What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-05-12 08:10:14 | Mozilla Revamps Bug Bounty Program (lien direct) | Mozilla announced on Thursday that it has relaunched its web security bug bounty program. White hat hackers are now provided clear information on how much money each type of vulnerability can earn them. | |||
|
2017-05-12 00:51:52 | Google Researcher Details Linux Kernel Exploit (lien direct) | Google researcher Andrey Konovalov has revealed details of a Linux kernel vulnerability that can be exploited via packet sockets to escalate privileges. | |||
|
2017-05-12 00:46:15 | Malware Sends Stolen Cookies to Fake WordPressAPI Site (lien direct) | A website pretending to be a core WordPress domain was recently used to steal user cookies and hijack sessions, Sucuri security researchers warn. | ★★ | ||
|
2017-05-12 00:25:49 | SOP Bypass in Microsoft Edge Leads to Credential Theft (lien direct) | A bug in Microsoft Edge could allow for bypassing the Same Origin Policy (SOP) and for stealing user passwords in plain text, stealing cookies, spoofing content, and other vulnerabilities, independent security researcher Manuel Caballero says. | ★★★ | ||
|
2017-05-11 18:21:19 | DHS Funds Smartphone Authentication Projects (lien direct) | The U.S. Department of Homeland Security (DHS) is funding three smartphone digital identity and privacy projects including mobile device attribute verification, mobile authentication, and physical access control. A total of $2.4 million was awarded to the Kantara Initiative, and these three projects are the first to be launched by the Kantara Identity and Privacy Incubator Program (KIPI). | ★★★★ | ||
|
2017-05-11 16:40:25 | HP Laptop Audio Driver Acts as Keylogger (lien direct) | A researcher discovered that a Conexant audio driver shipped with many HP laptops and tablet PCs logs keystrokes, making it easier for malicious actors to steal potentially sensitive information without being detected. | ★★★★★ | ||
|
2017-05-11 15:15:18 | Who Hacked French President-elect Emmanuel Macron\'s Campaign? (lien direct) | One thing is clear. The campaign of French President-elect Emmanuel Macron was hacked prior to the French presidential election this last Sunday -- and the finger was immediately pointed at Russia's APT28 (Fancy Bear). Russia has been caught meddling in western politics once again. | APT 28 | ★★★★★ | |
|
2017-05-11 14:29:52 | Forensics Tool Flaw Allows Hackers to Manipulate Evidence (lien direct) | A vulnerability in Guidance Software's EnCase Forensic Imager forensics tool can be exploited by hackers to take over an investigator's computer and manipulate evidence, researchers warned. The vendor has classified the attack as an “edge case†and it does not plan on patching the flaw any time soon. | ★★★ | ||
|
2017-05-11 14:13:38 | Microsoft Kills SHA-1 Support in Edge, Internet Explorer 11 (lien direct) | As of May 9, 2017, Microsoft Edge and Internet Explorer 11 browsers no longer offer support for websites that are protected with a SHA-1 certificate. | ★★★★★ | ||
|
2017-05-11 13:43:29 | Google Play Apps Expose Tens of Millions to Adware: Sophos (lien direct) | More than 50 applications distributed via Google Play have exposed tens of millions of Android users to a piece of adware packed inside the apps, Sophos researchers warn. | ★★★ | ||
|
2017-05-11 13:17:18 | Czech Court to Rule This Month on Extradition of Russian Hacker (lien direct) | A Czech court said Thursday that it would rule this month on where to extradite a Russian hacker wanted by the US for reportedly hacking the Democratic Party before the 2016 presidential vote. | ★★★★★ | ||
|
2017-05-11 10:21:53 | Rockwell Updates Stratix Routers to Patch Cisco IOS Flaws (lien direct) | Rockwell Automation has released a firmware update for its Allen-Bradley Stratix 5900 services router to address tens of vulnerabilities patched over the past few years in Cisco's IOS software. | |||
|
2017-05-11 08:40:55 | Microsoft Patches Edge Flaws Disclosed at Pwn2Own (lien direct) | Microsoft this week patched several memory corruption vulnerabilities in the Edge web browser that were disclosed at the 2017 Pwn2Own hacking competition. | |||
|
2017-05-10 16:31:12 | RSAUtil Ransomware Distributed via RDP Attacks (lien direct) | The author of a newly discovered ransomware family is hacking into remote desktop services to upload the malware alongside a bunch of other tools. | |||
|
2017-05-10 16:20:26 | Asus Patches Vulnerabilities in RT Routers (lien direct) | Asus Patches CSRF, JSONP and XSS Flaws in RT Routers | |||
|
2017-05-10 14:36:38 | Europe Emerges as Major Source of Cyber Attacks: Reports (lien direct) | Europe And Especially UK Are Now Major Originators of Cyber Attacks, Reports Show | |||
|
2017-05-10 13:53:16 | SAP Patches 17 Vulnerabilities With May 2017 Security Update (lien direct) | SAP on Tuesday released its May 2017 set of security fixes to address 17 issues in its products, the lowest number of monthly vulnerabilities over the past six months. | ★★★★ | ||
|
2017-05-10 13:31:50 | Siemens Patches DoS Flaws in Industrial Products (lien direct) | Siemens has released software updates for some of its industrial products, including SIMATIC and SCALANCE, to patch several medium severity denial-of-service (DoS) vulnerabilities. | ★★★★ | ||
|
2017-05-10 08:22:14 | Vulnerability Allowed Hackers to Steal iCloud Keychain Secrets (lien direct) | Apple has recently patched a Keychain vulnerability that could have been exploited by man-in-the-middle (MitM) attackers to obtain sensitive user information. The details of the flaw were disclosed on Monday by the researcher who reported it to the vendor. | |||
|
2017-05-10 04:03:45 | Microsoft Patches Zero-Days Exploited by Russia-Linked Hackers (lien direct) | Microsoft's Patch Tuesday updates for May 2017 address tens of vulnerabilities, including several zero-day flaws exploited by profit-driven cybercriminals and two notorious Russia-linked cyber espionage groups. | |||
|
2017-05-10 03:33:07 | BitKangoroo Ransomware Deletes User Files (lien direct) | A piece of ransomware currently in development is deleting users' files if the ransom isn't paid within a given period of time. | |||
|
2017-05-10 00:43:46 | U.S. Alerted France to Russia Hack Targeting Macron: NSA (lien direct) | The head of America's National Security Agency said Tuesday that Russia was behind the 11th-hour hack of French President-elect Emmanuel Macron's campaign team, and that US officials had informed France a cyber-attack was underway. | |||
|
2017-05-10 00:32:19 | Trump Fires FBI Director James Comey (lien direct) | 
US President Donald Trump on Tuesday fired his FBI director James Comey, the man who leads the agency charged with investigating his campaign's ties with Russia -- a move that sent shockwaves through Washington.
|
Guideline | ||
|
2017-05-09 18:17:41 | New Persirai IoT Botnet Emerges (lien direct) | Around 120,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products are vulnerable to a newly discovered Internet of Things (IoT) botnet, Trend Micro warns. | ★★★ | ||
|
2017-05-09 15:42:13 | Adobe Patches Flaws in Flash Player, Experience Manager (lien direct) | Updates released by Adobe on Tuesday for Flash Player and Experience Manager patch several vulnerabilities classified as critical and important. | |||
|
2017-05-09 14:21:06 | User Security is a Responsibility, Not an Excuse (lien direct) | Ask an IT person what the weakest link in their organization's security is, and you'll invariably get a witty take on the same derisive answer: “Meatware.†“Our walking, talking vulnerabilities.†“PEBKAC†(problem exists between keyboard and chair). | |||
|
2017-05-09 13:20:20 | Google Offers $20,000 to Join OSS-Fuzz Program (lien direct) | Five months ago, Google launched its free OSS-Fuzz service with the purpose to help open source developers locate bugs in their code. | |||
|
2017-05-09 13:19:36 | RedLock Emerges from Stealth With Cloud Security Platform (lien direct) | Cloud security startup RedLock emerged from stealth mode on Tuesday with a cloud infrastructure security offering and $12 million in funding from several high profile investors. | |||
|
2017-05-09 10:42:04 | FCC Says Website Downtime Caused by DDoS Attacks (lien direct) | The U.S. Federal Communications Commission (FCC) said its website was disrupted by distributed denial-of-service (DDoS) attacks on Sunday night, not due to a large number of attempts to submit comments on net neutrality. | |||
|
2017-05-09 07:43:38 | Microsoft Fixes Antimalware Engine Flaw Found by Google Experts (lien direct) | It took Microsoft less than three days to patch a critical remote code execution vulnerability found by Google Project Zero researchers in the company's Malware Protection Engine. Most users don't need to take any action as the affected products should be updated automatically. | |||
|
2017-05-09 01:11:38 | Google Tightens OAuth Rules to Combat Phishing (lien direct) | Following last week's phishing attack against Gmail users, Google is planning tightened OAuth rules to prevent similar incidents from occurring. | |||
|
2017-05-08 18:28:11 | What Can be Expected in Trump\'s Cybersecurity Executive Order? (lien direct) | 
|
|||
|
2017-05-08 18:05:39 | Yahoo Paid Out $2 Million in Bug Bounty Program (lien direct) | Yahoo reported on Monday that between the launch of its bug bounty program in 2013 and December 2016 it had paid out a total of more than $2 million. | Yahoo | ||
|
2017-05-08 16:26:26 | Thousands of Devices Hacked by Rakos Botnet (lien direct) | Thousands of devices have been hacked by a Linux malware named Rakos, and while researchers have yet to see any actual malicious activity involving the botnet, they believe it could be used for powerful distributed denial-of-service (DDoS) attacks. | |||
