What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-05-08 00:45:03 | Twitter is Testing End-to-End Encrypted Direct Messages (lien direct) | Twitter has been adopting new trends at a snail's pace. But it's better to be late than never.
Since 2013 people were speculating that Twitter will bring end-to-end encryption to its direct messages, and finally almost 5 years after the encryption era began, the company is now testing an end-to-end encrypted messaging on Twitter.
Dubbed "Secret Conversation," the feature has been spotted in
|
|||
|
2018-05-07 05:30:01 | First-Ever Ransomware Found Using \'Process Doppelgänging\' Attack to Evade Detection (lien direct) | Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection.
The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS
|
|||
|
2018-05-07 02:28:05 | Android P to Block Apps From Monitoring Device Network Activity (lien direct) | Do you know that any app you have installed on your Android phone can monitor the network activities-even without asking for any sensitive permission-to detect when other apps on your phone are connecting to the Internet?
Obviously, they cant see the content of the network traffic, but can easily find to which server you are connecting to, all without your knowledge. Knowing what apps you
|
|||
|
2018-05-05 01:22:05 | 8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs (lien direct) | A team of security researchers has reportedly discovered a total of eight new "Spectre-class" vulnerabilities in Intel CPUs, which also affect at least a small number of ARM processors and may impact AMD processor architecture as well.
Dubbed Spectre-Next Generation, or Spectre-NG, the partial details of the vulnerabilities were first leaked to journalists at German computer magazine Heise,
|
|||
|
2018-05-04 00:39:01 | GLitch: New \'Rowhammer\' Attack Can Remotely Hijack Android Phones (lien direct) | For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely.
Dubbed GLitch, the proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded graphics processing units (GPUs) to carry out a Rowhammer attack against Android smartphones.
|
|||
|
2018-05-03 22:24:04 | Change Your Twitter Password Immediately, Bug Exposes Passwords in Plaintext (lien direct) | Twitter is urging all of its 330 million users to change their passwords after a software glitch unintentionally exposed its users' passwords by storing them in readable text on its internal computer system.
The social media network disclosed the issue in an official blog post and a series of tweets from Twitter Support.
According to Twitter CTO Parag Agrawal, Twitter hashes
|
|||
|
2018-05-03 07:00:01 | Get Dashlane Password Manager Premium (50% + 10% OFF) (lien direct) | Happy 'World Password Day'!
Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that:
Your password must-be long
Your password must-be unpredictable
Your password must-have at least one number
Your password must-not have any dictionary word
Your password must-have upper and lowercase letters
Your
|
|||
|
2018-05-03 02:44:01 | Microsoft Issues Emergency Patch For Critical Flaw In Windows Containers (lien direct) | Just a few days prior to its monthly patch release, Microsoft released an emergency patch for a critical vulnerability in the Windows Host Compute Service Shim (hcsshim) library that could allow remote attackers to run malicious code on Windows computers.
Windows Host Compute Service Shim (hcsshim) is an open source library that helps "Docker for Windows" execute Windows Server containers
|
|||
|
2018-05-02 01:19:02 | WhatsApp Group Video Call and Instagram Video Chat Are Coming Soon (lien direct) | Facebook announced a whole lot of new features at its 2018 Facebook F8 developers conference, including Dating on Facebook, letting users clear their web browsing history, real-time language translation within Messenger, and many more.
Besides announcing exciting features for its social media platform, Facebook CEO Mark Zuckerberg also gave us a quick look at the features Facebook introduced
|
|||
|
2018-05-02 00:49:02 | Along with Dating, Here\'s a List of New Features Coming to Facebook (lien direct) | Facebook announced a whole lot of new features at its 2018 Facebook F8 developers conference, along with the keynote by its CEO Mark Zuckerberg addressing concerns from app developers after Facebook paused 3rd-party app review in the wake of the Cambridge Analytica scandal.
Here are some big takeaways from Zuckerberg's keynote on Day 1 of Facebook F8, held for two days, May 1 and 2, at the
|
|||
|
2018-05-01 08:44:02 | A New Cryptocurrency Mining Virus is Spreading Through Facebook (lien direct) | If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger-just don't click on it without taking a second thought.
Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts'
|
|||
|
2018-04-30 23:46:02 | Man Who Hacked Jail Systems to Release His Friend Early Gets 7-Years in Prison (lien direct) | Remember a young hacker who hacked jail systems in an attempt to release his prison inmate early? Well, that hacker will now be joining his inmate behind bars. Konrads Voits of Ypsilanti, Michigan, has been sentenced to seven years and three months in prison for attempting to hack the Washtenaw County Jail computer system and modifying prison records to get his friend released early. | |||
|
2018-04-30 06:39:03 | Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again (lien direct) | Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server.
