What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-10-25 16:38:01 | Critical Vulnerabilities Patched in Joomla (lien direct) | Two critical account creation vulnerabilities have been addressed on Tuesday in the Joomla content management system (CMS) with the release of version 3.6.4. | |||
|
2016-10-25 15:42:32 | ICS Networks at Risk Due to Flaw in Schneider PLC Simulator (lien direct) | ICS CYBER SECURITY CONFERENCE – A serious vulnerability affecting one of Schneider Electric's software platforms can allow malicious actors to remotely execute arbitrary code on engineering workstations via specially crafted project files. Similar flaws could affect products from other vendors and attacks are not easy to detect. | |||
|
2016-10-25 14:38:52 | Android Root Exploits Abuse Dirty COW Vulnerability (lien direct) | The “Dirty COW†Linux kernel vulnerability that was publicly disclosed last week can be leveraged to achieve root privileges on Android devices, security researchers reveal. | |||
|
2016-10-25 12:27:07 | LinkedIn Hacker Tied to Major Bitcoin Heist (lien direct) | The Russian national accused by U.S. authorities of hacking LinkedIn, Dropbox and Formspring made at least 1,500 bitcoins in 2013, including 620 stolen from a now-defunct exchange, according to a security expert. | |||
|
2016-10-25 10:57:13 | Apple Patches Multiple Flaws in iOS, macOS Sierra, Safari (lien direct) | Apple released a new set of security patches this week to resolve multiple vulnerabilities in iOS, macOS Sierra, Safari, tvOS, and watchOS. | |||
|
2016-10-25 07:16:58 | Mozilla Distrusts Certificates From WoSign, StartCom (lien direct) | Mozilla has decided to revoke trust in new WoSign and StartCom certificates, despite the steps taken by the companies in an effort to address the issues found by the web browser vendor. | |||
|
2016-10-25 04:34:56 | Required Insider Threat Program for Federal Contractors: Will It Help? (lien direct) | Many organizations use hundreds or even thousands of third party vendors. They connect to their networks, access private corporate data, and too often, as we saw in the case of Edward Snowden and more recently Harold Martin, elevate organizations' cyber risk. | |||
|
2016-10-25 04:25:16 | Kaspersky Launches Industrial Control Systems CERT (lien direct) | Kaspersky Lab announced last week the launch of a new global computer emergency response team (CERT) focusing on industrial control systems (ICS). | |||
|
2016-10-25 00:55:31 | Researchers Leverage Voicemail Flaw to Compromise Messaging Apps (lien direct) | Italian security researchers have discovered a vulnerability that can be easily exploited to break into messaging applications such as Telegram, WhatsApp, and Signal. | |||
|
2016-10-24 17:02:37 | Muddy Waters, MedSec Respond to St. Jude Lawsuit (lien direct) | Investment research firm Muddy Waters and security company MedSec have responded to St. Jude Medical's lawsuit and hired outside experts to back their claims that some of St. Jude's cardiac products are affected by serious vulnerabilities. | |||
|
2016-10-24 16:38:10 | Being the Adult in the Room (lien direct) | Security Teams Need to be Recognized as the Even Keel that Stays the Course Even When the Rest of the Organization Gets Distracted. | |||
|
2016-10-24 12:31:15 | BIND Flaw Patched in 2013 Affects Linux Distros (lien direct) | A vulnerability patched by the Internet Systems Consortium (ISC) in the BIND DNS software several years ago has been found to affect Linux distributions that use packages derived from BIND releases prior to the security hole being fixed. | |||
|
2016-10-24 10:36:46 | Russian Man Accused of Hacking LinkedIn, Dropbox (lien direct) | The Russian national arrested earlier this month by Czech police has been charged in the United States for hacking into the systems of LinkedIn, Dropbox and Formspring. Yevgeniy Aleksandrovich Nikulin, 29, of Moscow, Russia, was arrested by Czech authorities on October 5, but news of the arrest only came to light last week. | |||
|
2016-10-24 08:26:21 | Mirai Botnets Used for DDoS Attacks on Dyn (lien direct) | Experts determined that the distributed denial-of-service (DDoS) attacks launched last week against Dyn's DNS infrastructure were powered by Internet of Things (IoT) devices infected with the malware known as Mirai. | |||
|
2016-10-24 02:01:27 | Moscow Confirms Ministry Website Attack After U.S. Hacker Claim (lien direct) | Russia's foreign ministry on Sunday said an old version of its website had been attacked after a US hacker claimed he broke in and posted a mocking message. | |||
|
2016-10-23 03:04:13 | VoIP Service Servers Abused to Host RATs (lien direct) | Free Voice-over-IP (VoIP) service Discord has had its servers abused to host and distribute remote access Trojans (RATs), Symantec warns. | |||
|
2016-10-22 02:09:09 | Linux Backdoor Doesn\'t Require Root Privileges (lien direct) | A newly observed Linux backdoor Trojan can perform its nefarious activities without root access, by using the privileges of the current user, Doctor Web security researchers have discovered. | |||
