What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-03-20 22:27:39 | Hacked Websites on the Rise: Google (lien direct) | Google painted a bleak picture of cybersecurity trends Monday, saying the number of websites hacked rose 32 percent last year, with little relief in sight. | |||
|
2017-03-20 20:19:45 | Fileless Attack Can Bypass User Account Control in Windows 10 (lien direct) | A recently disclosed User Account Control (UAC) bypass that leverages App Paths can be used for fileless attacks as well, security researcher Matt Nelson now says. | |||
|
2017-03-20 18:42:05 | McDonald\'s App Leaks Details of 2.2 Million Customers (lien direct) | A vulnerable application used by millions of McDonald's customers in India was recently found to leak personal information on its users. | |||
|
2017-03-20 18:22:05 | New Bill Forces Cybersecurity Responsibility Into the Boardroom (lien direct) | 
|
|||
|
2017-03-20 17:51:07 | Serious Flaws Found in Moodle Learning Platform (lien direct) | Researchers have discovered serious vulnerabilities in Moodle, a popular open-source learning platform used by many top universities in the United States, the United Kingdom and other countries around the world. | |||
|
2017-03-20 16:37:40 | IBM and SecureKey Announce Blockchain-Based Identity Verification (lien direct) | The blockchain promise took a step closer to fruition today with IBM and SecureKey making a joint announcement of a blockchain-based digital identity network. Built on the Linux Foundation's open source Hyperledger Fabric v1.0 and the IBM Blockchain service, a new digital identity and attribute sharing network will go live in Canada later in 2017. | |||
|
2017-03-20 14:33:16 | New Attack Combines Self-XSS and Clickjacking (lien direct) | A researcher has demonstrated an attack that combines Clickjacking and a type of Cross Site Scripting (XSS) called Self-XSS. The new attack can trigger Self-XSS on pages that are also vulnerable to Clickjacking, the researcher says. | |||
|
2017-03-20 14:17:39 | Mozilla Patches Firefox Flaw Disclosed at Pwn2Own (lien direct) | Mozilla has already patched a Firefox vulnerability disclosed last week at the Pwn2Own 2017 competition by a team of researchers from Beijing-based enterprise security firm Chaitin Tech. | |||
|
2017-03-20 11:12:57 | Hackers Earn $200,000 for VM Escapes at Pwn2Own 2017 (lien direct) | White hat hackers earned more than $250,000 for the vulnerabilities they disclosed on the third day of the Pwn2Own 2017 competition, including a couple of exploits that involved escaping VMware virtual machines. | |||
|
2017-03-20 09:08:46 | Cisco Finds Zero-Day Vulnerability in \'Vault 7\' Leak (lien direct) | Cisco has warned customers that the Vault 7 files obtained by WikILeaks contain information on a critical vulnerability affecting many of the company's switches. Patches are not available, but Cisco has provided some mitigation advice. | |||
|
2017-03-19 14:08:28 | App Paths Used to Bypass User Account Control in Windows 10 (lien direct) | A new technique that leverages App Paths to bypass the User Account Control (UAC) in Windows 10 has been detailed by security researcher Matt Nelson. | |||
|
2017-03-17 19:27:52 | Kremlin Denies Involvement after Yahoo Cyberattack Charges (lien direct) | The Kremlin on Thursday denied any official Russian involvement in cybercrimes after the US indicted two FSB intelligence agents over cyberattacks on Yahoo that compromised 500 million accounts. | Yahoo | ||
|
2017-03-17 17:14:46 | Star Trek-Themed "Kirk" Ransomware Emerges (lien direct) | A newly discovered piece of ransomware featuring a Star Trek theme is targeting 625 different file types and demanding a ransom be paid in virtual currency Monero, security researchers have discovered. | |||
|
2017-03-17 17:05:21 | U.S. Warns of Security Issues With HTTPS Inspection Products (lien direct) | The U.S. Department of Homeland Security's US-CERT has issued a new alert warning about problems with some HTTPS inspection products. | |||
|
2017-03-17 16:27:52 | Hackers Earn Big Bounties for GitHub Enterprise Flaws (lien direct) | White hat hackers have earned tens of thousands of dollars in bounties after finding serious vulnerabilities in GitHub Enterprise. | |||
|
2017-03-17 15:35:14 | Recent Fileless Attacks Linked to Single Framework, Researchers Say (lien direct) | A series "fileless attacks" previously attributed to two different threat attackers are now believed to have been carried out by the same actor, from a single attack framework, Israeli security firm Morphisec reveals. | |||
|
2017-03-17 15:11:28 | Network Layer DDoS Attacks Hit Record Levels: Imperva (lien direct) | Distributed denial of service (DDoS) attacks continue to grow in size and sophistication, with network layer attacks reaching record levels in the fourth quarter of 2016, Imperva reports. | |||
|
