Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-10-09 13:00:00 |
New Magecart hack detected at Shopper Approved (lien direct) |
Malicious code removed after two days. Impact is smaller compared to previous incidents at Ticketmaster, Feedify, or British Airways. |
Hack
|
|
|
|
2018-10-09 12:18:01 |
Garmin\'s Navionics exposed data belonging to thousands of customers (lien direct) |
An unsecured MongoDB server containing 19GB in customer and product data was exposed online. |
|
|
|
|
2018-10-09 11:50:01 |
Google restricts which Android apps can request Call Log and SMS permissions (lien direct) |
Only apps selected as the device's default app for making calls or sending text messages will be able to access call logs and SMS data from now on. |
|
|
|
|
2018-10-09 10:34:00 |
Security researcher source in Supermicro chip hack report casts doubt on story (lien direct) |
The explosive report "doesn't make sense," according to the expert which described hardware implant uses in theoretical attacks. |
Hack
|
|
|
|
2018-10-09 08:47:00 |
Heathrow Airport fined £120,000 over USB data breach debacle (lien direct) |
In a prime example of data protection failure, a USB containing sensitive information ended up in the hands of the public. |
Data Breach
|
|
|
|
2018-10-08 23:42:00 |
Firefox will be able to show notifications inside the Windows 10 Action Center (lien direct) |
New Windows 10-friendly notification system to arrive in December, with Firefox 64. |
|
|
|
|
2018-10-08 20:52:00 |
Google sets new rules for third-party apps to access Gmail data (lien direct) |
All Gmail third-party apps with full access to Gmail user data will need to re-submit for a review by February 15, 2018, or be removed. |
|
|
|
|
2018-10-08 17:25:00 |
Google shuts down Google+ after API bug exposed details for over 500,000 users (lien direct) |
Search giant says it found no evidence that any user data was misused. |
|
|
|
|
2018-10-08 17:03:03 |
It\'s 2018, and network middleware still can\'t handle TLS without breaking encryption (lien direct) |
Appliance vendors fail to respond to bug reports. Some devices got worse after disclosure. |
|
|
|
|
2018-10-08 11:49:00 |
US government rolls out 2-step verification for .gov domain owners (lien direct) |
DotGov program rolls out support for Google Authenticator app for the management of .gov domains. |
|
|
|
|
2018-10-08 10:33:00 |
MikroTik vulnerability climbs up the severity scale, new attack permits root access (lien direct) |
A bug previously deemed medium in severity may actually be as "bad as it gets" due to a new attack technique. |
Vulnerability
|
|
|
|
2018-10-08 09:37:01 |
Code execution bug in malicious repositories resolved by Git Project (lien direct) |
The critical vulnerability can lead to the execution of code on a vulnerable system. |
Vulnerability
Guideline
|
|
|
|
2018-10-08 08:45:02 |
Dark web admin of Silk Road marketplace \'Libertas\' pleads guilty (lien direct) |
The underground marketplace was a hotbed of drugs, weapons, and other illegal products. |
|
|
|
|
2018-10-07 22:11:00 |
DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story (lien direct) |
US and UK officials stand by Amazon and Apple's statements regarding Bloomberg chip hack story. |
Hack
|
|
|
|
2018-10-06 23:38:02 |
Firefox and Edge add support for Google\'s WebP image format (lien direct) |
WebP image format gets new life courtesy of Microsoft and Mozilla. Apple is last browser maker without WebP support. |
|
|
|
|
2018-10-06 13:47:00 |
Amazon fires employee for sharing customers\' email addresses (lien direct) |
Employee firing likely connected to investigation Amazon started last month after Wall Street Journal report that employees were selling customer data and deleting reviews. |
|
|
|
|
2018-10-06 08:29:00 |
Microsoft pulls Windows 10 October Update (version 1809) (lien direct) |
Microsoft cites problems with the latest update package deleting user files. |
|
|
|
|
2018-10-05 23:03:00 |
Web hosting providers take three days, on average, to respond to abuse reports (lien direct) |
Some hosting providers take over two weeks to respond, with the worst taking over 19 days. |
|
|
|
|
2018-10-05 20:08:01 |
DOJ explains recent wave of cyber-espionage-related indictments (lien direct) |
The DOJ has heard the cyber-security's criticism and has responded. |
|
|
|
|
2018-10-05 16:46:03 |
Cyberstalker thwarted by VPN logs gets 17 years in prison (lien direct) |
Access logs from two VPN providers and Chrome forensic data recovered from a formatted PC send cyberstalker to prison. |
|
|
|
|
2018-10-05 11:36:02 |
Mozilla resolves critical code execution flaw in Thunderbird email client (lien direct) |
The severe bug has been smoothed over as part of a wider security update. |
|
|
|
|
2018-10-05 10:45:01 |
G Suite admins get ability to remotely lock company-owned Android devices (lien direct) |
More new features land in G Suite after Google enabled alerts for government-backed attacks earlier this week. |
|
|
|
|
2018-10-05 05:25:00 |
Russia\'s elite hacking unit has been silent, but busy (lien direct) |
While APT28 was making fun of the DNC through Western media, Turla APT remained active and hacking in the shadows. |
|
APT 28
|
|
|
2018-10-04 21:24:05 |
Hacker wastes entire day hacking Pigeoncoin cryptocurrency only to make $15,000 (lien direct) |
Pigeoncoin hack confirms that the CVE-2018-17144 vulnerability fixed in the Bitcoin source code in mid-September was, indeed, as bad as it gets. |
Hack
Vulnerability
|
|
|
|
2018-10-04 16:41:00 |
Recent wave of hijacked WhatsApp accounts traced back to voicemail hacking (lien direct) |
Israeli government authorities warn users about new method of hijacking WhatsApp accounts. |
|
|
|
|
2018-10-04 14:53:00 |
After two decades of PHP, sites still expose sensitive details via debug mode (lien direct) |
In 2018, some developers fail to deactivate debug mode for their web apps, leading to potentially catastrophic scenarios. |
Guideline
|
|
|
|
2018-10-04 13:00:01 |
Russian Fancy Bear APT linked to Earworm hacking group (lien direct) |
The hacking rings may be separate but it seems they share a system or two in order to launch their attacks. |
|
APT 28
|
|
|
2018-10-04 12:48:00 |
Apple, Amazon deny claims Chinese spies implanted backdoor chips in company hardware: report (lien direct) |
Updated: An investigation claims that a tiny chip implanted into server hardware facilitated backdoors into the systems of major tech companies and US government entities. |
|
|
|
|
2018-10-04 10:50:01 |
Burgerville customer credit card info stolen in data breach laid at Fin7\'s feet (lien direct) |
Despite the recent arrests of alleged Fin7 members, the threat group is actively targeting US companies. |
Data Breach
Threat
|
|
|
|
2018-10-04 09:04:04 |
Phantom Secure CEO pleads guilty to providing drug cartels with encrypted phones (lien direct) |
The Phantom Secure network was used to help criminals "go dark" and avoid law enforcement. |
|
|
|
|
2018-10-04 00:00:00 |
Google forcibly enables G Suite alerts for government-backed attacks (lien direct) |
Google: This feature is good for you, so we'll just enable it. You're welcome! |
|
|
|
|
2018-10-03 20:19:04 |
Alphabet\'s Intra app encrypts DNS queries to help users bypass online censorship (lien direct) |
New Intra app adds DNS-over-HTTPS support for older Android versions. |
|
|
|
|
2018-10-03 17:00:00 |
DHS aware of ongoing APT attacks on cloud service providers (lien direct) |
Attacks most likely linked to APT10, a Chinese cyber-espionage group, also known as Red Apollo, Stone Panda, POTASSIUM, or MenuPass. |
|
APT 10
|
|
|
2018-10-03 15:01:00 |
North Korea\'s APT38 hacking group behind bank heists of over $100 million (lien direct) |
New FireEye report provides insight into North Korea's financially-motivated hacking operations. |
|
APT 38
|
|
|
2018-10-03 11:51:03 |
Gwinnett Medical Center investigates possible data breach (lien direct) |
Patient records may have been leaked online due to the alleged security incident. |
Data Breach
|
|
|
|
2018-10-03 09:43:05 |
Hacker faces jail time after defacing US military academy, NYC sites (lien direct) |
Over 11,000 websites of political or business value to the US were targeted. |
|
|
|
|
2018-10-03 09:09:01 |
Zoho domains central to keylogger, data theft campaigns worldwide (lien direct) |
The Indian online office suite is reportedly being abused on a massive scale to exfiltrate data from compromised machines. |
|
|
|
|
2018-10-02 21:46:00 |
Canadian restaurant chain suffers country-wide outage after malware outbreak (lien direct) |
Some restaurant locations were temporarily shut down due to the IT outage, others continued to serve customers. |
Malware
|
|
★★
|
|
2018-10-02 18:23:00 |
Some Apple laptops shipped with Intel chips in "manufacturing mode" (lien direct) |
Apple fixed issue with an update released in June but other OEMs may also be affected. |
|
|
|
|
2018-10-02 14:48:02 |
New study finds 5 of every 6 routers are inadequately updated for security flaws (lien direct) |
Consumer group blames open source libraries and the lack of auto-update mechanisms. |
|
|
|
|
2018-10-02 12:00:01 |
Oracle unveils Autonomous NoSQL Database service (lien direct) |
The latest part of Oracle's autonomous database portfolio, the new database service is tuned for for NoSQL applications requiring low latency, data model flexibility and elastic scaling. |
|
|
|
|
2018-10-02 12:00:00 |
Twitter bans distribution of hacked materials ahead of US midterm elections (lien direct) |
Twitter announces three new major rule changes to its site rules and policies. |
|
|
|
|
2018-10-02 12:00:00 |
Breaking bank security: Record theft rises to new heights (lien direct) |
Recorded data breaches impacting the financial sector have close to tripled since 2016, new research suggests. |
|
|
|
|
2018-10-02 11:54:00 |
Facebook could face $1.63bn fine under GDPR over latest data breach (lien direct) |
Facebook was fined £500,000 under the Data Protection Act for the Cambridge Analytica scandal but may not get away so lightly this time. |
Data Breach
|
|
|
|
2018-10-01 21:03:00 |
Google to no longer allow Chrome extensions that use obfuscated code (lien direct) |
Google publishes new rules for extensions and the Chrome Web Store. |
|
|
|
|
2018-10-01 14:40:05 |
Code execution vulnerabilities uncovered in Atlantis Word Processor (lien direct) |
The software is used for creating Word documents and converting documents in a variety of formats. |
|
|
|
|
2018-10-01 14:11:00 |
Facebook sued hours after announcing security breach (lien direct) |
Plaintiffs claim Facebook failed to protect their personal data. Want relief and punitive damages against Facebook. |
|
|
|
|
2018-10-01 11:28:05 |
FBI forces Apple iPhone X owner to unlock device through Face ID (lien direct) |
Reports claim that law enforcement used a search warrant to force an iPhone owner to unlock their device through their face. |
|
|
|
|
2018-10-01 10:28:02 |
ATM wiretapping is on the rise, Secret Service warns (lien direct) |
Drills are the weapon of choice for criminals who spy on your activities at the cash point. |
|
|
|
|
2018-10-01 09:00:01 |
Phishing campaign targets developers of Chrome extensions (lien direct) |
If the campaign was successful, we should expect new cases of hacked extensions used to infect users. |
|
|
|