What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-11-15 03:36:00 | 0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones (lien direct) | At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked.
Three major flagship smartphones-iPhone X, Samsung Galaxy S9, and Xiaomi Mi6-were among the devices that successfully got hacked at the annual
|
|||
|
2018-11-14 07:26:02 | 7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs (lien direct) | Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information.
Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG, SpectreRSB, Spectre 1.1,
|
|||
|
2018-11-14 01:55:03 | 63 New Flaws (Including 0-Days) Windows Users Need to Patch Now (lien direct) | It's Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products.
This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity.
Two of the vulnerabilities
|
|||
|
2018-11-13 10:45:04 | Another Facebook Bug Could Have Exposed Your Private Information (lien direct) | Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk.
Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for
|
Vulnerability | ||
|
2018-11-13 04:34:04 | Cynet Review: Simplify Security with a True Security Platform (lien direct) | In 1999, Bruce Schneier wrote, "Complexity is the worst enemy of security." That was 19 years ago (!) and since then, cyber security has only become more complex.
Today, controls dramatically outnumber staff available to support them. The Bank of America has a $400-million cyber budget to hire security staff and implement a broad array of products.
But what if your budget and
|
|||
|
2018-11-12 05:12:01 | Top 5 Factors That Increase Cyber Security Salary The Most (lien direct) | Our partner Springboard, which provides online courses to help you advance your cybersecurity career with personalized mentorship from industry experts, recently researched current cybersecurity salaries and future earning potential in order to trace a path to how much money you can make.
Here's what they found were the most important factors for making sure you earn as much as possible:
1
|
|||
|
2018-11-12 04:55:01 | New APIs Suggest WPA3 Wi-Fi Security Support Coming Soon to Windows 10 (lien direct) | Windows 10 users don't have to wait much longer for the support of latest WPA3 Wi-Fi security standard, a new blog post from Microsoft apparently revealed.
The third version of Wi-Fi Protected Access, in-short WPA3, is the next generation of the wireless security protocol that has been designed to make it harder for attackers to hack WiFi password.
WPA3 was officially launched earlier this
|
Hack | ||
|
2018-11-09 00:22:02 | (Déjà vu) Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty (lien direct) | A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014.
According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. "DerpTroll," took down servers of several major gaming platforms including Electronic Arts' Origin service,
|
Guideline | ||
|
2018-11-08 10:47:05 | DJI Flaws Could Have Allowed Hackers to Hijack Users\' Drone Accounts (lien direct) | Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight.
Thought the vulnerability was discovered and responsibly reported by the
|
Vulnerability | ||
|
2018-11-08 07:21:03 | New Android API Lets Developers Push Updates Within their Apps (lien direct) | You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true.
Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional.
Along with the launch of a number of new tools and features at its Android Dev Summit 2018, Google has
|
|||
|
2018-11-08 03:13:00 | StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users (lien direct) | Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using.
ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websites that were bundled with the traffic tracking code from the leading web analytics platform
|
Malware Guideline | ||
|
2018-11-08 01:25:03 | Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online (lien direct) | An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox-a popular open source virtualization software developed by Oracle-that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine.
The vulnerability occurs due to memory corruption issues and affects
|
Vulnerability | ||
|
2018-11-07 01:01:00 | Popular WooCommerce WordPress Plugin Patches Critical Vulnerability (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store.
Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the
|
Vulnerability | ||
|
2018-11-06 01:21:04 | Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data (lien direct) | We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully.
Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected data without knowing the
|
|||
|
2018-11-04 01:24:00 | New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data (lien direct) | A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.
The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other
|
Vulnerability | ||
|
2018-11-02 02:16:05 | Accused CIA Leaker Faces New Charges of Leaking Information From Prison (lien direct) | Joshua Adam Schulte, a 30-year-old former CIA computer programmer who was indicted over four months ago for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges.
The news comes just hours after Schulte wrote a letter to the federal judge presiding over his case, accusing officials at Manhattan Metropolitan Correctional Center of
|
|||
|
2018-11-01 11:48:01 | Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks (lien direct) | Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world.
Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including
|
|||
|
2018-10-31 06:26:01 | Apple\'s New MacBook Disconnects Microphone "Physically" When Lid is Closed (lien direct) | Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations.
Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its
|
|||
|
2018-10-30 13:01:03 | New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1 (lien direct) | It's only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts' private information on a locked iPhone.
Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS
|
|||
|
2018-10-30 07:33:01 | Windows 10 Bug Let UWP Apps Access All Files Without Users\' Consent (lien direct) | Microsoft silently patched a bug in its Windows 10 operating system with the October 2018 update (version 1809) that allowed Microsoft Store apps with extensive file system permission to access all files on users' computers without their consent.
With Windows 10, Microsoft introduced a common platform, called Universal Windows Platform (UWP), that allows apps to run on any device running
|
|||
|
2018-10-30 03:16:01 | Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer (lien direct) | Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers.
Discovered by researchers at Cymulate, the bug abuses the 'Online Video' option in Word documents, a feature that allows users to embedded an online
|
Malware | ||
|
2018-10-30 01:18:05 | Signal Secure Messaging App Now Encrypts Sender\'s Identity As Well (lien direct) | Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication.
Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are fully end-to-end encrypted as they transmit across their servers, each message leaves behind some of
|
|||
|
2018-10-29 07:51:02 | Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON (lien direct) | Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment.
Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its
|
|||
|
2018-10-29 01:17:05 | IBM Buys "Red Hat" Open-Source Software Company for $34 Billion (lien direct) | It's been quite a year for the open source platforms.
Earlier this year, Microsoft acquired popular code repository hosting service GitHub for $7.5 billion, and now IBM has just announced the biggest open-source business deal ever.
IBM today confirmed that it would be acquiring open source Linux firm Red Hat for $190 per share in cash, working out to a total value of approximately $34 billion.
|
|||
|
2018-10-26 06:59:03 | New Privilege Escalation Flaw Affects Most Linux Distributions (lien direct) | An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.
Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an
|
|||
|
2018-10-25 06:26:00 | Facebook Fined £500,000 for Cambridge Analytica Data Scandal (lien direct) | Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users.
The fine has been imposed by the UK's Information Commissioner's Office (ICO) and was calculated using the UK's old Data Protection Act 1998 which can levy a maximum penalty of £500,000 - ironically that's
|
|||
|
2018-10-25 02:57:04 | Google Makes 2 Years of Android Security Updates Mandatory for Device Makers (lien direct) | When it comes to security updates, Android is a real mess.
Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their customers.
To deal with this issue, Google at its I/O Developer Conference May 2018 revealed the
|
|||
|
2018-10-24 04:32:02 | FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware (lien direct) | Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia.
TRITON, also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety
|
Malware | ||
|
2018-10-24 01:53:04 | Hacker Discloses New Windows Zero-Day Exploit On Twitter (lien direct) | A security researcher with Twitter alias SandboxEscaper-who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler-has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability.
SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege
|
Vulnerability | ||
|
2018-10-19 07:12:00 | Critical Flaw Found in Streaming Library Used by VLC and Other Media Players (lien direct) | Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library-which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media.
LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to
|
Vulnerability | ||
|
2018-10-19 01:35:04 | Critical Flaws Found in Amazon FreeRTOS IoT Operating System (lien direct) | A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems-called FreeRTOS-and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers.
What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)?
FreeRTOS is a leading open source real-time operating system (RTOS) for embedded
|
Guideline | ||
|
2018-10-17 11:16:00 | Tumblr Patches A Flaw That Could Have Exposed Users\' Account Info (lien direct) | Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts.
The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email
|
Vulnerability | ||
|
2018-10-17 07:18:02 | LuminosityLink Hacking Tool Author Gets 30-Months Prison Sentence (lien direct) | A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan (RAT) called LuminosityLink has now been sentenced to 30 months in prison.
According to a press release published Monday by U.S. Attorney's Office, Colton Grubbs, who used online moniker 'KFC Watermelon,' was pleaded guilty for three counts--unlawfully accessing
|
Tool Guideline | ||
|
2018-10-17 03:39:03 | LibSSH Flaw Allows Hackers to Take Over Servers Without Password (lien direct) | A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.
The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in
|
Vulnerability | ||
|
2018-10-17 02:08:04 | Google Will Charge Android Phone Makers to Use Its Apps In Europe (lien direct) | Would you prefer purchasing an Android device that doesn't have any apps or services from Google? No Google Maps, No Gmail, No YouTube!