2017-03-17 13:41:08 | Critical Flaw Exposes Many Ubiquiti Devices to Attacks (lien direct) | Dozens of products from Ubiquiti Networks are affected by a critical flaw that can be exploited to hijack devices. The security hole was reported to the vendor in November, but patches have yet to be released for most of the impacted versions. | |||
|
2017-03-17 08:49:31 | Windows, macOS Hacked at Pwn2Own 2017 (lien direct) | Researchers hacked Windows, macOS, Firefox, Edge, Safari and Flash Player on the second day of the Pwn2Own 2017 competition taking place these days alongside the CanSecWest conference in Vancouver, Canada. | |||
|
2017-03-16 19:00:27 | Travel Agent Association Breach Highlights Supply Chain Threat (lien direct) | The Association of British Travel Agents (ABTA) today informed users of a breach that may have affected up to 43,000 customers. | |||
|
2017-03-16 17:49:55 | Advanced Persistent "Bad Bots" are Rampant (lien direct) | In 2016, 40% of all web traffic originated from bots -- and half of that came from bad bots. A bot is simply a software application that runs automated tasks over the internet. Good bots are beneficial. They index web pages for the search engines, can be used to monitor web site health and can perform vulnerability scanning. Bad bots do bad things: they are used for content scraping, comment spamming, click fraud, DDoS attacks and more. And they are everywhere. | |||
|
2017-03-16 17:28:15 | Another Old Flaw Patched in Linux Kernel (lien direct) | A researcher has identified another potentially serious Linux kernel vulnerability that has been around for several years. The flaw was addressed in the kernel more than one week ago, but some of the affected Linux distributions have yet to release patches. | |||
|
2017-03-16 16:43:00 | Attackers Use New NSIS Installers to Hide Ransomware (lien direct) | Newly observed ransomware campaigns are leveraging installer files from the Nullsoft Scriptable Install System (NSIS) to hide malicious code, Microsoft says. | |||
|
2017-03-16 15:17:14 | Defense-in-Depth has Failed Us. Now What? (lien direct) | Defense-in-depth. It's a philosophy we're all familiar with: layering defenses so that if one fails, another layer is there to stop the attack. Sounds like a great approach, and it has become standard practice for the vast majority. The problem is that, frankly, it has not worked. For years we have been bombarded with a slew of headlines about compromises and breaches. | |||
|
2017-03-16 14:03:06 | Security Teams Need to Understand How Developers Tools Work (lien direct) | Understanding Development Work Practices Allows Security Teams to Speak to Developers Using Terms They Understand | |||
|
2017-03-16 13:48:42 | Planes, Trains, Automobiles, and Digital Transformation (lien direct) | 
When most people think about technology innovation in the transportation sector, connected and self-driving cars immediately come to mind. But digital transformation is happening across other transportation industries as well.
|
|||
|
2017-03-16 11:40:55 | Intel Offers Up to $30,000 for Hardware Vulnerabilities (lien direct) | Intel has launched its first bug bounty program and the tech giant is prepared to offer up to $30,000 for vulnerabilities found in its products. | |||
|
2017-03-16 10:10:04 | Several Vulnerabilities Patched in Drupal 8 (lien direct) | Several vulnerabilities have been patched in the Drupal content management system (CMS) with the release of version 8.2.7, including access bypass, cross-site request forgery (CSRF) and remote code execution flaws. The most serious of them, rated critical and tracked as CVE-2017-6377, is an access bypass weakness affecting the editor module. | |||
|
2017-03-16 08:48:25 | Pwn2Own 2017: Experts Hack Edge, Safari, Ubuntu (lien direct) | Bug bounty hunters have managed to hack Microsoft Edge, Safari, Ubuntu and Adobe Reader on the first day of the Pwn2Own 2017 competition taking place these days alongside the CanSecWest conference in Vancouver, Canada. | |||
|
2017-03-15 18:29:01 | New Acronym Malware Possibly Linked to Potao (lien direct) | Researchers at Arbor Networks have come across a new piece of malware that could be linked to the Trojan used in the campaign known as Operation Potao Express. | |||
|
2017-03-15 18:17:23 | U.S. Government Indicts Two Russian FSB Officers Over Yahoo Hack (lien direct) | U.S. Government Indicts Four Over 2014 Yahoo Hack, Including Two Russian FSB Officers | Yahoo | ||
|
2017-03-15 17:36:53 | New MajikPOS Malware Targets North American Businesses (lien direct) | A newly discovered point-of-sale (PoS) malware featuring a modular approach in execution is currently targeting businesses in North America, Trend Micro researchers warn. | |||
|
2017-03-15 16:30:03 | Petya-Based PetrWrap Ransomware Emerges (lien direct) | A newly observed ransomware family is leveraging the well-known Petya ransomware to encrypt user data, but modifies the malware “on the fly†to control its execution, Kaspersky Lab researchers discovered. | |||
|
