What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-10-10 17:16:32 | "StrongPity" Group Targets Encrypted Data, Communications (lien direct) | Kaspersky Lab has published a report detailing the activities of a cyber espionage group that uses watering holes, poisoned installers and malware to target users of software designed for encrypting data and communications. | |||
|
2016-10-10 17:13:10 | German Nuke Plant Hit by Disruptive Cyber Attack: Report (lien direct) | A German nuclear power plant suffered a disruptive cyber attack within the last few years, International Atomic Energy Agency (IAEA) Director Yukiya Amano told Reuters during a visit to Germany on Monday. | |||
|
2016-10-10 15:54:12 | RIG Exploit Kit Attacks Spike in September (lien direct) | The RIG toolkit became the most active exploit kit (EK) in September, accounting for nearly one quarter of EK attacks during the timeframe, a new report from Symantec reveals. | |||
|
2016-10-10 14:27:07 | JavaScript Uses Aggressive Persistence Functions (lien direct) | Security researchers have found a malicious script that uses aggressive tactics to hijack web browsers and prevent users from removing it from infected computers. | |||
|
2016-10-10 11:43:16 | WoSign Changes Leadership Due to Certificate Incidents (lien direct) | Following Mozilla's proposal to ban its certificates for at least one year and Apple's decision to revoke trust in its certificates, Chinese certificate authority WoSign appears to be taking serious action in hopes of obtaining forgiveness from major web browser vendors. | |||
|
2016-10-10 10:24:29 | MITRE Offers $50,000 for Rogue IoT Device Detection (lien direct) | Non-profit research and development organization MITRE has challenged experts to come up with novel ideas for detecting rogue Internet of Things (IoT) devices on a network. | |||
|
2016-10-07 21:38:33 | U.S. Vows Response to Russian Hack at \'Time and Place of our Choosing\' (lien direct) | Directly accusing Russia of trying to manipulate the 2016 US presidential election, the United States on Friday issued a stark warning that it would act when it wants to protect its interests. | |||
|
2016-10-07 19:59:18 | U.S. Officially Accuses Russia of Election Hacks (lien direct) | The U.S. government has officially accused Russia of directing cyberattacks against American political organizations with the intent of interfering with the upcoming election process. | |||
|
2016-10-07 18:26:03 | Malware Increasingly Abusing WMI for Evasion (lien direct) | Malware is increasingly using Windows Management Instrumentation (WMI) queries to evade detection and to determine the environment it is running in, FireEye researchers warn. | |||
|
2016-10-07 16:44:36 | Over 500,000 IoT Devices Vulnerable to Mirai Botnet (lien direct) | Researchers have identified more than 500,000 vulnerable Internet of Things (IoT) devices that could easily be ensnared by Mirai or similar botnets. | |||
|
2016-10-07 15:50:27 | How to Make Threat Intelligence Practical for Your Organization (lien direct) | If there is a drumbeat I will continue to harp on it's the importance of practical cyber threat intelligence. There's so much data out there, and so much confusion in the market as to what intel even is, intel's practicality takes on even greater significance. | |||
|
2016-10-07 15:40:46 | Spotify Falls Victim to Malvertising Attack (lien direct) | People using the Spotify Free online music service have been served malicious advertisements that could automatically open a web browser and redirect them to malware-laden sites. | |||
|
2016-10-07 15:25:59 | Using Apache Hadoop to Meet Cybersecurity Challenges (lien direct) | Apache Hadoop turned 10 this year. | |||
|
2016-10-07 13:15:34 | GE Machine Monitoring System Plagued by Serious Flaw (lien direct) | A serious vulnerability found in one of GE's Bently Nevada condition and vibration monitoring products can be exploited by remote attackers to gain unauthorized access to affected devices, ICS-CERT warned on Thursday. | |||
|
2016-10-07 13:04:23 | iOS 10\'s Safari Doesn\'t Keep Private Browsing Private (lien direct) | The Safari browser in iOS 10 no longer offers the same level of privacy as before when it comes to Private Browsing, a researcher has discovered. | |||
|
2016-10-07 11:14:26 | VMware Patches Directory Traversal Flaw in Horizon View (lien direct) | VMware has released updates for the Windows versions of its Horizon View product to address an important vulnerability that could lead to information disclosure. | Guideline | ||
|
2016-10-07 09:23:44 | X.Org Library Flaws Allow Privilege Escalation, DoS Attacks (lien direct) | X.Org developers released patches and updates to address over a dozen vulnerabilities found in several client libraries. The flaws can be exploited by local or remote attackers to cause a denial-of-service (DoS) condition or escalate privileges. | |||
|
