Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 11:02:05 |
Using Threat Trends to Protect Network Resources (lien direct) |
The Threat Landscape is Evolving Faster Than the Usual Rate of Security Review
Leveraging threat intelligence to improve an organization's security posture should be an essential component of any security strategy. So as I spend time with organizations from around the world to discuss their security challenges, I am surprised to learn how few do this.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 10:40:01 |
Decision Fatigue is Real - In Life and In Security (lien direct) |
“The world is your oyster!” “The sky's the limit!” Those may sound like encouraging words, but according to 'millennial therapist' Tess Brighman the biggest complaint among millennials is having so many choices that they struggle to make decisions. Why is this such a problem for this group? Information overload.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 05:51:02 |
Stock Trading Firm Robinhood Stored User Passwords in Plaintext (lien direct) |
Robinhood, a California-based financial services company that provides a popular commission-free stock trading app, informed some users that their passwords were stored in plaintext.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-25 05:16:04 |
Louisiana School Systems Cyber Attacked; Emergency Declared (lien direct) |
Louisiana Gov. John Bel Edwards has issued an emergency declaration after malware attacks against three school systems in the state have been detected.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 19:59:05 |
U.S. Warns of 5G Wireless Network Security Risks (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an infographic underlining some of the risk factors associated with 5G wireless networks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 19:44:00 |
Netography Launches Open Beta of Distributed IPS Service (lien direct) |
Network security company Netography on Tuesday announced the launch of its first service, advertised as a new type of intrusion prevention system (IPS).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 15:16:00 |
Vulnerabilities Found in Mitsubishi Inverter Engineering Software (lien direct) |
Mitsubishi Electric's FR Configurator2 inverter engineering software is affected by several vulnerabilities that can be exploited for information disclosure, arbitrary code execution, privilege escalation, and denial-of-service (DoS) attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 14:45:04 |
How IoT Opens the Door for Insider Attacks Against Industrial Infrastructure (lien direct) |
For manufacturers, improving security often means building better defenses against malware, botnets and other external threats. What may be further from their minds, however, are the threats that come from within the organization.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 14:17:04 |
FTC Fines Facebook $5B, Adds Limited Oversight on Privacy (lien direct) |
Federal regulators have fined Facebook $5 billion for privacy violations and are instituting new oversight and restrictions on its business. But they are only holding CEO Mark Zuckerberg personally responsible in a limited fashion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 13:57:04 |
3 Romanian Men Sentenced for Hacking US Servers (lien direct) |
Three men who hacked U.S. computers from Romania have been sentenced to prison for a fraud scheme totaling more than $21 million, federal prosecutors in Georgia said Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 12:30:03 |
NSA Forms Cybersecurity Directorate to Redefine Cybersecurity Mission (lien direct) |
The U.S. National Security Agency (NSA) is creating a new Cybersecurity Directorate to reinvigorate the cybersecurity element of its work.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 05:57:04 |
Citrix Completes Investigation into Data Breach (lien direct) |
Software giant Citrix on Tuesday announced that it has completed its investigation into the data breach detected earlier this year.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-24 05:04:00 |
Indiana County Targeted in Malware Assault on Computers (lien direct) |
Officials of an Indiana county say they are trying to determine the extent of a malware attack on the county's computers.
Vigo County Commissioner Judith Anderson says commissioners were informed of a “ransomware” attack early Tuesday.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 23:12:04 |
Four Arrested Over Hacking of Brazil Justice Minister\'s Phone (lien direct) |
Brazilian federal police arrested four people Tuesday over the hacking of cell phones belonging to Justice Minister Sergio Moro and prosecutors involved in a massive corruption probe.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 20:33:02 |
Hackers Compromise 62 Colleges via Campus ERP Platform (lien direct) |
Hackers have managed to compromise 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner system, the U.S. Department of Education warns.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 17:09:05 |
(Déjà vu) Apple Patches 22 Vulnerabilities in WebKit (lien direct) |
Apple this week released a new set of patches to address various security flaws across its product portfolio, including 22 bugs impacting WebKit.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 17:01:02 |
Attackers Turn Elasticsearch Databases Into DDoS Bots (lien direct) |
A recently detected attack campaign is attempting to ensnare Elasticsearch clusters into a distributed denial of service (DDoS) botnet, Trend Micro reports.
