Strong Encryption, Surveillance Reform (lien direct) | A lobbying organization sent a letter to President-Elect Donald Trump, asking him to support the expansion of strong encryption and reform government surveillance activities. | |||
|
2016-11-15 15:54:16 | VMware Patches VM Escape Vulnerability (lien direct) | VMware patched a vulnerability in Workstation and Fusion that could allow an attacker to run code on a host machine. | |||
|
2016-11-14 22:43:53 | Microsoft Bolsters Ransomware Protection in Windows 10 Anniversary Update (lien direct) | Microsoft beefs up ransomware defenses in Windows 10 Anniversary Update starting with Edge browser and the Advanced Threat Protection (ATP) tool. | |||
|
2016-11-14 19:20:56 | CrySis Ransomware Master Decryption Keys Released (lien direct) | The master decryption keys unlocking files encrypted by the CrySis ransomware have been released. Kaspersky Lab has already updated its Rakhni decryptor to help victims restore their data. | ★★ | ||
|
2016-11-14 18:17:01 | Adult FriendFinder Hack Exposes 400 Million Accounts (lien direct) | The FriendFinder Network has reportedly been hacked exposing 400 million user accounts of Adult FriendFinder, Penthouse.com and Stripshow.com. | |||
|
2016-11-14 17:03:07 | Army Bug Bounty Building New Relationships with Hackers (lien direct) | The government announced its second bug bounty program called Hack the Army, which will concentrate on finding bugs in recruiting websites and databases. | |||
|
2016-11-11 14:00:09 | BlackNurse Low-Volume DoS Attack Targets Firewalls (lien direct) | Researchers say BlackNurse attacks are low bandwidth (18Mbps) and can still knock offline many of today's firewalls. | |||
|
2016-11-11 12:00:58 | OpenSSL Patches High-Severity Denial-of-Service Bug (lien direct) | An OpenSSL update released on Thursday patched three vulnerabilities included one rated high severity in TLS connections using the ChaCha20-Poly 1305 ciphersuite. | |||
|
2016-11-10 18:39:33 | Signal Audit Reveals Protocol Cryptographically Sound (lien direct) | Academics audited the popular end-to-end encryption app Signal and their findings are encouraging. | |||
|
2016-11-10 17:57:56 | Siemens Discloses Local Privilege Escalation Bug in SCADA Gear (lien direct) | Siemens is warning customers of a local privilege escalation vulnerability that leaves over a dozen models of its SCADA equipment open to attack. | |||
|
2016-11-10 16:50:12 | Yahoo Tells SEC It Knew About Data Breach in 2014 (lien direct) | Yahoo's latest SEC filing includes confirmation that it knew attackers were on its network in 2014 and stole information on 500 million accounts. | Yahoo | ||
|
2016-11-10 14:41:31 | OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking (lien direct) | Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. | |||
|
2016-11-09 21:53:34 | Locky Targets OPM Breach Victims (lien direct) | A phishing campaign is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015. | |||
|
2016-11-09 18:05:04 | Google to Red Flag \'Repeat Offender\' Websites (lien direct) | Google's Safe Browsing program expands to include "Repeat Offender†websites in blacklisting program. | |||
|
2016-11-09 11:00:26 | iOS WebView Problem Allows Attackers to Initiate Phone Calls (lien direct) | An issue in iOS WebView that is trivial to exploit can give an attacker the ability to trigger phone calls from a targeted device, researcher Collin Mulliner said. | |||
|
2016-11-08 22:16:02 | TrickBot Banking Trojan Adds New Browser Manipulation Tools (lien direct) | The banking Trojan TrickBot is evolving fast, according to researchers, and within weeks will expand its victim list and attack scope. | |||
|
2016-11-08 19:57:26 | Microsoft Patches Zero Day Disclosed by Google (lien direct) | Microsoft released 14 security bulletins today, six rated critical. Among the fixes is a patch for a Windows kernel zero-day vulnerability disclosed by Google that was being used in attacks by the Sofacy APT gang. | |||
|
2016-11-08 18:38:26 | Google Releases Supplemental Patch for Dirty Cow Vulnerability (lien direct) | Google's November Android Security Bulletin patched 15 critical vulnerabilities, but only a supplemental patch for the Dirty Cow Linux vulnerability. | |||
|
2016-11-08 16:17:13 | Adobe Patches Nine Code Execution Flaws in Flash Player (lien direct) | Adobe again released a security update for Flash Player, patching nine remote code execution vulnerabilities. Adobe Connect for Windows was also updated. | |||
|
2016-11-07 22:10:40 | Risk of Election Day Cyberattacks Low According To Experts (lien direct) | Security experts monitoring cyber-chatter for virtual and real-world threats against U.S. Election Day targets don't believe there will be cyberattack or al-Qaeda terror attack this Tuesday. | |||
|
2016-11-07 19:49:33 | Tesco Bank Stops Online Transactions After Money Missing from 20K Accounts (lien direct) | Tesco Bank, a U.K. retail bank, today put a halt to online transactions from current accounts after some customers reported over the weekend money missing from their accounts. | |||
|
2016-11-07 18:50:00 | Microsoft Tears off the Band-Aid with EMET (lien direct) | Microsoft extended the end of life deadline on EMET to July 2018, but experts say its usefulness as a mitigation toolkit has been limited for some time. | |||
|
2016-11-07 17:47:01 | Clever Gmail Hack Let Attackers Take Over Accounts (lien direct) | Google patched a hole in its Gmail verification system last week that allowed an attacker to hijack a targeted Google Gmail account. | |||
|
2016-11-04 21:58:47 | Inside the RIG Exploit Kit (lien direct) | In a deep analysis of RIG, Cisco Talos team outlined the way the exploit kit combines different web technologies such as DoSWF, JavaScript, Flash and VBscript to obfuscate attacks. | |||
|
2016-11-04 20:53:12 | Commodity \'Exaspy\' Spyware Found Targeting High-Level Execs (lien direct) | Researchers warn commodity Android spyware called Exaspy is being used to target high-profile executives. | |||
|
2016-11-04 15:32:59 | Half of Chrome Pageloads are HTTPS (lien direct) | Google said that more than half of pageloads on Chrome across platforms are encrypted; Android as the lone laggard, but trending upward. | |||
|
2016-11-04 15:05:39 | Test-Run DDoS Attacks Against Liberia Cease (lien direct) | Intermittent DDoS attacks affecting Internet connectivity nationwide in West African nation Liberia have ceased. One researcher says it's a test for something else. | |||
|
2016-11-03 19:25:53 | DMCA Exemptions Lift Hacking Restrictions (lien direct) | White hat hackers can hack cars, medical devices and home IoT devices without fear of running amiss of DMCA laws that prevent reverse engineering. | |||
|
2016-11-03 19:15:56 | Outlook Web Access Two-Factor Authentication Bypass Exists (lien direct) | Two-factor authentication protecting Outlook Web Access and Office 365 portals can be bypassed-and the situation likely cannot be fixed, a researcher has disclosed. |
To see everything:
Our RSS (filtrered)
