What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-10-23 12:01:02 | (Déjà vu) Plaintext Passwords Often Put Industrial Systems at Risk: Report (lien direct) | ATLANTA - SECURITYWEEK 2018 ICS CYBER SECURITY CONFERENCE - Plaintext passwords crossing the network, outdated operating systems, direct connections to the Internet, and the lack of automated updates for security solutions often put industrial systems at risk of attacks, according to a new report published on Tuesday by industrial cybersecurity firm CyberX. | |||
|
2018-10-23 10:29:01 | The Rise of The Virtual Security Officer (lien direct) | The market for virtual security officers is growing. We've had virtual chief information security officers for a few years (vCISOs), and we can expect to see virtual data protection officers (vDPOs) in the next few. The demand for both is higher than it has ever been, and it is likely to grow. | |||
|
2018-10-23 00:15:04 | Japan Orders Facebook to Improve Data Protection (lien direct) | The Japanese government on Monday ordered Facebook to improve protection of users' personal information following data breaches affecting tens of millions of people worldwide. | |||
|
2018-10-22 19:24:02 | Cisco, F5 Networks Investigate libssh Vulnerability Impact (lien direct) | Cisco and F5 Networks are investigating the possible impact of the recently patched libssh vulnerability on their products, while other vendors have concluded similar investigations. | Vulnerability | ||
|
2018-10-22 18:40:01 | Flaw in Media Library Impacts VLC, Other Software (lien direct) | A serious vulnerability in the LIVE555 Streaming Media RTSP server affects popular applications, including VLC, MPlayer and others, Cisco Talos has discovered. | Vulnerability | ||
|
2018-10-22 18:08:03 | Hackers Deface Website of Saudi Investment Forum (lien direct) | A website for a Saudi investment summit was down on Monday after an apparent cyber attack, just a day before the three-day conference overshadowed by the murder of journalist Jamal Khashoggi begins. | |||
|
2018-10-22 16:39:01 | Securing the Vote Against Increasing Threats (lien direct) | With the U.S. mid-term elections just a couple of weeks away, there are continuing concerns over the security of the electronic voting procedures used by many states. These concerns range from the integrity of state voter registration databases through the compromise of individual voting machines to the accuracy of their calibration without a paper audit trail to confirm accurate vote tallying. | |||
|
2018-10-22 16:35:03 | Recent Branch.io Patch Creates New XSS Flaw (lien direct) | The patch for a recently disclosed cross-site scripting (XSS) vulnerability in Branch.io introduced another similar flaw, a security researcher revealed last week. | Vulnerability | ||
|
2018-10-22 15:27:02 | Cyberbit Launches Portable ICS Security Assessment Solution (lien direct) | 
|
|||
|
2018-10-22 14:12:01 | Google Boosts Android Security with Protected Confirmation (lien direct) | Google further improved the security of Android with the inclusion of a new API in the latest operating system release. | |||
|
2018-10-20 20:21:05 | Hackers Breach HealthCare.gov System, Get Data on 75,000 (lien direct) | A government computer system that interacts with HealthCare.gov was hacked earlier this month, compromising the sensitive personal data of some 75,000 people, officials said Friday. | |||
|
2018-10-19 18:39:04 | NSA-Linked \'DarkPulsar\' Exploit Tool Detailed (lien direct) | Kaspersky Lab security researchers have analyzed another exploit tool that was supposedly stolen from the National Security Agency-linked Equation Group. | Tool | ||
|
2018-10-19 18:09:04 | 0-Day in jQuery Plugin Impacts Thousands of Applications (lien direct) | Thousands of projects are possibly impacted by a jQuery File Upload plugin vulnerability that has been actively exploited in the wild, a security researcher has discovered. | Vulnerability | ||
|
2018-10-19 15:22:04 | City Pays $2,000 in Computer Ransomware Attack (lien direct) | A Connecticut city has paid $2,000 to restore access to its computer system after a ransomware attack. West Haven officials said Thursday they paid the money to anonymous attackers through the digital currency bitcoin to unlock 23 servers and restore access to city data. | Ransomware | ||
|
2018-10-19 13:53:01 | Chinese Hackers Use \'Datper\' Trojan in Recent Campaign (lien direct) | A China-linked cyber espionage group known as Tick was observed using the Datper malware in a recent campaign, Cisco Talos security researchers reveal. | Malware | ||
|
2018-10-19 13:41:05 | Server With National Guard Personnel Data Target of Attack (lien direct) | The Indiana National Guard says a state, non-military computer server containing personal information on civilian and military Guard personnel was the target of a recent ransomware attack. The Guard said Thursday it is notifying the affected personnel that they should be alert for suspicious activity or fraudulent accounts being opened in their name. | Ransomware | ||
|
2018-10-19 13:38:00 | FreeRTOS Vulnerabilities Expose Many Systems to Attacks (lien direct) | Vulnerabilities discovered in the FreeRTOS operating system can expose a wide range of systems to attacks, including smart home devices and critical infrastructure, researchers warn. | |||