The multi-stage attacks leverage scripts to ultimately deliver backdoors to the targeted servers and turn them into DDoS bots.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 15:49:00 |
Huawei Unit Cuts More Than 600 Jobs Following U.S. Sanctions (lien direct) |
Chinese telecom giant Huawei said on Tuesday that more than 600 jobs would be lost at a US unit as a result of "curtailment of business operations" caused by Washington's sanctions on the firm and 68 of its subsidiaries.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 15:31:01 |
US Attorney General Says Encryption Creates Security Risk (lien direct) |
U.S. Attorney General Bill Barr said Tuesday that increased encryption of data on phones and computers and encrypted messaging apps are putting American security at risk.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 15:29:01 |
Report Finds New Deficiencies in IRS Data Security Security Controls (lien direct) |
The Internal Revenue Service's (IRS) information system security controls require further improvements, a new report from the United States Government Accountability Office (GAO) claims.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 14:31:00 |
China-Linked Threat Actor Using New Backdoor (lien direct) |
The China-linked threat actor known as APT15 has been using a previously undocumented backdoor for more than two years, ESET's security researchers have discovered.
|
Threat
|
APT 15
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 14:27:00 |
Recently Disclosed WordPress Plugin Flaws Exploited in Malvertising Operation (lien direct) |
Researchers at Defiant, the company behind the Wordfence security plugin for WordPress websites, have come across a malvertising campaign that leverages recently disclosed plugin vulnerabilities to inject malicious code into websites.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 11:21:04 |
ProFTPD Vulnerability Can Expose Servers to Attacks (lien direct) |
A security hole affecting the free and open source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and possibly execute arbitrary code.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 06:07:05 |
Several Vulnerabilities Found in Comodo Antivirus (lien direct) |
Several vulnerabilities have been discovered in Comodo Antivirus, including one that allows an attacker to escape the sandbox and escalate privileges, and the vendor does not appear to have released any patches.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-23 00:35:04 |
U.S. Tech CEOs Support Trump on Huawei Restrictions: White House (lien direct) |
Chief executives from several US tech companies met with President Donald Trump on Monday and expressed "strong support" for policies restricting the use of products from Chinese telecom giant Huawei.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 16:19:03 |
AMCA Breach: Many More Impacted Healthcare Firms Come Forward (lien direct) |
Many more healthcare companies in the United States published press releases last week to inform customers that they had been impacted by the data breach suffered by the American Medical Collection Agency (AMCA).
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 15:01:00 |
Huawei\'s Czech Unit Secretly Collected Data: Report (lien direct) |
The Czech unit of telecoms giant Huawei secretly collected personal data of customers, officials and business partners, Czech public radio reported Monday, fanning concerns about security risks linked to the Chinese group.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 14:55:01 |
Browser Extensions Massively Collecting User Data (lien direct) |
Security researchers have discovered eight Chrome and Firefox extensions that leak user data, including personally identifiable information (PII) and corporate information (CI).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 14:39:02 |
FSB Contractor Hacked, Secret Russian Projects Exposed (lien direct) |
A group of hackers has leaked online information on secret projects allegedly stolen from the servers of Russian Federal Security Service (FSB) contractor Sytech.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 14:39:01 |
Critical RCE Vulnerability Found in Palo Alto Networks VPN Product (lien direct) |
A critical remote code execution vulnerability has been found and patched in Palo Alto Networks' GlobalProtect product.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 13:38:05 |
Questions to Ask Before Choosing a Threat Intelligence RFI Service (lien direct) |
Much like deep & dark web (DDW) coverage and anti-fraud solutions, request for intelligence (RFI) services have quickly become both ubiquitous and prone to misleading claims in the threat intelligence market.
|
Threat
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 13:16:00 |
Equifax to Pay up to $700 Million to Consumers, Authorities Over 2017 Breach (lien direct) |
Equifax and U.S. government agencies announced on Monday that the credit reporting agency is prepared to pay up to $700 million to settle charges related to the massive 2017 data breach that impacted roughly 147 million people.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-22 13:11:05 |
Digital Transformation Makes the Case for Log Retention in Cloud SIEMs (lien direct) |
As organizations pursue their digital transformation dreams, they'll migrate from on-premises SIEM to cloud-based SIEM. In the process of doing so, CISOs are taking a closer look at their previous security incident and event log retention policies, and revisiting past assumptions and processes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-20 14:19:05 |
Scotland Yard Twitter and Emails Hacked (lien direct) |
London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 17:46:01 |
Iranian Hackers Use New Malware in Recent Attacks (lien direct) |
The Iran-linked cyber-espionage group OilRig has started using three new malware families in campaigns observed over the past month, FireEye reports.