2016-10-06 21:08:39 | Cerber Ransomware Can Now Kill Database Processes (lien direct) | Cerber, one of the most prevalent ransomware families this year, is now using random extensions for encrypted files and is now able to kill the processes of various database servers, researchers reveal. | |||
|
2016-10-06 20:24:20 | The Cyber Risk of Mixing Business with Pleasure (lien direct) | Technical and Process Controls for the Enterprise Must Extend to Employees and How They Engage in Personal Services | |||
|
2016-10-06 20:07:44 | Russian Hackers May Have Manipulated Leaked WADA Data (lien direct) | In a statement published Wednesday, October 5, the World Anti-Doping Agency (WADA) provided an update on investigations into the August Fancy Bear hack and data leak in September. FireEye/Mandiant has been employed to do the forensic investigation. As of Oct. | APT 28 | ||
|
2016-10-06 17:05:56 | Suspected Lizard Squad Hackers Arrested in US, Netherlands (lien direct) | Two teenagers suspected of being members of the Lizard Squad and PoodleCorp hacking groups were arrested last month by law enforcement authorities in the United States and the Netherlands. | |||
|
2016-10-06 16:09:27 | Mirai IoT Botnet Not Only Contributor in Massive DDoS Attack: Akamai (lien direct) | Akamai this week shared additional details on the massive 665 gigabit per second (Gbps) distributed denial of service (DDoS) attack that targeted Brian Krebs' website. | |||
|
2016-10-06 14:28:14 | WildFire Ransomware Revived as "Hades Locker" (lien direct) | The actor behind WildFire, a piece of ransomware that emerged earlier this year, has decided to rebrand the malware after security researchers created a decryption tool for it. | |||
|
2016-10-06 13:39:41 | Card Data Stolen From eCommerce Sites Using Web Malware (lien direct) | Researchers have been monitoring a campaign in which cybercriminals compromised many ecommerce websites in an effort to steal payment card and other sensitive information provided by their customers. | |||
|
2016-10-06 13:09:17 | Hitting the Right Note With a Security Delivery Platform (lien direct) | In 1985, F. Murray Abraham won the Academy Award for Best Actor for his masterful performance as the cynical Salieri in the movie Amadeus. I loved that movie. From Wolfie's maniacal and childlike laughter throughout to the choice scene when Salieri recounts his sneak peek at Mozart's Serenade for Winds, K.361: 3rd Movement: | ★★★ | ||
|
2016-10-06 12:50:35 | FastPOS Malware Adopts Modular Design (lien direct) | FastPOS, a piece of point-of-sale (PoS) malware that emerged in early summer, has recently received a series of updates designed to make it more efficient just in time for the holiday season. | |||
|
2016-10-06 12:05:11 | Mac Malware Can Abuse Legitimate Apps to Spy on Users (lien direct) | OS X Malware Can Silently Record Video by Piggybacking on Webcam Streams Mac malware could silently spy on users by piggybacking on webcam sessions initiated by legitimate applications such as FaceTime, Skype and Google Hangouts, a researcher has warned. | |||
|
2016-10-05 20:40:02 | NSA Contractor Arrested for Theft of Classified Material (lien direct) | The Department of Justice announced on Wednesday that a government contractor resident in Maryland with a top secret national security clearance was arrested in late August. According to the complaint unsealed today, a search of his home and car found "property of the United States." More specifically, this included "six classified documents obtained from sensitive intelligence and produced by a government agency in 2014." | |||
|
2016-10-05 17:56:02 | Want Better Security? Be a Pragmatist. (lien direct) | I've always considered myself a pragmatist. Perhaps not surprisingly, I have also always been a big fan of pragmatism. I guess one goes along with the other. A pragmatist is defined as “a person who is oriented toward the success or failure of a particular line of action, thought, etc.; a practical person.†| |||
|
2016-10-05 17:23:51 | Iran-Linked Attackers Target Government Organizations (lien direct) | An Iran-linked group previously observed attacking organizations in Saudi Arabia has been improving its malware tools and expanding its target list to include other countries. | |||
|
2016-10-05 16:10:02 | Amid Privacy Outcry, Yahoo Denies Surveillance Allegations (lien direct) | Yahoo on Wednesday denied conducting mass email surveillance after a report alleging it built a special scanning program at the behest of US intelligence which sparked an outcry from privacy activists. The report, which said the US internet giant had secretly scanned millions of emails to help American intelligence, was "misleading," Yahoo said in a statement. | Guideline | Yahoo | |
|
2016-10-05 16:03:30 | Google Patches DoS Vulnerability in Android (lien direct) | One of the 78 vulnerabilities that the October 2016 Android Security Bulletin released this week has patched was a flaw in the GPS component that could be exploited remotely to cause denial of service on vulnerable devices. | |||
|
