Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-26 12:58:46 |
Avoid the Breach: Live Webinar 9/27 - Register Now (lien direct) |
Live Webinar: Tuesday, Sept. 27th at 1PM ET
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-26 12:49:42 |
OpenSSL Patch for Low Severity Issue Creates Critical Flaw (lien direct) |
A fix included in the OpenSSL updates released last week introduced a critical vulnerability that could potentially lead to arbitrary code execution, the OpenSSL Project warned on Monday.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-26 11:13:13 |
UK Man Involved in 2012 Yahoo Hack Sentenced to Prison (lien direct) |
The U.K. National Crime Agency (NCA) announced last week that one of the members of an international cybercrime group has been given a two-year jail sentence.
|
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-26 07:56:12 |
Microsoft Removes Windows Journal Due to Security Flaws (lien direct) |
Microsoft has decided to remove the Windows Journal application from its operating systems due to the discovery of several vulnerabilities that can be exploited through specially crafted Journal files.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-25 17:53:48 |
Necurs Botnet Fuels Jump in Spam Email (lien direct) |
The volume of spam email has increased significantly this year, being comparable to record levels observed in 2010. Researchers from Cisco Talos believe the increase has been driven mainly from increased activity of the Necurs botnet.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-24 23:14:41 |
Russia? China? Who Hacked Yahoo, and Why? (lien direct) |
Yahoo's claim that it is the victim of a gigantic state-sponsored hack raises the question of whether it is the latest target for hackers with the backing of Russia, China or even North Korea, experts say.
|
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 17:47:02 |
Kosovo Hacker Linked to IS Group Gets 20 Years in U.S. Prison (lien direct) |
A computer hacker who helped the Islamic State group by providing stolen personal data on more than 1,000 US government and military workers was sentenced Friday to 20 years in prison.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 17:18:44 |
Locky Ransomware Fuels Surge in .RAR, JavaScript Attachments (lien direct) |
Locky malware, currently one of the most active ransomware threats, has influenced a transition to new types of attachments used in malicious emails, Trend Micro researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 16:18:05 |
Cybercriminals Developing Biometric Skimmers for ATM Attacks (lien direct) |
Banks are improving ATM authentication mechanisms in an effort to prevent fraud, but cybercriminals have already started developing the tools and techniques they need to bypass these modern security systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 15:32:05 |
DDoS Attacks Are Primary Purpose of IoT Malware (lien direct) |
As the Internet of Things (IoT) market expands, the number of malware threats targeting the segment is rising as well. The ultimate goal for many of these IoT threats is to build strong botnets in order to launch distributed denial of service (DDoS) attacks, Symantec researchers say.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 14:48:03 |
Xiny Android Trojans Can Infect System Processes (lien direct) |
Mobile malware from the Xiny family of Android Trojans are capable of infecting the processes of system applications and of downloading malicious plug-ins into the infected programs, Doctor Web researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 13:42:03 |
Disaster Recovery: Confidence High, Experience Low (lien direct) |
With everything moving to the cloud, it is little surprise that Disaster Recovery (DR) is now also offered as cloud-based DRaaS. The majority of organizations still employ on-premise DR, but cloud usage is growing. A new survey investigates how and why UK businesses are employing DR; how they rate their existing DR readiness, and whether they are considering a move to cloud.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 13:10:30 |
Yahoo! Pressed to Explain Massive \'State Sponsored\' Hack (lien direct) |
Type:
Story
Image:
Link:
Yahoo! Pressed to Explain Massive 'State Sponsored' Hack
Yahoo! Pressed to Explain Massive 'State Sponsored' Hack
![](http://feeds.feedburner.com/~r/Securityweek/~4/3VOksSMyQSA) |
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 12:14:35 |
Yahoo Pressed to Explain Huge \'State Sponsored\' Hack (lien direct) |
Yahoo faced pressure Friday to explain how it sustained a massive cyber-attack -- one of the biggest ever, and allegedly state-sponsored -- allowing hackers to steal data from half a billion users two years ago.