|
2018-10-19 11:13:02 | EU Leaders Vow Tough Action on Cyber Attacks (lien direct) | EU leaders on Thursday condemned the attempted hack on the global chemical weapons watchdog and vowed to step up the bloc's efforts to tackle cyber attacks. With concerns growing about the malign cyber activities of several countries around the world, notably Russia, the bloc's leaders called for work to begin to set up sanctions to punish hackers. | Hack Guideline | ||
|
2018-10-19 10:40:05 | Mozilla Brings Encrypted SNI to Firefox Nightly (lien direct) | Mozilla says Firefox Nightly now supports encrypting the Transport Layer Security (TLS) Server Name Indication (SNI) extension, several weeks after Cloudflare announced it turned on Encrypted SNI (ESNI) across all of its network. | |||
|
2018-10-19 09:21:00 | (Déjà vu) Remote Code Execution Flaws Patched in Drupal (lien direct) | Developers of the Drupal content management system (CMS) have patched several vulnerabilities in the 7 and 8 branches, including serious flaws that can be exploited for remote code execution. | |||
|
2018-10-19 05:37:05 | Splunk Patches Several Flaws in Enterprise, Light Products (lien direct) | Splunk recently patched several vulnerabilities in its Enterprise and Light products, including flaws that have been rated “high severity.” | |||
|
2018-10-18 18:22:00 | Flaws Open Telepresence Robots to Prying Eyes (lien direct) | Vulnerabilities in telepresence robots could provide an attacker not only with command execution capabilities, but also with access to a live video stream from the device, Zingbox reports. | |||
|
2018-10-18 17:35:04 | NFCdrip Attack Proves Long-Range Data Exfiltration via NFC (lien direct) | Researchers have demonstrated that the near-field communication (NFC) protocol can be used to exfiltrate small amounts of data, such as passwords and encryption keys, over relatively long distances. | |||
|
2018-10-18 13:57:05 | Apple\'s Revamped Privacy Website Offers Users Access to Their Data (lien direct) | Apple users can now get a copy of the data the tech giant has on them, directly from a refreshed and expanded privacy website rolled out this week. | |||
|
2018-10-18 13:24:02 | Google Pixel 3 Improves Data Protection with Security Chip (lien direct) | Google has packed the recently launched Pixel 3 and Pixel 3 XL devices with Titan M, a hardened security microcontroller that can better protect information at hardware level. | |||
|
2018-10-18 12:03:00 | \'Operation Oceansalt\' Reuses Code from Chinese Group APT1 (lien direct) | A recently observed cyber-espionage campaign targeting South Korea, the United States and Canada is reusing malicious code previously associated with state-sponsored Chinese group APT1, McAfee reports. | APT 32 | ||
|
2018-10-18 11:58:00 | 3 Public Cloud Security Myths Debunked (lien direct) | As more and more organizations embrace the migration to the cloud, there are the inevitable questions that arise around its safety. Specifically, enterprises need to know that their data is going to be secure if they choose to embrace a cloud-based model, particularly a public cloud. | |||
|
2018-10-18 10:45:02 | Facebook Launches \'War Room\' to Combat Manipulation (lien direct) | In Facebook's "War Room," a nondescript space adorned with American and Brazilian flags, a team of 20 people monitors computer screens for signs of suspicious activity. | |||
|
2018-10-18 10:37:05 | Ex-Virginia Teacher Charged in 2014 \'Celebgate\' Hacking (lien direct) | A former Virginia high school teacher is the fifth person charged in an investigation into the 2014 "celebgate" scandal in which hackers obtained nude photographs and other private information from more than 200 people, including celebrities. | |||
|
2018-10-18 05:37:03 | Tumblr Vulnerability Exposed User Account Information (lien direct) | Tumblr on Wednesday disclosed a vulnerability that could have been exploited to obtain user account information, including email addresses and protected passwords. | Vulnerability | ||
|
2018-10-18 04:43:01 | Ex-Equifax Manager Gets Home Confinement for Insider Trading (lien direct) | A former Equifax manager was sentenced Tuesday to serve eight months home confinement for engaging in insider trading in the wake of the company's massive data breach last year. | Data Breach | Equifax | |
|
2018-10-17 23:42:03 | Britain Leads Calls for EU Action Against Hackers (lien direct) | British Prime Minister Theresa May will call on fellow EU leaders Thursday to take united action to punish cyber attackers, warning hackers cause economic harm and undermine democracies. Britain is among eight European Union countries pushing for the bloc to urgently agree a new sanctions regime to address malign cyber activities. | Guideline | ||
|
2018-10-17 20:12:04 | Libssh Vulnerability Exposes Servers to Attacks (lien direct) | Servers using libssh to implement the Secure Shell (SSH) remote login protocol may be vulnerable to attacks due to the existence of an authentication bypass flaw discovered recently by a researcher. | Vulnerability | ||
|
2018-10-17 19:45:00 | Chrome 70 Updates Sign-In Options, Patches 23 Flaws (lien direct) | Google on Tuesday released Chrome 70 in the stable channel, with patches for nearly two dozen vulnerabilities, as well as with updated sign-in options. | |||