However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a
|
|||
|
2018-04-26 08:58:03 | Amazon Alexa Has Got Some Serious Skills-Spying On Users! (lien direct) | "Alexa, are you spying on me?" - aaaa.....mmmm.....hmmm.....maybe!!!
Security researchers have developed a new malicious 'skill' for Amazon's popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device.
Amazon Echo is an always-listening voice-activated smart home speaker that allows you to get things done by using your voice, like playing music, setting
|
|||
|
2018-04-26 05:32:04 | Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack (lien direct) | Only a few hours after the Drupal team releases latest updates to fix a new remote code execution flaw in its content management system software, hackers have already started exploiting the vulnerability in the wild.
Announced yesterday, the newly discovered vulnerability (CVE-2018-7602) affects Drupal 7 and 8 core and allows remote attackers to achieve exactly same what previously discovered
|
|||
|
2018-04-26 02:36:02 | Hackers build a \'Master Key\' that unlocks millions of Hotel rooms (lien direct) | If you often leave your valuable and expensive stuff like laptop and passports in the hotel rooms, then beware. Your room can be unlocked by not only a malicious staff having access to the master key, but also by an outsider.
A critical design vulnerability in a popular and widely used electronic lock system can be exploited to unlock every locked room in a facility, leaving millions of hotel
|
|||
|
2018-04-25 09:59:04 | Third Critical Drupal Flaw Discovered-Patch Your Sites Immediately (lien direct) | Damn! You have to update your Drupal websites.
Yes, of course once again-literally it's the third time in last 30 days.
As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote code execution vulnerability, affecting its Drupal 7 and 8 core.
Drupal is a popular open-source content management system software that powers
|
|||
|
2018-04-25 07:10:03 | Police Shut Down World\'s Biggest \'DDoS-for-Hire\' Service–Admins Arrested (lien direct) | In a major hit against international cybercriminals, the Dutch police have taken down the world's biggest DDoS-for-hire service that helped cyber criminals launch over 4 million attacks and arrested its administrators.
An operation led by the UK's National Crime Agency (NCA) and the Dutch Police, dubbed "Power Off," with the support of Europol and a dozen other law enforcement agencies,
|
|||
|
2018-04-25 05:31:04 | Google Redesigns Gmail – Here\'s a List of Amazing New Features (lien direct) | Google has finally been rolling out its new massively redesigned Gmail for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail's history.
This huge revamped version of the email service now offers plenty of new features such as confidential mode, offline support, email snoozing and more, to make Gmail more smarter, secure, and
|
|||
|
2018-04-24 05:53:03 | Nintendo Switches Hacked to Run Linux-Unpatchable Exploit Released (lien direct) | Two separate teams of security researchers have published working proof-of-concept exploits for an unpatchable vulnerability in Nvidia's Tegra line of embedded processors that comes on all currently available Nintendo Switch consoles.
Dubbed Fusée Gelée and ShofEL2, the exploits lead to a coldboot execution hack that can be leveraged by device owners to install Linux, run unofficial games,
|
Guideline | ||
|
2018-04-23 15:56:00 | Stealing Bitcoin Wallet Keys From Air-Gapped Computers (Cold Storage) (lien direct) | A team of security researchers at Israel's Ben Gurion University, who previously demonstrated various methods to steal data from an air-gapped computer, has now published new research called "BeatCoin."
BeatCoin is not a new hacking technique; instead, an experiment wherein researchers demonstrate how all previously discovered out-of-band communication methods can be used to steal private
|
|||
|
2018-04-23 11:53:01 | Hackers Behind Healthcare Espionage Infect X-Ray and MRI Machines (lien direct) | Security researchers have uncovered a new hacking group that is aggressively targeting healthcare organizations and related sectors across the globe to conduct corporate espionage.
Dubbed "Orangeworm," the hacking group has been found installing a wormable trojan on machines hosting software used for controlling high-tech imaging devices, such as X-Ray and MRI machines, as well as machines
|
|||
|
2018-04-21 07:05:01 | Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data (lien direct) | Not just Facebook, a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it.
LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address,
|
|||
|
2018-04-21 03:29:00 | British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term (lien direct) | The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday.
Kane Gamble, now 18, hacked into email accounts of former CIA director John Brennan, former Director of National Intelligence James Clapper, former FBI Deputy Director Mark Giuliano, and other senior FBI officials-all from his parent's
|
|||
|
2018-04-19 11:51:01 | Over 2 Million Users Installed Malicious Ad Blockers From Chrome Store (lien direct) | If you have installed any of the below-mentioned Ad blocker extension in your Chrome browser, you could have been hacked.
A security researcher has spotted five malicious ad blockers extension in the Google Chrome Store that had already been installed by at least 20 million users.
Unfortunately, malicious browser extensions are nothing new. They often have access to everything you do online
|
|||
|
2018-04-19 07:26:04 | (Déjà vu) 9 Popular Training Courses to Learn Ethical Hacking Online (lien direct) | How to become a Professional Hacker? This is one of the most frequently asked queries we came across on a daily basis.