2017-03-15 15:15:24 | WhatsApp, Telegram Patch Account Hijacking Vulnerability (lien direct) | A vulnerability found in the web versions of WhatsApp and Telegram could have been exploited to hijack accounts by sending the targeted user a malicious HTML file disguised as an image or a video. The flaw was discovered by researchers at Check Point earlier this month and it was quickly patched by both Telegram and WhatsApp on the server side. | |||
|
2017-03-15 15:14:14 | Don\'t Leave Security to Luck - 5 Security Controls to Implement in 2017 (lien direct) | Like burglars looking for the soft target in the neighborhood, such as the house without cameras or newspapers piled up indicating a family on vacation, cyber criminals are constantly probing for vulnerabilities. | |||
|
2017-03-15 12:05:20 | Hackers Abuse Twitter App to Hijack High-Profile Accounts (lien direct) | Many high-profile Twitter accounts have been hijacked in an attack apparently motivated by the recent diplomatic dispute between Turkey and the Netherlands. | |||
|
2017-03-15 10:24:29 | Cyber Risk, Cyber Threats, and Cyber Security: Synonyms or Oxymorons? (lien direct) | Cyber security and cyber threats are most often confused with cyber risk, and often used interchangeably, but they are worlds apart. What is the difference between these concepts and what really defines an organization's cyber risk posture, internal security posture, and the exploitability of threats in the context of organizational risk? | |||
|
2017-03-15 10:22:47 | WordPress Content Injection Flaw Makes XSS Bug More Severe (lien direct) | Sucuri has shared details about one of the cross-site scripting (XSS) vulnerabilities patched last week in WordPress. The flaw can be highly useful to attackers if combined with a content injection bug that has been exploited in the wild. | |||
|
2017-03-15 09:32:27 | Webinar: Measuring Your Cyber Security Risk (lien direct) | 
|
|||
|
2017-03-14 19:01:01 | Microsoft Patches Many Exploited, Disclosed Flaws (lien direct) | Microsoft has released a total of 18 security bulletins to address tens of vulnerabilities, including more than a dozen that have already been publicly disclosed or exploited in attacks. | |||
|
2017-03-14 18:33:47 | Decryption Tool Released for FindZip macOS Ransomware (lien direct) | macOS users who had their systems infected with the FindZip ransomware can now use a decryption tool to restore their files without paying the ransom. | |||
|
2017-03-14 18:11:48 | SAP Patches Five Vulnerabilities in HANA Database Platform (lien direct) | SAP this week released another set of monthly security updates to address various issues in its products, including five vulnerabilities in SAP HANA, one of which was rated Hot News. | |||
|
2017-03-14 16:39:08 | (Déjà vu) Adobe Patches Vulnerabilities in Flash, Shockwave (lien direct) | Security updates released by Adobe on Tuesday patch seven vulnerabilities in Flash Player and one vulnerability in Shockwave Player. | |||
|
2017-03-14 15:35:12 | HSBC Users Targeted With Fake Security Software (lien direct) | A recent spam campaign impersonating UK-based banking giant HSBC is attempting to distribute malware masquerading as legitimate security software, Symantec researchers warn. | |||
|
2017-03-14 14:47:53 | Facebook Bans Developers From Using Data for Surveillance (lien direct) | Facebook this week announced an update to its platform policies to ban developers from using data obtained from the company to build surveillance tools. | |||
|
2017-03-14 14:23:25 | Google Blocks Sophisticated Android Botnet (lien direct) | Google recently discovered and blocked a sophisticated fraud botnet that was being distributed through multiple channels and which employed several methods to avoid detection. | |||
|
2017-03-14 14:21:46 | Home Depot to Pay Banks $25 Million for 2014 Breach (lien direct) | Home Depot has agreed to pay $25 million to the financial institutions affected by the massive data breach suffered by the retailer in 2014, when cybercriminals managed to steal email addresses and payment card data belonging to more than 50 million customers. | |||
|
2017-03-14 13:36:13 | Malware Evolution Calls for Changing View of the Lifecycle (lien direct) | Experienced Security Teams Know that Every Piece of Malicious Software Cannot be Caught in Advance Over the past five years, there have been multiple new entrants into the endpoint protection space, looking to provide better defenses against increasingly subtle and sophisticated malware. | |||
|
2017-03-14 12:28:53 | Financial Attackers as Sophisticated as Nation-State Groups: FireEye (lien direct) | Financially motivated attackers have become just as sophisticated as threat actors sponsored by nation states, according to the 2017 M-Trends report published on Tuesday by FireEye-owned Mandiant. | |||
|
2017-03-14 09:48:08 | VMware Preparing Patches for "Catastrophic" Struts Flaw (lien direct) | VMware informed customers on Monday that the recently disclosed Apache Struts2 vulnerability, which has been exploited in the wild over the past week, affects several of its products. |
To see everything:
Our RSS (filtrered)