|
2018-10-17 19:14:03 | LuminosityLink RAT Author Sentenced to 30 Months in Prison (lien direct) | The maker of the LuminosityLink remote access Trojan (RAT) was sentenced to 30 months in federal prison, the United States Department of Justice announced this week. | |||
|
2018-10-17 18:36:05 | \'GreyEnergy\' Cyberspies Target Ukraine, Poland (lien direct) | Over the past three years, ESET security researchers have been tracking a cyber-espionage group linked to the infamous BlackEnergy hackers. | |||
|
2018-10-17 17:54:02 | Open Source Security Management Firm WhiteSource Raises $35 Million (lien direct) | WhiteSource, a company that specializes in open source security management, on Wednesday announced that it raised $35 million in a Series C funding round. | |||
|
2018-10-17 16:12:03 | A History of Defense-in-Depth; and the Evolution of Data Sharing (lien direct) | We need a new way to manage access to data. No, not because the “good guys” are losing to Advanced Persistent Threats, nation-state attackers, or whatever term we use to describe the cybersecurity boogey-man du jour. We need a new way to manage access to data because the old ways don't work in the cloud. The cloud is not evil from a security standpoint, but cloud adoption has introduced two critical shifts to enterprise computing: | |||
|
2018-10-17 12:57:02 | After 2016 Hack, Illinois Says Election System Secure (lien direct) | Illinois officials assured voters Tuesday that their Nov. 6 tallies "will be securely counted" following a data breach that's part of the Justice Department's investigation of Russian meddling in U.S. elections. | |||
|
2018-10-17 11:23:00 | Critical Vulnerabilities Allow Takeover of D-Link Routers (lien direct) | Researchers have found several vulnerabilities that can be exploited to take full control of some D-Link routers, and patches do not appear to be available. Serious flaws have also been discovered in routers from Linksys. | |||
|
2018-10-17 09:54:04 | Oracle\'s October 2018 Update Includes 301 Security Fixes (lien direct) | Oracle's October 2018 Critical Patch Update (CPU) was rolled out on Tuesday with 301 security fixes, bringing the total of patches released this year to 1,119. | |||
|
2018-10-17 05:04:05 | (Déjà vu) VMware Patches Code Execution Flaw in Virtual Graphics Card (lien direct) | VMware has patched a critical arbitrary code execution vulnerability in the SVGA virtual graphics card used by its Workstation, ESXi and Fusion products. | Vulnerability | ||
|
2018-10-16 17:39:01 | Insurer Anthem Will Pay Record $16M for Massive Data Breach (lien direct) | The nation's second-largest health insurer has agreed to pay the government a record $16 million to settle potential privacy violations in the biggest known health care hack in U.S. history, officials said Monday. | Data Breach Hack | ★★★★★ | |
|
2018-10-16 16:11:00 | Utimaco\'s Acquisition of Atalla HSM Product Line Gets Regulatory Clearance (lien direct) | Aachen, Germany-based Utimaco has received U.S. regulatory clearance for the acquisition of the Atalla product lines from Micro Focus it first announced in May 2018. The transaction is now scheduled to close on November 5, 2018. | ★★★ | ||
|
2018-10-16 14:55:04 | Malicious RTF Documents Deliver Information Stealers (lien direct) | A newly discovered infection campaign is leveraging malicious RTF files to deliver information-stealing Trojans to the unsuspecting victims, Cisco Talos security researchers warn. | |||
|
2018-10-16 14:46:00 | Chef Launches New Version for DevSecOps Automated Compliance (lien direct) | Chef Software has announced the latest version of its InSpec compliance automation platform for DevSecOps. InSpec provides an open source high-level language to share security and compliance rules between development, security, and operations engineers. Compliance can be with internal security policy, infrastructure provisioning, and external regulatory requirements. | |||
|
2018-10-16 13:40:04 | Many Federal Agencies Fail to Meet DMARC Implementation Deadline (lien direct) | The U.S. Department of Homeland Security (DHS) last year ordered government organizations to secure their email and web assets, but many agencies have failed to meet the deadline. | |||
|
2018-10-16 12:51:02 | New iPhone Passcode Bypass Method Found Days After Patch (lien direct) | A new method that can be used to bypass the iPhone lockscreen and access photos stored on the device was disclosed just days after Apple released a patch for a similar vulnerability. | |||
|
2018-10-16 12:16:04 | Major Browsers to Kill TLS 1.0, 1.1 (lien direct) | All major web browsers will deprecate support for the older Transport Layer Security (TLS) 1.0 and 1.1 traffic encryption protocols in the first half of 2020. Apple, Google, Microsoft and Mozilla on Monday announced plans to kill the protocol in their browsers to provide users with better security. | |||
|
2018-10-16 08:58:03 | Russia-Linked Hackers Target Diplomatic Entities in Central Asia (lien direct) | Cybersecurity companies have been monitoring the activities of a threat group that focuses on espionage campaigns aimed at diplomatic entities in Central Asia. | Threat |
To see everything:
Our RSS (filtrered)
