Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-27 14:07:23 |
Does Trump Executive Order Threaten EU/US Business? Probably Not. (lien direct) |
U.S. President Donald Trump's executive order titled 'Enhancing Public Safety in the Interior of the United States' appears to threaten the future of the EU/US Privacy Shield, but that may not be the case.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-27 11:12:03 |
Cisco Starts Patching Critical WebEx Flaw (lien direct) |
Cisco has released a proper fix for the critical remote code execution vulnerability affecting the WebEx browser extension, but the patch is currently only available for the Chrome version.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-27 09:37:15 |
Law Enforcement Raid Blamed For LeakedSource Shutdown (lien direct) |
The controversial data breach notification service LeakedSource has been down for nearly 24 hours and it is rumored that the website has gone offline following a law enforcement raid.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-27 03:43:13 |
Chrome 56 Patches 51 Vulnerabilities (lien direct) |
Google this week released Chrome 56 in the stable channel, patching no less than 51 vulnerabilities in the popular browser.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-27 03:39:11 |
4.2 Billion Records Exposed in Data Breaches in 2016: Report (lien direct) |
2016 was a record year for data breaches, as the number of exposed records exceeded 4.2 billion, nearly four times than the previously set record.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-26 22:32:24 |
The Application Security Testing Conundrum (lien direct) |
It is my humble opinion that we have allowed our daily rush into an increasingly digital world to negatively affect our ability to address challenges. We look at the world in the sharp, square and discreet lens of digital and ignore the smooth and contiguous thinking of analog.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-26 19:04:46 |
Facebook Offers FIDO-based Authentication Option (lien direct) |
Facebook is adding support for a FIDO-based Universal 2nd Factor (U2F) authentication key to its multi-factor authentication process. This does not replace Facebook's existing SMS-based second-factor option, but adds a more secure alternative for the security-conscious user.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-26 16:23:04 |
OpenSSL Patches Four Vulnerabilities (lien direct) |
The OpenSSL Project announced on Thursday the availability of OpenSSL versions 1.1.0d and 1.0.2k, which address a total of four low and moderate severity vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-26 14:55:33 |
\'Perfect Cyber Storm\' Threatens Europe, Report Says (lien direct) |
Intensifying Threat Climate and Regulatory Changes are Fundamental Challenges Facing the European Union
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-26 14:50:31 |
Android VPNs Introduce Security, Privacy Risks: Study (lien direct) |
Researchers have analyzed hundreds of virtual private network (VPN) applications for Android and determined that many of them introduce serious privacy and security risks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-26 11:54:40 |
Americans Distrustful After Hacking Epidemic: Survey (lien direct) |
Washington - Nearly two-thirds of Americans have experienced some kind of data theft or fraud, leaving many mistrustful of institutions charged with safeguarding their information, a poll showed Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-26 10:31:49 |
Cisco Patches Serious Flaws in Collaboration Products (lien direct) |
Cisco has released software updates that patch critical and high severity vulnerabilities in its TelePresence and Expressway collaboration products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-26 09:30:58 |
Gmail to Block JavaScript File Attachments (lien direct) |
Google's G Suite team announced on Wednesday that, for security reasons, Gmail will soon stop allowing users to attach JavaScript (.js) files to emails.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 22:12:31 |
Ashton Kutcher Backs SentinelOne in $70 Million Funding Round (lien direct) |
Ashton Kutcher's Sound Ventures Invests in SentinelOne's $70 Million Series C Funding Round
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 18:01:46 |
Fake Netflix App Takes Control of Android Devices (lien direct) |
A recently spotted fake Netflix app is in fact installing a Remote Access Trojan (RAT) variant onto the victims' devices, Zscaler security researchers have discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 17:52:25 |
"Ripper" Service Helps Cybercriminals Identify Fraudsters (lien direct) |
Researchers at threat intelligence firm Digital Shadows have analyzed a relatively new service named Ripper that aims to expose fraudsters who target the users of cybercrime marketplaces.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 17:15:50 |
Charger Android Ransomware Infects Apps on Google Play (lien direct) |
A newly discovered piece of Android ransomware embedded in apps available on Google Play threatens to sell a victim's personal data on the black market if they don't pay, Check Point security researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 14:50:21 |
Western Digital Patches Vulnerabilities in "My Cloud" Products (lien direct) |
