Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-02-27 16:42:03 |
Cisco Patches High-Severity Webex Vulnerability For Third Time (lien direct) |
Third time's hopefully a charm for Cisco, which has patched a high-severity flaw once again in its Webex video conferencing platform. |
Vulnerability
|
|
|
|
2019-02-27 15:45:02 |
Thunderclap Flaws Shatter Peripheral Security (lien direct) |
Many machines, including almost all Apple laptops and desktops produced since 2011, are vulnerable to data exfiltration via weaponized peripherals. |
|
|
|
|
2019-02-27 12:30:04 |
Bronze Union APT Updates Remote Access Trojans in Fresh Wave of Attacks (lien direct) |
The China-linked threat group has returned in 2018 using updated RATs to launch its attacks, including ZxShell, Gh0st RAT, and SysUpdate malware. |
Threat
|
APT 27
|
|
|
2019-02-26 18:46:01 |
\'Cloudborne\' IaaS Attack Allows Persistent Backdoors in the Cloud (lien direct) |
A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks. |
Vulnerability
|
|
|
|
2019-02-26 16:33:05 |
High-Severity SHAREit App Flaws Open Files for the Taking (lien direct) |
SHAREit has fixed two flaws in its app that allow bad actors to authenticate their devices and steal files from a victim's device. |
|
|
|
|
2019-02-26 14:51:00 |
Critical WinRAR Flaw Found Actively Being Exploited (lien direct) |
The spam campaign is being used to spread a malicious .exe file, taking advantage of a vulnerability in WinRAR which was patched in January. |
Spam
Vulnerability
|
|
|
|
2019-02-26 11:58:01 |
The Dark Sides of Modern Cars: Hacking and Data Collection (lien direct) |
How features such as infotainment and driver-assist can give others a leg up on car owners. |
|
|
|
|
2019-02-25 20:45:04 |
Threatpost Data: Password Managers Are Worth the Risk, Readers Say (lien direct) |
A Threatpost reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers. |
|
|
|
|
2019-02-25 16:39:02 |
ToRPEDO Privacy Attack on 4G/5G Networks Affects All U.S. Carriers (lien direct) |
The attack threatens users with location-tracking, DoS, fake notifications and more. |
|
|
|
|
2019-02-25 14:17:00 |
Google Ditches Passwords in Latest Android Devices (lien direct) |
Google has announced FIDO2 certification for devices running on Android 7 and above - meaning that users can use biometrics, fingerprint login or PINs instead of passwords. |
|
|
|
|
2019-02-22 21:29:02 |
Phishing Scam Cloaks Malware With Fake Google reCAPTCHA (lien direct) |
Phishing emails target a bank's users with malware - and make their landing page look more legitimate with fake Google reCAPTCHAs. |
Malware
|
|
|
|
2019-02-22 21:23:04 |
Reddit Gold: Alice and Bob, Caught in a Web of Lies (lien direct) |
There was a shocking turn of events in crypto-world. |
|
|
|
|
2019-02-22 18:53:00 |
Video: HackerOne CEO on the Evolving Bug Bounty Landscape (lien direct) |
Threatpost talks to HackerOne CEO Marten Mickos on the EU's funding of open source bug bounty programs, how a company can start a program, and the next generation of bounty hunters. |
|
|
|
|
2019-02-22 18:32:00 |
Data Breaches of the Week: Tales of PoS Malware, Latrine Status (lien direct) |
U.S. and subcontinent consumers were the most affected by this week's exposure revelations. |
|
|
|
|
2019-02-22 17:21:01 |
Threatpost News Wrap Podcast For Feb. 22 (lien direct) |
From password manager vulnerabilities to 19-year-old flaws, the Threatpost team broke down this week's biggest news stories. |
|
|
|
|
2019-02-22 12:11:04 |
Threatpost Poll: Are Password Managers Too Risky? (lien direct) |
Weigh in on password managers with our Threatpost poll. |
