Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-23 14:00:10 |
InPage Zero Day Used in Attacks Against Banks (lien direct) |
Banks in Asia and Africa have been targeted with exploits for a zero-day vulnerability in InPage publishing software popular in Arabic-speaking nations. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-22 18:23:47 |
Microsoft Cutting Off SHA-1 Support in February for Edge, IE 11 (lien direct) |
Microsoft confirmed Feb. 14, 2017 is the cutoff date for SHA-1 support in its Microsoft Edge and Internet Explorer 11 browsers. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-22 15:30:41 |
Exploit Code Released for NTP Vulnerability (lien direct) |
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-22 14:55:29 |
WordPress Plugins Leave Black Friday Shoppers Vulnerable (lien direct) |
Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-22 13:57:22 |
DoD Publishes Vulnerability Disclosure Policy (lien direct) |
In the wake of the Pentagon and Army bug bounties, the government continues to engage researchers with the publication of the DoD's vulnerability disclosure program. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-21 20:20:02 |
Backdoor Found in Firmware of Some Android Devices (lien direct) |
Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-21 17:10:52 |
Credentials Accessible in Siemens-Branded CCTV Cameras (lien direct) |
A firmware update is available for Siemens-branded IP-based CCTV cameras that patches a vulnerability that puts admin credentials at risk. |
|
|
★★★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-21 16:48:44 |
Nemucod Infections Spreading Over Facebook (lien direct) |
Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-18 18:56:49 |
Drupal Fixes \'Moderately Critical\' Vulnerabilities in Core Engine (lien direct) |
Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-18 17:45:04 |
Qualcomm and HackerOne Partner on Bounty Program (lien direct) |
Qualcomm and HackerOne are partnering for a bug bounty program that pays out up to $15,000 for vulnerabilities found in chipsets used in smartphones made by Samsung, LG and HTC. |
|
|
★★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-18 14:15:42 |
Threatpost News Wrap, November 18, 2016 (lien direct) |
Mike Mimoso and Chris Brook discuss the news of the week, including this week's House hearing on the Internet of Things, Samy Kamkar's PoisonTap tool, and Windows 10's ransomware protections. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-17 20:39:07 |
Google Removing SHA-1 Support in Chrome 56 (lien direct) |
Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-17 19:38:44 |
iOS 10 Passcode Bypass Can Access Photos, Contacts (lien direct) |
A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.
|
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-17 18:51:53 |
iPhone Call History Synced to iCloud Without User Consent, Knowledge (lien direct) |
Security experts warn iPhone call history data may be synced to iCloud accounts without user knowledge, making personal phone records an easy target for a determined third-party. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-17 15:18:59 |
Gang Up on the Problem, Not Each Other (lien direct) |
The security community often thrives on controversy, but when it comes to vulnerability disclosures in life-saving medical devices, ego and attention-grabbing must be put aside. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-16 23:04:24 |
IBM Opens Attack Simulation Test Center (lien direct) |
IBM introduced on Wednesday a new Cyber Range attack simulator during the opening of its global security headquarters in Cambridge, Mass. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-16 21:42:04 |
Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50 (lien direct) |
Mozilla addressed 29 vulnerabilities, three critical, when it released the latest iteration of its flagship browser, Firefox 50 on Tuesday.
|
|
|
★★★★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-16 18:10:17 |
Regulation May Be Best Answer to IoT Insecurity (lien direct) |
Technologists, including Bruce Schneier, testifying before a House committee today on IoT security said that regulation could be the only answer to solving existing vulnerabilities. |
|
|
★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-16 17:55:11 |
PoisonTap Steals Cookies, Drops Backdoors on Password-Protected Computers (lien direct) |
Samy Kamkar's latest hacking device, PoisonTap, can steal HTTP cookies from millions of websites and install persistent web-based backdoors. |
|
|
★★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-15 20:57:17 |
Carbanak Attacks Shift to Hospitality Sector (lien direct) |
The Carbanak cybercrime gang has shifted strategy and targets the hospitality and restaurant industries with new techniques and malware. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-15 20:28:18 |
Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems (lien direct) |
A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-15 17:11:30 |
Lobbyists Press Trump to Support Strong Encryption, Surveillance Reform (lien direct) |
A lobbying organization sent a letter to President-Elect Donald Trump, asking him to support the expansion of strong encryption and reform government surveillance activities. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-15 15:54:16 |
VMware Patches VM Escape Vulnerability (lien direct) |
VMware patched a vulnerability in Workstation and Fusion that could allow an attacker to run code on a host machine. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-14 22:43:53 |
Microsoft Bolsters Ransomware Protection in Windows 10 Anniversary Update (lien direct) |
Microsoft beefs up ransomware defenses in Windows 10 Anniversary Update starting with Edge browser and the Advanced Threat Protection (ATP) tool. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-14 19:20:56 |
CrySis Ransomware Master Decryption Keys Released (lien direct) |
The master decryption keys unlocking files encrypted by the CrySis ransomware have been released. Kaspersky Lab has already updated its Rakhni decryptor to help victims restore their data. |
|
|
★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-14 18:17:01 |
Adult FriendFinder Hack Exposes 400 Million Accounts (lien direct) |
The FriendFinder Network has reportedly been hacked exposing 400 million user accounts of Adult FriendFinder, Penthouse.com and Stripshow.com. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-14 17:03:07 |