The latest firmware update released by Western Digital for the My Cloud Mirror personal cloud storage product patches serious remote command execution and authentication bypass vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 14:24:26 |
Cisco Buys App Performance Tuning Startup for $3.7 Billion (lien direct) |
San Francisco - Cisco Systems on Tuesday announced a $3.7 billion deal to buy a startup specializing in improving the performance of applications, continuing to expand beyond computer networking hardware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 14:13:20 |
Dutch Man on Trial in \'Sextortion\' Cyberbully Case (lien direct) |
Amsterdam - A man accused of a worldwide cyberbullying racket that got young girls to pose naked before blackmailing them went on trial Wednesday in Amsterdam, saying he is innocent of the charges.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 13:57:34 |
Hiding in Plain Sight: Why Your Organization Can\'t Rely on Security by Obscurity (lien direct) |
Attackers Don't Examine Market Size When Deciding Whether or Not to Target an Organization or a Person
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 10:14:42 |
Firefox 51 Patches Flaws, Introduces New HTTP Warning (lien direct) |
Mozilla released Firefox 51 this week and in addition to patches for several critical vulnerabilities, the latest version of the popular web browser introduces a new security feature designed to warn users when they access a login page that does not have a secure connection.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 09:17:46 |
Flaw Exposed Private Messages of AlphaBay Users (lien direct) |
The popular darknet marketplace AlphaBay was until recently affected by a flaw that exposed hundreds of thousands of private messages and other user information.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-25 03:11:17 |
Sage 2.0 Ransomware Demands $2,000 Ransom (lien direct) |
A newly observed ransomware variant is being distributed via malicious spam normally distributing Cerber and is demanding a $2,000 ransom for the decryption key.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 22:22:23 |
Microsoft Victory in Overseas Data Privacy Case Stands (lien direct) |
San Francisco - A federal appeals court on Tuesday reaffirmed Microsoft's legal right to refuse a US government order to hand over data stored overseas in a case with important privacy implications.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 19:36:44 |
IoT Botnets Fuel DDoS Attacks Growth: Report (lien direct) |
The weaponization of Internet of Things (IoT) botnets helped fuel a 60% increase in the size of distributed denial of service (DDoS) attacks last year, Arbor Networks reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 17:09:54 |
Comments Widget Exposed Many Websites to Attacks (lien direct) |
A stored cross-site scripting (XSS) vulnerability found in a popular comments widget exposed a large number of websites to attacks. The security hole was quickly patched by the product's developers.
A 14-year-old security enthusiast named Ibram Marzouk recently discovered a stored XSS flaw in the comments section of code snippet marketplace PasteCoin.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 15:00:27 |
(Déjà vu) Apple Patches Dozens of Vulnerabilities Across Product Lines (lien direct) |
Apple this week released a new set of important security updates for its products, to patch dozens of vulnerabilities in macOS, iOS, watchOS, tvOS, and Safari, as well as in the iCloud and iTunes for Windows applications.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 14:39:50 |
Microsoft Unveils Windows Defender Security Center (lien direct) |
The upcoming Windows 10 Creators Update was designed to make available security protections easily accessible via a new experience called the Windows Defender Security Center, Microsoft says.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 13:59:37 |
Shamoon Attacks Possibly Aided by Greenbug Group (lien direct) |
The stolen credentials used in the recent Shamoon attacks aimed at organizations in the Persian Gulf may have been supplied by a threat group tracked by Symantec as “Greenbug.â€
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 13:15:07 |
The Importance of Threat Modeling (lien direct) |
In cyber security, it feels like at least once a week there's a news story that gets people spun up in a panic. While there is no shortage of vulnerabilities and critical issues in the world, not everything applies to everyone. Hence, the importance of threat modeling.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 10:51:36 |
Facebook Vulnerability Allowed Removal of Any Video (lien direct) |
Facebook has awarded a researcher $10,000 for finding a serious vulnerability that could have been exploited remotely to delete any video from the social media website.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-24 08:27:03 |
Cisco WebEx Extension Flaw Allows Code Execution (lien direct) |
Google Project Zero researcher Tavis Ormandy has discovered a critical remote code execution vulnerability in the Cisco WebEx browser extension. Cisco's initial fix does not appear to be complete, which has led to Google and Mozilla temporarily removing the add-on from their stores.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 22:24:37 |
Source Code for BankBot Android Trojan Leaks Online (lien direct) |
