What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-07-05 03:28:00 | Password-Guessing Was Used to Hack Gentoo Linux Github Account (lien direct) | Maintainers of the Gentoo Linux distribution have now revealed the impact and "root cause" of the attack that saw unknown hackers taking control of its GitHub account last week and modifying the content of its repositories and pages.
The hackers not only managed to change the content in compromised repositories but also locked out Gentoo developers from their GitHub organisation.
As a result
|
Hack | ||
|
2018-07-04 07:08:01 | Two Zero-Day Exploits Found After Someone Uploaded \'Unarmed\' PoC to VirusTotal (lien direct) | Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild.
In late March, researchers at ESET found a malicious PDF file on VirusTotal, which they shared with the security team at Microsoft "as a
|
|||
|
2018-07-04 03:11:05 | Beware! Fortnite Cheat Hijacks Gamers\' PCs to Intercept HTTPS Traffic (lien direct) | If you are looking for Fortnite v-bucks generator, aimbot or any other game cheats-then beware-you might end up installing malware on your PC!
Web-based game-streaming platform Rainway is reporting that tens of thousands of Fortnite players have inadvertently infected their systems with a piece of malware that hijacks their encrypted HTTPS web sessions to inject fraudulent ads into every
|
Malware | ||
|
2018-07-04 01:25:03 | CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites (lien direct) | Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites.
Coinhive is a popular browser-based service that offers website owners to embed JavaScript code that utilizes their website visitors' CPUs power in order to mine the
|
|||
|
2018-07-03 05:35:01 | SUSE Linux Has Been Sold For $2.5 Billion (lien direct) | SUSE, the open source software company owned by British firm Micro Focus International, has been sold to a Swedish private equity firm.
Yes, SUSE Linux and its associated software business has finally been acquired by EQT Partners for $2.535 billion, lifting its shares 6 percent.
SUSE is one of the oldest open source companies and perhaps the first to provide enterprise-grade Linux software
|
|||
|
2018-07-03 01:43:00 | Reminder-Third Party Gmail Apps Can Read Your Emails, "Allow" Carefully! (lien direct) | Reminder-If you've forgotten about any Google app after using it once a few years ago, be careful, it may still have access to your private emails.
When it comes to privacy on social media, we usually point fingers at Facebook for enabling third-party app developers to access users personal information-even with users' consent.
But Facebook is not alone.
Google also has a ton of information
|
|||
|
2018-07-02 02:08:02 | Facebook Admits Sharing Users\' Data With 61 Tech Companies (lien direct) | Facebook has admitted that the company gave dozens of tech companies and app developers special access to its users' data after publicly saying it had restricted outside companies to access such data back in 2015.
It's an unusual clear view of how the largest social networking site manages your personal information.
During the Cambridge Analytica scandal revealed March this year, Facebook
|
|||
|
2018-06-30 02:41:04 | Researchers Uncover New Attacks Against LTE Network Protocol (lien direct) | If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely.
A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users' cellular networks, modify the contents of their communications, and even can re-route them to
|
|||
|
2018-06-29 14:45:01 | Typeform, Popular Online Survey Software, Suffers Data Breach (lien direct) | Typeform, the popular Spanish-based online data collection company specializes in form building and online surveys for businesses worldwide, has today disclosed that the company has suffered a data breach that exposed partial data of its some users.
The company identified the breach on June 27th, and then quickly performed a full forensic investigation of the incident to identify the source of
|
Data Breach | ||
|
2018-06-29 09:59:05 | RAMpage Attack Explained-Exploiting RowHammer On Android Again! (lien direct) | A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices.
Dubbed RAMpage, the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim's device to take advantage from the previously disclosed Drammer
|
|||
|
2018-06-29 01:55:05 | Github Account of Gentoo Linux Hacked, Code Replaced With Malware (lien direct) | Downloaded anything from Gentoo's GitHub account yesterday?
Consider those files compromised and dump them now-as an unknown group of hackers or an individual managed to gain access to the GitHub account of the Gentoo Linux distribution on Thursday and replaced the original source code with a malicious one.
Gentoo is a free open source Linux or FreeBSD-based distribution built using the
|
Malware | ||
|
2018-06-28 14:14:02 | Another Facebook Quiz App Left 120 Million Users\' Data Exposed (lien direct) | People are still getting over the most controversial data scandal of the year, i.e., Cambridge Analytica scandal, and Facebook is under fire yet again after it emerges that a popular quiz app on the social media platform exposed the private data of up to 120 million users for years.
