What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-09-06 01:53:01 | Cisco Issues Security Patch Updates for 32 Flaws in its Products (lien direct) | Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild.
Out of the rest 29 vulnerabilities, fourteen are rated high and 15 medium in severity, addressing security flaws in Cisco
|
Vulnerability | ||
|
2018-09-05 02:09:05 | Someone Hijacked MEGA Chrome Extension to Steal Users\' Passwords (lien direct) | Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now.
The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users' cryptocurrency wallets.
|
|||
|
2018-09-04 02:53:01 | Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic (lien direct) | Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks.
Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy
|
Malware Vulnerability | ||
|
2018-09-03 10:06:00 | Google Secretly Tracks What You Buy Offline Using Mastercard Data (lien direct) | Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.
Google has paid Mastercard millions of dollars in exchange to access this information.
Neither Google nor Mastercard has publicly announced the
|
|||
|
2018-08-31 01:47:05 | Hacker Who Leaked Celebrities\' Naked Photos Gets 8 Months in Prison (lien direct) | George Garofano (left)
The fourth celebrity hacker-who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to Jennifer Lawrence and other Hollywood celebrities-has been sentenced to eight months in prison.
Earlier this year, George Garofano, 26, of North Branford, admitted to illegally obtaining credentials of his victims' iCloud accounts using a phishing
|
|||
|
2018-08-31 00:11:02 | Google \'Titan Security Key\' Is Now On Sale For $50 (lien direct) | Google just made its Titan Security Key available on its store for $50.
First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device-similar to Yubico's YubiKey-that offers hardware-based two-factor authentication (2FA) for online accounts with the highest level of protection against phishing attacks.
Google's Titan Security Key is now widely
|
|||
|
2018-08-30 00:32:00 | Air Canada Suffers Data Breach - 20,000 Mobile App Users Affected (lien direct) | Air Canada has confirmed a data breach that may have affected about 20,000 customers of its 1.7 million mobile app users.
The company said it had "detected unusual log-in behavior" on its mobile app between August 22 and 24, during which the personal information for some of its customers "may potentially have been improperly accessed."
The exposed information contains basic
|
Data Breach | ||
|
2018-08-29 01:15:04 | Instagram Adds 3 New Security Tools to Make its Platform More Secure (lien direct) | Instagram is growing quickly-and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions.
And with great success comes great responsibility-responsibility to keep users' accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent.
You
|
|||
|
2018-08-28 03:30:02 | Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC) (lien direct) | A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft's Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine.
And guess what? The zero-day flaw has been confirmed working on a "fully-patched 64-bit Windows 10 system."
The vulnerability is a privilege
|
Vulnerability | ||
|
2018-08-27 00:17:04 | Critical Flaw in Fortnite Android App Lets Hackers Install Malware (lien direct) | Security researchers from Google have publicly disclosed an extremely serious security flaw in the first Fortnite installer for Android that could allow other apps installed on the targeted devices to manipulate installation process and load malware, instead of the Fortnite APK.
Earlier this month, Epic Games announced not to make its insanely popular game 'Fortnite for Android' available
|
Malware | ||
|
2018-08-24 03:55:03 | T-Mobile Hacked - 2 Million Customers\' Personal Data Stolen (lien direct) | T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers.
The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid).
However, the good news is that
|
|||
|
2018-08-24 01:18:04 | NSA Leaker \'Reality Winner\' Gets More Than 5 Years in Prison (lien direct) | A former NSA contractor, who pleaded guilty to leaking a classified report on Russian hacking of the 2016 U.S. presidential election to an online news outlet last year, has been sentenced to five years and three months in prison.
Reality Winner, a 26-year-old Georgia woman who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International,
|
Guideline | ||
|
2018-08-23 11:30:05 | New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers (lien direct) | Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers.
Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including
|
Vulnerability | ★★★★★ | |
|
2018-08-23 05:33:01 | Apple Forces Facebook VPN App Out of iOS Store for Stealing Users\' Data (lien direct) | Facebook yesterday removed its mobile VPN app called Onavo Protect from the iOS App Store after Apple declared the app violated the iPhone maker's App Store guidelines on data collection.
