Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-09-19 12:16:42 |
Ex-porn Actor German Spy Guilty of Trying to Share State Secrets (lien direct) |
A former German intelligence agent who was also an ex-gay porn actor was Tuesday given a one-year suspended sentence for attempting to share state secrets while pretending to be a jihadist online.
|
|
|
|
|
2017-09-19 10:58:41 |
(Déjà vu) CCleaner Server Was Compromised in Early July (lien direct) |
A server distributing a version of PC utility CCleaner infected with malware might have been compromised in early July, Avast revealed.
|
|
CCleaner
|
|
|
2017-09-19 10:47:28 |
DigitalOcean Warns of Vulnerability Affecting Cloud Users (lien direct) |
DigitalOcean is warning customers that some 1-Click applications running MySQL have an account with the same default password across all instances, and the company says the issue affects other cloud providers as well.
|
|
APT 32
|
|
|
2017-09-19 10:23:58 |
New York Pushes to Regulate Credit Agencies After Equifax Breach (lien direct) |
New York Governor Andrew Cuomo announced on Monday plans to make credit reporting firms comply with the 23 NYCRR 500 cybersecurity regulations enacted earlier this year.
|
|
Equifax
|
|
|
2017-09-18 19:49:37 |
Equifax Cybersecurity Failings Revealed Following Breach (lien direct) |
Shortcomings revealed by researchers and cybersecurity firms following the massive data breach suffered by Equifax show that a successful hacker attack on the credit reporting agency's systems was inevitable.
|
|
Equifax
|
|
|
2017-09-18 17:59:53 |
New Attack Fingerprints Users Using Word Documents (lien direct) |
A newly detailed attack method leverages Microsoft Word documents to gather information on users, but doesn't use macros, exploits or any other active content to do so, security researchers at Kaspersky Lab have discovered.
|
|
|
|
|
2017-09-18 14:41:59 |
Windows 10 Users to Get Improved Privacy Controls (lien direct) |
The upcoming Windows 10 Fall Creators Update will bring enhanced privacy controls to both consumers and commercial customers, Microsoft says.
|
|
|
|
|
2017-09-18 13:12:24 |
CyberGRX Partners With BitSight to Address Supply Chain Risks (lien direct) |
Partnership Integrates BitSight's Security Ratings Capabilities With CyberGRX Third-Party Cyber Risk Exchange
|
|
|
|
|
2017-09-18 12:39:35 |
Flaws Patched in Trend Micro Mobile Security for Enterprise (lien direct) |
A patch released last week by Trend Micro for its Mobile Security for Enterprise product resolves several vulnerabilities, including remote code execution issues rated critical and high severity.
|
|
|
★★★★★
|
|
2017-09-18 12:38:25 |
Millions Download Maliciously Modified PC Utility (lien direct) |
Infected CCleaner Utility Highlights Dangers of Software Supply Chain Attacks
|
|
CCleaner
|
|
|
2017-09-18 11:25:42 |
Microsoft Extends Office Bounty Program (lien direct) |
Microsoft has announced an extension to its Microsoft Office Bounty Program, which is now set to run until December 31, 2017.
|
|
|
|
|
2017-09-18 10:46:55 |
Threat Report Says 1 in 50 iOS Apps Could Leak Data (lien direct) |
A new global threat report for the mobile ecosystem shows that iOS provides a bigger threat than is often perceived. While the insecurities of the Android operating system are well-documented, the report notes that 1 in 50 iOS apps used in enterprise environments could potentially leak sensitive data.
|
|
|
|
|
2017-09-18 09:40:38 |
Equifax Shares More Details About Breach (lien direct) |
Equifax has shared more details about the recent breach that affects roughly 143 million U.S. consumers, including how it discovered the unauthorized access and the number of individuals impacted by the incident in the United Kingdom.
|
|
Equifax
|
|
|
2017-09-18 01:15:55 |
Millions Download "ExpensiveWall" Malware via Google Play (lien direct) |
A newly discovered Android malware that managed to infect at least 50 applications in Google Play has been downloaded between 1 million and 4.2 million times, Check Point researchers warn.
|
|
|
|
|
2017-09-15 22:09:25 |
Equifax Security Chief, CIO to \'Retire\' Immediately (lien direct) |
Following the massive data breach that was disclosed on September 7, Equifax announced on Friday that Chief Security Officer Susan Mauldin and Chief Information Officer David Webb are retiring from the company effective immediately.
|
|
Equifax
|
|
|
2017-09-15 17:45:25 |
VMware Patches Critical SVGA Code Execution Flaw (lien direct) |
Patches released this week by VMware address several vulnerabilities, including one rated critical, in the company's ESXi, vCenter Server, Workstation and Fusion products.
|
|
|
|
|
2017-09-15 16:51:33 |
HWP Documents and PostScript Abused to Spread Malware (lien direct) |
A recently malware attack has been leveraging the Hangul Word Processor (HWP) word processing application and its ability to run PostScript code, Trend Micro reveals.