Facebook was in controversies earlier this year over a quiz app that sold data of 87 million users to a
|
|||
|
2018-06-28 11:27:00 | Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen (lien direct) | Global entertainment ticketing service Ticketmaster has admitted that the company has suffered a security breach, warning customers that their personal and payment information may have been accessed by an unknown third-party.
The company has blamed a third-party support customer service chat application for the data breach that believed to affect tens of thousands of its customers.
The
|
Data Breach | ||
|
2018-06-28 08:42:05 | Hilarious! Paid Jailbreak for Nintendo Switches Includes Anti-Piracy Code (lien direct) | It's hilarious that pirates are using anti-piracy measures to protect its own paid software that helps others to run pirated games on Nintendo Switches.
Hacking group Team Xecuter-the developers of Nintendo Switch jailbreaking software SX OS that helps gamers play homebrewed and pirated games on the console-has itself been caught using anti-piracy measures in its own code that can brick your
|
|||
|
2018-06-28 00:00:05 | Google Home and Chromecast DOWN? Reboot them to Fix the Glitch (lien direct) | If your Google Home, Home Mini and/or Google Chromecast streaming stick were not working properly, you are not alone.
Google Home, Home Mini, and Chromecast were down globally for many users for several hours, leaving a lot of people with trouble watching TV, controlling smart home gadgets, and listening to music.
Yesterday, hundreds of Chromecasts and Home users began complaining about
|
|||
|
2018-06-27 02:31:04 | Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site (lien direct) | Last week we received a tip about an unpatched vulnerability in the WordPress core, which could allow a low-privileged user to hijack the whole site and execute arbitrary code on the server.
Discovered by researchers at RIPS Technologies GmbH, the "authenticated arbitrary file deletion" vulnerability was reported 7 months ago to the WordPress security team but remains unpatched and affects all
|
Vulnerability | ||
|
2018-06-26 10:44:05 | Free Thanatos Ransomware Decryption Tool Released (lien direct) | If your computer has been infected with Thanatos Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files-your search is over here.
Security researchers at Cisco Talos have discovered a weakness in the Thanatos ransomware code that makes it possible for victims to unlock their Thanatos encrypted files for free without paying any ransom in
|
Ransomware Tool | ||
|
2018-06-26 08:42:04 | New Malware Family Uses Custom UDP Protocol for C&C Communications (lien direct) | Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia.
According to researchers from Palo Alto, the hacking group, which they dubbed RANCOR, has been found using two new malware families-PLAINTEE and DDKONG-to target
|
Malware | ||
|
2018-06-26 04:53:02 | Python-Based Adware Evolves to Install Malicious Browser Extensions (lien direct) | Security researchers have been warning of a few newly detected variants of python-based adware that are being distributed in the wild not only to inject ads but also found installing malicious browser extensions and hidden cryptocurrency miner into victims' computers.
Dubbed PBot, or PythonBot, the adware was first uncovered more than a year ago, but since then the malware has evolved, as its
|
Malware | ||
|
2018-06-26 00:39:03 | WPA3 Standard Officially Launches With New Wi-Fi Security Features (lien direct) | The Wi-Fi Alliance today officially launched WPA3-the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended
|
|||
|
2018-06-21 13:53:01 | Android Gets New Anti-Spoofing Feature to Make Biometric Authentication Secure (lien direct) | Google just announced its plan to introduce a new anti-spoofing feature for its Android operating system that makes its biometric authentication mechanisms more secure than ever.
Biometric authentications, like the fingerprint, IRIS, or face recognition technologies, smoothen the process of unlocking devices and applications by making it notably faster and secure.
Although biometric systems
|
|||
|
2018-06-21 04:25:03 | Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases (lien direct) | Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurrency transactions.
Google's Firebase service is one of the most popular back-end development
|
|||
|
2018-06-21 01:22:02 | Google Solves Update Issue for Android Apps Installed from Unknown Sources (lien direct) | If you are wondering how to receive latest updates for an Android app-installed via a 3rd party source or peer-to-peer app sharing-directly from Google Play Store.
For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does not recognize them as Play Store apps and they do not show up in your Google account app list as well
|
|||
|
2018-06-20 10:53:00 | Google Developer Discovers a Critical Bug in Modern Web Browsers (lien direct) | Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser.
Discovered by Jake Archibald, a developer advocate for Google Chrome, the vulnerability resides in the way browsers handle cross-origin requests to video
|
|||
|
2018-06-20 06:21:02 | Popular Flight Tracker Flightradar24 Suffers Data Breach (lien direct) | One of the world's most popular flight tracking services Flightradar24, which shows real-time aircraft flight information on a map, has suffered a massive data breach that may have compromised email addresses and hashed passwords for more than 230,000 customers.
