Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-21 18:25:12 |
macOS Malware Spread Via Fake Symantec Blog (lien direct) |
A newly observed variant of the macOS-targeting Proton malware is spreading through a blog spoofing that of legitimate security company Symantec.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-21 17:54:30 |
Has Everyone Really Been Hacked? (lien direct) |
There is little doubt that fear sells security products, hikes law enforcements agency (LEA) budgets and sells newspapers. Both the security industry and government agencies benefit from sensational headlines; leaving people wondering what the real truth may be. So when UK newspaper The Times ran a headline, 'Everyone has been hacked, say police', it leaves the question, is this just more scaremongering or a true reflection on the state of security?
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-21 17:04:58 |
Cobalt Hackers Now Targeting Banks Directly (lien direct) |
The notorious Cobalt hackers have shown a change in tactics recently, switching their attacks to targeting banks themselves, instead of bank customers, Trend Micro reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-21 16:09:51 |
U.S. Charges Iranian Over \'Game of Thrones\' HBO Hack (lien direct) |
The United States on Tuesday charged an Iranian computer whiz with hacking into HBO, stealing scripts and plot summaries for "Games of Thrones," and trying to extort $6 million in Bitcoin out of the network.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-21 15:05:59 |
Final Version of 2017 OWASP Top 10 Released (lien direct) |
The final version of the 2017 OWASP Top 10 was released on Monday and some types of vulnerabilities that don't longer represent a serious risk have been replaced with issues that are more likely to pose a significant threat.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-21 13:41:02 |
Intel Chip Flaws Expose Millions of Devices to Attacks (lien direct) |
Intel has conducted an in-depth security review of its Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) technologies and discovered several vulnerabilities. The company has released firmware updates, but it could take some time until they reach the millions of devices exposed to attacks due to these flaws.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-21 09:59:48 |
North Korean Hackers Target Android Users in South (lien direct) |
At least two cybersecurity firms have noticed that the notorious Lazarus threat group, which many experts have linked to North Korea, has been using a new piece of Android malware to target smartphone users in South Korea.
|
|
APT 38
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 19:42:43 |
Windows 8 and Later Fail to Properly Apply ASLR (lien direct) |
Address Space Layout Randomization (ASLR) isn't properly applied on versions of Microsoft Windows 8 and newer, an alert from Carnegie Mellon University-run CERT Coordination Center (CERT/CC) warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 19:31:42 |
Secureworks Releases Open Source IDS Tools (lien direct) |
Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 19:12:51 |
Dealing With Data Loss Your Firewall Can\'t Stop (lien direct) |
Information security is built on the pillars of confidentiality, integrity, and availability. Confidentiality is about making sure your secrets stay secret.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 17:01:17 |
Flaw in F5 Products Allows Recovery of Encrypted Data (lien direct) |
A crypto vulnerability affecting some F5 Networks products can be exploited by a remote attacker for recovering encrypted data and launching man-in-the-middle (MitM) attacks, the company told customers on Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 15:25:20 |
Microsoft Manually Patched Office Component: Researchers (lien direct) |
Microsoft engineers appear to have manually patched a 17 year-old vulnerability in Office, instead of altering the source code of the vulnerable component, ACROS Security researchers say.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 15:14:20 |
Ongoing Adwind Phishing Campaign Discovered (lien direct) |
A new phishing campaign delivering the Jsocket variant of Adwind (also known as AlienSpy) was detected in October, and is ongoing. Adwind and its variants have been around since at least 2012. It is a cross-platform backdoor able to install additional malware, steal information, log keystrokes, capture screenshots, take video and audio recordings, and update its own configuration.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 15:07:55 |
Screen/Audio Capture Vulnerability Impacts Lion\'s Share of Android Devices (lien direct) |
A vulnerability that allows malicious applications to capture screen contents and record audio without a user's knowledge impacts over 78% of Android devices, researchers claim.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 14:22:43 |
Five Ways to Overcome the Cultural Barriers to IT/OT Security Convergence (lien direct) |
Working Together, IT and OT Must Mitigate Risk and Address the Inevitable Mandates that Follow Successful Attacks
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 14:11:47 |
StartCom CA to Shut Down After Ban by Browser Vendors (lien direct) |
The board of directors of China-based certificate authority StartCom announced on Friday that it has decided to shut down the company following the decision of major browser vendors to ban its certificates.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-20 10:42:36 |
Unprotected Pentagon Database Stored 1.8 Billion Internet Posts (lien direct) |
Researchers have found an unprotected database storing 1.8 billion posts collected from social media services, news websites and forums by a contractor for the U.S. Department of Defense.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-17 18:36:03 |
EMOTET Trojan Variant Evades Malware Analysis (lien direct) |
A recently observed variant of the EMOTET banking Trojan features new routines that allow it to evade sandbox and malware analysis, Trend Micro security researchers say.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-17 17:39:30 |
