What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-10-16 14:16:32 | KRACK Attack Devastates Wi-Fi Security (lien direct) | The KRACK, or key reinstallation attack, disclosed today allow attackers to decrypt encrypted traffic, steal data and inject malicious code depending on the network configuration. | |||
|
2017-10-14 14:00:05 | Cyberespionage Group Steps Up Campaigns Against Japanese Firms (lien direct) | Researchers unearth new tactics and strategies used by the criminals behind the hacking group known as Bronze Butler. | |||
|
2017-10-13 16:33:31 | Hyatt Hit By Credit Card Breach, Again (lien direct) | Hyatt said its payment systems have been breached, exposing credit card data from 41 hotels in 11 countries between March and July this year. | |||
|
2017-10-13 15:59:38 | Google Busy Removing More Malicious Chrome Extensions from Web Store (lien direct) | Three malicious Chrome extensions spoofing AdBlock Plus were removed from the Chrome Web Store this week. | |||
|
2017-10-13 15:00:39 | Chris Brook Says Farewell to Threatpost (lien direct) | Staff writer Chris Brook says farewell to Threatpost after eight years on the site. He and Mike Mimoso talk about Threatpost's early days and how the site grew up alongside the security industry. | |||
|
2017-10-13 13:00:47 | Legacy Office Feature Used In Novel Document Attacks (lien direct) | A forgotten feature in Microsoft Office allows attackers to bypass antivirus scanners and pull off document-based attacks to install malware. | |||
|
2017-10-12 18:53:34 | Locky Gets Updated to \'Ykcol\', Part of Rapid-Fire Spam Campaigns (lien direct) | Researchers say in a 30-day period cybercriminals behind the Locky ransomware have updated the malware three times and have stepped up spam campaigns. | |||
|
2017-10-12 16:32:54 | Equifax Takes Down Compromised Page Redirecting to Adware Download (lien direct) | Equifax has temporarily taken down one of its consumer-facing credit report services after the webpage was compromised and serving adware via a phony Flash Player download. | Equifax | ||
|
2017-10-12 14:00:43 | Down the Rabbit Hole with a BLU Phone Infection (lien direct) | Much-maligned BLU phones have been a privacy and spyware nightmare. Threatpost shares the story of one victim who experienced firsthand a relentless wave of unwanted programs, spyware and frustration. | |||
|
2017-10-11 18:23:17 | Vendor BPC Banking Silent on Patching SQL Injection in SmartVista Ecommerce Software (lien direct) | A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. | ★★★ | ||
|
2017-10-11 15:36:39 | RubyGems Patches Remote Code Execution Vulnerability (lien direct) | RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. | ★★★★★ | ||
|
2017-10-10 20:44:08 | Microsoft Patches Office Bug Actively Being Exploited (lien direct) | Microsoft's Patch Tuesday security bulletin includes 62 fixes for vulnerabilities tied to Office, SBM1 and the Windows DNS client. | |||
|
2017-10-10 19:32:59 | Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket (lien direct) | Global consulting firm Accenture is the latest giant organization leaving sensitive internal and customer data exposed in a publicly available Amazon Web Services S3 storage bucket. | |||
|
2017-10-10 18:00:55 | Microsoft Patches Critical Windows DNS Client Vulnerabilities (lien direct) | Microsoft patched three memory corruption vulnerabilities in the Windows DNS client that could be abused by a man-in-the-middle attacker to run arbitrary code. | |||
|
2017-10-10 17:53:18 | Porn Site Becomes Hub for Malvertising Campaigns (lien direct) | A popular porn site is used by KovCoreG Group to launch multiple malvertising campaigns exposing millions to fake browser updates and malware. | |||
|
2017-10-09 15:00:53 | FormBook Malware Targets US Defense Contractors, Aerospace and Manufacturing Sectors (lien direct) | FormBook info-stealing malware has been part of two recent distribution campaigns and is being sold on the Dark Web for as little as $29 a week. | |||
|