For those who are unaware, Onavo Protect is a Facebook-owned Virtual Private Network (VPN) app that was primarily designed to help users keep tabs on their mobile data usage and acquired by Facebook from an
|
|||
|
2018-08-23 02:43:03 | New Android Malware Framework Turns Apps Into Powerful Spyware (lien direct) | Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities-as part of what seems to be a targeted espionage campaign.
Legitimate Android applications when bundled with the malware framework, dubbed Triout, gain capabilities to spy on infected devices by recording
|
Malware | ||
|
2018-08-22 04:45:01 | (Déjà vu) Adobe Issues Emergency Patches for Critical Flaws in Photoshop CC (lien direct) | Adobe released an out-of-band security update earlier today to address two critical remote code execution vulnerabilities impacting Adobe Photoshop CC for Microsoft Windows and Apple macOS machines.
According to the security advisory published Wednesday by Adobe, its Photoshop CC software is vulnerable to two critical memory corruption vulnerabilities, which could allow a remote attacker to
|
★★ | ||
|
2018-08-22 01:27:01 | Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking (lien direct) | Google Project Zero's security researcher has discovered a critical remote code execution (RCE) vulnerability in Ghostscript-an open source interpreter for Adobe Systems' PostScript and PDF page description languages.
Written entirely in C, Ghostscript is a package of software that runs on different platforms, including Windows, macOS, and a wide variety of Unix systems, offering software the
|
Vulnerability | ||
|
2018-08-21 08:37:04 | Dark Tequila Banking Malware Uncovered After 5 Years of Activity (lien direct) | Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013.
Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques.
Dark Tequila has
|
Malware | ||
|
2018-08-21 03:34:05 | Google Sued Over Misleading Users About Location Tracking Feature (lien direct) | Google was in the news last week for a misleading claim that "with Location History off, the places you go are no longer stored," which is not true.
Now, the search engine giant is once again in the news after a San Diego man has filed the first lawsuit against Google over this issue.
Last week, the Associated Press investigation revealed that the search engine giant tracks movements of
|
Guideline | ||
|
2018-08-21 01:29:01 | Microsoft Detects More Russian Cyber Attacks Ahead of Mid-Term Election (lien direct) | Microsoft claims to have uncovered another new Russian hacking attempts targeting United States' Senate and conservative think tanks ahead of the 2018 midterm elections.
The tech giant said Tuesday that the APT28 hacking group-also known as Strontium, Fancy Bear, Sofacy, Sednit, and Pawn Storm, which is believed to be tied to the Russian government-created at least six fake websites related
|
APT 28 | ||
|
2018-08-17 05:07:00 | 16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files (lien direct) | Well, there's something quite embarrassing for Apple fans.
Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible.
The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as
|
|||
|
2018-08-17 02:26:02 | New PHP Code Execution Attack Puts WordPress Sites at Risk (lien direct) | Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions.
The new technique leaves hundreds of thousands of web applications open to remote code execution attacks, including websites powered by
|
|||
|
2018-08-16 07:35:03 | Chrome Bug Allowed Hackers to Find Out Everything Facebook Knows About You (lien direct) | With the release of Chrome 68, Google prominently marks all non-HTTPS websites as 'Not Secure' on its browser to make the web a more secure place for Internet users.
If you haven't yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser.
Ron Masas, a security researcher from Imperva, has discovered a vulnerability in web browsers that
|
Vulnerability | ||
|
2018-08-15 12:00:05 | Widespread Instagram Hack Locking Users Out of Their Accounts (lien direct) | Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts.
A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking them out of their account with their email addresses changed to
|
Hack | ||
|
2018-08-15 11:12:00 | Email Phishers Using New Way to Bypass Microsoft Office 365 Protections (lien direct) | Phishing works no matter how hard a company tries to protect its customers or employees.
Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365.
Microsoft Office 365 is an all-in-solution for users
|
Threat | ||
|
2018-08-15 02:28:00 | Former Microsoft Engineer Gets Prison for Role in Reveton Ransomware (lien direct) | A former Microsoft network engineer who was charged in April this year has now been sentenced to 18 months in prison after pleading guilty to money laundering in connection with the Reveton ransomware.
Reveton malware is old ransomware, also known as scareware or police ransomware that instead of encrypting files locks the screen of victims' computers and displays a message purporting to come
|
Ransomware Malware Guideline | ||
|
2018-08-15 00:40:02 | Foreshadow Attacks - 3 New Intel CPU Side-Channel Flaws Discovered (lien direct) | 2018 has been quite a tough year for Intel.