Without revealing any information about the breach publically via their blog or social media accounts, Flightradar24 started sending
|
|||
|
2018-06-20 02:44:04 | OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks (lien direct) | Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks.
Introduced in 2002, Hyper-threading is Intel's implementation of Simultaneous Multi-Threading (SMT) that allows the operating system to use a virtual core for each physical core present in processors
|
|||
|
2018-06-20 00:28:04 | Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware (lien direct) | Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites.
So, if you have already cleaned up your hacked Magento website, there are chances your website is still leaking login credentials and credit card details of
|
|||
|
2018-06-19 13:19:04 | Email Phishers Using A Simple Way to Bypass MS Office 365 Protection (lien direct) | Security researchers have been warning about a simple technique that cyber criminals and email scammers are using in the wild to bypass most AI-powered phishing detection mechanisms implemented by widely used email services and web security scanners.
Dubbed ZeroFont, the technique involves inserting hidden words with a font size of zero within the actual content of a phishing email, keeping
|
|||
|
2018-06-19 07:07:02 | Hackers Who Hit Winter Olympics 2018 Are Still Alive and Kicking (lien direct) | Remember the 'Olympic Destroyer' cyber attack?
The group behind it is still alive, kicking and has now been found targeting biological and chemical threat prevention laboratories in Europe and Ukraine, and a few financial organisation in Russia.
Earlier this year, an unknown group of notorious hackers targeted Winter Olympic Games 2018, held in South Korea, using a destructive malware that
|
|||
|
2018-06-19 02:20:05 | TRON Cryptocurrency Founder Buys BitTorrent, µTorrent for $140 Million (lien direct) | BitTorrent, the company which owns the popular file-sharing client uTorrent, has quietly been sold for $140 million in cash to Justin Sun, the founder of blockchain-focused startup TRON.
TRON is a decentralized entertainment and content-sharing platform that uses blockchain and distributed storage technology. It allows users to publish content without having to use third-party platforms such
|
|||
|
2018-06-19 01:00:05 | Ex-CIA employee charged with leaking \'Vault 7\' hacking tools to Wikileaks (lien direct) | A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency's history.
Joshua Adam Schulte, who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the Department of Justice on 13 charges of
|
|||
|
2018-06-18 07:50:00 | Apple macOS Bug Reveals Cache of Sensitive Data from Encrypted Drives (lien direct) | Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives.
Earlier this month, security researcher Wojciech Regula published a blog post, about the "Quick Look" feature in macOS that helps users preview photos,
|
|||
|
2018-06-18 05:55:01 | Epic Games Fortnite for Android–APK Downloads Leads to Malware (lien direct) | Given Fortnite's current popularity and craziness across the globe, we understand if you have been searching the web for download links to Fortnite APK for Android phone.
However, you are not alone, thousands of people out there are also searching tutorials and links for, "how to install Fortnite on Android" or "how to download Fortnite for Android" on the Internet.
The app has taken the
|
|||
|
2018-06-15 02:52:03 | GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone\'s Signature (lien direct) | A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages.
The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail, in PGP and S/Mime encryption tools that could allow attackers to
|
|||
|
2018-06-14 08:10:00 | Chinese Hackers Carried Out Country-Level Watering Hole Attack (lien direct) | Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks.
The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a Chinese-speaking threat actor group called
|
|||
|
2018-06-14 00:59:04 | New \'Lazy FP State Restore\' Vulnerability Found in All Modern Intel CPUs (lien direct) | Hell Yeah! Another security vulnerability has been discovered in Intel chips that affects the processor's speculative execution technology-like Specter and Meltdown-and could potentially be exploited to access sensitive information, including encryption related data.
Dubbed Lazy FP State Restore, the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed
|
|||
|
2018-06-13 13:46:05 | OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader (lien direct) | Have you recently bought a OnePlus 6? Don't leave your phone unattended.
A serious vulnerability has been discovered in the OnePlus 6 bootloader that makes it possible for someone to boot arbitrary or modified images to take full admin control of your phone-even if the bootloader is locked.
A bootloader is part of the phone's built-in firmware and locking it down stops users from replacing
|
|||
|
2018-06-13 07:58:02 | (Déjà vu) Special Price Drop-Get Secure VPN Service For Lifetime (lien direct) | PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection.
Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and buying habits and make millions by sharing your data with advertisers and marketers.
If this is
|
|||
|
2018-06-13 07:44:05 | Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates (lien direct) | It's time to gear up for the latest June 2018 Microsoft security patch updates.
Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player-11 of which are rated critical and 39 as important in severity.
Only one of these vulnerabilities, a remote code
|
|||
|
2018-06-13 07:40:04 | Cortana Software Could Help Anyone Unlock Your Windows 10 Computer (lien direct) | Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password.
With its latest patch Tuesday release, Microsoft has pushed an important update to address an easily exploitable vulnerability in Cortana that could allow hackers to break into a locked Windows 10 system and execute malicious
|
|||
|
2018-06-12 12:40:05 | Google Blocks Chrome Extension Installations From 3rd-Party Sites (lien direct) | You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store.
It's a great way for users to install an extension, but now Google has decided to remove the ability for websites to offer "inline installation" of Chrome extensions on all platforms.
Google announced today in its Chromium blog that by the
|
|||
|
2018-06-12 08:04:02 | Signature Validation Bug Let Malware Bypass Several Mac Security Products (lien direct) | A years-old vulnerability has been discovered in the way several security products for Mac implement Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers.
Josh Pitts, a researcher from security firm Okta, discovered that several third-party security products for Mac-including
|
|||
|
2018-06-12 04:30:05 | Thousands of Android Devices Running Insecure Remote ADB Service (lien direct) | Despite warnings about the threat of leaving insecure remote services enabled on Android devices, manufacturers continue to ship devices with open ADB debug port setups that leave Android-based devices exposed to hackers.
Android Debug Bridge (ADB) is a command-line feature that generally uses for diagnostic and debugging purposes by helping app developers communicate with Android devices
|
|||
|
2018-06-12 02:59:04 | Apple Bans Cryptocurrency Mining Apps From Its App Stores (lien direct) | Due to the surge in cryptocurrency prices, not only hackers but also legitimate websites and mobile apps are increasingly using cryptocurrency miners to monetize by levying the CPU power of your PC and phones to mine cryptocurrencies.
However, Apple wants to protect your Mac and iPhone battery from shady cryptocurrency mining apps, and therefore, the company has put restrictions on such apps
|
|||
|
2018-06-12 00:45:05 | Feds Arrest 74 Email Fraudsters Involved in Nigerian BEC Scams (lien direct) | The United States Department of Justice announced Monday the arrest of 74 email fraudsters across three continents in a global crackdown on a large-scale business email compromise (BEC) scheme.
The arrest was the result of a six-month-long operation dubbed "Operation Wire Wire" that involved the US Department of Justice, the US Department of Homeland Security, the US Treasury, and the US Postal
|
|||
|
2018-06-11 07:42:00 | A New Paradigm For Cyber Threat Hunting (lien direct) | It's no secret that expecting security controls to block every infection vector is unrealistic. For most organizations, the chances are very high that threats have already penetrated their defenses and are lurking in their network.
Pinpointing such threats quickly is essential, but traditional approaches to finding these needles in the haystack often fall short.
Now there is a unique
|
|||
|
2018-06-11 07:09:01 | U.S. Builds World\'s Fastest Supercomputer – Summit (lien direct) | China no longer owns the fastest supercomputer in the world; It is the United States now.
Though China still has more supercomputers on the Top 500 list, the USA takes the crown of "world's fastest supercomputer" from China after IBM and the U.S. Department of Energy's Oak Ridge National Laboratory (ORNL) unveiled "Summit."
Summit is claimed to be more than twice as powerful as the current
|
|||
|
2018-06-11 03:15:00 | Hackers Stole Over $20 Million in Ethereum from Insecurely Configured Clients (lien direct) | Security researchers have been warning about cybercriminals who have made over 20 million dollars in just past few months by hijacking insecurely configured Ethereum nodes exposed on the Internet.
Qihoo 360 Netlab in March tweeted about a group of cybercriminals who were scanning the Internet for port 8545 to find insecure geth clients running Ethereum nodes and, at that time, stole 3.96234
|
|||
|
2018-06-09 11:54:00 | Russia to Fine Search Engines for Linking to Banned VPN services (lien direct) | In its years-long efforts to censor the Internet by blocking access to a large number of websites in the country, Russia has now approved a new bill introducing fines for search engines that provide links to banned sites, VPN services, and anonymization tools.
VPNs, or Virtual Private Networks, are third-party services that help users access block banned websites by encrypting users' Internet
|
|||
|
2018-06-08 00:56:02 | Facebook bug changed 14 million users\' default privacy settings to public (lien direct) | Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug.
Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece of content that you share on Facebook you own, you have complete control over who sees it and how
|
To see everything:
