Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-09 13:00:03 |
Private Equity Firms Interested in Buying Symantec for $16 Billion: Report (lien direct) |
Private equity firms Permira and Advent International are interested in acquiring Symantec's consumer business for more than $16 billion, The Wall Street Journal reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-09 12:04:01 |
Several Vulnerabilities Found in Red Lion HMI Software (lien direct) |
Researchers have discovered several vulnerabilities, including ones that have been classified as serious, in a human-machine interface (HMI) programming software made by U.S.-based Red Lion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-09 10:07:02 |
China-Linked \'Thrip\' Cyberspies Continue Attacks on Southeast Asia (lien direct) |
The China-linked threat actor tracked by Symantec as Thrip has continued to target entities in Southeast Asia even after the cybersecurity firm exposed its operations.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-09 08:09:02 |
Cisco Releases GhIDA and Ghidraaas Tools for IDA Pro (lien direct) |
Cisco Talos has released two new open source tools for IDA Pro, namely GhIDA, an IDA Pro plugin, and Ghidraaas (Ghidra as a Service), a docker container.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-09 04:42:01 |
Parts of Wikipedia Offline After \'Malicious\' Attack (lien direct) |
Popular online reference website Wikipedia went down in several countries after the website was targeted by what it described as a "malicious attack".
The server of the Wikimedia Foundation, which hosts the site, suffered a "massive" Distributed Denial of Service (DDoS) attack, the organization's German account said in a tweet late Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-07 17:02:04 |
Apple: Security Report on iPhone Hack Created \'False Impression\' (lien direct) |
Apple hit back Friday at a Google research report suggesting iPhones may have been targeted by a long-running hacking operation, calling it inaccurate and misleading.
|
Hack
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 18:34:02 |
Three Strategies to Combat Anti-Analysis and Evasion Techniques (lien direct) |
“What happens if our network is compromised?” is a question that security professionals have been asking for some time. But for a variety of reasons – ranging from network transformation efforts to more sophisticated attack methods – this question has now become, “how do we even know if our network has been compromised?”
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 18:26:02 |
"Splintering" Makes Hacking Passwords 14 Million Percent Harder (lien direct) |
Tide Foundation Creating Marketplace Where PII Can be Safely Sold
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 18:20:01 |
Industrial Manufacturing Firm DK-LOK Exposes Emails, Customer Data (lien direct) |
South Korean-based manufacturer DK-LOK was found to leak internal and external communications, including data on clients, vpnMentor's researchers warn.
An industrial pipe, valve, and fittings manufacturer, DK-LOK has clients all around the world, and also has branches in various countries, including the United States.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 18:00:04 |
Oklahoma Pension Fund Reports $4.2 Million Cyber Theft (lien direct) |
Officials with the pension system for retired Oklahoma Highway Patrol troopers and other state law enforcement officers say the FBI is investigating after computer hackers stole $4.2 million in funds.
A notice posted on the Oklahoma Law Enforcement Retirement System website on Friday said no pension benefits of any members are at risk.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 15:32:04 |
Industry Reactions to Iranian Mole Planting Stuxnet: Feedback Friday (lien direct) |
Yahoo News reported this week that an Iranian mole recruited by Dutch intelligence helped the United States and Israel sabotage Iran's nuclear program by planting the |
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 14:16:04 |
Exim Vulnerability Allows Remote Code Execution as Root (lien direct) |
Exim mail servers are vulnerable to attacks due to a security hole that allows a local or remote attacker to execute arbitrary code with root privileges.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 12:49:03 |
Cisco Patches Remote Command Execution in Webex Teams Client (lien direct) |
Cisco this week addressed a High severity vulnerability in the Webex Teams client for Windows that could allow an attacker to execute commands remotely.
The issue is created “due to improper restrictions on software logging features used by the application on Windows operating systems.”
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 12:34:01 |
Unpatched Privilege Escalation Vulnerability Impacts Android (lien direct) |
The Android operating system is affected by a zero-day privilege escalation bug residing in the V4L2 driver, Trend Micro's Zero Day Initiative (ZDI) reveals.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 11:19:00 |
PerimeterX Raises Another $14 Million in Series C Round (lien direct) |
Website and mobile application protection company PerimeterX this week announced a $14 million extension to the Series C funding round it completed in February 2019.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 11:04:05 |
Firefox 69 Patches Critical Code Execution Flaw (lien direct) |
Mozilla this week released Firefox 69 in the stable channel with patches for 20 vulnerabilities, including one code execution bug rated Critical severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 10:50:03 |
No Ransom Paid in Recent Attack, Texas Says (lien direct) |
The Texas Department of Information Resources (DIR) says it is not aware of any ransom being paid to recover systems affected by a recent ransomware attack.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 10:21:01 |
Data Protection Firm BigID Raises $50 Million (lien direct) |
Data protection firm BigID announced on Thursday that it has raised $50 million in a Series C funding round, which brings the total raised by the company to nearly $100 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-06 04:33:00 |
Ransomware Attack Locks Out New Bedford City Data (lien direct) |
A Massachusetts mayor says hackers demanded $5.3 million from his city in a ransomware attack this summer.
New Bedford Mayor Jon Mitchell disclosed Wednesday that a variant of the Ryuk virus blocked access to information on 158 city computers in July. The Standard-Times reports the city had previously blamed an unspecified virus.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-05 14:39:01 |
Palo Alto Networks Acquires IoT Security Firm Zingbox for $75 Million (lien direct) |
Palo Alto Networks on Wednesday announced the acquisition of IoT security firm Zingbox for $75 million in cash, and made public its financial results for the fiscal year 2019.
Zingbox provides a cloud-based lifecycle management solution that uses AI and machine learning technologies to identify, secure and optimize devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-05 13:37:01 |
CircleCI Customer Data Exposed Through Third-Party Vendor (lien direct) |
CircleCI, a San Francisco-based company that specializes in continuous integration and delivery solutions, on Thursday informed customers that some of their information may have been exposed through a third-party analytics vendor.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-05 12:17:00 |
(Déjà vu) WordPress 5.2.3 Patches Several XSS Vulnerabilities (lien direct) |
WordPress developers on Thursday announced the availability of version 5.2.3, a maintenance and security release that includes 29 fixes and enhancements, along with several security patches.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-05 11:19:00 |
400 Mn Facebook Users\' Phone Numbers Exposed in Privacy Lapse: Reports (lien direct) |
Phone numbers linked to more than 400 million Facebook accounts were listed online in the latest privacy lapse for the social media giant, US media reported Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-05 10:43:03 |
The Power of Visualization to Accelerate Security Operations (lien direct) |
Every day we seem to hear of new and interesting linkages discovered by the medical and scientific communities. Just yesterday there was a report that young people who vape are 3.5 times more likely to try or use marijuana, compared to those who don't. Today, I heard another report on the radio stating if a person can keep their blood pressure in check, especially in middle age, it could lower the risk of developing dementia.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-05 09:37:04 |
Crimeware Risk Underestimated, Chronicle Finds (lien direct) |
The risk associated with crimeware is underestimated, despite a continuous increase in attacks involving financially motivated malware, a new report from Alphabet-owned security firm Chronicle reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-05 07:30:00 |
Tech Firms, US Officials Talk Election Protection at Facebook (lien direct) |
Facebook said technology firms and US officials met at its Silicon Valley headquarters on Wednesday to collaborate on protecting next year's presidential election from cyber threats.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-05 07:24:01 |
Twitter Temporarily Disables Tweeting via SMS After CEO Hack (lien direct) |
Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 18:17:05 |
TrickBot Makes Heavy Use of Evasion in Recent Attacks (lien direct) |
The operators behind the TrickBot malware have made heavy use of evasion and anti-analysis techniques in recently observed attacks, security researchers warn.
|
Malware
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 17:58:04 |
Android\'s September 2019 Patches Fix Nearly 50 Vulnerabilities (lien direct) |
Google this week released a new set of security patches for the Android platform, to address nearly 50 vulnerabilities in multiple components, including two critical flaws impacting the Media framework.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 17:44:03 |
Vulnerability in Network Provisioning Affects Majority of All Android Phones (lien direct) |
An SMS phishing attack against many modern Android phones could route all internet traffic through a proxy controlled by the attacker. The problem lies in weak (sometimes non-existent) authentication for over-the-air (OTA) provisioning.