|
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 11:28:31 |
EFF Warns Police, Courts About Unreliability of IP Addresses (lien direct) |
A report published this week by the Electronic Frontier Foundation (EFF) warns about the misuse of IP addresses by police and courts, and makes recommendations on how such information can be used efficiently.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-23 09:06:31 |
Hosting Provider OVH Hit by 1 Tbps DDoS Attack (lien direct) |
OVH, one of the world's largest hosting companies, reported on Thursday that its systems were hit by distributed denial-of-service (DDoS) attacks that reached nearly one terabit per second (Tbps).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 22:52:09 |
Ursnif Banking Trojan Uses New Sandbox Evasion Techniques (lien direct) |
The actor behind the Ursnif banking Trojan has been using new evasive macros in their latest infection campaign, demonstrating continuous evolution of tools and techniques, Proofpoint researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 21:50:53 |
U.S. Lawmakers: Russian Hackers Aim to Disrupt Election (lien direct) |
Two US lawmakers who are members of their respective intelligence committees said Thursday that a spate of recent cyber attacks suggests Russia is trying to disrupt the November election.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 19:08:03 |
Yahoo Confirms Massive Data Breach of 500 Million Accounts (lien direct) |
Following rumors that an announcement was soon to come, Yahoo! said Thursday that hackers managed to access data from at least 500 million user accounts in a cyberattack dating back to 2014.
|
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 17:12:10 |
Organizations Exposed to Attacks by Flaws in Kerio Firewalls (lien direct) |
Several important vulnerabilities affecting a firewall product from Kerio Technologies can be exploited by remote attackers to completely compromise an organization's internal network, SEC Consult warned on Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 16:05:06 |
Privileged Credentials Remain Security Weak Point (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 15:47:50 |
Google to Revoke OAuth 2.0 Tokens Upon Password Reset (lien direct) |
A new OAuth 2.0 token revocation rule will soon cause third-party mail apps to stop syncing data upon user password change, Google revealed on Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 13:18:28 |
Is it Finally Time for Open Security? (lien direct) |
One of the distinct advantages of working in the IT industry for over 35 years is all of the direct and indirect experience that brings, as well as the hindsight that comes with that.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 13:16:43 |
Over a Dozen Vulnerabilities Patched in OpenSSL (lien direct) |
The OpenSSL Project announced on Thursday that more than a dozen vulnerabilities have been patched in OpenSSL with the release of versions 1.1.0a, 1.0.2i and 1.0.1u.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 11:51:47 |
The Latest Must-Have Car Accessory: Security (lien direct) |
Fall is a great time of year. The kids go back to school. The weather begins to cool and the leaves change. Lord Football returns to his autumnal throne. Television shows return for a new season.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 11:23:30 |
Flaws in Cisco Cloud Services Platform Allow Command Execution (lien direct) |
Cisco's Cloud Services Platform (CSP), a product that is part of the company's virtual networking offering, is plagued by two serious vulnerabilities that can be exploited by remote attackers to execute arbitrary code and commands.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 10:02:53 |
Restriction Bypass, XSS Flaws Patched in Drupal 8 (lien direct) |
The developers of the Drupal content management system (CMS) announced on Wednesday the availability of versions 8.1.10 and 8.2.0-rc2, which address three potentially serious vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-22 00:39:03 |
Twitter Sees Jump in Official Requests to Remove Posts (lien direct) |
Twitter saw a jump in official requests to remove posts in the first half of this year, the company said Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 16:48:58 |
Firefox 49 Patches Critical, High Severity Vulnerabilities (lien direct) |
Mozilla has patched many critical and high severity vulnerabilities this week with the release of Firefox 49, including a recently disclosed certificate pinning issue that exposes users to man-in-the-middle (MitM) attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 16:40:02 |
Washington Post Takes Heat for Snowden Prosecution Call (lien direct) |
A Washington Post editorial arguing for the prosecution of intelligence leaker Edward Snowden has sparked an outcry in the media community -- including from some of the newspaper's own journalists.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 16:19:34 |
94% of Cloud Services Not GDPR Compliant: Report (lien direct) |
According to an analysis of more than 20,000 cloud services, only 6% can claim to be fully compliant with the European Union's General Data Protection Regulation (GDPR).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 14:54:16 |
Tordow Android Trojan Gets Root Privileges for New Attacks (lien direct) |
A newly detailed Android banking Trojan is capable of performing new types of attacks by gaining root privileges on the infected devices, Kaspersky Lab researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 14:46:18 |
Reports Outline Current Threat Landscape (lien direct) |
Check Point has published two major reports into the current threat landscape: its own 2016 Security Report, and the SANS Exploits at the Endpoint: SANS 2016 Threat Landscape Survey (sponsored by Check Point).
