What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-01-12 19:02:28 | A Positive Prognosis for Digital Value in the Healthcare Industry (lien direct) | With Effective Security, Healthcare Organizations Can Take Advantage of Opportunities to Enable Innovation and Growth with Greater Speed, Efficiency, and Agility | |||
|
2017-01-12 18:37:23 | Shadow Brokers "Retire" Awaiting Offer of 10,000 Bitcoins for Cache of Exploits (lien direct) | The mysterious hacking group calling themselves “The Shadow Brokers†has apparently decided to put an end to their failed attempts to sell exploits and hacking tools they claimed to have stolen from the NSA-linked Equation Group. | |||
|
2017-01-12 18:22:49 | EyePyramid Malware Unsophisticated But Effective: Researchers (lien direct) | The EyePyramid malware used to steal information from Italian politicians, bankers and business leaders is not very sophisticated, but, as many successful espionage operations have shown, it doesn't need to be. | Guideline | ||
|
2017-01-12 18:19:08 | New Ploutus ATM Malware Variant at Large (lien direct) | A new variant of the Ploutus ATM (automated teller machine) malware was recently observed, capable of interacting with KAL's Kalignite multivendor ATM platform, FireEye security researchers warn. | |||
|
2017-01-12 16:35:18 | Google Announces New Cloud Key Management System (lien direct) | Google has launched a beta version of a new Cloud Key Management System (KMS) to supplement the existing Google-managed server-side encryption and customer-controlled on-premise key management. It has broadened, it claims, "the continuum of encryption options available on Google Cloud Platform (GCP)." The beta KMS is currently available in 49 countries. | |||
|
2017-01-12 14:38:48 | GoDaddy Revokes Nearly 9,000 SSL Certificates (lien direct) | GoDaddy informed customers this week that it has revoked nearly 9,000 SSL certificates after discovering a software bug that made its domain validation process unreliable. | |||
|
2017-01-12 13:41:48 | The ART of Making Threat Intelligence Actionable (lien direct) | Actionable Threat Intelligence Enables a Proactive Approach to Cybersecurity, with Connectivity to the Entire Security Footprint | |||
|
2017-01-12 13:27:33 | Isolation Based Security Provides Prevention and Enhances Incident Response (lien direct) | Careful Design of Network and System Security Architecture Can Substantially Enhance Security | |||
|
2017-01-12 09:54:31 | Four High Severity DoS Flaws Patched in BIND (lien direct) | Updates released on Wednesday by the Internet Systems Consortium (ISC) for the DNS software BIND patch four high severity, remotely exploitable denial-of-service (DoS) vulnerabilities. | |||
|
2017-01-12 09:15:40 | Eight Vulnerabilities Patched in WordPress (lien direct) | Eight security flaws and 62 bugs have been addressed with the release of WordPress 4.7.1 on Wednesday. The latest update for the content management system (CMS) has been classified as a security release. | |||
|
2017-01-11 20:28:18 | Handling Classified Information: Lessons Learned (lien direct) | Can we Learn From the Blunders of U.S Officials on Their Handling of Classified Information? | |||
|
2017-01-11 17:25:27 | Italian Siblings Arrested Over Long-running Cyber Espionage Campaign (lien direct) | Italian siblings Giulio Occhionero and Francesca Maria Occhionero have been arrested in Rome, charged with conducting a long-running cyber espionage campaign against leading Italian politicians, businessmen and Masons. | Guideline | ||
|
2017-01-11 16:56:51 | ZDI Paid Out $2 Million for Vulnerabilities in 2016 (lien direct) | Trend Micro's Zero Day Initiative (ZDI) published 674 advisories last year and paid out nearly $2 million to researchers who submitted vulnerabilities, the company said in its “2016 Retrospective†report. | |||
|
2017-01-11 16:55:48 | Powerful "Spora" Ransomware Lets Victims Pay for Immunity (lien direct) | A newly spotted piece of ransomware allows users not only pay to recover their encrypted files, but also for immunity from future attacks, Emsisoft security researchers warn. | |||
|
2017-01-11 16:01:28 | Hamas \'Honey Trap\' Dupes Israeli Soldiers (lien direct) | The smartphones of dozens of Israeli soldiers were hacked by Hamas militants pretending to be attractive young women online, an Israeli military official said Wednesday. | |||
|
2017-01-11 15:22:34 | Shadow Brokers Now Selling Windows, AV Exploits in New ZeroNet Marketplace (lien direct) | The group calling itself “Shadow Brokers†has apparently decided to start selling Windows exploits and what appear to be anti-virus bypass tools on a BitTorrent-powered ZeroNet peer to peer web platform. | |||
|
2017-01-11 15:05:12 | 33,000 Databases Fall in MongoDB Massacre (lien direct) | Nearly 33,000 MongoDB databases have been hijacked as of today, the latest numbers associated with a series of attack campaigns that have been picking up pace over the past couple of weeks show. | |||
|