|
|
|
|
2019-02-21 19:01:05 |
ThreatList: Porn-Focused Malware Triples, Dark Web Loves It (lien direct) |
Premium-access credentials to porn sites are hot in the cyber-underground, as credential-harvesting malware proliferates. |
Malware
|
|
|
|
2019-02-21 17:05:03 |
Adobe Re-Patches Critical Acrobat Reader Flaw (lien direct) |
Adobe has issued yet another patch for a critical vulnerability in its Acrobat Reader - a week after the original fix. |
Vulnerability
|
|
|
|
2019-02-21 15:54:05 |
Highly Critical Drupal RCE Flaw Affects Millions of Websites (lien direct) |
Admins should update immediately to fix a remote code-execution vulnerability. |
|
|
|
|
2019-02-21 15:05:04 |
19-Year-Old WinRAR Flaw Plagues 500 Million Users (lien direct) |
Users of the popular file-compression tool are urged to immediately update after a serious code-execution flaw was found in WinRAR. |
Tool
|
|
|
|
2019-02-20 21:33:05 |
Researcher: Not Hard for a Hacker to Capsize a Ship at Sea (lien direct) |
Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners. |
|
|
|
|
2019-02-20 20:48:05 |
Separ Malware Plucks Hundreds of Companies\' Credentials in Ongoing Phish (lien direct) |
An ongoing phishing campaign is targeting hundreds of businesses to steal their email and browser credentials using a simply - but effective - malware. |
Malware
|
|
|
|
2019-02-20 20:10:02 |
Apple\'s Shazam App Boots Facebook Ads and Other Third-Party SDKs (lien direct) |
The music-recognition app that Apple bought for $400 million is removing Facebook Ads, DoubleClick, Facebook Analytics and more. |
|
|
|
|
2019-02-20 19:27:05 |
Password Manager Firms Blast Back at \'Leaky Password\' Revelations (lien direct) |
1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory. |
|
LastPass
|
|
|
2019-02-20 18:34:01 |
GitHub Increases Rewards, Scope For Bug-Bounty Program (lien direct) |
GitHub is offering unlimited rewards for critical vulnerabilities - and has added "safe harbor" terms to its bug bounty program. |
|
|
|
|
2019-02-20 16:16:05 |
Microsoft: Russia\'s Fancy Bear Working to Influence EU Elections (lien direct) |
As hundreds of millions of Europeans prepare to go to the polls in May, Fancy Bear ramps up cyber-espionage and disinformation efforts. |
|
APT 28
|
|
|
2019-02-19 22:36:01 |
Microsoft to Kill Updates for Legacy OS Using SHA-1 (lien direct) |
Windows 7 and Windows Server 2008 users are being asked to upgrade their encryption support. |
|
|
|
|
2019-02-19 22:07:01 |
ThreatList: APT Adversaries Up the Ante on Speed, Target Telecom (lien direct) |
Russia-linked actors need just 18 minutes to go from compromise to lateral movement. |
|
|
|
|
2019-02-19 19:00:01 |
New GandCrab Decryptor Unlocks Files of Updated Ransomware (lien direct) |
This is the third update to the prolific GandCrab malware within the past year. |
Ransomware
Malware
|
|
|
|
2019-02-19 17:23:00 |
ATM Jackpotting Malware Hones Its Heist Tools (lien direct) |
The WinPot malware takes its cues from slot machines. |
Malware
|
|
|
|
2019-02-18 21:26:03 |
When Cyberattacks Pack a Physical Punch (lien direct) |
Physical security goes hand in hand with cyberdefense. What happens when – as we see all too often – the physical side is overlooked? |
|
|
|
|
2019-02-16 00:26:03 |
Where\'s the Equifax Data? Does It Matter? (lien direct) |
Threat-hunters say the breached data from the massive Equifax incident is nowhere to be found, indicating a spy job. |
|
Equifax
|
|
|
2019-02-15 22:30:01 |
Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps (lien direct) |