|
|
|
|
|
2017-09-15 15:03:06 |
Chrome to Label FTP Resources as "Not Secure" (lien direct) |
Google announced on Thursday that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.â€
|
|
|
|
|
2017-09-15 13:14:10 |
Scammers Offer to Sell Data Stolen in Equifax Hack (lien direct) |
While the large amount of information stolen in the recent Equifax hack might be up for sale somewhere on the dark web, scammers have also set up websites offering the data from the U.S. credit reporting agency.
|
|
Equifax
|
|
|
2017-09-15 12:56:17 |
Trump Blocks Chinese Acquisition of U.S. Semiconductor Firm (lien direct) |
President Donald Trump on Wednesday blocked attempts by a Chinese state-owned firm to acquire an American semiconductor manufacturer on national security concerns, drawing a rebuke from Beijing.
|
|
|
|
|
2017-09-15 12:15:38 |
Mocana Integrates Embedded Security Software With Industrial Cloud Platforms (lien direct) |
Mocana Integrates Embedded Security Software with AWS IoT, Microsoft Azure IoT, and VMware Liota to Protect Devices
|
|
|
|
|
2017-09-15 10:53:28 |
Magento Patches Critical Vulnerability in eCommerce Platforms (lien direct) |
Magento this week released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 to address numerous vulnerabilities, including a remote code execution bug rated Critical severity.
|
|
|
|
|
2017-09-15 10:41:42 |
U.S. Politicians Demand Probe of Equifax After Hack (lien direct) |
A senior US senator called Wednesday for a federal investigation of credit rating agency Equifax after the company lost the personal data of 143 million customers to hackers.
|
|
Equifax
|
|
|
2017-09-15 08:58:41 |
Kaspersky CEO to Testify Before Congress (lien direct) |
After the U.S. Department of Homeland Security (DHS) issued a binding operational directive ordering government departments and agencies to stop using products from Russia-based Kaspersky Lab, the security firm's CEO has been invited to testify before Congress.
|
|
|
|
|
2017-09-15 02:40:10 |
Mozilla Implements Faster Diffie-Hellman Function in Firefox (lien direct) |
Mozilla on this week revealed plans to introduce a new key establishment algorithm in Firefox to improve both security and performance of the web browser.
|
|
|
|
|
2017-09-14 15:33:49 |
U.S. Watchdog Confirms Probe of Huge Equifax Data Breach (lien direct) |
A U.S. consumer protection watchdog agency said Thursday it has begun an investigation into a massive data breach at credit bureau Equifax that may have leaked sensitive information on 143 million people.
|
|
Equifax
|
|
|
2017-09-14 15:25:49 |
Secure Kernel Extension Loading in macOS Easily Bypassed: Researcher (lien direct) |
Apple's new Secure Kernel Extension Loading (SKEL) security feature, set to be implemented in the upcoming macOS 10.13 High Sierra, can be easily bypassed, a security researcher claims.
|
|
|
|
|
2017-09-14 14:17:32 |
Trouble in Paradise as Cyber Attackers Circumvent 2FA (lien direct) |
Two-Factor Authentication (2FA) has for years been one of the very dependable security technologies that was invoked to address high-risk scenarios -- whether to safeguard enterprise resources accessed through the firewall, financial accounts, or -- for high-value targets -- protect each email login.
|
|
|
|
|
2017-09-14 12:52:32 |
New Attack Abuses CDNs to Spread Malware (lien direct) |
Content delivery networks (CDNs) are being increasingly abused to spread malware, courtesy of standards that allow the download and execution of payloads on computers, ESET warns.
|
|
|
|
|
2017-09-14 12:22:40 |
Backdoored Plugin Impacts 200,000 WordPress Sites (lien direct) |
Around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code, Wordfence reports.
|
|
|
|
|
2017-09-14 11:12:38 |
Equifax Confirms Apache Struts Flaw Used in Hack (lien direct) |
U.S. credit reporting agency Equifax confirmed on Wednesday that an Apache Struts vulnerability exploited in the wild since March was used to breach its systems.
|
|
Equifax
|
|
|
2017-09-14 10:58:13 |
Can We Find a Balance Between Security and Convenience? (lien direct) |
The concept of something monitoring every conversation and action that takes place in the privacy of our own homes is unsettling – something straight out of a Black Mirror episode. That's why it's fascinating to see voice-activated, Internet-connected devices starting to infiltrate our everyday lives.
|
|
|
|
|
2017-09-14 09:38:10 |
DHS Orders Government Agencies to Stop Using Kaspersky Products (lien direct) |
The U.S. Department of Homeland Security (DHS) issued a binding operational directive on Wednesday ordering government departments and agencies to stop using products from Kaspersky Lab due to concerns regarding the company's ties to Russian intelligence.
|
|
|
|
|
2017-09-13 18:26:03 |
Zerodium Offers $1 Million for Tor Browser Exploits (lien direct) |
Exploit acquisition firm Zerodium announced on Wednesday that it's prepared to offer a total of $1 million for zero-day vulnerabilities in the Tor Browser, the application that allows users to access the Tor anonymity network and protect their privacy.