2017-01-11 14:45:43 | Command Execution Vulnerability Patched in Ansible (lien direct) | Updates released on Monday for the Ansible IT automation platform address a security bypass vulnerability that can be exploited to execute arbitrary commands on the Ansible controller and gain access to the hosts connected to it. | |||
|
2017-01-11 14:40:06 | RIG Grabs 35% of Exploit Kit Market in December (lien direct) | The RIG exploit kit (EK) managed to grab nearly 35% of the overall EK activity during the last month of 2016, retaining the leading spot in the landscape for the fourth month in a row, Symantec reports. | Guideline | ||
|
2017-01-11 13:56:11 | The Role of Artificial Intelligence in Cyber Security (lien direct) | Machine Learning Speed Up Remediation, But Will it Ever be Able to Autonomously Protect Organizations Against Cyber-attacks? | |||
|
2017-01-11 12:13:52 | PoC Exploit Leads to Discovery of Two Windows Flaws (lien direct) | Proof-of-concept (PoC) code released by a researcher for a denial-of-service (DoS) vulnerability affecting the Local Security Authority Subsystem Service (LSASS) in Windows has led to the discovery of a different, but similar, flaw. | |||
|
2017-01-11 09:48:05 | D-Link Hires Government Watchdog to Fight FTC Charges (lien direct) | Connectivity solutions provider D-Link Systems has retained the Cause of Action Institute to help it fight against the “unwarranted and baseless†charges brought by the U.S. Federal Trade Commission (FTC). | |||
|
2017-01-10 19:00:04 | Microsoft Patches Flaws in Windows, Office, Edge (lien direct) | Microsoft has addressed vulnerabilities affecting Windows, Office and the Edge web browser, but the company's January 2017 Patch Tuesday updates include only four security bulletins. | |||
|
2017-01-10 18:26:08 | SAP Patches Multiple XSS and Missing Authorization Vulnerabilities (lien direct) | SAP on Tuesday released its first set of monthly security patches for 2017, which addresses numerous Cross-Site Scripting (XSS) and Missing Authorization Check issues across its products. | |||
|
2017-01-10 17:02:32 | Adobe Patches 42 Flaws in Reader, Acrobat, Flash (lien direct) | Adobe informed users on Tuesday that updates released for Acrobat, Reader and Flash Player patch a total of 42 vulnerabilities, including many that could lead to arbitrary code execution. | Guideline | ||
|
2017-01-10 16:59:53 | New Terror Exploit Kit Emerges (lien direct) | After the fall of the Nuclear and Angler exploit kits (EKs), overall activity generated from exploit kits has dropped to only a fraction of what used to be. | |||
|
2017-01-10 16:31:29 | Hacker Grabs Data on 1.5 Million ESEA Gamers, Demands 100k Ransom (lien direct) | E-Sports Entertainment Association (ESEA) Becomes the Latest Data Breach Victim With Data of 1.5 Million Users Stolen | |||
|
2017-01-10 16:20:51 | Security Orchestration Firm Phantom Cyber Raises $13.5 Million (lien direct) | Phantom, a cybersecurity startup that has developed a community-powered security automation and orchestration platform, announced that it has raised $13.5 million in a Series B funding round led by iconic Silicon Valley VC firm Kleiner Perkins. | |||
|
2017-01-10 15:14:59 | Fortinet Hires Former NSA Cyber Chief Phil Quade as CISO (lien direct) | Fortinet announced on Tuesday said that it has hired former NSA Cyber Task Force Chief, Phil Quade, as Chief Information Security Officer (CISO). | |||
|
2017-01-10 14:51:37 | Foreign Nation Behind Anthem Breach, Investigation Claims (lien direct) | The California Department of Insurance on Friday revealed that an investigation into the data breach of health insurance giant Anthem Inc. has concluded that a foreign country was behind the attack. | |||
|
2017-01-10 13:06:08 | St. Jude Patches Vulnerabilities in Cardiac Devices (lien direct) | St. Jude Medical has released security updates to patch some of the flaws discovered by MedSec in its cardiac devices, but the manufacturer insists that the risk of cyberattacks is very low. | |||
|
2017-01-10 10:50:29 | Shamoon 2 Variant Targets Virtualization Products (lien direct) | A second variant of the Shamoon 2 malware discovered by researchers at Palo Alto Networks has been set up to target virtualization products, likely in an effort to increase the impact of the attack and make recovery more difficult for targeted organizations. | |||
|
2017-01-10 04:36:53 | Sundown Exploit Kit Variant Distributes Cryptocurrency Miner (lien direct) | An atypical variant of the Sundown exploit kit (EK) was recently seen using a different infrastructure than previously known and distributing a cryptocurrency mining application, Malwarebytes Labs security researchers reveal. | |||
|
2017-01-09 18:23:45 | New York Governor Proposes New Cyber Security Measures (lien direct) | Following the Intelligence Community report blaming Russia for both the Democratic National Committee hack in 2016, and for attempting to influence the presidential election in favor of Republican Donald Trump, the Democrat Governor of New York has now introduced new cyber security proposals to his January State of the State address. | |||
