Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-21 15:55:00 |
New Virobot ransomware will also log keystrokes, add PC to a spam botnet (lien direct) |
Virobot will use locally installed Outlook instances to spam other users and spread a copy of itself. |
Ransomware
Spam
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-21 12:48:00 |
Thousands of WordPress sites backdoored with malicious code (lien direct) |
Malicious code redirects users to tech support scams, some of which use new "evil cursor" Chrome bug. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-21 09:25:03 |
Cisco releases fixes for remote code execution flaws in Webex Network Recording Player (lien direct) |
The bugs could be weaponized to hijack vulnerable software and cause untold damage to victim machines. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-21 08:23:00 |
Google Zero Day team discloses unpatched Microsoft Jet RCE vulnerability (lien direct) |
Exploit of the security flaw can lead to the remote execution of malicious code. |
Vulnerability
Guideline
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-21 02:24:00 |
AdGuard resets all user passwords after credential stuffing attack (lien direct) |
Attackers gained access to some AdGuard accounts but company can't tell how many. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-21 01:31:04 |
Canadian retailer\'s servers storing 15 years of user data sold on Craigslist (lien direct) |
NCIX did not wipe or encrypt servers when it closed down and filed for bankruptcy in 2017. Their customers' data is now peddled online by Richmond-based individual. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 22:11:00 |
Bug hunters fail third year in a row to get top prize in Android hacking program (lien direct) |
Bug hunters earned over $3 million in rewards for security flaws found in the Android OS since 2015. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 16:23:02 |
French cyber-security agency open-sources CLIP OS, a security hardened OS (lien direct) |
CLIP OS 4 and CLIP OS 5 now available to everyone on GitHub, not just French cyber-spies. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 14:32:05 |
Cloudflare ends CAPTCHA challenges for Tor users (lien direct) |
Company launches new Cloudflare Onion Service. Only Tor Browser 8 and Tor Browser for Android users will see less or no CAPTCHAs. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 12:58:00 |
Chinese police arrest hacker who sold data of millions of hotel guests on the dark web (lien direct) |
Hacker was selling 141.5GB of data from Huazhu Hotels Group. He also attempted to blackmail the hotel chain to pay for its own data. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 12:11:04 |
This Russian botnet mimics your click to prevent Android device factory resets (lien direct) |
Black Rose Lucy has turned up as a new offering in the Malware-as-a-Service (MaaS) space. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 12:05:00 |
Remove yourself from people search sites and erase your online presence (lien direct) |
Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 10:06:05 |
NSS Labs files lawsuit over alleged CrowdStrike, Symantec, ESET product test conspiracy (lien direct) |
The antitrust case claims that the cybersecurity vendors have conspired to prevent independent, unbiased tests of their antivirus products. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 08:06:00 |
Adobe releases patch out of schedule to squash critical code execution bug (lien direct) |
The vulnerabilities resolved in the update impact both Microsoft Windows and Apple MacOS systems. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-20 07:25:00 |
Equifax fined £500,000 over customer data breach (lien direct) |
If the security incident had taken place after GDPR came into play, the fine may have been far higher. |
Data Breach
|
Equifax
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 22:50:05 |
Hackers swipe card numbers from local government payment portals (lien direct) |
FireEye report confirms previous rumors of Click2Gov portal hacks. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 20:00:00 |
Zaif cryptocurrency exchange loses $60 million in recent hack (lien direct) |
The Osaka-based cryptocurrency exchange discovered hack two days ago, and is working to secure funds to reimburse affected users. |
Hack
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 17:40:00 |
Access to over 3,000 backdoored sites sold on Russian hacking forum (lien direct) |
Researchers blow the lid on MagBO, a marketplace for selling access to hacked sites |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 16:02:00 |
Bug in Bitcoin code also opens smaller cryptocurrencies to attacks (lien direct) |
Simple denial of service bug can crash unpatched Bitcoin network nodes and may also affect many Bitcoin-based cryptocurrency offshoots. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 13:43:00 |
Magecart claims another victim in Newegg merchant data theft (lien direct) |
Researchers have found another example of Magecart's covert activities only 24 hours after the last incident concerning the prolific hacking group. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 10:00:01 |
Hackers peddle thousands of air miles on the Dark Web for pocket money (lien direct) |
Underground sellers are offering stolen air miles for a fraction of their true cost to the detriment of their true owners. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 10:00:00 |
Credential stuffing attacks cause heartache for the financial sector (lien direct) |
Over 30 billion login attempts using this attack technique have been recorded in less than a year. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 09:07:03 |
Mirai botnet authors avoid prison after "substantial assistance" to the FBI (lien direct) |
Mirai botnet authors go from black hats to white hats. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 08:02:05 |
State Department reveals data breach, employee information exposed (lien direct) |
The data breach took place due to a compromised email system belonging to the department. |
Data Breach
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-19 07:41:05 |
This Windows file may be secretly hoarding your passwords and emails (lien direct) |
A little-known Windows feature will create a file that stores text extracted from all the emails and plaintext-files found on your PC, which sometimes may reveal passwords or private conversations. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-18 17:31:00 |