While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks.
Dubbed Foreshadow, alternatively called L1 Terminal Fault or L1TF, the new attacks include
|
★★ | ||
|
2018-08-14 11:36:00 | Microsoft Releases Patches for 60 Flaws-Two Under Active Attack (lien direct) | Get your update caps on.
Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical.
The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio.
Two of these
|
Patching | ★★★★★ | |
|
2018-08-14 08:20:04 | Adobe releases important security patches for its 4 popular software (lien direct) | Adobe has released August 2018 security patch updates for a total of 11 vulnerabilities in its products, two of which are rated as critical that affect Adobe Acrobat and Reader software.
The vulnerabilities addressed in this month updates affect Adobe Flash Player, Creative Cloud Desktop Application, Adobe Experience Manager, Adobe Acrobat and Reader applications.
None of the security
|
|||
|
2018-08-14 05:55:04 | (Déjà vu) CompTIA IT Certification Training 2018 - 12 Course Bundle (lien direct) | The Information Technology industry has witnessed exponential growth over the years, and if you want to be a part of this growing industry, it's important for you to earn certificates in this field.
Organisations always prefer employees with strong internationally-recognized professional certifications that proof your skills, knowledge, and what you know-giving you more credibility and
|
|||
|
2018-08-14 03:35:04 | Hackers can compromise your network just by sending a Fax (lien direct) | What maximum a remote attacker can do just by having your Fax machine number?
Believe it or not, but your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it.
Check Point researchers have revealed details of two critical remote code execution (RCE) vulnerabilities they discovered in the
|
|||
|
2018-08-14 01:46:01 | New Man-in-the-Disk attack leaves millions of Android phones vulnerable (lien direct) | Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks.
Dubbed Man-in-the-Disk, the attack takes advantage of the way Android apps utilize 'External Storage' system to store app-related data,
|
|||
|
2018-08-13 22:11:00 | ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability (lien direct) | Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday.
Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application
|
Vulnerability | ||
|
2018-08-13 10:37:00 | Google Tracks Android, iPhone Users Even With \'Location History\' Turned Off (lien direct) | Google tracks you everywhere, even if you explicitly tell it not to.
Every time a service like Google Maps wants to use your location, Google asks your permission to allow access to your location if you want to use it for navigating, but a new investigation shows that the company does track you anyway.
An investigation by Associated Press revealed that many Google services on Android and
|
|||
|
2018-08-13 07:13:05 | Flaws in Pre-Installed Apps Expose Millions of Android Devices to Hackers (lien direct) | Bought a new Android phone? What if I say your brand new smartphone can be hacked remotely?
Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there's nothing you can do if any of them has a backdoor built-in-even if you're careful about avoiding sketchy apps.
That's exactly what security researchers from mobile
|
|||
|
2018-08-09 07:20:03 | Researchers Developed Artificial Intelligence-Powered Stealthy Malware (lien direct) | Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization.
However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer network or launch an attack only
|
Malware Threat | ||
|
2018-08-09 06:13:00 | Free Facial Recognition Tool Can Track People Across Social Media Sites (lien direct) | Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale.
Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media platforms, including-Facebook, Instagram, Twitter, LinkedIn, Google+, the Russian social networking
|
Tool | ||
|
2018-08-08 07:55:00 | WhatsApp Flaw Lets Users Modify Group Chats to Spread Fake News (lien direct) | WhatsApp, the most popular messaging application in the world, has been found vulnerable to multiple security vulnerabilities that could allow malicious users to intercept and modify the content of messages sent in both private as well as group conversations.
Discovered by security researchers at Israeli security firm Check Point, the flaws take advantage of a loophole in WhatsApp's security
|
|||
|
2018-08-08 03:33:05 | Snapchat Hack - Hacker Leaked Snapchat Source Code On GitHub (lien direct) | The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub.
A GitHub account under the name Khaled Alshehri with the handle i5xx, who claimed to be from Pakistan, created a GitHub repository called Source-Snapchat with a description "Source Code for SnapChat," publishing the code of
|
Hack | ||
|
2018-08-07 11:57:05 | How to Hack WiFi Password Easily Using New Attack On WPA/WPA2 (lien direct) | Looking for how to hack WiFi password OR WiFi hacking software?