Do you also want to learn real-world hacking techniques but don't know where to start? This week's THN deal is for you.
Today THN Deal Store has announced a new Super-Sized Ethical Hacking Bundle that let you get started your career in hacking and penetration testing
|
|||
|
2018-04-19 04:47:01 | Facebook Plans to Build Its Own Chips For Hardware Devices (lien direct) | A new job opening post on Facebook suggests that the social network is forming a team to build its own hardware chips, joining other tech titans like Google, Apple, and Amazon in becoming more self-reliant.
According to the post, Facebook is looking for an expert in ASIC and FPGA-two custom silicon designs to help it evaluate, develop and drive next-generation technologies within Facebook-
|
|||
|
2018-04-19 03:51:00 | \'iTunes Wi-Fi Sync\' Feature Could Let Attackers Hijack Your iPhone, iPad Remotely (lien direct) | Be careful while plugging your iPhone into a friend's laptop for a quick charge or sharing selected files.
Researchers at Symantec have issued a security warning for iPhone and iPad users about a new attack, which they named "TrustJacking," that could allow someone you trust to remotely take persistent control of, and extract data from your Apple device.
Apple provides an iTunes Wi-Fi sync
|
|||
|
2018-04-19 00:24:05 | Another Critical Flaw Found In Drupal Core-Patch Your Sites Immediately (lien direct) | It's time to update your Drupal websites, once again.
For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft.
Discovered by the Drupal security team, the open source content management framework is vulnerable to
|
|||
|
2018-04-18 09:43:02 | Critical Unpatched RCE Flaw Disclosed in LG Network Storage Devices (lien direct) | If you have installed a network-attached storage device manufactured by LG Electronics, you should take it down immediately, read this article carefully and then take appropriate action to protect your sensitive data.
A security researcher has revealed complete technical details of an unpatched critical remote command execution vulnerability in various LG NAS device models that could let
|
|||
|
2018-04-18 07:03:05 | Suspected \'Big Bitcoin Heist\' Mastermind Fled to Sweden On Icelandic PM\'s Plane (lien direct) | Remember the "Big bitcoin heist" we reported last month when a group of thieves stole around 600 powerful bitcoin mining devices from Icelandic data centers?
Icelandic Police had arrested 11 suspects as part of the investigation, one of which has escaped from prison and fled to Sweden on a passenger plane reportedly also carrying the Icelandic prime minister Katrin Jakobsdottir.
Sindri Thor
|
|||
|
2018-04-18 02:50:00 | Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners (lien direct) | The Drupal vulnerability (CVE-2018-7600), dubbed Drupalgeddon2 that could allow attackers to completely take over vulnerable websites has now been exploited in the wild to deliver malware backdoors and cryptocurrency miners.
Drupalgeddon2, a highly critical remote code execution vulnerability discovered two weeks ago in Drupal content management system software, was recently patched by the
|
|||
|
2018-04-18 00:50:05 | CCleaner Attack Timeline-Here\'s How Hackers Infected 2.3 Million PCs (lien direct) | Last year, the popular system cleanup software CCleaner suffered a massive supply-chain malware attack of all times, wherein hackers compromised the company's servers for more than a month and replaced the original version of the software with the malicious one.
The malware attack infected over 2.3 million users who downloaded or updated their CCleaner app between August and September last
|
CCleaner | ||
|
2018-04-17 09:11:01 | Intel Processors Now Allows Antivirus to Use Built-in GPUs for Malware Scanning (lien direct) | Global chip-maker Intel on Tuesday announced two new technologies-Threat Detection Technology (TDT) and Security Essentials-that not only offer hardware-based built-in security features across Intel processors but also improve threat detection without compromising system performance.
Intel's Threat Detection Technology (TDT) offers a new set of features that leverage hardware-level telemetry
|
|||
|
2018-04-17 04:08:01 | Microsoft built its own custom Linux OS to secure IoT devices (lien direct) | Finally, it's happening.
Microsoft has built its own custom Linux kernel to power "Azure Sphere," a newly launched technology that aims to better secure billions of "Internet of things" devices by combining the custom Linux kernel with new chip design, and its cloud security service.
Project Azure Sphere focuses on protecting microcontroller-based IoT devices, including smart appliances,
|
|||
|
2018-04-16 07:15:02 | Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan (lien direct) | Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication.
In order to trick victims into installing the Android malware, dubbed Roaming Mantis, hackers have been hijacking DNS settings on vulnerable and
|
|||
|
2018-04-16 03:14:04 | Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer (lien direct) | Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on.