|
Malware
|
APT 34
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 16:52:00 |
The Growing Threat of Targeted Ransomware (lien direct) |
Ransomware targeting organizations is a growing threat. The extent of that threat is not always obvious. Except for the healthcare sector, disclosure of a ransomware attack is not generally required -- so victims will not necessarily report an incident. This is exacerbated by those victims who simply pay up and recover their files without the problem becoming obvious.
|
Ransomware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 16:45:03 |
Author of Dryad and Rubella Macro Builders Arrested (lien direct) |
Dutch authorities this week announced the arrest a 20-year old man for allegedly developing and distributing Office Macro Builders.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 16:20:04 |
Why Incident Response Must Adopt a Kill Chain Perspective (lien direct) |
Even as incident response (IR) has evolved, it has struggled to see beyond individual events and create a more complete perspective. IR tools are still very effective, particularly as advances in orchestration and automation technology have turned many IR tools into SOAR tools, but they are limited by this narrow focus.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 16:11:04 |
Israel Spyware Firm Can Mine Data From Social Media: FT (lien direct) |
An Israeli spyware firm thought to have hacked WhatsApp in the past has told clients it can scoop user data from the world's top social media, the Financial Times reported Friday.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 16:04:04 |
(Déjà vu) Microsoft Launches Bug Bounty Program for Dynamics 365 (lien direct) |
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 15:01:00 |
Ex-NSA Contractor to Be Sentenced in Stolen Documents Case (lien direct) |
A former National Security Agency contractor awaits sentencing in Baltimore's federal court for storing two decades' worth of classified documents at his Maryland home.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 14:47:02 |
Google Increases Bug Bounty Program Rewards (lien direct) |
Google on Thursday informed security researchers that they can now earn significantly higher rewards if they submit vulnerability reports through the company's bug bounty programs.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 06:12:05 |
Researchers Claim They Bypassed Cylance\'s AI-Based Antivirus (lien direct) |
Researchers at Australia-based cybersecurity firm Skylight claim to have found a way to trick Cylance's AI-based antivirus engine into classifying malicious files as benign.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-19 04:39:05 |
Poland, Lithuania Probe Russian-made App Behind Viral Old Age Selfies (lien direct) |
Poland and Lithuania said Thursday they were looking into the potential security risks of using a Russian-made face-editing app that has triggered a viral social media trend where users post "aged" selfies.
|
|
|
★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-18 17:03:01 |
Over 800,000 Systems Still Vulnerable to BlueKeep Attacks (lien direct) |
Users and organizations continue to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708, but over 800,000 systems are still exposed to attacks.
|
Vulnerability
|
Wannacry
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-18 16:14:04 |
Biometrics: Dismantling the Myths Surrounding Facial Recognition (lien direct) |
Biometric Authentication is No Longer Just the Stuff of Spy Movies or Reserved for Military-Grade Installations
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-18 14:15:05 |
Slack Resetting More User Passwords in Response to 2015 Breach (lien direct) |
Slack announced on Thursday that it's resetting passwords for accounts that users have not secured after the data breach suffered by the company back in 2015.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-18 13:40:04 |
US Senator Calls for Investigation into Russia-made FaceApp (lien direct) |
The chart-topping Russian-made FaceApp, which allows users to see how they will look as they age, found itself in the eye of a political storm in the US Wednesday, with one senator urging an FBI investigation into its "national security and privacy risks".
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-18 12:36:03 |
Malware Framework Gathers 1 Billion Ad Impressions in 3 Months (lien direct) |
Flashpoint security researchers have discovered a new malware framework that managed to gather over one billion fraudulent ad impressions in the past three months.
|
Malware
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-18 12:11:02 |
Report Finds California Government IT Security Flaws (lien direct) |
California's state auditor raised alarms Tuesday about information security in some state offices and called for additional oversight and regular assessments.
|
|
|
★★
|