Check Point 2016 Security Report
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 14:11:08 |
macOS 10.12 Patches Over 60 Vulnerabilities (lien direct) |
Apple on Tuesday released the final version of macOS Sierra 10.12 as a free update and announced that no less than 65 security vulnerabilities were addressed in this operating system version.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 13:41:32 |
Version 3 of Qadars Trojan Targets UK Banks (lien direct) |
The customers of 18 banks in the United Kingdom have been targeted by cybercriminals in a campaign leveraging the latest major version of the Qadars banking Trojan.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 13:02:25 |
BlackBerry Teams With Zimperium on Mobile Threat Protection (lien direct) |
BlackBerry and mobile security firm Zimperium have announced that
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 13:01:49 |
HDDCryptor Leverages Open Source Tools to Encrypt MBR (lien direct) |
Malware that uses open source tools for malicious purposes isn't new, yet ransomware leveraging such tools to encrypt the entire hard drive by rewriting the MBR (Master Boot Record) is, researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 11:42:08 |
Three Questions Every ICS Security Team Should Ask (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 11:23:54 |
Over 840,000 Cisco Devices Affected by NSA-Linked Flaw (lien direct) |
An IOS software vulnerability identified recently by Cisco while analyzing the firewall exploits leaked by the group calling itself Shadow Brokers has been found to affect hundreds of thousands of devices located around the world.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 11:15:44 |
German Political Parties Hit by Cyber Attacks (lien direct) |
German political parties have fallen victim to a new round of cyber attacks, documents showed Wednesday, after Berlin's domestic spy agency accused Russia of a series of operations aimed at spying and sabotage.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-21 07:18:37 |
Brian Krebs\' Blog Hit by 665 Gbps DDoS Attack (lien direct) |
Investigative cybercrime journalist Brian Krebs reported on Tuesday that his website, KrebsOnSecurity.com, was hit by a massive distributed denial-of-service (DDoS) attack that could be the largest in history.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-20 17:38:03 |
BINOM3 Energy Meters Vulnerable to Remote Attacks (lien direct) |
BINOM3, a multifunctional revenue energy meter and power quality analyzer from Russia-based Algoritm, is plagued by several serious vulnerabilities for which patches don't appear to exist.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-20 16:03:33 |
CloudFlare Adds Support for TLS 1.3 (lien direct) |
CloudFlare announced on Tuesday the introduction of three new encryption features, including support for TLS 1.3, automatic HTTPS rewrites and opportunistic encryption.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-20 15:16:39 |
SWIFT Moves to Combat Inter-Bank Fraud (lien direct) |
The Society for Worldwide Interbank Financial Telecommunication, better known as SWIFT, announced Tuesday that it will be introducing two new Daily Validation Reports to supplement its customers' existing fraud reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-20 12:07:28 |
Enhancing Communication Between Security and DevOps (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-20 11:51:41 |
Flaw Allowed Hackers to Hijack Facebook Pages (lien direct) |
An Indian researcher earned a significant bug bounty from Facebook after discovering a serious vulnerability that could have been exploited to hijack Facebook pages.
The flaw, identified by Arun Sureshkumar, affected Facebook Business Manager, a free tool that allows users to manage ad accounts, pages, apps and the people who work on them.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-20 11:35:00 |
Why Data Reduction is Key for Meaningful Visualizations (lien direct) |
As many of you are aware, I have spent quite a bit of time in Security Operations Centers (SOCs) over the course of my career. I remember one particular experience like it was yesterday. A high ranking executive came through for a whirlwind tour that literally lasted about 17 seconds. On her way out, she screamed, “I need more pictures on those big screens!â€.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-20 07:54:57 |
Chinese Researchers Remotely Hack Tesla Model S (lien direct) |
Security researchers from China-based tech company Tencent have identified a series of vulnerabilities that can be exploited to remotely hack an unmodified Tesla Model S while it's parked or on the move.
|
|
Tesla
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-19 16:35:48 |
OpenSSL to Patch High Severity Vulnerability (lien direct) |
The OpenSSL Project announced on Monday that it will soon release updates that patch several vulnerabilities, including one rated as having “high†severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-19 16:02:53 |
BlackBerry CSO Talks Enterprise Mobility Management (lien direct) |
Any organization that operates a mobile work policy, whether that's through a Bring Your Own Device (BYOD) or company owned device approach, must consider an enterprise mobility management system. Gartner recently published a Magic Quadrant to help organizations choose which products to consider.
|
|
|
|