2017-10-09 13:00:39 | NFL Players, Agents Targeted in Database Extortion Attempt (lien direct) | Researchers uncover a misconfigured Elasticsearch database, exposing data tied to NFL players and their agents. | |||
|
2017-10-06 17:25:09 | Security Industry Failing to Establish Trust (lien direct) | During the Virus Bulletin closing keynote, Brian Honan urged the security industry to share more, victim-shame less and work harder to establish trust. | |||
|
2017-10-06 09:42:06 | Emergency Apple Patch Fixes High Sierra Password Hint Leak (lien direct) | Apple rushed out an emergency patch that fixed an bug in High Sierra that revealed APFS volume passwords via the password hint feature. | |||
|
2017-10-06 07:53:50 | US Top Law Enforcement Calls Strong Encryption a \'Serious Problem\' (lien direct) | U.S. Deputy Attorney General and other top cyber policy makers warn the use of strong encryption hobbles law enforcement's ability to protect the public and solve crimes and is a serious problem. | |||
|
2017-10-05 16:11:32 | Latin American ATM Thieves Turning to Hacking (lien direct) | Thieves in Latin American countries are turning to Eastern European hackers to build ATM malware from scratch, according to a Virus Bulletin talk by researchers at Kaspersky Lab. | |||
|
2017-10-05 09:18:47 | Inside the CCleaner Backdoor Attack (lien direct) | Two members of Avast's threat intelligence team shared new information about the CCleaner backdoor attack. | CCleaner | ||
|
2017-10-05 06:57:42 | Attackers Redefining Objectives, Approaches (lien direct) | The nature of cyberattacks is changing and increasingly leveraging social networks as they take aim at new targets. | |||
|
2017-10-04 17:26:49 | Experts Have Sobering Message on Human Rights, Privacy for Security Pros (lien direct) | Speakers at Virus Bulletin painted grim pictures of the threats to physical safety and civil liberties posed by commercial spyware and high-end surveillance software often sold to governments. | |||
|
2017-10-04 15:00:44 | Costin Raiu and Juan Andres Guerrero-Saade on APT Fourth-Party Collection (lien direct) | Costin Raiu and Juan Andres Guerrero-Saade talk to Mike Mimoso live from Virus Bulletin in Madrid about APTs leveraging one anothers' attacks and compromised machines as their own. | |||
|
2017-10-04 11:50:03 | Cloudflare CTO Goes Inside the Cloudbleed Bug (lien direct) | Cloudflare's chief technology officer was frank and apologetic about February's Cloudbleed bug during today's Virus Bulletin 2017 keynote. | ★★ | ||
|
2017-10-04 06:57:56 | 2013 Yahoo Breach Affected All 3 Billion Accounts (lien direct) | Yahoo on Tuesday released an update to its 2013 breach, notifying users that all 3 billion accounts in existence at the time were compromised. | Yahoo | ||
|
2017-10-03 20:42:31 | Five Critical Android Bugs Get Patched in October Update (lien direct) | Android receives three remote code execution patches for vulnerabilities rated critical as Google launches a new Pixel/Nexus Security Bulletin. | |||
|
2017-10-03 19:27:08 | Equifax Says 145.5M Affected by Breach, Ex-CEO Testifies (lien direct) | The credit bureau Equifax said Monday the information of 145.5M Americans, was implicated in this summer's breach. | Equifax | ||
|
2017-10-03 17:16:06 | Google Warns of DoS and RCE Bugs in Dnsmasq (lien direct) | A domain name system server implementation is at risk of remote code execution, information exposure and denial-of-service attacks after a seven vulnerability were disclosed by Google and patched by the maintainers of Dnsmasq. | |||
|
2017-10-02 19:13:38 | Netgear Fixes 50 Vulnerabilities in Routers, Switches, NAS Devices (lien direct) | Netgear patches over a dozen vulnerabilities impacting its routers, switches and NAS devices. | |||
|
2017-10-02 17:43:25 | Judge: FBI Can Keep iPhone Crack and Price Secret (lien direct) | The FBI can keep details around how much it paid and which company it hired to unlock a terrorist's iPhone 5C in 2016 secret, the court ruled over the weekend. | |||
|
2017-10-02 15:00:44 | (Déjà vu) Gary McGraw on BSIMM8 and Software Security (lien direct) | Software security pioneer Gary McGraw talks to Mike Mimoso about the latest iteration of the Building Security In Maturity Model (BSIMM) report. | |||