|
Vulnerability
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 14:06:02 |
FireEye Releases Open Source Persistence Toolkit \'SharPersist\' (lien direct) |
FireEye on Tuesday announced the release of SharPersist, a free and open source Windows persistence toolkit designed for Red Teams, which help organizations test the efficiency of their protection systems and improve their security posture by assuming the role of an adversary.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 13:49:02 |
(Déjà vu) What the Segway Can Teach Us About Information Security (lien direct) |
The Segway Can Offer More Security Insight Than You Might Realize
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 12:36:04 |
Twitter CEO Hack Highlights Dangers of \'SIM Swap\' Fraud (lien direct) |
Even with considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his phone number.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 12:35:01 |
MITRE ATT&CK Used for Cybersecurity Skills Development (lien direct) |
By Mapping Skills and Training to MITRE ATT&CK, Skill Levels Can be Visualized in Real-Time
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 12:29:00 |
Code Execution Flaws Found in EZAutomation PLC, HMI Software (lien direct) |
Researchers discovered that two pieces of software made by U.S.-based industrial automation solutions provider EZAutomation are affected by potentially serious vulnerabilities that can be exploited for remote code execution.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 11:27:02 |
Huawei Accuses US of Cyberattacks, Coercing Employees (lien direct) |
Chinese telecom equipment maker Huawei accused U.S. authorities on Wednesday of attempting to break into its information systems and of trying to coerce its employees to gather information on the company.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 04:50:03 |
Over 328,000 Users Hit by Foxit Data Breach (lien direct) |
PDF solutions provider Foxit last week informed customers that it had recently detected unauthorized access to data associated with its “My Account” service.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-04 04:30:00 |
Zerodium Offers Up to $2.5 Million for Android Exploits (lien direct) |
Exploit acquisition firm Zerodium announced on Tuesday that it's offering up to $2.5 million for powerful Android exploits, more than what it's offering for the same type of exploit on iOS.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 21:28:04 |
Facial Recognition Becomes Opt-in Feature at Facebook (lien direct) |
Facebook on Tuesday said facial recognition technology applied to photos at the social network will be an opt-in feature.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 18:16:04 |
Zyxel Devices Can Be Hacked via DNS Requests, Hardcoded Credentials (lien direct) |
Multiple security vulnerabilities have been discovered by SEC Consult in various Zyxel devices, including flaws that involve sending unauthenticated DNS requests and hardcoded FTP credentials.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 15:07:01 |
Meet Domen, a New and Sophisticated Social Engineering Toolkit (lien direct) |
A new social engineering toolkit has been discovered. The operational premise has been used many times, but the execution of that premise is new and described by security researchers "a beautiful piece of work".
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 14:24:03 |
562,000 Impacted in XKCD Forum Data Breach (lien direct) |
The XKCD forum has been taken offline after suffering a data breach that impacted 562,000 subscribers.
The forum is associated with XKCD, a webcomic that American author Randall Munroe created in 2005, and which is described in its tagline as “A webcomic of romance, sarcasm, math, and language.”
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 14:12:01 |
Cisco Releases Guides for Analyzing Compromised Devices (lien direct) |
Cisco has released new guides to help first responders collect forensic evidence from potentially compromised or tampered with IOS, IOS XE, ASA, and Firepower Threat Defense (FTD) devices.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 12:47:04 |
Pitfalls to Avoid in Ransomware Incident Response Plan (lien direct) |
Targeted ransomware attacks with larger ransom demands have persisted as a fixture of the news cycle and scourge for security practitioners and business leaders alike over the last two years. And because, unfortunately, these types of attacks show no signs of slowing down anytime soon, having an adequate incident response (IR) plan prepared is essential. Here are some common pitfalls to avoid when developing your ransomware IR plan:
|
Ransomware
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 12:18:01 |
\'Heatstroke\' Phishing Campaign Takes Multi-Stage Approach (lien direct) |
A recently observed phishing campaign targeting victims' private email addresses has adopted a multi-stage approach in an attempt to avoid raising suspicion, Trend Micro reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 10:02:02 |
USBAnywhere: BMC Flaws Expose Supermicro Servers to Remote Attacks (lien direct) |
Tens of thousands of servers made by Supermicro could be exposed to remote attacks from the internet due to baseboard management controller (BMC) vulnerabilities identified by researchers at firmware security company Eclypsium.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-03 07:50:01 |
SIM Swapping Blamed for Hacking of Twitter CEO\'s Account (lien direct) |
Hackers were able to post offensive messages from the Twitter account of Jack Dorsey, the social media company's CEO, after they tricked his mobile services provider into handing over his phone number.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-02 15:14:03 |
TrickBot Tricks U.S. Users into Sharing their PIN Codes (lien direct) |
The threat actor behind the infamous TrickBot botnet has added new functionality to their malware to request PIN codes from mobile users, Secureworks reports.
|
Malware
Threat
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-02 13:57:02 |
Viral Chinese App Loses Face, But Not Fans, Over Privacy Concerns (lien direct) |
A Chinese face-swapping app that allows users to convincingly superimpose their own likeness over characters in movies or TV shows has rapidly become one of the country's most downloaded apps, but has triggered a backlash over privacy fears.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-02 11:24:02 |
Operation Indiscriminately Infects iPhones With Spyware (lien direct) |
Researchers say suspected nation-state hackers infected Apple iPhones with spyware over two years in what security experts on Friday called an alarming security failure for a company whose calling card is privacy.
|
|
|
★★
|