But of much greater concern, enterprises are unable to secure each and every device on their network, giving cybercriminals hold on their network hostage with just
|
|||
|
2018-04-14 01:37:01 | Hackers Have Started Exploiting Drupal RCE Exploit Released Yesterday (lien direct) | Hackers have started exploiting a recently disclosed critical vulnerability in Drupal shortly after the public release of working exploit code. Two weeks ago, Drupal security team discovered a highly critical remote code execution vulnerability, dubbed Drupalgeddon2, in its content management system software that could allow attackers to completely take over vulnerable websites. | |||
|
2018-04-13 10:03:04 | Hackers Found Using A New Code Injection Technique to Evade Detection (lien direct) | While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird, being used by at least three different sophisticated malware that helped attackers evade detection.
As its name suggests, Early Bird is a "simple yet powerful" technique that allows attackers to inject malicious code into a legitimate process
|
|||
|
2018-04-13 05:20:01 | Popular Android Phone Manufacturers Caught Lying About Security Updates (lien direct) | Android ecosystem is highly broken when it comes to security, and device manufacturers (better known as OEMs) make it even worse by not providing critical patches in time.
According to a new study, most Android vendors have been lying to users about security updates and telling customers that their smartphones are running the latest updates.
In other words, most smartphone manufacturers
|
|||
|
2018-04-12 08:36:00 | Hacker Can Steal Data from Air-Gapped Computers through Power Lines (lien direct) | Do you think it is possible to extract data from a computer using its power cables?
If no, then you should definitely read about this technique.
Researchers from Israel's Ben Gurion University of the Negev-who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped computer-have now shown how fluctuations in the current flow "propagated through the power lines"
|
|||
|
2018-04-12 00:29:04 | Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password (lien direct) | A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month-almost 18 months after receiving the responsible disclosure report.
The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users' Windows login credentials, just by convincing
|
|||
|
2018-04-10 14:41:04 | Warning: Your Windows PC Can Get Hacked by Just Visiting a Site (lien direct) | Can you get hacked just by clicking on a malicious link or opening a website? - YES.
Microsoft has just released its April month's Patch Tuesday security updates, which addresses multiple critical vulnerabilities in its Windows operating systems and other products, five of which could allow an attacker to hack your computer by just tricking you visit a website.
Microsoft has patched five
|
|||
|
2018-04-10 12:46:02 | Facebook Offering $40,000 Bounty If You Find Evidence Of Data Leaks (lien direct) | Facebook pays millions of dollars every year to researchers and bug hunters to stamp out security holes in its products and infrastructure, but following Cambridge Analytica scandal, the company today launched a bounty program to reward users for reporting "data abuse" on its platform.
The move comes as Facebook CEO Mark Zuckerberg prepares to testify before Congress this week amid scrutiny
|
|||
|
2018-04-10 09:51:04 | Flaw in Emergency Alert Systems Could Allow Hackers to Trigger False Alarms (lien direct) | A serious vulnerability has been exposed in "emergency alert systems" that could be exploited remotely via radio frequencies to activate all the sirens, allowing hackers to trigger false alarms.
The emergency alert sirens are used worldwide to alert citizens about natural disasters, man-made disasters, and emergency situations, such as dangerous weather conditions, severe storms, tornadoes
|
|||
|
2018-04-10 05:28:05 | How to Find Out Everything Facebook Knows About You (lien direct) | Facebook CEO Mark Zuckerberg will testify before Congress this week to answer questions from lawmakers in two separate congressional committees, to explain how his company collects and handles users' personal information.
The past few weeks have been difficult for Facebook over concerns that the data of millions of users has been breached.
Facebook stores details of almost every action you
|
|||
|
2018-04-09 07:46:04 | Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault (lien direct) | A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application.
Enterprise password manager (EPV) solutions help organizations securely manage their sensitive passwords, controlling privileged accounts passwords across a wide
|
|||
|
2018-04-09 02:48:01 | Here\'s how hackers are targeting Cisco Network Switches in Russia and Iran (lien direct) | Since last week, a new hacking group, calling itself 'JHT,' hijacked a significant number of Cisco devices belonging to organizations in Russia and Iran, and left a message that reads-"Do not mess with our elections" with an American flag (in ASCII art).
MJ Azari Jahromi, Iranian Communication and Information Technology Minister, said the campaign impacted approximately 3,500 network switches
|
|||
|
2018-04-07 02:08:04 | Authentication Bypass Vulnerability Found in Auth0 Identity Platform (lien direct) | A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication.
Auth0 offers token-based authentication solutions for a number of platforms including the ability to integrate social media
|
|||
|
2018-04-06 11:16:01 | Finland\'s 3rd Largest Data Breach Exposes 130,000 Users\' Plaintext Passwords (lien direct) | Over 130,000 Finnish citizens have had their credentials compromised in what appears to be third largest data breach ever faced by the country, local media reports.
Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus"), a company that provides business
|
To see everything:
Our RSS (filtrered)
