What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-03-21 18:48:57 | Critical Moodle Vulnerability Could Lead to Server Compromise (lien direct) | A critical vulnerability in Moodle, an open source system deployed across hundreds of thousands of universities, could expose the server to compromise. | |||
|
2017-03-21 18:28:44 | Code Execution Vulnerability Found in Libpurple IM Library (lien direct) | A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Adium for the macOS platform. | |||
|
2017-03-21 17:11:57 | Locky, Cerber Ransomware Skilled at Hiding (lien direct) | Since January, a number of ransomware families are sharing a common infrastructure with different techniques allowing the malware to hide from detection systems. | |||
|
2017-03-21 15:54:32 | Latest Tax Scams Include Phishing Lures, Malware (lien direct) | Microsoft warns this year's crop of tax scams use social engineering attacks based on fear to spread banking Trojans and collect personal info. | |||
|
2017-03-20 18:50:07 | Local Windows Admins Can Hijack Sessions Without Credentials (lien direct) | A researcher has published a method by which a local admin can hijack any other Windows sessions without the need for credentials. | |||
|
2017-03-20 17:50:08 | Mozilla Patches Pwn2Own Zero Day in Firefox (lien direct) | Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday. | |||
|
2017-03-20 17:20:41 | Cisco Warns of Critical Vulnerability Revealed in \'Vault 7\' Data Dump (lien direct) | Cisco said an unpatched critical vulnerability exposed by WikiLeaks' Vault 7 release of CIA documents could give an attacker full control of the targeted switches and routers. | |||
|
2017-03-20 14:35:22 | Jon Oberheide on Perimeter Security (lien direct) | Mike Mimoso talks to Duo Security co-founder and CTO Jon Oberheide at RSA Conference about Google's BeyondCorp security model, enforcing perimeter security, how endpoint security has evolved through the years, and the future of passwords. | |||
|
2017-03-17 18:12:23 | VM Escape Earns Hackers $105K at Pwn2Own (lien direct) | Hackers pulled off a VM escape and took down Adobe Flash, Microsoft Windows and Edge, Apple Safari and macOS, and Mozilla Firefox at Pwn2Own 2017. | |||
|
2017-03-17 16:49:50 | Vulnerability Disclosed in Ubquiti Networks Admin Interface (lien direct) | Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November went unresolved. | |||
|
2017-03-17 15:00:57 | Threatpost News Wrap, March 17, 2017 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft's silence around February's Patch Tuesday, and a nasty SAP bug. | |||
|
2017-03-17 13:00:04 | GitHub Code Execution Bug Fetches $18,000 Bounty (lien direct) | GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company's enterprise management console. | |||
|
2017-03-17 10:00:24 | US-CERT Warns HTTPS Inspection May Degrade TLS Security (lien direct) | Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure. | ★★★ | ||
|
2017-03-16 18:00:35 | Fileless Malware Campaigns Tied to Same Attacker (lien direct) | Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group. | |||
|
2017-03-16 16:32:15 | Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017 (lien direct) | On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux. | |||
|
2017-03-15 20:59:01 | Intel, Microsoft Announce New Bug Bounties (lien direct) | Intel and Microsoft announced bug bounties, paying $30,000 and $15,000 respectively for critical vulnerabilities. | |||
|
2017-03-15 18:35:35 | WhatsApp, Telegram Vulnerabilities Exposed Users to Account Takeover (lien direct) | WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user's account. | |||
|
2017-03-15 17:32:37 | FSB Officers, Criminal Hackers Indicted in Yahoo Breach (lien direct) | The Department of Justice indicted four individuals, including two Russian FSB officers, for their roles in the Yahoo breach. | Yahoo | ||
|
2017-03-15 15:46:04 | JSON Libraries Patched Against Invalid Curve Crypto Attack (lien direct) | JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. | |||
|
2017-03-15 13:30:29 | Where Have All The Exploit Kits Gone? (lien direct) | For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what's replaced them? | |||
|
2017-03-14 19:40:58 | Google Eliminates Android Adfraud Botnet Chamois (lien direct) | Google removed a family of malicious apps, Chamois, from its Play marketplace recently that were found manipulating ad traffic. | |||
|
2017-03-14 19:26:24 | Patch Tuesday Returns; Microsoft Quiet on Postponement (lien direct) | Microsoft released 18 security bulletins, eight rated critical. The company also patched publicly disclosed vulnerabilities that surfaced since last month's postponement of Patch Tuesday. | |||
|
2017-03-14 16:39:13 | Adobe Fixes Six Code Execution Bugs in Flash (lien direct) | Adobe fixed seven vulnerabilities, six that could lead to code execution, in Flash Player on Tuesday. | Guideline | ||
|
2017-03-14 15:43:01 | WordPress REST API Bug Could Be Used in Stored XSS Attacks (lien direct) | The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks. | ★★★ | ||
|
2017-03-14 12:56:25 | SAP Patches Critical HANA Vulnerability That Allowed Full Access (lien direct) | SAP patched a critical vulnerability in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise, without authentication. | |||
|
2017-03-13 20:48:49 | (Déjà vu) 38 Android Devices Infected with Malware Preinstalled in Supply Chain (lien direct) | Researchers at Check Point found and remediated malware on 38 Android devices that were infected somewhere along the supply chain. | |||
|
2017-03-13 18:52:08 | Credit Card Scrapers Continue to Target Magento (lien direct) | Researchers said last week they came across a malicious function that was snuck into a module in Magento in order to steal credit card information. | |||