Symantec offers free website spoofing protection for US midterm elections (lien direct) |
After Microsoft and Facebook, now Symantec, too, offers free security tools for election officials and midterm candidates. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-18 15:22:05 |
Expandable ads can be entry points for site hacks (lien direct) |
Researcher finds XSS vulnerabilities in iframe busters, scripts that power expandable ads that grow and cover a large area of the page. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-18 15:17:00 |
Broadcaster ABS-CBN customer data stolen, sent to Russian servers (lien direct) |
Updated: The data theft is the work of Magecart, a group connected to attacks against British Airways and Ticketmaster. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-18 12:06:02 |
"Lawful intercept" Pegasus spyware found deployed in 45 countries (lien direct) |
At least ten operators of Pegasus spyware have deployed the malware outside their country's border, new Citizen Lab report finds. |
Malware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-18 09:59:02 |
MongoDB server leaks 11 million user records from e-marketing service (lien direct) |
Database has now been secured. Server was also ransomed by a criminal group back in June. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-18 09:55:04 |
Bizarre botnet infects your PC to scrub away cryptocurrency mining malware (lien direct) |
The peculiar botnet, based on Satori, compromises your devices for the sole purpose of cleaning them up. |
Malware
|
Satori
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-18 09:08:00 |
GovPayNow payment portal may have exposed over 14 million customer records (lien direct) |
Names, addresses, and financial data were reportedly compromised due to lax security practices. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-18 04:40:00 |
UK watchdog has not issued any GDPR data breach-related fines yet (lien direct) |
UK official says ICO has been receiving 500 calls a week to the agency's breach reporting line since May 25, the day the new GDPR regulation entered into effect. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 22:29:02 |
US lawmakers introduce bill to fight cybersecurity workforce shortage (lien direct) |
Report claims US public and private sectors had over 300,000 cybersecurity-related job openings between April 2017 and March 2018. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 21:01:05 |
New XBash malware combines ransomware, coinminer, botnet, and worm features in deadly combo (lien direct) |
New XBash malware strain targets both Linux and Windows servers |
Malware
|
|
★★★★★
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 19:52:00 |
Apple iOS 12 security update tackles Safari spoofing, data leaks, kernel memory flaws (lien direct) |
The iPad and iPhone maker's iOS 12 launch is accompanied by a slew of security updates for various products. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 16:17:05 |
Facebook bolsters bug bounty program with rewards for user token exposure (lien direct) |
If you submit a valid case of Facebook user access token leaks, you are eligible for a financial reward. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 16:00:01 |
Hackers hijack surveillance camera footage with \'Peekaboo\' zero-day vulnerability (lien direct) |
The previously unknown security flaw in Nuuo software is thought to impact hundreds of thousands of devices worldwide. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 14:36:01 |
(Déjà vu) Ordinary WiFi devices can be used to detect suspicious luggage, bombs, weapons (lien direct) |
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 14:36:00 |
Ordinary Wi-Fi devices can be used to detect suspicious luggage, bombs, weapons (lien direct) |
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 10:53:04 |
(Déjà vu) How the Windows EternalBlue exploit lives on and why it refuses to die (lien direct) |
Cryptojacking, endless infection loops, and more are ensuring that the leaked NSA tool continues to disrupt the enterprise worldwide. |
Tool
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 10:53:00 |
Why the \'fixed\' Windows EternalBlue exploit won\'t die (lien direct) |
Cryptojacking, endless infection loops, and more are ensuring that the leaked NSA tool continues to disrupt the enterprise worldwide. |
Tool
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-17 08:46:05 |
GAW Miners CEO earns prison time for defrauding customers of $9 million (lien direct) |
The company operated a Ponzi scheme under the guise of cryptocurrency mining. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-16 21:56:00 |
Ransomware attack blacks out screens at Bristol Airport (lien direct) |
Airport officials decline to pay ransom demand and manually restore all affected systems. Functionality has been restored to all screens after two days. |
Ransomware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-16 13:51:02 |
Critical infrastructure will have to operate if there\'s malware on it or not (lien direct) |
Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security. |
Malware
|
|
★★★★★
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-15 22:33:00 |
Nasty piece of CSS code crashes and restarts iPhones (lien direct) |
Vulnerability most likely affects any iOS and macOS app that uses the WebKit rendering engine to display web pages. Apple is investigating. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-14 23:04:00 |
FragmentSmack vulnerability also affects Windows, but Microsoft patched it (lien direct) |
FragmentStack can drive CPU usage up through the roof, jamming servers bombarded with malformed IP packets. Just the ideal vulnerability for DDoS attacks on Windows servers. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-14 18:38:05 |
US loses extradition battle with Russia for Bitcoin kingpin (lien direct) |
Around 95 percent of all ransomware payments were laundered through Vinnik's BTC-e platform. |
Ransomware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-14 15:28:03 |
Blockchain betting app mocks competitor for getting hacked. Gets hacked four days later (lien direct) |
Hacker steals roughly $125,000 from blockchain-based online gambling app by exploiting vulnerability in EOS smart contract (game's source code). |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-09-14 14:02:00 |
Data breaches affect stock performance in the long run, study finds (lien direct) |
Study finds that stocks from 28 companies that suffered large breaches had underperformed on the stock market. |
|
|
|