Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-10-30 00:08:00 |
Google launches reCAPTCHA v3 that detects bad traffic without user interaction (lien direct) |
reCAPTCHA v3 assigns incoming site visitors a risk score and lets webmasters takes custom actions based on this score. |
|
APT 19
|
|
|
2018-10-29 20:14:00 |
US bans exports to Chinese DRAM maker citing national security risk (lien direct) |
US official fears supply chain attack on US military systems. |
|
|
|
|
2018-10-29 18:03:00 |
Pakistani bank denies losing $6 million in country\'s \'biggest cyber attack\' (lien direct) |
Anonymous source says the attack consisted of a flood of suspicious PoS transactions made at Target stores in Brazil and US. |
|
|
|
|
2018-10-29 15:17:00 |
DHS: Election officials inundated, confused by free cyber-security offerings (lien direct) |
Official would have liked free offerings to have been coordinated through DHS. |
|
|
|
|
2018-10-28 14:33:02 |
Satori botnet author in jail again after breaking pretrial release conditions (lien direct) |
Still unclear what Nexus Zeta has done, but he's now incarcerated in the SeaTac detention center. |
|
Satori
|
|
|
2018-10-27 08:00:00 |
Twelve malicious Python libraries found and removed from PyPI (lien direct) |
One package contained a clipboard hijacker that replaced victims' Bitcoin addresses in an attempt to hijack funds from users. |
|
|
|
|
2018-10-26 19:23:00 |
Windows Defender becomes first antivirus to run inside a sandbox (lien direct) |
Windows Defender with sandbox support rolled out to Windows insiders, but some Windows 10 users can enable it right now. |
|
|
|
|
2018-10-26 17:48:00 |
Facebook removes more Iran-linked accounts, this time targeting the US & UK (lien direct) |
Facebook said it detected this second Iran-linked campaign a week ago. |
|
|
|
|
2018-10-26 16:28:04 |
Majority of county election websites in 20 key swing states use non-.gov domains (lien direct) |
Many county election websites also found to be lacking HTTPS support. |
|
|
|
|
2018-10-26 12:39:01 |
China has been \'hijacking the vital internet backbone of western countries\' (lien direct) |
Chinese government turned to local ISP for intelligence gathering after it signed the Obama-Xi cyber pact in late 2015, researchers say. |
|
|
|
|
2018-10-25 23:36:00 |
New security flaw impacts most Linux and BSD distros (lien direct) |
Issue is only a privilege escalation flaw but it impacts a large number of systems. |
|
|
|
|
2018-10-25 20:52:00 |
China tells Trump to switch to Huawei after NYT iPhone tapping report (lien direct) |
Chinese government denies NYT report that it's spying on President Trump's mobile calls. |
|
|
|
|
2018-10-25 17:46:02 |
British Airways: Cyberattack, data theft bigger than we first thought (lien direct) |
185,000 customers in addition to original estimates may have had their data, including credit card information, exposed. |
|
|
|
|
2018-10-25 16:51:00 |
New DDoS botnet goes after Hadoop enterprise servers (lien direct) |
Hacker group targets misconfigured Hadoop YARN components to plant DemonBot DDoS malware on resource-rich servers. |
Malware
|
|
|
|
2018-10-25 14:00:00 |
North Korea blamed for two cryptocurrency scams, five trading platform hacks (lien direct) |
Two new reports support FireEye's characterization that North Korea is "the most destructive cyber threat right now." |
Threat
|
|
|
|
2018-10-25 11:54:05 |
Cisco releases fix for privilege escalation bug in Webex Meetings app (lien direct) |
No, there are no workarounds -- patch now. |
|
|
|
|
2018-10-25 10:53:01 |
Apple blocks GrayKey police tech in iOS update (lien direct) |
Reports suggest the data-slurping tool has been rendered useless -- but no-one knows how. |
Tool
|
|
|
|
2018-10-25 10:14:00 |
Facebook must pay UK\'s ICO £500,000 over Cambridge Analytica scandal (lien direct) |
The fine has now been imposed and is final, but it could have been far worse. |
|
|
|
|
2018-10-25 08:30:01 |
Free decryption tool released for multiple GandCrab ransomware versions (lien direct) |
New decryption tool can recover files locked by GandCrab versions 1, 4, and 5. |
Ransomware
Tool
|
|
|
|
2018-10-25 00:12:05 |
Data leak at consulting firm handling fundraisers for the Democratic party (lien direct) |
Exposed data includes information on thousands of fundraisers and even credentials for databases of voter records. |
|
|
|
|
2018-10-24 22:03:02 |
Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence (lien direct) |
Hacker was released on parole from Romanian prison this week and is now eligible for a second US extradition to serve 52 months in a US prison on a 2016 sentence. |
|
|
|
|
2018-10-24 18:50:00 |
Microsoft sees 25 percent rise in US law enforcement requests (lien direct) |
Law enforcement requests numbers stayed the same at the global level, but saw a spike in the US. |
|
|
|
|
2018-10-24 16:52:03 |
Meet the malware which turns your smartphone into a mobile proxy (lien direct) |
The proxies can be used to circumvent internal network security controls. |
Malware
|
|
|
|
2018-10-24 13:00:01 |
Most enterprise vulnerabilities remain unpatched a month after discovery (lien direct) |
More bugs are being squashed by the enterprise, but the time it takes to do so leaves organizations at risk. |
|
|
|
|
2018-10-24 12:54:03 |
Mozilla will match all donations to the Tor Project (lien direct) |
Mozilla gives back to the Tor Project after it embedded multiple Tor Browser features into Firefox. |
|
|
|
|
2018-10-24 12:32:04 |