Group Launches Secure DNS Service Powered by IBM Threat Intelligence (lien direct) |
A newly announced free Domain Name System (DNS) service promises automated immunity from known Internet threats by blocking access to websites flagged as malicious.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-17 17:26:11 |
GitHub Warns Developers When Using Vulnerable Libraries (lien direct) |
Code hosting service GitHub now warns developers if certain software libraries used by their projects contain any known vulnerabilities and provides advice on how to address the issue.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-17 16:16:12 |
New Cyber Insurance Firm Unites Insurance With Cyber Intelligence (lien direct) |
Mountain View, Calif-based cyber insurance firm At-Bay has emerged from stealth with a mission to shake up the status quo in cyber insurance. It brings a new model of security cooperation between insured and insurer to reduce risk and exposure to both parties.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-17 15:49:16 |
Ransomware Targets SMBs via RDP Attacks (lien direct) |
A series of ransomware attacks against small-to-medium companies are leveraging Remote Desktop Protocol (RDP) access to infect systems, Sophos reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-17 15:29:33 |
Moxa NPort Devices Vulnerable to Remote Attacks (lien direct) |
Hundreds of Moxa Devices Similar to Ones Targeted in Ukraine Power Grid Hack Vulnerable to Remote Attacks
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-17 10:02:26 |
Drone Maker DJI, Researcher Quarrel Over Bug Bounty Program (lien direct) |
China-based Da-Jiang Innovations (DJI), one of the world's largest drone makers, has accused a researcher of accessing sensitive information without authorization after the expert bashed the company's bug bounty program.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 20:28:41 |
Google Discloses Details of $100,000 Chrome OS Flaws (lien direct) |
Google has made public the details of a code execution exploit chain for Chrome OS that has earned a researcher $100,000.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 20:24:45 |
China May Delay Vulnerability Disclosures For Use in Attacks (lien direct) |
The NSA and CIA exploit leaks have thrown the spotlight on US government stockpiles of 0-day exploits -- and possibly led to this week's government declassification of the Vulnerabilities Equities Policy (VEP) process used to decide whether to disclose or retain the exploits it discovers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 17:28:52 |
Middle East \'MuddyWater\' Attacks Difficult to Clear Up (lien direct) |
Long-lasting targeted attacks aimed at entities in the Middle East are difficult to attribute despite being analyzed by several researchers, Palo Alto Networks said this week.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 16:57:14 |
Terdot Banking Trojan Could Act as Cyber-Espionage Tool (lien direct) |
The Terdot banking Trojan packs information-stealing capabilities that could easily turn it into a cyber-espionage tool, Bitdefender says in a new report.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 15:54:52 |
What Can The Philosophy of Unix Teach Us About Security? (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 15:20:00 |
Kaspersky Shares More Details on NSA Incident (lien direct) |
Kaspersky Lab on Thursday shared more details from its investigation into reports claiming that Russian hackers stole data belonging to the U.S. National Security Agency (NSA) by exploiting the company's software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 15:16:20 |
\'Fake news\' Becomes a Business Model: Researchers (lien direct) |
Cyber criminals have latched onto the notion of "fake news" and turned it into a profitable business model, with services starting at under $10, security researchers said Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 14:48:59 |
White House Cyber Chief Provides Transparency Into Zero-Day Disclosure Process (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 11:18:47 |
Critical Vulnerabilities Patched in Apache CouchDB (lien direct) |
An update released last week for Apache CouchDB patched critical vulnerabilities that could have been exploited by malicious actors for privilege escalation and code execution on a significant number of installations.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-16 09:14:38 |
Critical Flaw Exposes Cisco Collaboration Products to Hacking (lien direct) |
A dozen Cisco collaboration products using the company's Voice Operating System (VOS) are exposed to remote hacker attacks due to a critical vulnerability, users were warned on Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 19:55:45 |
Risky Business: Understand Your Assets and Align Security With the Business (lien direct) |
For years I wondered why business groups would move forward with technology initiatives before fully understanding their risk exposure. Focused on the business outcome, teams always wanted to implement first and figure out the risks later.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 19:06:27 |
WordPress Sites Exposed to Attacks by \'Formidable Forms\' Flaws (lien direct) |
Vulnerabilities found by a researcher in a popular WordPress plugin can be exploited by malicious actors to gain access to sensitive data and take control of affected websites.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 18:30:48 |
Windows 10 Detects Reflective DLL Loading: Microsoft (lien direct) |
Windows 10 Creators Update can detect reflective Dynamic-Link Library (DLL) loading in a variety of high-risk processes, including browsers and productivity software, Microsoft says.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 18:01:59 |
Fileless Attacks Ten Times More Likely to Succeed: Report (lien direct) |
A new report from the Ponemon Institute confirms, but quantifies, what most people know: protecting endpoints is becoming more difficult, more complex and more time-consuming -- but not necessarily more successful.