|
2017-05-08 12:44:29 | Critical Flaw Patched in Jenkins Automation Server (lien direct) | The developers of Jenkins recently patched several vulnerabilities, including a critical weakness that can be exploited by a remote attacker for arbitrary code execution. | |||
|
2017-05-08 12:21:42 | Debunking the Deep & Dark Web: Four Myths That Can Inhibit Threat Intelligence Strategy (lien direct) | Beware of Myths and Misleading Claims in the Market for Threat Intelligence Offerings Pertaining to the Deep & Dark Web | Guideline | ||
|
2017-05-08 11:24:25 | Software Download Mirror Distributes Mac Malware (lien direct) | A download mirror server for the video converting tool HandBrake was recently compromised and configured to distribute a remote administration Trojan (RAT) for Mac computers. | |||
|
2017-05-08 11:09:48 | Malware Analysis Done Right (lien direct) | The reality facing the cybersecurity industry today is as soon as network defenders develop a new way to spot malware, cyberadversaries are quick to find a way to circumvent it. | |||
|
2017-05-08 11:07:18 | Exploitable Details of Intel\'s \'Apocalyptic\' AMT Firmware Vulnerability Disclosed (lien direct) | Details of the Intel AMT firmware vulnerability announced on May 1, 2017 are now public knowledge; and the suggestion that 'this is somewhere between nightmarish and apocalyptic' has been proven correct. | |||
|
2017-05-08 08:06:29 | Google Researchers Find "Worst" Windows RCE Flaw (lien direct) | Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich claim to have found a critical vulnerability in Windows. The details of the flaw will likely be disclosed in 90 days from now even if a patch is not available. | |||
|
2017-05-08 02:55:00 | High-Profile Targets Attacked via Software Update Mechanism (lien direct) | A recently discovered cyber-attack targeting high-profile technology and financial organizations is using a compromised software update mechanism for malware delivery, Microsoft security researchers reveal. | |||
|
2017-05-07 11:25:11 | "Fatboy" Ransomware-as-a-Service Sets Ransom Based on Victim Location (lien direct) | A newly discovered ransomware-as-a-service (RaaS) has a dynamic method of setting the ransom amount based on the victim's location, Recorded Future reports. | |||
|
2017-05-07 11:00:08 | Top Obama Officials to Testify on Russian Election Interference (lien direct) | The scandal over Russian meddling in last year's US presidential election returns to the forefront of Washington politics after weeks of quiet on Monday, when two top officials from the Obama administration are set to testify in Congress. | |||
|
2017-05-06 16:20:20 | \'Macronleaks\': Hackers Find Flaw in French Cyber-Fortress (lien direct) | They knew months ago that top-of-the-range hackers had been targeting them. They believe their security measures, too, had been nothing short of top-rate. But, in the end, French presidential candidate Emmanuel Macron's team got hacked. | |||
|
2017-05-06 11:28:09 | Growth in Cyber Fraud Attacks Outpacing Growth of Transactions: Report (lien direct) | 
|
|||
|
2017-05-06 10:12:46 | French Authorities Warn Against Spreading Leaked Macron Data (lien direct) | French electoral authorities took a hard line Saturday on a hacking attack targeting presidential frontrunner Emmanuel Macron's campaign, saying anyone who circulates the leaked information could be committing a "criminal offence". | |||
|
2017-05-06 02:36:21 | Macron Blasts Huge Hacking Attack Just Before French Vote (lien direct) | French presidential candidate Emmanuel Macron's team blasted a "massive and coordinated hacking attack" against his campaign after a flood of internal documents were released online barely 24 hours before the election. | |||
|
2017-05-05 16:23:21 | CISO Perspective: How Cyber Threat Intelligence Fits into Security Strategy (lien direct) | Before I switched over to the vendor side, I was building cyber security programs for many years. In my previous role as a CISO there were so many different components to think about that the only way I could get some clarity was to build a mind map and start laying things out in an organized manner. | |||
|
2017-05-05 14:54:44 | Neverquest Trojan Ceases Operations (lien direct) | Despite being the most active malware in its category last year, the Neverquest banking Trojan has disappeared from the threat landscape over the past few months, in what could be a permanent departure, IBM security researchers say. | |||
|
2017-05-05 14:43:59 | WikiLeaks Details MitM Attack Tool Used by CIA (lien direct) | WikiLeaks has released documents detailing a man-in-the-middle (MitM) attack tool allegedly used by the U.S. Central Intelligence Agency (CIA) to target local networks. |
To see everything:
Our RSS (filtrered)
