What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-03-28 16:12:00 | Lazarus Group Widens Tactics in Cryptocurrency Attacks (lien direct) | MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea. | APT 38 | ||
|
2019-03-28 14:51:00 | Gamers Urged to Patch Critical Bugs in GOG Galaxy (lien direct) | Video game digital distribution platform GOG Galaxy Games has patched two critical privilege escalation flaws that could allow arbitrary code execution. | |||
|
2019-03-27 21:48:01 | Cisco Releases Flood of Patches for IOS XE and Small Business Routers (lien direct) | The networking giant issued 27 patches impacting a wide range of its products running the ISO XE software. | |||
|
2019-03-27 21:08:01 | FTC Demands Broadband Providers Reveal Data Handling Practices (lien direct) | The FTC is ordering seven companies - including AT&T, T-Mobile, Comcast and more - to outline what data they collect, what they use the data for, and how transparent they're being with consumers. | |||
|
2019-03-27 17:41:00 | Grindr Poses National Security Risk, U.S. Gov Says (lien direct) | According to a report, Grindr's Chinese owners are selling the platform after concerns were raised about user data handling. | |||
|
2019-03-27 15:37:03 | Gamers Beware: Nvidia Fixes High-Severity GeForce Experience Bug (lien direct) | Versions of GeForce Experience for Windows before 3.18 are open to a bug that can allow denial of service and remote code execution. | |||
|
2019-03-27 15:26:00 | Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns (lien direct) | With new attacks on the Israeli military and social-work educators, exploitation of the 19-year-old flaw shows no signs of slowing down. | |||
|
2019-03-27 12:48:01 | Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities (lien direct) | Researchers are still looking for answers when it comes to LockerGoga's initial infection method - and what the attackers behind the ransomware really want. | Ransomware | ||
|
2019-03-26 15:35:02 | ASUS Patches Live Update Bug That Allowed APT to Infect Thousands of PCs (lien direct) | If users have an impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings, said ASUS | |||
|
2019-03-26 13:54:01 | Apple iOS 12.2 Patches 51 Serious Flaws (lien direct) | Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users. | Vulnerability | ||
|
2019-03-25 20:52:05 | ThreatList: Remote Workers Threaten 1 in 3 Organizations (lien direct) | More than one-third of surveyed organizations (36 percent) said have experienced a security incident because of a remote worker's actions. | |||
|
2019-03-25 18:10:02 | Malware Payloads Hide in Images: Steganography Gets a Reboot (lien direct) | Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look. | Malware | ||
|
2019-03-25 17:30:05 | Bugs in Grandstream Gear Lay Open SMBs to Range of Attacks (lien direct) | Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions. | Malware | ||
|
2019-03-25 16:40:02 | Some ASUS Updates Drop Backdoors on PCs in \'Operation ShadowHammer\' (lien direct) | The attack appears to be associated with a China-backed APT actor. | |||
|
2019-03-25 14:00:01 | FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors (lien direct) | The contractor with whom it shared the data has a vulnerable, unpatched network. | |||
|
2019-03-22 21:11:03 | Spycams Secretly Live-Streamed 1,600 Motel Guests (lien direct) | Four have been arrested in the case. | |||
|
2019-03-22 20:28:04 | Firefox and Edge Fall to Hackers on Day Two of Pwn2Own (lien direct) | Browsers Firefox and Edge take a beating on day two of the Pwn2Own competition. | |||
|
2019-03-22 20:22:02 | Google Play Touts Certs in Quest For Enterprise Security (lien direct) | Google has snagged three security and privacy certifications for Google Play as it tries to appeal to enterprises despite numerous malicious apps and security issues. | |||
|
2019-03-22 20:22:01 | Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project (lien direct) | Users of the open-source project should upgrade immediately. | |||
|
2019-03-22 18:33:00 | Analysis: Drone Tech Creates New Type of Blended Threat (lien direct) | Hacked drones are breaching physical and cyberdefenses to cause disruption and steal data, experts warn. | Threat | ||
|
2019-03-22 15:07:03 | Medtronic Defibrillators Have Critical Flaws, Warns DHS (lien direct) | The unpatched vulnerabilities exist in 20 products made by the popular Medtronics medical device manufacturer, including defibrillators and home patient monitoring systems. | |||
|
2019-03-21 20:47:04 | WordPress Plugin Removed After Zero Day Discovered (lien direct) | The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild. | |||
|
2019-03-21 17:51:05 | Hackers Take Down Safari, VMware and Oracle at Pwn2Own (lien direct) | On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox. | |||
|
2019-03-21 16:14:03 | Facebook Stored Passwords in Plain Text For Years (lien direct) | The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view. | |||
|