|
|
|
|
|
2017-09-13 18:20:17 |
Apple Brings FaceID to New iPhone X (lien direct) |
iPhone X Uses Facial Recognition to Unlock Device, Apple Says 1 in 1,000,000 Chance of False Positive
|
|
|
|
|
2017-09-13 13:07:39 |
Is Winter Coming in Industrial Control Systems Cybersecurity? (lien direct) |
In 2005, the breach of Card Systems (a major payment card processor), which exposed 40+ million credit cards, was labeled “The Biggest Hack of All Time†– the breach made worldwide news and the cover of Newsweek with a multipage article highlighting the dangerous new reality of cyberthreats.
|
|
|
|
|
2017-09-13 12:48:24 |
New Kedi RAT Uses Gmail to Exfiltrate Data (lien direct) |
Kedi RAT Pretends to be a Citrix Utility, Transfers Data Using Gmail
|
|
|
★★
|
|
2017-09-13 12:26:47 |
The Importance of Benchmarking in Your Security Program (lien direct) |
Do You Have Data Around What Security Products and Services Other Organizations Use and How They Use Them?
|
|
|
★★★★
|
|
2017-09-13 12:24:41 |
Serious Flaws Found in IBM InfoSphere Products (lien direct) |
IT security services company SEC Consult on Wednesday disclosed the details of several unpatched vulnerabilities affecting IBM's InfoSphere DataStage and Information Server data integration tools.
|
|
|
★★★★★
|
|
2017-09-13 11:01:19 |
(Déjà vu) SAP Resolves 16 Vulnerabilities with September 2017 Patches (lien direct) |
SAP on Tuesday released 16 security notes as part of its SAP Security Patch Day, to which it also added 1 out-of-band release and 6 updates to previously released Security Notes, for a total of 23 Notes.
|
|
|
|
|
2017-09-13 10:12:31 |
U.S. Energy Department Invests $20 Million in Cybersecurity (lien direct) |
The United States Department of Energy announced on Tuesday its intention to invest up to $50 million in the research and development of tools and technologies that would make the country's energy infrastructure more resilient and secure. Over $20 million of that amount has been allocated to projects focusing on cyber security.
|
|
|
|
|
2017-09-13 08:38:42 |
Microsoft Patches Zero-Day, Many Other Flaws (lien direct) |
Microsoft's Patch Tuesday updates for September 2017 address roughly 80 vulnerabilities, including a zero-day exploited by threat actors to deliver spyware and several flaws that have been publicly disclosed.
|
|
|
|
|
2017-09-13 02:03:48 |
Canadian Class Action Suit Launched Against Equifax Over Data Breach (lien direct) |
A class action lawsuit by Canadian consumers whose data was stolen in a massive hack of US credit bureau Equifax was launched Tuesday, seeking damages of Can $550 billion ($450 billion US).
|
|
Equifax
|
|
|
2017-09-12 18:42:36 |
Linux Malware Could Run Undetected on Windows: Researchers (lien direct) |
A new Windows 10 feature that makes the popular Linux bash terminal available for Microsoft's operating system could allow for more malware families to target the operating system, Check Point researchers claim.
|
|
|
|
|
2017-09-12 18:34:40 |
.NET Zero-Day Flaw Exploited to Deliver FinFisher Spyware (lien direct) |
One of the vulnerabilities patched by Microsoft with this month's security updates is a zero-day flaw exploited by threat actors to deliver FinFisher malware to Russian-speaking individuals.
|
|
|
|
|
2017-09-12 15:49:00 |
Adobe Patches Two Critical Flaws in Flash Player (lien direct) |
Adobe has patched only two vulnerabilities in Flash Player this month, but they can both be exploited for remote code execution and both have been classified as critical.
|
|
|
|
|
2017-09-12 15:20:34 |
How Collaboration and Information Sharing Can Neutralize Adversaries (lien direct) |
Despite the long-touted benefits of information sharing in security and intelligence, the practice isn't as widely adopted as it should be. Often citing concerns over trust, many organizations remain largely siloed in how and with whom they share information.
|
|
|
|
|
2017-09-12 14:42:44 |
Fire! Ready? Aim - Security\'s Painful Evolution (lien direct) |
Even With Lower Capital Costs on Paper, the Cost of the “Fire, Ready, Aim" Approach is Reputation
|
|
|
|
|
2017-09-12 13:07:11 |
Billions of Devices Potentially Exposed to New Bluetooth Attack (lien direct) |
Billions of Android, iOS, Windows and Linux devices that use Bluetooth may be exposed to a new attack that can be carried out remotely without any user interaction, researchers warned.
|
|
|
|
|
2017-09-12 12:32:15 |
North Korean Hackers Targeting Crypto-Currency Exchanges: FireEye (lien direct) |
Over the past several months, threat actors believed to have ties with North Korea have been targeting crypto-currency exchanges to obtain hard currencies for the Pyongyang regime, FireEye says.
|
|
|
|