Data-exposure "lowlights" for the week ending Feb. 15, 2019. |
Data Breach
|
Equifax
|
|
|
2019-02-15 20:19:02 |
Eight Cryptojacking Apps Booted From Microsoft Store (lien direct) |
The eight apps were secretly stealing victims' CPU power to mine for Monero. |
|
|
|
|
2019-02-15 20:04:04 |
Tips on How to Fight Back Against DNS Spoofing Attacks (lien direct) |
Despite a welcome and needed DNS revamp, preventable abuse continues. |
|
|
|
|
2019-02-15 17:15:02 |
Trickbot Malware Goes After Remote Desktop Credentials (lien direct) |
The banking trojan is consistently evolving in hopes of boosting its efficacy. |
Malware
|
|
|
|
2019-02-15 15:27:05 |
Ultra-Sneaky Phishing Scam Swipes Facebook Credentials (lien direct) |
Researchers warn that the phishing campaign looks "deceptively realistic." |
|
|
|
|
2019-02-14 18:33:05 |
Ever-Changing Emotet Evolves Again with Fresh Evasion Tactic (lien direct) |
It has added the technique of using malicious XML files as its delivery method. |
|
|
|
|
2019-02-14 18:20:02 |
Threatpost Poll: Over Half of Firms Asked Struggle with Mobile Security (lien direct) |
A Threatpost poll found that 52 percent don't feel prepared to prevent a mobile security incident from happening. The results reflect a challenging mobile security landscape. |
|
|
|
|
2019-02-14 17:27:01 |
Coffee Meets Bagel Dating App Warns Users of Breach (lien direct) |
The dating site said users' names and email addresses that were added to the system prior to May 2018 may be impacted. |
|
|
|
|
2019-02-14 16:32:01 |
Google Play Cracks Down on Malicious Apps (lien direct) |
Google Play said that app suspensions increased by 66 percent in 2018 on its platform. |
|
|
|
|
2019-02-14 12:30:00 |
Critical OkCupid Flaw Exposes Daters to App Takeovers (lien direct) |
The flaw is only one of many romance-related security issues as bad actors take advantage of Valentine's Day. |
|
|
|
|
2019-02-13 22:24:03 |
Lenovo Watch X Riddled with Security Vulnerabilities (lien direct) |
Researchers have identified multiple security issues with this Lenovo smartwatch. |
|
|
|
|
2019-02-13 20:55:00 |
ThreatList: Banking Trojans Are Still The Top Big Bad for Email (lien direct) |
Banking trojans, led by the ever-changing Emotet, dominated the email-borne threat landscape in Q4, according to Proofpoint. |
Threat
|
|
|
|
2019-02-13 15:20:00 |
\'Dirty Sock\' Flaw in snapd Allows Root Access to Linux Servers (lien direct) |
The issue affects default installations of Ubuntu Server and Desktop and is likely included in many Ubuntu-like Linux distributions. |
|
|
|
|
2019-02-13 15:15:05 |
Unpatched Apple macOS Hole Exposes Safari Browsing History (lien direct) |
There are no permission dialogues for apps in certain folders for macOS Mojave, which allows a malicious app to spy on browsing histories.. |
|
|
|
|
2019-02-12 22:59:04 |
Siemens Warns of Critical Remote-Code Execution ICS Flaw (lien direct) |
The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications. |
|
|
|
|
2019-02-12 21:37:04 |
Double-Stuffed: Dunkin\' Hit by Another Credential-Stuffing Attack (lien direct) |
Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which is Dunkin’s loyalty program. Names, email addresses, 16-digit DD Perks […] |
|
|
|
|
2019-02-12 21:34:00 |
Microsoft Patches Zero-Day Browser Bug Under Active Attack (lien direct) |
In its February Patch Tuesday bulletin Microsoft patches four public bugs and one that under active attack. |
|
|
|
|
2019-02-12 20:29:01 |
Critical WordPress Plugin Flaw Allows Complete Website Takeover (lien direct) |
Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22. |
|
|
|