2016-10-05 15:06:26 | TalkTalk Handed Record Fine for Data Breach (lien direct) | The Information Commissioner's Office (ICO) in the U.K. has handed a record fine to telecoms company TalkTalk for the data breach suffered in October 2015. | |||
|
2016-10-05 14:05:49 | iMessage URL Preview Exposes User Data (lien direct) | Apple's iMessage service can leak data such as location, device type, and operating system, when the user receives a URL in a message, a researcher has discovered. | |||
|
2016-10-05 12:03:30 | Clinton Foundation Denies Being Hacked (lien direct) | The hacker calling himself Guccifer 2.0 leaked hundreds of megabytes of files allegedly stolen from the Clinton Foundation, but the organization's representatives said there was no evidence of a data breach. | |||
|
2016-10-05 11:11:52 | Zero Trust or Bust? (lien direct) | Implementing a Zero Trust Model Represents a Dramatic Change and Requires a Well-planned Transition | |||
|
2016-10-05 10:28:20 | Endpoint Security Wars: Is Peace Breaking Out? (lien direct) | 
|
|||
|
2016-10-04 17:33:17 | Researchers Leverage RKP Module to Bypass Samsung KNOX (lien direct) | Security researchers from Viral Security Group Ltd. have managed to bypass the Samsung KNOX security features by exploiting vulnerabilities that render unpatched devices susceptible to compromise. | |||
|
2016-10-04 17:31:53 | Hackers Could Harm Diabetics via Insulin Pump Attacks (lien direct) | OneTouch Ping insulin pumps manufactured by Johnson & Johnson-owned Animas are plagued by several vulnerabilities that can be exploited by remote hackers to compromise devices and potentially harm the diabetic patients who use them. While the security holes are serious, the risk is considered relatively low and the vendor does not plan on releasing a firmware update. | |||
|
2016-10-04 17:06:11 | Weak Credentials Fuel IoT Botnets (lien direct) | Botnets powered by Internet of Things (IoT) devices have recently made headlines after powering massive distributed denial of service (DDoS) attacks. The underlying issues with IoT devices, however, are by no means new. IoT botnets are possible mainly because enslaved devices often have security flaws, many of which have been discussed numerous times before. | |||
|
2016-10-04 15:45:48 | Carbon Black, IBM Partner on Attack Remediation (lien direct) | Endpoint security firm Carbon Black announced a new partnership with IBM Security that will allow Carbon Black endpoint threat data to feed into IBM's BigFix for instant attack remediation. | |||
|
2016-10-04 13:44:42 | Flaws Found in Moxa Factory Automation Products (lien direct) | Applied Risk, a company that specializes in protecting industrial control systems (ICS), published an advisory this week describing several vulnerabilities found in one of Moxa's factory automation products. | |||
|
2016-10-04 13:35:14 | Firewall Migrations: Five Ways to Maximize Security Resilience & Availability (lien direct) | If you are planning an upgrade or migration to next-generation firewalls (NGFWs), it is not just an opportunity to gain richer functionality and a wider range of protections. It is also an excellent time to review your entire security architecture; to ensure it maximizes the value and efficiency of all your security devices, while minimizing the risk of network downtime. | |||
|
2016-10-04 13:00:39 | Researchers Break Encryption of MarsJoke Ransomware (lien direct) | The recently discovered MarsJoke ransomware has a encryption weakness that has allowed Kaspersky Lab security researchers to create a decryptor and help users restore their files for free. | |||
|
2016-10-04 12:21:55 | Google Patches 78 Vulnerabilities in Android (lien direct) | Google this week released another set of monthly patches for the Android mobile operating system, in an attempt to address no less than 78 security vulnerabilities. | |||
|
2016-10-04 11:50:45 | Information Commissioner Talks Privacy Laws in Post-Brexit UK (lien direct) | 
|
|||
|
2016-10-04 11:26:44 | Apple to Revoke Trust in WoSign Certificates (lien direct) | After Mozilla announced that it might ban new certificates issued by Chinese certificate authority (CA) WoSign and its subsidiary StartCom for at least one year, Apple has decided to take measures. | |||
|
2016-10-04 09:52:31 | EMC Patches Critical Flaws in VMAX Storage Products (lien direct) | Researchers at vulnerability management services provider Digital Defense have identified a total of six flaws in the administration interface of EMC VMAX enterprise storage products. | |||
|
2016-10-03 17:21:39 | OpenJPEG Flaw Allows Code Execution via Malicious Image Files (lien direct) | An update released last week for the OpenJPEG library addresses several bugs and important security issues, including a flaw that can be exploited to execute arbitrary code using specially crafted image files. | |||
|
2016-10-03 16:42:32 | DressCode Malware Infects 400 Apps in Google Play (lien direct) | A recently discovered mobile malware family called DressCode has infected over 400 applications that are being distributed via Google Play, Trend Micro security researchers warn. |
To see everything:
Our RSS (filtrered)