2019-03-21 15:19:02 | MyPillow and Amerisleep Targeted in Magecart Group Attacks (lien direct) | In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed. | |||
|
2019-03-21 12:31:02 | Cisco Patches High-Severity Flaws in IP Phones (lien direct) | The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem. | |||
|
2019-03-20 21:20:00 | Mac-Focused Malvertising Campaign Abuses Google Firebase DBs (lien direct) | Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan. | |||
|
2019-03-20 20:36:05 | Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats (lien direct) | Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay. | |||
|
2019-03-20 19:03:03 | Years-Long Phishing Campaign Targets Saudi Gov Agencies (lien direct) | The campaign, codenamed “Bad Tidings,” has sought out victims' credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior's e-Service portal. | |||
|
2019-03-20 17:00:04 | Fin7 Ramps Up Campaigns With Two Fresh Malware Samples (lien direct) | Despite the 2018 crackdown on Fin7, the cybercrime group has been ramping up its efforts with two new malware samples and an attack panel. | Malware | ||
|
2019-03-20 15:05:01 | Uber Deployed \'Surfcam Spyware\' in Australia to Crush the Competition – Report (lien direct) | Until a report this week, Uber's Surfcam's use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it's a "spyware." | Uber | ||
|
2019-03-19 21:07:05 | Cardinal RAT Resurrected to Target FinTech Firms (lien direct) | A long-quiet malware family has been spotted targeting financial technology firms, armed with new obfuscation techniques to avoid detection. | Malware | ||
|
2019-03-19 20:43:00 | Host of Flaws Found in CUJO Smart Firewall (lien direct) | Some of the flaws would allow remote code-execution. | |||
|
2019-03-19 19:40:03 | Podcast: The High-Risk Threats Behind the Norsk Hydro Cyberattack (lien direct) | Threatpost talks to Phil Neray with CyberX about Tuesday's ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more. | Ransomware | Wannacry | |
|
2019-03-19 18:31:03 | Old Tech Spills Digital Dirt on Past Owners (lien direct) | Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined. | |||
|
2019-03-19 15:26:04 | Researcher Says NSA\'s Ghidra Tool Can Be Used for RCE (lien direct) | Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users. | Tool Vulnerability | ||
|
2019-03-19 14:53:02 | Norsk Hydro Calls Ransomware Attack \'Severe\' (lien direct) | When asked if the company plans to pay the ransom, its CFO said its main strategy is to use the backup data stored in the system. | Ransomware | ||
|
2019-03-19 12:00:00 | ThreatList: DDoS Attack Sizes Drop 85 Percent Post FBI Crackdown (lien direct) | The FBI's crackdown on 15 DDoS-for-hire sites appears to have had an impact on DDoS attacks, the average size for which dropped 85 percent in the fourth quarter of 2018, a new report found. | |||
|
2019-03-15 18:30:00 | Lenovo Patches High-Severity Arbitrary Code Execution Flaws (lien direct) | Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes. | |||
|
2019-03-15 14:46:05 | Unpatched Fujitsu Wireless Keyboard Bug Allows Keystroke Injection (lien direct) | An unpatched high-severity vulnerability allows keystroke injections in Fujitsu wireless keyboards. | Vulnerability | ||
|
2019-03-14 20:19:01 | Threatlist: IMAP-Based Attacks Compromising Accounts at \'Unprecedented Scale\' (lien direct) | Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns. | |||
|
2019-03-14 19:43:05 | Zero-Days in Counter-Strike Client Used to Build Major Botnet (lien direct) | A full 39 percent of Counter-Strike 1.6 game servers on Steam were found to be malicious. | |||
|
2019-03-14 15:56:00 | Cisco Patches Critical \'Default Password\' Bug (lien direct) | Vulnerability allows adversaries to access monitoring system used for gathering info on operating systems and hardware. | Vulnerability | ||
|
2019-03-14 15:33:03 | GlitchPOS Malware Appears to Steal Credit-Card Numbers (lien direct) | A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum. | Malware | ||
|
2019-03-14 12:27:00 | Insider Threats Get Mean, Nasty and Very Personal (lien direct) | Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses. | |||
|
2019-03-13 19:44:05 | Purveyor of Cracked Netflix, Hulu, Spotify Accounts Arrested (lien direct) | A Sydney man is accused of selling nearly 1 million compromised accounts, for a significant profit. | |||
|
2019-03-13 18:29:03 | Intel Windows 10 Graphics Drivers Riddled With Flaws (lien direct) | Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code execution. | Guideline | ||
|
2019-03-13 15:58:01 | MAGA \'Safe Space\' App Developer Threatens Security Researcher (lien direct) | The mobile app, dubbed a "Yelp for Conservatives," was found with an open API leaking reams of user data. | ★★★ | ||
|
2019-03-13 15:23:05 | Three Ways DNS is Weaponized and How to Mitigate the Risk (lien direct) | Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think. | |||
|
2019-03-13 14:15:01 | Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw (lien direct) | Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat. | Threat |
To see everything:
Our RSS (filtrered)