|
2017-09-29 15:50:16 | Siemens Patches Improper Access Vulnerability in Ruggedcom Protocol (lien direct) | Industrial manufacturer Siemens is encouraging users running devices that use its Ruggedcom protocol to apply firmware updates this week. The updates resolve a serious and remotely exploitable vulnerability that could let an attacker carry out administrative actions. | |||
|
2017-09-29 15:00:10 | ICANN Postpones Scheduled DNS Crypto Key Rollover (lien direct) | ICANN, the overseer of the Internet's namespace, announced this week that it was postponing a scheduled change to the cryptographic key that protects the Domain Name System. | ★★★★ | ||
|
2017-09-29 13:00:55 | Threatpost News Wrap, September 29, 2017 (lien direct) | The macOS Keychain attack, Signal's new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed. | Deloitte | ★★★★★ | |
|
2017-09-29 12:00:07 | Macs Not Receiving EFI Firmware Security Updates as Expected (lien direct) | Researchers at Duo Security are expected today at Ekoparty to reveal data and a paper that shows Mac users are not receiving EFI firmware updates at expected. | |||
|
2017-09-28 20:00:57 | Google to Enforce HSTS on TLDs it Operates (lien direct) | Google, through Google Domains, operates many TLDs, and this week said it would begin enforcing HSTS on those TLDs. HSTS forces secure client connections over HTTPS. | |||
|
2017-09-28 18:40:23 | Civil Liberties Activists Hit By Phishing Campaign (lien direct) | Digital civil liberty activists with Fight for the Future and Free Press were hit with a phishing emails designed to steal business credentials earlier this summer. | |||
|
2017-09-28 14:36:16 | Windows Defender Bypass Tricks OS into Running Malicious Code (lien direct) | Researchers at CyberArk have devised a Windows Defender bypass that tricks the operating system into executing malicious code while Defender scans a benign file. | |||
|
2017-09-27 17:48:52 | Gatekeeper Alone Won\'t Mitigate Apple Keychain Attack (lien direct) | Apple said that macOS' native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won't help against Mac malware signed with an Apple certificate. | |||
|
2017-09-27 17:16:16 | Signal Testing New Private Contact Discovery Service (lien direct) | Signal is testing out a new private contact discovery service that will let the app determine if a user has Signal contacts in their address book, but forbid its servers from accessing the users' address book. | |||
|
2017-09-27 12:00:25 | Remote Wi-Fi Attack Backdoors iPhone 7 (lien direct) | Google's Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11. | |||
|
2017-09-26 18:28:26 | Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug (lien direct) | Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week. | Equifax | ||
|
2017-09-26 18:00:43 | macOS High Sierra Available-And Vulnerable to Keychain Attack (lien direct) | Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched. | |||
|
2017-09-26 14:36:21 | Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities (lien direct) | IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk. Of the 13 firms notified, only two acknowledged the disclosure. | |||
|
2017-09-25 18:45:15 | Deloitte: \'Very Few Clients\' Impacted by Cyber Attack (lien direct) | Deloitte, one of the "big four" global accounting firms, admitted it fell victim to a cyber attack last year but downplayed the incident on Monday saying it only affected a few of its high profile clients. | Deloitte | ||
|
2017-09-25 18:17:55 | Android Lockscreen Patterns Less Secure Than PINs (lien direct) | Researchers settle PIN versus pattern debate with study that proves a low-tech hack makes cracking an unlock screen simple. | |||
|
2017-09-25 15:15:30 | Chris Vickery on Amazon S3 Data Leaks (lien direct) | Mike Mimoso talks to Chris Vickery of Upguard of the recent rash of Amazon S3 data leaks. | |||
|
2017-09-25 13:30:40 | Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse (lien direct) | Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog. |
To see everything:
