Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-12-04 21:00:04 |
1-800-Flowers Becomes Latest Payment Breach Victim (lien direct) |
Details are so far scant in this latest in a string of data breaches. |
|
|
|
|
2018-12-04 16:56:00 |
Google Patches 11 Critical RCE Android Vulnerabilities (lien direct) |
Google's December Android Security Bulletin tackles 53 unique flaws. |
|
|
|
|
2018-12-04 14:29:02 |
Quora Breach Exposes a Wealth of Info on 100M Users (lien direct) |
The information is an early Christmas gift for any social engineer. |
|
|
|
|
2018-12-04 11:00:05 |
Magecart Group Ups Ante: Now Goes After Admin Credentials (lien direct) |
The group's skimmer has added some capabilities that steals credentials from admins. |
|
|
|
|
2018-12-03 21:30:03 |
Lawsuit Claims Pegasus Spyware Helped Saudis Spy on Khashoggi (lien direct) |
The lawsuit alleges that NSO Group violated international law by allowing Pegasus to be used by oppressive regimes to hunt dissidents and journalists. |
|
|
|
|
2018-12-03 17:54:01 |
Chris Vickery on the Marriott Breach and a Rash of Recent High-Profile Hacks (lien direct) |
In this Newsmaker Interview, 'breach hunter' Chris Vickery explores a recent spate of breaches from Marriott, USPS and Dell EMC. |
|
|
|
|
2018-12-03 17:06:02 |
U.S. Military Members Catfished and Hooked for Thousands of Dollars (lien direct) |
Prisoners in South Carolina posed convincingly as beautiful women on social media platforms. |
|
|
|
|
2018-12-03 15:50:00 |
Lenovo Ordered to Pay $7.3M in Superfish Fiasco (lien direct) |
The laptop giant will settle a 32-state class-action lawsuit stemming from pre-installing vulnerable ad-targeting software. |
|
|
|
|
2018-12-03 15:42:05 |
iOS Fitness Apps Robbing Money From Apple Victims (lien direct) |
The two apps, “Fitness Balance App” and “Calories Tracker app,” were tricking users into payments of $120. |
|
|
|
|
2018-12-03 14:53:04 |
YouTuber PewDiePie Promoted Via 50K Hacked Printers (lien direct) |
The incident sheds light on just how insecure printers are. |
|
Uber
|
|
|
2018-11-30 21:00:03 |
Podcast: Breaking Down the Magecart Threat (Part Two) (lien direct) |
In part two of our podcast series on Magecart, we talk to expert Yonathan Klijnsma, who has been tracking the threat for years. |
Threat
|
|
|
|
2018-11-30 18:01:01 |
Bing Warns VLC Media Player Site is \'Suspicious\' in Likely False-Positive Gaff (lien direct) |
After identifying the official VLC media download page as "unsafe" with its Bing search engine, Microsoft now suggests it was done in error. |
|
|
|
|
2018-11-30 14:30:01 |
Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs (lien direct) |
The bug bounty "queen" Katie Moussouris discusses the biggest mistakes that companies launching these programs are making. |
|
|
|
|
2018-11-30 13:48:00 |
(Déjà vu) 2014 Marriott Data Breach Exposed, 500M Guests Impacted (lien direct) |
The hackers had access to the impacted database since 2014. |
Data Breach
|
|
|
|
2018-11-29 19:02:05 |
Critical Zoom Flaw Lets Hackers Hijack Conference Meetings (lien direct) |
Hackers can spoof messages, hijack screen controls and kick others out of meetings. |
|
|
|
|
2018-11-29 16:11:05 |
Cisco Patches Critical Bug in License Management Tool (lien direct) |
The vulnerability could allow attacker to execute arbitrary SQL queries. |
Tool
Vulnerability
|
|
|
|
2018-11-29 14:36:02 |
Hackers Breach Dunkin\' Donuts Accounts in Credential Stuffing Attack (lien direct) |
The donut giant first noticed the attack Oct. 31. |
|
|
|
|
2018-11-29 00:03:04 |
Dell Warns of Attempted Breach on Network (lien direct) |
The company said it has reset passwords for all Dell.com customers. |
|
|
|
|
2018-11-28 22:22:02 |
Microsoft Warns of Two Apps That Expose Private Keys (lien direct) |
The two apps are created by headset software company Sennheiser HeadSetup. |
|
|
|
|
2018-11-28 20:02:04 |
ThreatList: Cryptominers Dominate Malware Growth in 2018 (lien direct) |
The rise of piracy has helped drive the spike in attacks. |
Malware
|
|
|
|
2018-11-28 17:44:04 |
FBI Sinkholes $38M Global Ad Fraud Operation (lien direct) |
The multi-year campaign used malware and botnets to falsify billions of webpages and "site users." |
Malware
|
|
|
|
2018-11-28 14:05:03 |
The Nature of Mass Exploitation Campaigns (lien direct) |
Examples of how attackers carry out mass exploitation campaigns and how to defend against them. |
|
|
|
|
2018-11-27 22:57:04 |
Pegasus Spyware Targets Investigative Journalists in Mexico (lien direct) |
Colleagues of slain Javier Valdez Cárdenas, known for investigating drug cartels, were targeted just days after his death. |
|
|
|
|
2018-11-27 20:03:03 |
Cisco Re-Issues Patch For High-Severity WebEx Flaw (lien direct) |
The patch addresses a flaw in Cisco's WebEx platform that lets hackers gain elevated privileges. |
|
|
|
|
2018-11-27 19:55:00 |
Cheetah Mobile Blames SDKs for Rampant Ad Fraud in Its Android Apps (lien direct) |
Eight popular Android apps are embezzling from the ad ecosystem on a widespread basis, according to allegations. |
|
|
|
|
2018-11-27 17:12:05 |