Army Bug Bounty Building New Relationships with Hackers (lien direct) |
The government announced its second bug bounty program called Hack the Army, which will concentrate on finding bugs in recruiting websites and databases. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-11 14:00:09 |
BlackNurse Low-Volume DoS Attack Targets Firewalls (lien direct) |
Researchers say BlackNurse attacks are low bandwidth (18Mbps) and can still knock offline many of today's firewalls. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-11 12:00:58 |
OpenSSL Patches High-Severity Denial-of-Service Bug (lien direct) |
An OpenSSL update released on Thursday patched three vulnerabilities included one rated high severity in TLS connections using the ChaCha20-Poly 1305 ciphersuite. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-10 18:39:33 |
Signal Audit Reveals Protocol Cryptographically Sound (lien direct) |
Academics audited the popular end-to-end encryption app Signal and their findings are encouraging. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-10 17:57:56 |
Siemens Discloses Local Privilege Escalation Bug in SCADA Gear (lien direct) |
Siemens is warning customers of a local privilege escalation vulnerability that leaves over a dozen models of its SCADA equipment open to attack. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-10 16:50:12 |
Yahoo Tells SEC It Knew About Data Breach in 2014 (lien direct) |
Yahoo's latest SEC filing includes confirmation that it knew attackers were on its network in 2014 and stole information on 500 million accounts. |
|
Yahoo
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-10 14:41:31 |
OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking (lien direct) |
Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-09 21:53:34 |
Locky Targets OPM Breach Victims (lien direct) |
A phishing campaign is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-09 18:05:04 |
Google to Red Flag \'Repeat Offender\' Websites (lien direct) |
Google's Safe Browsing program expands to include "Repeat Offender†websites in blacklisting program. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-09 11:00:26 |
iOS WebView Problem Allows Attackers to Initiate Phone Calls (lien direct) |
An issue in iOS WebView that is trivial to exploit can give an attacker the ability to trigger phone calls from a targeted device, researcher Collin Mulliner said. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-08 22:16:02 |
TrickBot Banking Trojan Adds New Browser Manipulation Tools (lien direct) |
The banking Trojan TrickBot is evolving fast, according to researchers, and within weeks will expand its victim list and attack scope. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-08 19:57:26 |
Microsoft Patches Zero Day Disclosed by Google (lien direct) |
Microsoft released 14 security bulletins today, six rated critical. Among the fixes is a patch for a Windows kernel zero-day vulnerability disclosed by Google that was being used in attacks by the Sofacy APT gang. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-08 18:38:26 |
Google Releases Supplemental Patch for Dirty Cow Vulnerability (lien direct) |
Google's November Android Security Bulletin patched 15 critical vulnerabilities, but only a supplemental patch for the Dirty Cow Linux vulnerability. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-08 16:17:13 |
Adobe Patches Nine Code Execution Flaws in Flash Player (lien direct) |
Adobe again released a security update for Flash Player, patching nine remote code execution vulnerabilities. Adobe Connect for Windows was also updated. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-07 22:10:40 |
Risk of Election Day Cyberattacks Low According To Experts (lien direct) |
Security experts monitoring cyber-chatter for virtual and real-world threats against U.S. Election Day targets don't believe there will be cyberattack or al-Qaeda terror attack this Tuesday. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-07 19:49:33 |
Tesco Bank Stops Online Transactions After Money Missing from 20K Accounts (lien direct) |
Tesco Bank, a U.K. retail bank, today put a halt to online transactions from current accounts after some customers reported over the weekend money missing from their accounts. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-07 18:50:00 |
Microsoft Tears off the Band-Aid with EMET (lien direct) |
Microsoft extended the end of life deadline on EMET to July 2018, but experts say its usefulness as a mitigation toolkit has been limited for some time. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-07 17:47:01 |
Clever Gmail Hack Let Attackers Take Over Accounts (lien direct) |
Google patched a hole in its Gmail verification system last week that allowed an attacker to hijack a targeted Google Gmail account. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-04 21:58:47 |
Inside the RIG Exploit Kit (lien direct) |
In a deep analysis of RIG, Cisco Talos team outlined the way the exploit kit combines different web technologies such as DoSWF, JavaScript, Flash and VBscript to obfuscate attacks. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-04 20:53:12 |
Commodity \'Exaspy\' Spyware Found Targeting High-Level Execs (lien direct) |
Researchers warn commodity Android spyware called Exaspy is being used to target high-profile executives. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-04 15:32:59 |
Half of Chrome Pageloads are HTTPS (lien direct) |
Google said that more than half of pageloads on Chrome across platforms are encrypted; Android as the lone laggard, but trending upward. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-04 15:05:39 |
Test-Run DDoS Attacks Against Liberia Cease (lien direct) |
Intermittent DDoS attacks affecting Internet connectivity nationwide in West African nation Liberia have ceased. One researcher says it's a test for something else. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-03 19:25:53 |
DMCA Exemptions Lift Hacking Restrictions (lien direct) |
White hat hackers can hack cars, medical devices and home IoT devices without fear of running amiss of DMCA laws that prevent reverse engineering. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2016-11-03 19:15:56 |
Outlook Web Access Two-Factor Authentication Bypass Exists (lien direct) |
Two-factor authentication protecting Outlook Web Access and Office 365 portals can be bypassed-and the situation likely cannot be fixed, a researcher has disclosed. |
|
|
|