Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-16 17:57:00 |
Critical WordPress Flaw Grants Admin Access to Any Registered Site User (lien direct) |
The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website. |
Vulnerability
|
|
★★★★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-16 16:42:04 |
Lock-Screen Bypass Bug Quietly Patched in Handsets (lien direct) |
The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds.
|
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-15 22:53:03 |
tRat Emerges as New Pet for APT Group TA505 (lien direct) |
The modular malware seems to be in a testing phase, but TA505's interest made researchers take note. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-15 17:34:02 |
Managing the Risk of IT-OT Convergence (lien direct) |
Why manufacturing and logistics are especially challenged. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-15 17:04:04 |
Connected Wristwatch Allows Hackers to Stalk, Spy On Children (lien direct) |
"Our advice is to stop using this watch" as mitigations are not available, researchers told Threatpost. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-15 16:19:00 |
Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers (lien direct) |
As consumers skip the store crowds in favor of online deals, cyberattackers have geared up to victimize them. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-14 22:39:03 |
Bitcoin Giveaway Scam Balloons, with Google the Latest Victim (lien direct) |
A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-14 22:31:03 |
Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers (lien direct) |
Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-14 17:40:01 |
Siemens Patches Firewall Flaw That Put Operations at Risk (lien direct) |
The industrial company on Tuesday released mitigations for eight vulnerabilities overall. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-13 22:10:04 |
Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2 (lien direct) |
Microsoft's November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack. |
Vulnerability
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-13 17:44:04 |
Google\'s G Suite, Search and Analytics Taken Down in Hijacking (lien direct) |
Google cloud business customers were impacted by a Border Gateway Protocol hijacking. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-13 16:44:01 |
Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC (lien direct) |
Overall, the company released only three patches as part of its regularly-scheduled November update. |
|
|
★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-13 14:39:01 |
Podcast: IoT Firms Face a \'Tidal Wave\' of Lawsuits, Attorney Explains (lien direct) |
An attorney in the infamous 2015 Jeep hack predicts that more lawsuits related to IoT security are looming in the future. |
Hack
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-12 22:07:02 |
Emotet Campaign Ramps Up with Mass Email Harvesting Module (lien direct) |
The new variant can exfiltrate emails for a period going back 180 days, en masse. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-12 17:50:04 |
U.S. Chip Cards Are Being Compromised in the Millions (lien direct) |
A full 60 million U.S. cards were compromised in the past 12 months. While 93 percent of those were EMV chip-enabled, merchants continued to use mag stripes. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-12 17:13:00 |
Malware-Laced App Lurked on Google Play For a Year (lien direct) |
Google Play's policy prohibits apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-12 15:52:02 |
New Boom in Facial Recognition Tech Prompts Privacy Alarms (lien direct) |
Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-09 22:50:04 |
Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies (lien direct) |
The results could start a wave of major damages for companies that collect and sell consumer information. |
|
Equifax
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-09 22:16:02 |
Recently-Patched Adobe ColdFusion Flaw Exploited By APT (lien direct) |
The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-09 17:28:05 |
ThreatList: Google Play Nine Times Safer Than Third-Party App Stores (lien direct) |
Out of the 2 billion Android users out there, the rate of potential malware infection is less than 1 percent across the board, Google says. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-09 17:20:00 |
(Déjà vu) Threatpost News Wrap Podcast for Nov. 9 (lien direct) |
The Threatpost editors break down the top news stories from this week. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-09 17:13:00 |
Embracing the Cybersecurity \'Grey Space\' (lien direct) |
Security teams carefully monitor potential threat activity, but incidents aren't always black and white. |
Threat
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-08 21:56:00 |
Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal (lien direct) |
Two samples have already been added to the malware zoo, indicating a new openness from the federal government when it comes to cyber. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-08 17:39:00 |
Cisco Accidentally Released Dirty Cow Exploit Code in Software (lien direct) |
Cisco revealed that it had "inadvertently" shipped an in-house exploit code that was used in test scripts as part of its TelePresence Video Communication Server and Expressway Series software. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-08 16:39:04 |
\'DerpTroll\' Faces 10 Years in Prison for DDoSing Gaming Sites as a Teen (lien direct) |
He admitted to taking Steam, EA Origin and Sony Online Entertainment offline in 2013 and 2014, causing at least $95,000 in damages. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-08 14:29:00 |
DJI Patches Forum Bug That Allowed Drone Account Takeovers (lien direct) |