And NOT even the Google Play Store-from where you could have installed any Android apps you want
Because if you live in Europe, from now on, you have to spend some extra cash on a smartphone with built-in Google services, which were otherwise until now
|
|||
|
2018-10-16 00:54:05 | New iPhone Bug Gives Anyone Access to Your Private Photos (lien direct) | A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week.
Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts
|
Vulnerability | ★★★★★ | |
|
2018-10-15 11:43:05 | Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020 (lien direct) | All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols.
Developed initially as Secure Sockets Layer (SSL) protocol, Transport Layer Security (TLS) is an updated cryptographic protocol used to
|
|||
|
2018-10-15 02:20:00 | Google to Encrypt Android Cloud Backups With Your Lock Screen Password (lien direct) | In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it.
Google allows Android users to automatically backup their essential app data and settings to their Google account, allowing them to simply restore it
|
|||
|
2018-10-13 03:24:00 | 30 Million Facebook Accounts Were Hacked: Check If You\'re One of Them (lien direct) | Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the 'View As' feature.
At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by
|
|||
|
2018-10-12 05:11:00 | Fortnite for Android Released, But Make Sure You Don\'t Download Malware (lien direct) | Yes, it is official. The massively popular battle royale video game from Epic Games, Fortnite: Battle Royale is finally available for Android devices.
Epic announced Thursday that the Android version of Fortnite is now available for everyone to download for free, so you no longer require an invite to play the most popular battle royale game on your phone.
Epic Games have provided a list of
|
Malware | ||
|
2018-10-12 02:07:00 | Google Adds Control-Flow Integrity to Beef up Android Kernel Security (lien direct) | Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities.
In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored
|
|||
|
2018-10-11 02:19:05 | French Dark-Web Drug Dealer Sentenced to 20 Years in US Prison (lien direct) | A dark web drugs kingpin who was arrested last year when he arrived in the United States to compete in the World Beard and Mustache Championships has now been sentenced to 20 years in prison.
On Tuesday, U.S. District Judge Robert N. Scola sentenced 36-year-old French national Gal Vallerius, aka "OxyMonster," after pleading guilty to conspiracy to possess with the intent to distribute
|
Guideline | ||
|
2018-10-10 00:43:04 | Just Answering A Video Call Could Compromise Your WhatsApp Account (lien direct) | What if just receiving a video call on WhatsApp could hack your smartphone?
This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app.
The vulnerability is a memory heap overflow issue
|
Hack Vulnerability | ||
|
2018-10-09 11:40:04 | Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities (lien direct) | Microsoft has just released its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products.
This month's security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server.
Out of 49 flaws
|
|||
|
2018-10-09 10:43:03 | Adobe Releases Security Patch Updates for 11 Vulnerabilities (lien direct) | Adobe has released its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity.
Adobe has also released updated versions for Flash Player, but surprisingly this month the software received no security patch update.
Also, none of the
|
|||
|
2018-10-09 01:37:00 | From Now On, Only Default Android Apps Can Access Call Log and SMS Data (lien direct) | A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident.
Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving users more control over what type of data they choose to share with each app.
The changes are part of
|
Data Breach | ||
|
2018-10-08 12:31:00 | Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users\' Data (lien direct) | Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers.
According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their
|
Data Breach Vulnerability | ||
|
2018-10-08 08:34:05 | New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access (lien direct) | A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought.
A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year.
The vulnerability, identified as CVE-2018-14847, was initially rated
|
Vulnerability | ||
|
2018-10-08 06:01:00 | How to Start a Career in Cybersecurity: All You Need to Know (lien direct) | Cybersecurity is one of the most dynamic and exciting fields in tech, combining cutting-edge information technology with crime fighting. It's also an industry in serious need of qualified professionals.
Estimates show that there are over one million unfilled cybersecurity jobs. The U.S. Bureau of Labor Statistics projects that employment of information security analysts will grow 28 percent
|
|||
|
2018-10-08 05:57:05 | 13 Free Movie Download Websites - Watch HD Movies Online (lien direct) | When you search for free movie download or watch free movies online, search engines serve you a long list of best free movie websites.
But you need to beware, as most free movies files and free movie site could end you up into downloading links to nasty computer viruses. They could infect or, at worst case, take control over your computer.
One more thing I have learned in these years is that
|
To see everything:
Our RSS (filtrered)