|
2016-10-21 15:18:20 | Slack Flaw Allowed Hackers to Hijack Any Account (lien direct) | A researcher has disclosed a couple of serious Slack vulnerabilities that could have been exploited to obtain sensitive information and take over user accounts. The vendor patched the flaws and awarded the expert a total of $9,000. | |||
|
2016-10-21 13:27:31 | Twitter, Others Disrupted by DDoS Attack on Dyn DNS Service (lien direct) | Twitter, GitHub and several other major websites are inaccessible for many users due to a distributed denial-of-service (DDoS) attack on the Managed DNS infrastructure of cloud-based Internet performance management company Dyn. | |||
|
2016-10-21 11:01:09 | R3\'s Corda Blockchain Platform Goes Open-Source (lien direct) | Blockchain is variously described as the future of computing or a hype bubble that has already burst, depending on which author you read. | |||
|
2016-10-21 10:56:58 | Pentagon to Launch More Bug Bounty Programs (lien direct) | Following the success of the “Hack the Pentagon†program, the U.S. Department of Defense has decided to continue to test its websites and networks for cybersecurity vulnerabilities using crowdsourced experts. | |||
|
2016-10-21 07:44:35 | (Déjà vu) Admiral Michael Rogers to Keynote SecurityWeek\'s 2016 ICS Cyber Security Conference (lien direct) | 
|
|||
|
2016-10-21 07:13:10 | Weebly Breach Affects Over 43 Million Users (lien direct) | Hackers have managed to steal information associated with more than 43 million accounts belonging to customers of Weebly, a San Francisco-based web hosting service that provides a drag-and-drop website builder. | |||
|
2016-10-21 01:50:25 | U.S. Spy Worker Stole \'Astonishing Quantity\' of Data: Prosecutors (lien direct) | US prosecutors on Thursday said they expected to file espionage charges against a private contractor for the National Security Agency suspected of stealing an "astonishing quantity" of classified information. | |||
|
2016-10-20 14:38:18 | "Dirty COW" Linux Kernel Flaw Exploit Seen in the Wild (lien direct) | A new Linux kernel vulnerability disclosed on Wednesday allows an unprivileged local attacker to escalate their privileges on a targeted system. Red Hat said it was aware of an exploit in the wild. | |||
|
2016-10-20 14:25:38 | Sarvdap Spambot Checks IP Blacklists (lien direct) | The Sarvdap spambot was recently observed checking the IP addresses of infected hosts against common blacklists, in an attempt to ensure that its spam email is successfully delivered, Palo Alto Networks security researchers reveal. | |||
|
2016-10-20 13:59:13 | From Chasing Alerts to Hunting Threats: What Makes an Effective SOC is Evolving (lien direct) | Whether you call it a SOC, a CSOC, a Cyber Defense Center, or something else, security operation centers have the same fundamental mission – to help organizations detect, analyze, respond to, report on, and prevent cyber security incidents. But what it takes to do that effectively has changed in this ever-evolving threat landscape, putting an even greater burden on analysts and the technologies they rely upon. | |||
|
2016-10-20 11:41:31 | Lexmark Patches Critical Flaw in Printer Management Tool (lien direct) | Lexmark has released an update for its Markvision Enterprise printer management software to address serious vulnerabilities that could allow a remote attacker to execute arbitrary code on the server hosting the product. Markvision Enterprise is a web-based tool that allows IT professionals to manage up to 20,000 networked printers, regardless of the manufacturer. | |||
|
2016-10-20 09:24:18 | Windows Zero-Day Exploited by "FruityArmor" APT Group (lien direct) | A Windows zero-day vulnerability patched this month by Microsoft was discovered by Kaspersky Lab researchers in attacks conducted by an advanced persistent threat (APT) actor dubbed by the security firm “FruityArmor.†| |||
|
2016-10-20 07:14:13 | Russian Arrested by Czech Police Tied to 2012 LinkedIn Hack (lien direct) | The Russian national arrested this month by Czech police in cooperation with the FBI is believed to have been involved in the hacking of social media company LinkedIn in 2012. | |||
|
2016-10-19 23:30:11 | Yahoo Calls for \'Transparency\' From U.S. Spy Agencies (lien direct) | Yahoo asked US spy agencies Wednesday to offer public "transparency" about data they make internet companies provide on users and to declassify any secret order served on the company. | Yahoo | ||
|
2016-10-19 23:24:10 | Skype Calls Expose User Keystrokes: Researchers (lien direct) | Microsoft's popular text, audio and video messaging service Skype can be used to record keystrokes and reveal what a user has typed, researchers say. | |||
|
2016-10-19 23:11:12 | Firefox to Display Error When Encountering SHA-1 Certificates (lien direct) | Starting in Firefox 51, Mozilla's web browser will display an error when a SHA-1 certificate is encountered that chains up to a root certificate included in Mozilla's CA Certificate Program. | |||