|
|
|
★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 17:12:16 |
Microsoft Patches 17 Year-Old Vulnerability in Office (lien direct) |
Microsoft on Tuesday released its November 2017 security updates to resolve 53 vulnerabilities across products, including a security bug that has impacted all versions of its Microsoft Office suite over the past 17 years.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 16:06:37 |
Amazon Echo, Google Home Vulnerable to BlueBorne Attacks (lien direct) |
Amazon Echo and Google Home devices are vulnerable to attacks exploiting a series of recently disclosed Bluetooth flaws dubbed “BlueBorne.â€
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 15:56:15 |
UK Cyber Security Chief Blames Russia for Hacker Attacks (lien direct) |
Russia has launched cyber attacks on the UK media, telecoms and energy sectors in the past year, Britain's cyber security chief said Wednesday amid reports of Russian interference in the Brexit referendum.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 14:53:01 |
Multi-Stage Android Malware Evades Google Play Detection (lien direct) |
A newly discovered multi-stage Android malware that managed to sneak into Google Play is using advanced anti-detection features, ESET security researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 14:03:06 |
Investment Firm Combines Smarsh and Actiance to Solve FinServ Compliance Issues (lien direct) |
Two major financial services and regulated industry compliance firms, Smarsh and Actiance, have combined to better serve industry's increasingly complex requirements around communications, archiving and discovery regulations. Actiance has been acquired by K1 Investment Management, and combined with Smarsh.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 13:17:11 |
Oracle Patches Critical Flaws in Jolt Server for Tuxedo (lien direct) |
Oracle informed customers on Tuesday that it has patched several vulnerabilities, including ones rated critical and high severity, in the Jolt Server component of Oracle Tuxedo.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-15 09:24:37 |
Forever 21 Investigating Payment Card Breach (lien direct) |
Los Angeles-based fashion retailer Forever 21 informed customers on Tuesday that it has launched an investigation into a security incident involving payment systems.
The company said it recently learned from a third-party that credit and debit cards used at certain Forever 21 stores may have been compromised.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-14 22:22:36 |
U.S. Government Shares Details of FALLCHILL Malware Used by North Korea (lien direct) |
FALLCHILL Malware Used by North Korean Government Hackers is a Fully Functional RAT, DHS Says
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-14 20:30:18 |
SAP Patches Critical Issues With November 2017 Security Updates (lien direct) |
SAP today released its November 2017 set of patches to address 22 vulnerabilities across its product portfolio, including three issues rated Very High priority (Hot News).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-14 19:56:47 |
Microsoft Patches 20 Critical Browser Vulnerabilities (lien direct) |
Microsoft's Patch Tuesday updates for November address more than 50 vulnerabilities, including 20 critical flaws affecting the company's web browsers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-14 19:15:02 |
What Sort of Testing Do My Applications Need? (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-14 17:49:17 |
Adobe Patches 80 Flaws Across Nine Products (lien direct) |
Adobe on Tuesday announced the availability of patches for a total of 80 vulnerabilities across the company's Flash Player, Photoshop, Connect, Acrobat and Reader, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager products.
|
|
|
|