Widespread Malvertising Campaign Hijacks 300 Million Sessions (lien direct) |
Researchers say the bad actor behind the malvertising campaign is still active. |
|
|
|
|
2018-11-26 21:34:04 |
Knuddels Flirt App Slapped with Hefty Fine After Data Breach (lien direct) |
It's Germany's first GDPR fine, for an incident that affected millions of accounts. |
Data Breach
|
|
|
|
2018-11-26 18:49:02 |
Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions (lien direct) |
A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October. |
Malware
|
|
|
|
2018-11-26 18:46:01 |
USPS, Amazon Data Leaks Showcase API Weaknesses (lien direct) |
The incidents affected millions, just as Black Friday, Cyber Monday and the holiday shopping season kicked off. |
|
|
|
|
2018-11-26 16:13:01 |
User Confidence in Smartphone Security Abysmal (lien direct) |
Sixty-six of percent of phone users said they had suffered data-related harm: 11 percent suffered identity theft, 22 percent account hacking, 14 percent credit cards hacking and 12 percent financial fraud. |
|
|
|
|
2018-11-24 15:00:00 |
Spotify Phishers Hijack Music Fans\' Accounts (lien direct) |
The credentials could be used to glean a variety of intel on the victims. |
|
|
|
|
2018-11-23 21:01:03 |
Threatpost News Wrap Podcast for Nov. 23 (lien direct) |
From Ford data security speculation to the VisionDirect data breach, the Threatpost editors talk about this week's biggest stories. |
|
|
|
|
2018-11-23 14:00:05 |
Old Printer Vulnerabilities Die Hard (lien direct) |
New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers. |
|
|
|
|
2018-11-23 13:00:04 |
ThreatList: One-Third of Firms Say Their Container Security Lags (lien direct) |
More than one-third of respondents in a new survey haven't started or are just creating their security strategy plans. |
|
|
|
|
2018-11-22 13:30:04 |
Zero-Trust Frameworks: Securing the Digital Transformation (lien direct) |
Zero trust refers to the notion of evaluating the security risk of devices and users within the context of any given moment, without automatically conferring access based on credentials. |
|
|
|
|
2018-11-22 12:00:01 |
Podcast: Breaking Down the Magecart Threat (Part One) (lien direct) |
In the first part of our podcast series, we talked to Rapid7's chief data scientist about how Magecart has changed. |
Threat
|
|
|
|
2018-11-22 11:00:01 |
As Black Friday Looms, IoT Gadgets Take the Risk Spotlight (lien direct) |
Ahead of the holiday shopping bonanza, the security community is talking to consumers about IoT security. |
|
|
|
|
2018-11-21 20:05:04 |
Podcast: Why \'Throwing Money\' at Threats Won\'t Work (lien direct) |
How can businesses create an effective cyber defense strategy? It starts with defining success, an expert tells us. |
|
|
|
|
2018-11-21 19:15:00 |
FCC Addresses Robocalling – But Questions Remain (lien direct) |
The FCC will consider a proposal to combat robocalls and text spam in December. |
Spam
|
|
|
|
2018-11-21 16:19:01 |
Emotet\'s Thanksgiving Campaign Delivers New Recipes for Compromise (lien direct) |
The crafty malware has departed from its usual cornucopia of tactics and tricks. |
Malware
|
|
|
|
2018-11-21 00:32:03 |
Sofacy APT Takes Aim with Novel \'Cannon\' Trojan (lien direct) |
The Russian-speaking threat group is changing up its tactics. |
Threat
|
|
|
|
2018-11-20 20:49:03 |
Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS (lien direct) |
Adobe issues patch for a Flash Player vulnerability that could lead to an arbitrary code execution on targeted systems. |
Vulnerability
Guideline
|
|
|
|
2018-11-20 19:59:03 |
Gmail Glitch Enables Anonymous Messages in Phishing Attacks (lien direct) |
A glitch in the UX in Gmail allows the “from” field to be forged so there is no sender listed in the email's header. |
|
|
|
|
2018-11-20 18:01:01 |
APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign (lien direct) |
The group is best-known for hacking the DNC ahead of the 2016 presidential election. |
|
APT 29
|
|
|
2018-11-19 22:45:02 |
Olympic Destroyer Wiper Changes Up Infection Routine (lien direct) |
The Hades APT group continues its quest to stay under the radar. |
|
|
|
|
2018-11-19 21:38:00 |
VisionDirect Blindsided by Magecart in Data Breach (lien direct) |
Researchers say the Magecart threat group skimmed data of VisionDirect customers using fake Google Analytics scripts. |
Data Breach
Threat
|
|
★★★★★
|
|
2018-11-19 19:23:01 |
Ford Eyes Use of Customers\' Personal Data to Boost Profits (lien direct) |
Ford's CEO sees the tech company model as key to the company's next chapter. |
|
|
|
|
2018-11-19 16:49:00 |
Stopping the Infiltration of Things (lien direct) |
If a network-connected smoke detector starts communicating with the mail server, you know you have a problem. |
|
|
★★★★★
|
|
2018-11-16 21:25:02 |
Emoji Attack Can Kill Skype for Business Chat (lien direct) |
The "Kitten of Doom" denial-of-service attack is easy to carry out. |
|
|
|
|
2018-11-16 19:39:04 |
Gmail Glitch Offers Stealthy Trick for Phishing Attacks (lien direct) |
The issue comes from how Gmail automatically files messages into the "Sent" folder. |
|
|
|