Bug opened door for malicious link attack, giving hacker access to stored DJI drone data of commercial and consumer customers. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-08 14:04:01 |
Podcast: Troy Hunt Talks Bad Passwords – and Who\'s to Blame for Them (lien direct) |
Troy Hunt sounds off on how both consumers and services have a joint role in creating and enforcing strong passwords. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-08 13:52:00 |
Apple Modernizes Its Hardware Security with T2 (lien direct) |
Apple has widened the range of Macs running its T2 security chip. Is macOS finally catching up with other platforms when it comes to secure computing? |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-07 19:26:02 |
Program Looks to Tap Military Vets for Cyber-Jobs (lien direct) |
The training and job-matching effort is a public-private partnership to address a growing workforce gap. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-07 16:33:05 |
WordPress Flaw Opens Millions of WooCommerce Shops to Takeover (lien direct) |
A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce. |
Vulnerability
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-07 16:23:02 |
Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw (lien direct) |
A sophisticated proxy code has infected hundreds of thousands of devices already. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-06 22:53:03 |
HSBC Data Breach Hits Online Banking Customers (lien direct) |
The data breach includes names, addresses, transaction histories, account information and more. |
Data Breach
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-06 20:51:01 |
ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers (lien direct) |
One-third of respondents in a new poll said that have been a victim of fraud or identity theft in the past. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-06 16:15:03 |
U.S. Elections True Test for Facebook\'s Disinformation Crackdown (lien direct) |
Facebook continues to address the challenges faced during the 2016 election. |
|
|
★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-06 13:27:01 |
Apache Struts Warns Users of Two-Year-Old Vulnerability (lien direct) |
Users must update their vulnerable libraries manually. |
Vulnerability
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-05 21:27:00 |
Online Radio Stations at Risk from Icecast Flaw (lien direct) |
A buffer overflow bug could silence online stations. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-05 17:59:03 |
Newsmaker Interview: Tom Kellermann on Hacking the Midterm Elections (lien direct) |
Concerns over midterm election tampering reach a boiling point in the days leading up to actual voting. |
Guideline
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-05 17:56:00 |
PortSmash Side-Channel Attack Siphons Data From Intel, Other CPUs (lien direct) |
An exploit was released for a flaw existing in a process in CPUs called Simultaneous Multithreading (SMT). |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-05 17:51:01 |
Passwords: Here to Stay, Despite Smart Alternatives? (lien direct) |
"Password-killing" authentication efforts may be on a road to nowhere. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-02 20:39:03 |
Facebook Blames Malicious Extensions in Breach of 81K Private Messages (lien direct) |
Investigators posed as buyers and were offered the messages at 10 cents per Facebook account. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-02 16:50:05 |
Cisco Security Appliance Zero-Day Found Actively Exploited in the Wild (lien direct) |
A high severity zero-day flaw exists in Cisco System's SIP inspection engine. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-02 15:16:03 |
ThreatList: Fewer Big DDoS Attacks in Q3, Overall Rate Holds Steady (lien direct) |
Meanwhile, Saturday now is the most “dangerous” day of the week for DDoS attacks. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-01 21:50:01 |
Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities (lien direct) |
Five of them allow remote compromise of the IoT gadgets, so attackers can intercept video feeds and more. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-01 21:31:01 |
GDPR\'s First 150 Days Impact on the U.S. (lien direct) |
Weighing the impact of GDPR and how the historic legislation has shaped privacy protection measures in the U.S., so far. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-01 16:37:03 |
Utilities, Energy Sector Attacked Mainly Via IT, Not ICS (lien direct) |
Stealing administrative credentials to carry out months-long spy campaigns is a top threat. |
|
|
★★★★
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-01 15:44:05 |
PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking (lien direct) |
Poor DNS housekeeping opens the door to account takeover. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-11-01 15:20:00 |
Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack (lien direct) |
Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies. |
Vulnerability
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-10-31 16:52:04 |
Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Bug (lien direct) |
Security updates across all Apple platforms released alongside its new products. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-10-31 15:38:02 |
Kraken Ransomware Upgrades Distribution with RaaS Model (lien direct) |
The Kraken ransomware author has released a second version of the malicious code, along with a unique affiliate program on the Dark Web. According to research into Kraken v.2 the new version is being promoted in a ransomware-as-a-service (RaaS) model to underground forum customers, via a video demoing its capabilities. Those interested can complete a […] |
Ransomware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-10-30 21:10:03 |
Square, PayPal POS Hardware Open to Multiple Attack Vectors (lien direct) |
Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft. |
|
|
★★★★★
|