This botnet snares your smart devices to perform DDoS attacks with a little help from Mirai (lien direct) |
Chalubo is a new botnet which is being used in attacks against servers and IoT devices. |
|
|
|
|
2018-10-24 10:17:02 |
Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords (lien direct) |
The Washington-based ISP's bucket exposed everything from passwords to internal corporate data. |
|
|
|
|
2018-10-24 09:18:04 |
Yahoo agrees to pay $50 million to settle data breach lawsuit (lien direct) |
The company will also provide free credit monitoring services to roughly 200 million people impacted by the cyberattacks. |
Data Breach
|
Yahoo
|
|
|
2018-10-23 23:58:02 |
Microsoft Windows zero-day disclosed on Twitter, again (lien direct) |
Zero-day impacts Windows 10, Server 2016, and Server 2019 only. |
|
|
|
|
2018-10-23 20:52:00 |
Magecart group leverages zero-days in 20 Magento extensions (lien direct) |
Security researcher asks for help in identifying all vulnerable Magento extensions. Only two of 20 currently identified. |
|
|
|
|
2018-10-23 17:23:01 |
FireEye links Russian research lab to Triton ICS malware attacks (lien direct) |
FireEye: Clues link Russia's Central Scientific Research Institute of Chemistry and Mechanics research lab to Triton-related activity. |
Malware
|
|
|
|
2018-10-23 16:00:01 |
This is how government spyware StrongPity uses security researchers\' work against them (lien direct) |
While researchers are looking forward, hackers are going back to their roots to create new attacks from the ashes of old ones. |
|
|
|
|
2018-10-23 14:11:00 |
Advertisers can track users across the Internet via TLS Session Resumption (lien direct) |
German researchers find that only seven of 45 browsers block TLS Session Resumption tracking. |
|
|
|
|
2018-10-23 09:28:04 |
Super Micro trashes Bloomberg chip hack story in recent customer letter (lien direct) |
Server vendor calls Bloomberg report a "technical implausibility" and "wrong." |
Hack
|
|
|
|
2018-10-23 09:25:05 |
Google News app bug burns through gigabytes of user mobile data (lien direct) |
Users are reporting sharp spikes in data usage via the app, sometimes leading to hundreds of dollars in mobile data fees. |
Guideline
|
|
|
|
2018-10-22 20:06:00 |
Mozilla announces ProtonVPN partnership in attempt to diversify revenue stream (lien direct) |
Selected Firefox users will be able to purchase a ProtonVPN version for $10/month. Some of the money will support Mozilla and Firefox. |
|
|
|
|
2018-10-22 17:03:00 |
WordPress team working on "wiping older versions from existence on the internet" (lien direct) |
DerbyCon presentation gives deep insight into the WordPress team's efforts to improve the security of nearly a third of all Internet sites. |
|
|
|
|
2018-10-22 11:35:01 |
Project Lakhta: Russian national charged with US election meddling (lien direct) |
The Russian citizen allegedly played a key role in the spread of fake news and trolling across social media networks. |
|
|
|
|
2018-10-22 10:48:00 |
Facebook approaches major cybersecurity firms, acquisition goals in mind (lien direct) |
The firm is reportedly aiming to patch up its tattered reputation with the purchase of external expertise. |
|
|
|
|
2018-10-22 10:33:00 |
Trade.io loses $7.5Mil worth of cryptocurrency in mysterious cold wallet hack (lien direct) |
Hackers stole over 50 million TIO tokens. Have already withdrawn 1.3 million tokens. |
Hack
|
|
|
|
2018-10-22 07:30:01 |
The most interesting Internet-connected vehicle hacks on record (lien direct) |
As researchers turn their attention to vehicles, we've seen everything from sending drivers into a ditch to brakes which suddenly won't work. |
|
|
|
|
2018-10-21 22:40:04 |
Hackers steal data of 75,000 users after Healthcare.gov FFE breach (lien direct) |
CMS officials says open enrollment period won't be negatively impacted by recent breach. |
|
|
|
|
2018-10-20 14:07:05 |
Vendors confirm products affected by libssh bug as PoC code pops up on GitHub (lien direct) |
Red Hat and F5 Networks acknowledge that some products are vulnerable to the libssh authentication bug. |
|
|
|
|
2018-10-19 20:12:03 |
Audio recording is now disabled by default in OpenBSD (lien direct) |
OpenBSD 6.4 also ships with Meltdown, Spectre v2, SpectreRSB, L1FT, and Lazy FPU mitigations. |
|
|
|
|
2018-10-19 14:25:00 |
Kaspersky says it detected infections with DarkPulsar, alleged NSA malware (lien direct) |
Victims located in Russia, Iran, and Egypt; related to nuclear energy, telecommunications, IT, aerospace, and R&D. |
Malware
|
|
|
|
2018-10-19 09:06:03 |
DJI website\'s \'Get the app on Google Play\' directs users elsewhere (lien direct) |
Opinion: At best it's an oversight, at worst it's placing user security and privacy at serious risk. |
|
|
|
|
2018-10-19 01:41:04 |
Zero-day in popular jQuery plugin actively exploited for at least three years (lien direct) |
A fix is out but the plugin is used in hundreds, if not thousands, of projects. Patching will take ages! |
Patching
|
|
|
|
2018-10-18 21:40:00 |
Flaws in telepresence robots allow hackers access to pictures, video feeds (lien direct) |
Vendor has patched two of five reported bugs. Three patches are in the works. |
|
|
|
|
2018-10-18 15:15:00 |
Open source web hosting software compromised with DDoS malware (lien direct) |
Some VestaCP servers were infected with a new malware strain named Linux/ChachaDDOS. |
Malware
|
|
|
|
2018-10-18 12:03:01 |
GitHub security alerts now support Java and .NET projects (lien direct) |
GitHub also launches Token Scanning tool and new Security Advisory API. |
Tool
|
|
|