What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-06-07 14:14:29 | Facebook Messenger Vulnerability Patched (lien direct) | Facebook has patched a vulnerability in its desktop and mobile Messenger apps that allows an attacker to modify chats and expose victims to malware and fraud. | |||
|
2016-06-07 12:00:05 | Mitsubishi Hybrid SUV Hack Puts Drivers At Risk, Says Researcher (lien direct) | Researchers discover a vulnerability in Mitsubishi's Outlander Hybrid SUV that allows hackers to disable the anti-theft alarm from a laptop and control the car's heat and AC. | |||
|
2016-06-06 17:21:08 | New Angler Exploits Bypass EMET Mitigations (lien direct) | New Microsoft Silverlight and Adobe Flash exploits included in the Angler Exploit Kit have the ability to bypass Microsoft EMET on Windows machines. | |||
|
2016-06-03 18:45:01 | NTP Patches Flaws That Enable DDoS (lien direct) | The network time protocol was updated to ntp-4.2.8p8, patching a handful of vulnerabilities that can be leveraged in DDoS attacks. | |||
|
2016-06-03 16:24:10 | Threatpost News Wrap, June 13, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including the back and forth around whether or not TeamViewer was hacked, the fallout around the years-old MySpace and Tumblr breaches, and a 90K Windows zero day. | |||
|
2016-06-03 11:41:16 | Researchers Uncover Affiliate Network for Ransomware (lien direct) | Ransomware crime bosses are shopping for affiliates to help them infect victims. | |||
|
2016-06-02 15:49:00 | TeamViewer Denies Hack, Blames Password Reuse for Compromises (lien direct) | TeamViewer continues to refute claims this week it was hacked and instead claims that password reuse and careless user actions may have led to a scourge of hacks. | |||
|
2016-06-02 12:45:55 | Irongate ICS Malware Steals From Stuxnet Playbook (lien direct) | Researchers find industrial control system malware similar to BlackEnergy, Havex, and Stuxnet going undetected on Google VirusTotal for years. | |||
|
2016-06-01 19:34:39 | Arrests Made In $45M Russian Bank Hack (lien direct) | Russian authorities made 50 arrests related to a five-year campaign to steal $45M from Russia's largest bank, Sberbank. | |||
|
2016-06-01 17:29:49 | Yahoo Discloses Contents of Three National Security Letters (lien direct) | Yahoo today disclosed the contents of three National Security Letters it received in 2013 and 2015, becoming the first company under reforms afforded by the USA FREEDOM Act to do so. | Yahoo | ||
|
2016-05-31 21:44:39 | Windows Zero Day Selling for $90,000 (lien direct) | Hackers claim to have unearthed a zero-day vulnerability giving attackers admin rights to any Windows machine from Windows 2000 to a fully patched version of Windows 10. | |||
|
2016-05-31 17:37:03 | Millions of Stolen MySpace, Tumblr Credentials Being Sold Online (lien direct) | Hackers are selling roughly 427 million passwords belonging to users of MySpace along with information on 65 million Tumblr users. | |||
|
2016-05-31 15:11:09 | Bloatware Insecurity Continues to Haunt Consumer, Business Laptops (lien direct) | High-severity vulnerabilities were found in pre-installed software updaters present in consumer and business laptops from vendors such as Dell, HP, Lenovo, Asus and Acer. | |||
|
2016-05-27 19:53:17 | Cybercrime Hit Businesses Hardest in 2015, says IC3 Report (lien direct) | Businesses were hit hardest by inbox-based scams in 2015 that robbed U.S. companies of $263 million. | |||
|
2016-05-27 14:00:54 | Judge Tosses Evidence Gathered by FBI’s Tor Exploit (lien direct) | A federal judge granted a defense motion in the case of a Vancouver teacher charged with possession of child pornography, excluding evidence gathered by a FBI network investigative technique that exploits an unpatched hole in the Tor browser. | |||
|
2016-05-27 11:00:25 | Researcher Pockets $30,000 in Chrome Bounties (lien direct) | Mariusz Mlynski is having a May to remember, earning $30,000 in bounties from Google for vulnerabilities he discovered and disclosed, on top of another $15,500 earlier this month from the same program. | |||
|
2016-05-26 21:20:14 | Microsoft Moves Against Bad Passwords (lien direct) | Microsoft says enterprises need to ban common passwords and rethink outdated ideas about what makes a strong password. | ★★★ | ||
|
2016-05-26 14:41:26 | Canary Watch Project Runs Its Course (lien direct) | The coalition behind CanaryWatch.org, a database of warrant canaries, has decided to no longer accept new submissions, nor monitor existing canaries for changes. | |||
|
2016-05-25 19:31:45 | Moxa MiiNePort Devices Leak Data, Open to Unauthorized Access (lien direct) | Embedded serial device servers built by Moxa and used in a number of critical industries remain vulnerable to three serious security issues that have not been patched by the vendor. | |||
|
2016-05-25 16:58:57 | APT Groups Finding Success with Patched Microsoft Flaw (lien direct) | Researchers at Kaspersky Lab have identified six APT groups using exploits for a Microsoft Office flaw that was patched in September 2015. | ★★★★ | ||
|
2016-05-25 11:28:40 | Google Aims to Kill Passwords with Project Abacus (lien direct) | Google wants to kill passwords with Project Abacus, which Google said will become available on Android devices by the end of 2016. | |||
|
2016-05-24 19:36:10 | LinkedIn is Latest Contributor to Breach Fatigue (lien direct) | Expert Troy Hunt waxes on last week's LinkedIn data dump of 117 million credentials and how it reflects on a new breed of hackers. | |||
|
2016-05-24 15:29:50 | FBI Mum on Real-World KeySweeper Attacks (lien direct) | The FBI warned its business partners of the risks associated with KeySweeper, a device hidden in a USB wall charger that sniffs keystrokes from Microsoft wireless keyboards. | |||
|
2016-05-23 21:33:17 | Unraveling Turla APT Attack Against Swiss Defense Firm (lien direct) | Details of an extensive targeted attack against Swiss defense contractor RUAG were released by Switzerland's national CERT. | |||
|
2016-05-23 17:08:28 | Persistent EITest Malware Campaign Jumps from Angler to Neutrino (lien direct) | The tenacious EITest malware campaign is being refueled by the fact it is shifting from the Angler exploit kit to the Neutrino exploit kit. | |||
|
2016-05-23 14:04:52 | Two Exploit Kits Spreading Attacks for Recent Flash Player Zero Day (lien direct) | Exploits for the most recent Adobe Flash Player zero-day vulnerability have been integrated into the Neutrino and Magnitude exploit kits | |||
|
2016-05-21 13:00:53 | Microsoft Warns of Sneaky New Macro Trick (lien direct) | Microsoft warns of new technique to distribute macro malware that can evade standard virus detection, according to security experts. | |||
|
2016-05-20 19:15:31 | Instagram Patches Brute-Force Authentication Flaws (lien direct) | Facebook paid researcher Arne Swinnen a $5,000 bounty for a pair of authentication vulnerabilities in Instagram that enabled brute-force attacks against usernames and passwords. | |||
|
2016-05-20 15:46:37 | Threatpost News Wrap, May 20, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including a big LinkedIn breach, TeslaCrypt closing up shop, and a breakthrough in random number generation. The two also recap this week's Source Conference in Boston. | Tesla | ★★★★ | |
|
2016-05-19 17:08:36 | Android Qualcomm Vulnerability Impacts 60 Percent of Devices (lien direct) | Duo Labs describes how a critical Android vulnerability chains two exploits together to completely pwn an Android OS device. | |||
|
2016-05-19 13:41:37 | Master Decryption Key Released for TeslaCrypt Ransomware (lien direct) | The criminals behind the TeslaCrypt ransomware have closed up shop and publicly released the master decryption key that unlocks files encrypted by the malware. | Tesla | ||
|
2016-05-18 16:47:38 | 2012 LinkedIn Breach Just Got a Lot Worse: 117 Million New Logins For Sale (lien direct) | More than 100 million LinkedIn usernames and passwords for sale on dark web as 2012 breach comes back to haunt business-savvy social network. | |||
|
2016-05-18 11:00:15 | Scope of Gaping Android Security Hole Grows (lien direct) | Security researchers at Skycure are upping the ante on a vulnerability that it says now leaves 95.4 percent of all Android devices vulnerable to an attack that hands over control of a phone or tablet to an attacker. | |||
|
2016-05-17 21:02:24 | Google Set to Kill SSLv3 and RC4 in SMTP, Gmail in June (lien direct) | Google announced this week that it will begin to disable SSLv3 and RC4 a month from now, on June 16. | |||
|
2016-05-17 15:20:45 | Apple Patches DROWN, Lockscreen Bypass Vulnerability, With Latest Round of Updates (lien direct) | Apple on Monday rolled out a series of patches for nearly all of its operating systems, including fixes for March's DROWN vulnerability in OS X and a lockscreen bypass vulnerability in iOS. | |||
|
2016-05-16 19:31:32 | Microsoft Quietly Kills Controversial Wi-Fi Sense Feature (lien direct) | Later this summer, when Microsoft rolls out a massive update to Windows 10 called Anniversary Edition, notably missing will be the controversial Wi-Fi Sense feature. | |||
|
2016-05-16 15:37:46 | Chrome Defaults to HTML5 over Adobe Flash Starting in Q4 (lien direct) | Google has announced that hacker-favorite Adobe Flash Player will no longer, as of Q4, be the default in Chrome. Instead, Chrome will default to HTML5. | |||
|
2016-05-14 12:50:14 | Malware-Laced Porn Apps Behind Wave of Android Lockscreen Attacks (lien direct) | Dell SonicWALL Threats Research Team says incidents of Android lockscreen malware masquerading as porn apps is a growing concern. | |||
|
2016-05-13 17:24:49 | Cerber Ransomware On The Rise, Fueled By Dridex Botnets (lien direct) | Cerber ransomware leverages Dridex spambot network in massive new crypto-offensive targeting U.S. inboxes. | |||
|
2016-05-13 15:07:42 | Latest Petya Ransomware Strain Comes with a Failsafe: Mischa (lien direct) | The latest Petya ransomware attacks come with a twist; if Petya is not granted privileges to encrypt the Master File Table, it instead installs Mischa ransomware. | ★★ | ||
|
2016-05-12 19:11:15 | Corruption, Code Execution Vulnerabilities Patched in Open Source Archiver 7-Zip (lien direct) | Several vulnerabilities were fixed this week in the file archiver 7-Zip which could have led to arbitrary code execution and file corruption. | ★★★★ | ||
|
2016-05-12 15:58:15 | Five Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters (lien direct) | Google is urging Windows, Mac and Linux users to update their Chrome browser to fix five security holes - two rates as high. | |||
|
2016-05-12 12:56:39 | Motion Filed Asking FBI To Disclose Tor Browser Zero Day (lien direct) | Mozilla filed a motion asking the courts to compel the government to turn over details on a zero-day vulnerability in the Tor Browser used to hack visitors to a child pornography website. | |||
|
2016-05-11 21:57:12 | Wendy’s Comes Clean On Data Breach (lien direct) | Fast-food chain Wendy's disclosed 300 of its restaurants were hit with malware tied to a PoS system attack. | |||
|
2016-05-11 16:43:07 | Viking Horde Malware Co-Ops Android Devices for Ad Fraud (lien direct) | The Viking Horde Android malware campaign can leverage victims' phones for ad fraud, carry out DDoS attacks, send spam, and more, researchers warn. | |||
|
2016-05-11 16:37:39 | Attackers Targeting Critical SAP Flaw Since 2013 (lien direct) | Researchers at Onapsis and DHS CERT today published reports describing a critical SAP Invoker Servlet vulnerability that has been used to attack 36 global enterprises spanning 15 critical industries. | |||
|
2016-05-11 12:24:00 | Facebook Makes Its CTF Platform Freely Available (lien direct) | Facebook today made its capture the flag platform freely available on GitHub, which includes a ready-made backend and a set of pre-defined challenges. | |||
|
2016-05-10 21:40:04 | IBM’s Watson Supercomputer Takes On Security (lien direct) | IBM enlists the help of eight universities to teach its Watson supercomputer to fight cybercrime. | |||
|
2016-05-10 19:03:31 | Microsoft Patches JScript, VBScript Flaw Under Attack (lien direct) | Microsoft's Patch Tuesday security bulletins include a patch for a JScript and VBScript scripting engine vulnerability being publicly exploited. | |||
|
2016-05-10 16:05:55 | FCC, FTC Investigate Mobile Security Update Practices (lien direct) | The FTC and FCC have given mobile device makers and carriers 45 days to report on their respective security update practices. |
To see everything:
Our RSS (filtrered)