|
2016-10-19 18:39:26 | Sofacy\'s Flash Player Exploit Platform Exposed (lien direct) | Using weaponized Word documents as attachments to phishing emails is not a new attack method, but researchers have discovered an interesting variation: an RTF document with an embedded OLE Word document containing embedded Flash exploits. The purpose is to disguise the attack in layers of obfuscation. | |||
|
2016-10-19 17:12:01 | Muddy Waters Shows More Attacks on St. Jude Cardiac Devices (lien direct) | Investment research firm Muddy Waters and security company MedSec have published four new videos allegedly demonstrating potentially lethal attacks against implanted cardiac devices from St. Jude Medical. | |||
|
2016-10-19 16:19:08 | Illumio Unveils Security Templates to Protect Data Center Apps (lien direct) | New Security Templates from Illumio Help Close Security Gaps Inside Data Centers and Clouds | |||
|
2016-10-19 14:58:40 | IoT Worm "Hajime" Uses BitTorrent Protocols for Communications (lien direct) | While analyzing the notorious Mirai malware, researchers discovered what they claim to be a new and sophisticated worm designed to target Internet of Things (IoT) devices. | |||
|
2016-10-19 11:51:53 | Mirai Increasingly Used for DDoS Attacks After Source Leak (lien direct) | The number of Internet of Things (IoT) devices infected with Mirai has increased considerably in the past few weeks after the malware's author decided to make its source code public. | |||
|
2016-10-19 11:29:54 | Oracle Critical Patch Update for October 2016 Fixes 253 Vulnerabilities (lien direct) | Oracle this week released its Critical Patch Update (CPU) for October 2016 to deliver a total of 253 new security fixes across multiple product families, nearly half of which can be exploited remotely without authentication. | |||
|
2016-10-19 10:41:47 | Czech Police and FBI Arrest Alleged Russian Hacker (lien direct) | Prague - Czech police said Wednesday they staged a joint operation with the FBI to arrest a Russian citizen in Prague suspected of staging cyber attacks on the United States. | |||
|
2016-10-19 07:26:10 | Researchers Bypass ASLR via Hardware Vulnerability (lien direct) | Researchers from two universities in the United States have disclosed a new method for bypassing Address Space Layout Randomization (ASLR) by exploiting a hardware vulnerability. | |||
|
2016-10-18 23:26:49 | Ecuador Says it Cut Assange Internet Over US Election Leaks (lien direct) | Ecuador said Tuesday it had cut the internet access of WikiLeaks founder Julian Assange, who is holed up at its London embassy, due to leaks by the anti-secrecy website that could impact the US election. | |||
|
2016-10-18 20:48:25 | VeraCrypt Patches Vulnerabilities Following Audit (lien direct) | A recently conducted security assessment of VeraCrypt has revealed over 25 security vulnerabilities in the popular encryption platform, including a critical cryptography flaw. | |||
|
2016-10-18 16:11:56 | Preview: 2016 ICS Cyber Security Conference – Oct. 24-27 (lien direct) |
|
|||
|
2016-10-18 16:03:10 | NoMoreRansom Initiative Gets Global Law Enforcement Support (lien direct) | Law enforcement agencies from 13 additional countries have signed up to the NoMoreRansom project since it started in July 2016. The project, launched as a collaborative initiative by the Dutch National Police, Europol, Kaspersky Lab and Intel Security, is designed to provide practical help for victims of ransomware. | |||
|
2016-10-18 13:40:02 | Chinese Cyberspies Target European Drone Maker, Energy Firm (lien direct) | An advanced persistent threat (APT) actor believed to be based in China has been spotted targeting the systems of a European drone maker and a U.S. subsidiary of a French energy management company. | ★★ | ||
|
2016-10-18 13:15:49 | Monthly Android Patches Still Slow to Reach Most Devices (lien direct) | While Google has been releasing monthly Android patches for over a year, the overall impact on device security has been much lower than expected, and actually led to fragmentation, security researchers argue. | |||
|
2016-10-18 12:42:10 | Battling the Botnet Armies (lien direct) | Botnet armies have become bigger, more active and more heavily armed than ever before. In the first quarter of 2016, attacks launched by bots reached a record high of 311 million-a 300 percent increase compared with the same period in 2015 and a 35 percent increase compared with the final quarter of 201 | |||
|
2016-10-18 12:03:05 | Magento Malware Hides Stolen Card Data in Image Files (lien direct) | Cybercriminals have been using innocent-looking image files to store and exfiltrate payment card data stolen from compromised ecommerce websites running on the Magento platform. | |||
|
2016-10-18 08:10:20 | Backdoor Uploaded to WordPress Sites via eCommerce Plugin Zero-Day (lien direct) | A zero-day vulnerability in an ecommerce plugin for WordPress has been exploited by cybercriminals to upload backdoors to affected websites, researchers warned. |
To see everything:
Our RSS (filtrered)