|
2017-03-13 18:01:22 | March Android Security Update Breaks SafetyNet, Android Pay (lien direct) | Google has re-issued its over-the-air Android security update after Nexus 6 users reported that the patches broke the SafetyNet API and features such as Android Pay no longer worked. | |||
|
2017-03-13 15:59:35 | Telepresence Robots Patched Against Data Leaks (lien direct) | Double Robotics telepresence robots were patched against vulnerabilities that leaked device data and session keys and tokens. | |||
|
2017-03-13 14:27:18 | Cody Pierce on the Future of Exploit Development (lien direct) | Mike Mimoso talks to Cody Pierce, director of vulnerability research and prevention with Endgame, at RSA Conference 2017 about how attackers are changing their techniques in the face of mitigations. | |||
|
2017-03-10 16:43:32 | Google Chrome 57 Browser Update Patches \'High\' Severity Flaws (lien direct) | Google paid out $38,000 in bounty rewards tied to flaws it fixed with a Chrome 57 browser update. | |||
|
2017-03-10 16:00:43 | Threatpost News Wrap, March 10, 2017 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week including a rash of new IP camera backdoors, James Comey's talk at Boston College, hacking back vs. active defense, and the DOJ dropping one of its Playpen cases. | |||
|
2017-03-10 15:51:01 | Apache Attack Traffic Dropping, Limited to Few Sources (lien direct) | While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said. | |||
|
2017-03-10 14:00:30 | Privilege Escalation Flaw Patched in Schneider Wonderware (lien direct) | Schneider Electric patched a vulnerability in the Tableau Server running in its Wonderware analytics and visualization platform that could allow an attacker to elevate privileges. | |||
|
2017-03-10 12:00:25 | Zero Days Have Staying Power (lien direct) | A look at 200 zero day vulnerabilities reveals key details on longevity, value and how long it takes to create one after a software vulnerability has been identified. | |||
|
2017-03-09 21:59:06 | Hundreds of Thousands of Vulnerable IP Cameras Easy Target for Botnet, Researcher Says (lien direct) | A researcher claims that almost 200,000 shoddily made IP cameras could be an easy target for attackers looking to spy, brute force them or steal their credentials. | |||
|
2017-03-09 17:25:46 | Attacks Heating Up Against Apache Struts 2 Vulnerability (lien direct) | Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack. | |||
|
2017-03-08 20:41:35 | Senator Demands Answers About CloudPets Breach (lien direct) | A U.S. senator from Florida sent Spiral Toys CEO Mark Meyers a letter demanding answers about the recent CloudPets breach. | |||
|
2017-03-08 19:03:32 | Confide Updates App After Critical Security Issues Are Raised (lien direct) | The makers of the popular messaging app Confide said Wednesday it has patched multiple security vulnerabilities that could have allowed hackers to intercept messages sent using its secure end-to-end messaging platform. | |||
|
2017-03-08 17:36:35 | Firefox 52 Expands Non-Secure HTTP Warnings, Enables SHA-1 Deprecation (lien direct) | The latest version of Firefox expands non-secure HTTP warnings, enables SHA-1 deprecation by default, and removes support for NPAPI. | |||
|
2017-03-08 16:02:23 | Comey Talks Strong Crypto, Silent on WikiLeaks (lien direct) | FBI Director James Comey revived old rhetoric on strong encryption during a keynote at the Boston Conference on Cyber Security. He did not address the leak of CIA hacking tools or Russia during his talk. | |||
|
2017-03-07 20:40:39 | WordPress 4.7.3 Patches Half-Dozen Vulnerabilities (lien direct) | WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability. | |||
|
2017-03-07 18:58:35 | Unpatched Western Digital Bugs Leave NAS Boxes Open to Attack (lien direct) | Western Digital NAS owners were warned of critical flaws in the company's My Cloud line of hardware that opened up data stored on those devices to attack. | |||
|
2017-03-07 18:41:56 | Dahua Patching Backdoor in DVRs, IP Cameras (lien direct) | A researcher claims a backdoor exists in several DVRs and IP-enabled cameras manufactured by Dahua. | |||
|
2017-03-07 13:00:36 | Active Defense Bill Raises Concerns Of Potential Consequences (lien direct) | A bill that would exclude organizations from prosecution for hacking back is already stirring up some concerns about potential unintended consequences. | |||
|
2017-03-06 20:33:24 | DOJ Dismisses Playpen Case to Keep Tor Hack Private (lien direct) | Prosecutors with the U.S. Department of Justice dropped their case against a suspect who visited the dark web site child pornography site Playpen. | |||
|
2017-03-06 19:57:59 | Spammer\'s Leaky Backup Exposes Massive Empire (lien direct) | A massive spam operation that sent out more than one billion messages a day was exposed by researchers who called the operation "illegal" and a “tangible threat to online privacy and security.†| |||
|
2017-03-06 19:27:49 | Destructive StoneDrill Wiper Malware On The Loose (lien direct) | Kaspersky Lab released details about new wiper malware called StoneDrill that bears similarities to Shamoon2 and an APT outfit known as NewsBeef. | Conference | APT 35 | |
|
2017-03-06 15:15:07 | Bruce Schneier on IoT Regulation (lien direct) | Bruce Schneier talks about the early days of the RSA Conference, his campaign for IoT regulation, and more. | |||
|
2017-03-04 13:00:25 | New Fileless Attack Using DNS Queries to Carry Out PowerShell Commands (lien direct) | A unique attack called DNSMessenger uses DNS queries to carry out malicious PowerShell commands on compromised computers. |
To see everything:
Our RSS (filtrered)