Well, a security researcher has revealed a new WiFi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers.
Discovered by the lead developer of the popular password-cracking tool Hashcat, Jens 'Atom' Steube, the new WiFi hack works explicitly against WPA/WPA2 wireless network protocols
|
Hack Tool Guideline | ||
|
2018-08-07 05:10:01 | Facebook Open Sources Fizz - TLS 1.3 Library For Speed and Security (lien direct) | Facebook has open sourced Fizz-a library designed to help developers implement TLS 1.3 protocol with all recommended security and performance related configurations.
Since late last month, Google Chrome web browser has started marking all non-HTTPS websites as 'Not Secure' in an effort to make the web a more secure place, forcing website administrators to switch to HTTPS.
TLS 1.3 is the
|
|||
|
2018-08-07 02:03:00 | TSMC Chip Maker Blames WannaCry Malware for Production Halt (lien direct) | Taiwan Semiconductor Manufacturing Company (TSMC)-the world's largest makers of semiconductors and processors-was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus.
Now, it turns out that the computer virus outbreak at Taiwan chipmaker was the result of a variant of WannaCry-a massive ransomware attack that wreaked havoc across
|
Ransomware Malware | Wannacry | |
|
2018-08-06 12:41:03 | Google Android P is officially called Android 9 Pie (lien direct) | If you have bet on Peppermint, Pancake or Pastry for "P" in the next version of Google's mobile operating system, sorry guys you lose because Android P stands for Android Pie.
Yes, the next version of sugary snack-themed Android and the successor to Android Oreo will now be known as Android 9.0 Pie, and it has officially arrived, Google revealed on Monday.
Android 9 Pie - 5 Best New
|
|||
|
2018-08-06 02:55:00 | Fortnite APK Download for Android Won\'t Be Available on Google Play Store (lien direct) | There's both good news and bad news for Fortnite game lovers.
Fortnite, one of the most popular games in the world right now, is coming to Android devices very soon, but players would not be able to download Fortnite APK from the Google Play Store.
Instead, Epic Games software development company has confirmed the Fortnite APK for Android will be available for download exclusively only
|
|||
|
2018-08-06 00:09:03 | iPhone Chip Supplier TSMC Stops Production After Computer Virus Attack (lien direct) | Taiwan Semiconductor Manufacturing Company (TSMC)-Apple's sole supplier of SoC components for iPhones and iPads, and Qualcomm's major manufacturing partner-shut down several of its chip-fabrication factories Friday night after being hit by a computer virus.
The world's largest makers of semiconductors and processors TSMC lost an entire day of production after several of its factories systems
|
|||
|
2018-08-03 04:13:00 | Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers-Patch Now (lien direct) | It's time to update your Drupal websites.
Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites.
The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation
|
Vulnerability | ||
|
2018-08-03 02:16:01 | Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware (lien direct) | Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them.
In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of
|
Malware | ||
|
2018-08-02 06:37:04 | CCleaner Adds Data Collection Feature With No Way to Opt-Out (lien direct) | Like many others, do you also believe that the popular system-cleaning tool CCleaner was performing well before Avast acquired the software from Piriform last year?
If yes, then pop-up advertisements in the previous CCleaner software version was not the last thing you have to deal with.
Avast has released a new version of CCleaner 5.45 that not only always runs in the background, but also
|
Tool | CCleaner | |
|
2018-08-02 01:50:05 | 3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million Credit Cards (lien direct) | Three members of one of the world's largest cybercrime organizations that stole over a billion euros from banks across the world over the last five years have been indicted and charged with 26 felony counts, the Justice Department announced on Wednesday.
The three suspects are believed to be members of the organized Russian cybercrime group known as FIN7, the hackers group behind Carbanak and
|
|||
|
2018-08-01 23:39:05 | Reddit Hacked – Emails, Passwords, Private Messages Stolen (lien direct) | Another day, another significant data breach.
This time the victim is Reddit... seems someone is really pissed off with Reddit's account ban policy or bias moderators.
Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data, including their current email addresses and an old 2007 database backup containing usernames and
|
To see everything:
Our RSS (filtrered)