|
2017-01-09 17:38:03 | Mac Crashing Attack Method Used in Tech Support Scam (lien direct) | A snippet of malicous code designed to crash Mac OS machines is being delivered through drive-by downloads as part of a campaign designed to trick users into calling a fake tech support service, security researchers warn. | |||
|
2017-01-09 17:26:18 | "Truffle Hog" Tool Detects Secret Key Leaks on GitHub (lien direct) | A free and open source tool called “Truffle Hog†can help developers check if they have accidentally leaked any secret keys through the projects they publish on GitHub. | |||
|
2017-01-09 15:03:28 | Organizations Challenged with Cybersecurity Framework Implementation (lien direct) | Adopting a cyber security framework provides clear benefits that increase over time; but for most organizations, framework adoption requires overcoming a range of both technical and organizational impediments. Automated foundational controls are currently not being widely implemented. | |||
|
2017-01-09 14:56:28 | Edge Exploits Added to Sundown EK (lien direct) | The maintainers of the Sundown exploit kit have started using two Microsoft Edge vulnerabilities just a few days after researchers published a proof-of-concept (PoC) exploit. | |||
|
2017-01-09 14:46:57 | Understanding the Benefits of Security Abstraction (lien direct) | The world of cybersecurity is becoming more and more complicated and – some say – almost unmanageable. This is due to the increasing volume of advanced attack campaigns and subsequent investment by organizations in more and more security tools – tools that are potentially effective, but are also trapped in silos that limit their capabilities. | |||
|
2017-01-09 11:36:03 | Rockwell Automation Addresses Flaws in Programmable Controllers (lien direct) | Several vulnerabilities have been found in Allen-Bradley programmable automation controllers, programmable logic controllers and safety programmable controllers from Rockwell Automation. | |||
|
2017-01-09 09:56:37 | Man Pleads Guilty to Hacking Accounts of U.S. Officials (lien direct) | Justin G. Liverman, a 24-year-old from North Carolina, has pleaded guilty for his part in a hacking conspiracy that targeted several U.S. government officials, including CIA chief John Brennan. | Guideline | ||
|
2017-01-06 18:03:28 | Cloud Security Firm Bitglass Raises $45 Million (lien direct) | Bitglass, a Silicon Valley-based provider of mobile and cloud data protection solutions, today announced that it has secured $45 million in a Series C funding round. | |||
|
2017-01-06 17:38:14 | China-Linked "DragonOK" Group Expands Operations (lien direct) | A China-linked threat group known as DragonOK has updated its toolset, and the decoy documents it has used in attacks suggest that its list of targets may have been expanded to include Russia and Tibet. | |||
|
2017-01-06 17:30:45 | Google Patches High Risk Vulnerability in Android Bootloader (lien direct) | A vulnerability recently addressed in Google's January 2017 Android security bulletin was a denial of service (DoS) flaw in the bootloader, which could be exploited to target Nexus 6 and 6P custom boot modes, IBM security researchers reveal. | |||
|
2017-01-06 16:47:21 | New "Ghost Host" Technique Boosts Botnet Resiliency (lien direct) | Malware Developers Trick Web Security Systems by Changing Domain Names and Inserting Non-malicious Hostnames into HTTP Host Field. | |||
|
2017-01-06 16:39:45 | Multiple Attackers Hijacking MongoDB Databases for Ransom (lien direct) | The recently reported hijacking of MongoDB databases to hold their content for ransom is picking up pace as more hackers are trying to monetize the attack method, security researchers say. | |||
|
2017-01-06 14:49:11 | Iranian Group Delivers Malware via Fake Oxford University Sites (lien direct) | An Iran-linked advanced persistent threat (APT) group dubbed OilRig has used a fake Juniper Networks VPN portal and fake University of Oxford websites to deliver malware to victims. | APT 34 | ||
|
2017-01-06 12:59:22 | Fake Super Mario Run for Android Installs Malware (lien direct) | The Android Marcher Trojan was recently observed masquerading as the recently released Super Mario Run mobile game for Apple's iOS, Zscaler security researchers warn. | |||
|
2017-01-06 12:27:09 | Massachusetts Opens Data Breach Notification Archive to Public (lien direct) | The Commonwealth of Massachusetts this week made an important step toward improving its data breach transparency, as the Office of Consumer Affairs and Business Regulation (OCABR) made its Data Breach Notification Archive publicly available online. | |||
|
2017-01-06 11:40:42 | FTC Sues D-Link Over Failure to Secure Cameras, Routers (lien direct) | The U.S. Federal Trade Commission (FTC) has filed a lawsuit against Taiwan-based networking equipment provider D-Link, accusing the company of making deceptive claims about the security of its products, particularly IP cameras and routers. |
To see everything:
Our RSS (filtrered)