The source code of Android banking Trojan BankBot, along with instructions on how to use it, recently emerged on a hacker forum, Doctor Web security researchers have discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 22:06:35 |
Sale of Core Yahoo Assets to Verizon Delayed (lien direct) |
|
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 21:40:31 |
\'Star Wars\' Botnet Has 350,000 Twitter Bots (lien direct) |
A newly discovered Twitter botnet has been lying dormant for over three years, although it includes more than 350,000 bot accounts, researchers at the University College London have discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 21:14:31 |
Lavabit Email Service Returns with New Encryption Platform (lien direct) |
Lavabit, the secure email service that shut down in 2013 after the NSA requested access to Eduard Snowden's email account, is recommencing operations on a new secure end-to-end communications platform, Lavabit owner Ladar Levison announced on Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 20:36:27 |
Millions Download HummingBad Variant via Google Play (lien direct) |
A newly discovered variant of the HummingBad Android malware has been downloaded millions of times after infecting 20 applications in Google Play, Check Point security researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 20:07:52 |
China Cracks Down on Bids to Bypass Online Censorship (lien direct) |
Beijing - China has announced a 14-month campaign to "clean up" internet service providers and crack down on devices such as virtual private networks (VPNs) used to evade strict censorship.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 19:28:58 |
Researchers Link "de-identified" Browsing History to Social Media Accounts (lien direct) |
Researchers Demonstrate How "de-identified" Web Browsing Histories Can be Linked to Social Media Accounts
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 18:30:21 |
Overhyped Media Reports Bad For ICS Security: Experts (lien direct) |
Overblown media reports describing critical infrastructure incidents can have a negative impact on cybersecurity in the industrial control systems (ICS) sector, experts have warned.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 15:00:24 |
Heartbleed Still Affects 200,000 Devices: Shodan (lien direct) |
While the number of services affected by the OpenSSL flaw known as Heartbleed has decreased, the Shodan search engine has still found nearly 200,000 vulnerable devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 13:44:23 |
Finding the ROI in Threat Intelligence (lien direct) |
Threat intelligence can play an important role in improving an organization's overall cybersecurity posture, provided the right case is made and the right processes are put in place. In the past, I've addressed the topic of whether an organization should invest in a dedicated threat intelligence team or subscribe to a threat intelligence service.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 13:15:33 |
Yahoo Faces SEC Probe into Breach Disclosures (lien direct) |
In November 2016 Yahoo announced that it was cooperating with federal, state and foreign agencies, including the US Securities and Exchange Commission (SEC), who were seeking information on the data breaches also announced during 2016. In December, the SEC issued requests for relevant documents from Yahoo, and Yahoo is now reported to be under investigation.
|
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 12:38:21 |
Expert Hacks Internal DoD Network via Army Website (lien direct) |
A security researcher who took part in the Hack the Army bug bounty program managed to gain access to an internal Department of Defense (DoD) network from a public-facing Army recruitment website.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-23 10:47:11 |
Symantec Revokes Wrongly Issued Certificates (lien direct) |
Symantec has revoked numerous wrongly issued certificates, including for domains such as example.com and test.com. This is not the first time the security firm's certificate issuance practices have come under scrutiny.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-21 14:40:51 |
Satan RaaS Promises Large Gains With Zero Coding Needed (lien direct) |
A newly discovered family of ransomware is being offered via the Ransomware-as-a-Service (RaaS) business model, allowing cybercriminals to easily customize their own versions of the malware, researchers explain.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-20 20:19:38 |
Carbanak Group Used Numerous Tools in Recent Attacks (lien direct) |
The infamous Carbanak group of hackers has been using multiple tools in a series of attacks over the past several months, Trustwave security researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-20 17:32:00 |
Western Union Pays $586 Million to Settle Fraud Charges (lien direct) |
Global financial services company Western Union has admitted to facilitating wire fraud and it has agreed to forfeit $586 million as part of a settlement with the U.S. Federal Trade Commission (FTC) and the Department of Justice.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-01-20 16:33:38 |
Endgame Unveils Siri-like Feature for Security Operations Teams (lien direct) |
Threat protection firm Endgame today announced a new AI-powered chatbot feature within its Endgame Detect and Respond (EDR) platform designed to support security analysts.
|
|
|
|