Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-01 14:35:18 |
Betabot Starts Delivering Cerber Ransomware (lien direct) |
Betabot, a piece of malware that has been around for years, recently started to deliver ransomware to compromised computers, Invincea reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-01 12:45:32 |
IoT Botnet Targets Olympics in 540Gbps DDoS Attacks (lien direct) |
The 2016 Rio Olympics weren't all about the games, but also about overcoming some of the largest distributed denial of service (DDoS) attacks, Arbor Networks researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-01 12:29:52 |
Cisco Fixes Severe Flaws in WebEx, Small Business Products (lien direct) |
Cisco informed customers on Wednesday that it has released software and firmware updates for some of its products in an effort to address several vulnerabilities rated as having critical, high and medium severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-01 12:07:39 |
Running in Front of the Open Source Parade (lien direct) |
There is simply no denying that the adoption of open source components in software development is pervasive and will continue to expand. Black Duck, an open source security firm, noted in their “State of Open Source Security in Commercial Applications, 2016†report that 67 percent of the applications tested had some form of open source component.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-01 10:26:15 |
RIG Developers Testing New Exploits, C&C Patterns (lien direct) |
The developers of the RIG exploit kit appear to be testing new infection methods and a different type of URL pattern for command and control (C&C) communications that could help the threat evade detection.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-01 08:51:45 |
University Finds Flaws in Report on St. Jude Medical Device Security (lien direct) |
Researchers from the University of Michigan have analyzed the MedSec report describing serious vulnerabilities in St. Jude Medical products and determined that the security firm may have reached inaccurate conclusions.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-09-01 03:11:38 |
Malicious Office Docs Install Proxies to Spy on HTTPS Traffic (lien direct) |
Malicious Microsoft Office documents have long been used to deliver malware onto the computers of unsuspecting users, but it appears that attackers are now abusing them in a new manner: to install rogue proxies.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 21:59:16 |
Kimpton Hotels Confirms Point-of-Sale Systems Were Hacked (lien direct) |
After launching an investigation in July after unauthorized charges were identified on payment cards u
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 17:48:31 |
SWIFT Discloses Additional Bank Attacks (lien direct) |
In a private letter to its members on Tuesday, SWIFT has disclosed that additional cyber attacks have surfaced since its last update in June.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 17:39:49 |
FairWare Ransomware Deletes Web Files From Linux Servers (lien direct) |
A new piece of malware called FairWare is targeting Linux servers and deleting web folders, while "offering" to restore access to encrypted files for a ransom of 2 Bitcoins (about $1,100).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 16:07:22 |
Adobe Patches Critical Vulnerability in ColdFusion (lien direct) |
Adobe announced on Tuesday the availability of security hotfixes for versions 10 and 11 of ColdFusion, the company's web and mobile application development platform.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 13:53:11 |
BASHLITE Botnets Ensnare 1 Million IoT Devices (lien direct) |
Nearly one million devices have been infected with a piece of malware and abused for distributed denial-of-service (DDoS) attacks, according to an analysis conducted by Level 3 Communications and Flashpoint.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 11:55:26 |
Sensitive User Data Exposed in OneLogin Breach (lien direct) |
Identity management firm OneLogin informed customers on Tuesday that some of the information they stored on the company's servers may have been accessed by hackers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 11:41:28 |
68 Million Exposed in Old Dropbox Hack (lien direct) |
The email addresses and passwords pertaining to a total of 68,648,009 Dropbox accounts have been compromised following a data breach in 2012.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 11:18:43 |
In Information Security, the Only Constant is Change (lien direct) |
As the Greek philosopher Heraclitus famously noted, “the only constant is changeâ€. This statement was as accurate 2,500 years ago as it is now. The world around us changes constantly, often times at a somewhat frenetic pace. The field of information security is no different. Both the organizations we support and the threat landscape we face are changing and evolving constantly.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-31 10:00:48 |
Vulnerabilities Found in CryptWare BitLocker Enhancement Tool (lien direct) |
CryptWare has released an update for its “CryptoPro Secure Disk for BitLocker†tool after researchers discovered a couple of serious vulnerabilities that can allegedly be exploited to backdoor the system and steal sensitive data.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 19:42:24 |
\'Urgent\' Saudi Talks After Cyber Attacks: Media (lien direct) |
Saudi cyber experts held urgent talks on Tuesday after government facilities were hacked, official media reported.
The cyber attacks "in recent weeks targeted government institutions and vital installations in the kingdom," the Saudi Press Agency reported, without identifying the targeted agencies.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 16:33:13 |
Researchers Use WiFi Signals to Read Keystrokes (lien direct) |
Wi-Fi signals can be exploited to recognize keystrokes and a system that can do so has been already created, a newly published research paper reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 16:11:44 |
Okta Launches Identity-driven API Access Management Solution (lien direct) |
Three of today's biggest IT evolutions are digital transformation; a move from binary-based to probability-based security; and the search for a single seamless fabric for related areas of security. In new announcements its Oktane16 conference today, identity firm Okta seeks to cover all three within access management.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 15:59:27 |
Site of BitTorrent App "Transmission" Again Used to Deliver OS X Malware (lien direct) |
The official website for the BitTorrent client Transmission has once again been abused by cybercriminals to deliver a piece of malware designed to target OS X systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 14:29:51 |
Researcher Finds Whitelist Bypass on Google Login Page (lien direct) |
Google's login page is plagued by a whitelist bypass vulnerability that could allow an attacker to redirect users to arbitrary pages or trick them into downloading malicious code, security researcher Aidan Woods claims.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 13:59:58 |
Kaspersky Confirms Lurk Gang Developed Angler Exploit Kit (lien direct) |
Kaspersky Lab has confirmed that the Lurk cybercrime gang, whose members were arrested by Russian police this summer, developed and rented the notorious Angler exploit kit, which disappeared from the scene shortly after the arrests.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 11:27:01 |
Unmodified USB Devices Allow Data Theft From Air-Gapped Systems (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 10:59:11 |
Russian Hackers Attack Two U.S. Voter Databases: Reports (lien direct) |
Russian-based hackers may have been responsible for two recent attempts to breach US voter registration databases in two states, raising fears Moscow is trying to undermine November's presidential election, US media said Monday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 10:49:00 |
What\'s the Real Value of "Cost of Breach" Studies? (lien direct) |
The European Union Agency for Network and Information Security (ENISA) published The cost of incidents affecting CIIs – a review 'of studies concerning the economic impact of cyber-security incidents on critical information infrastructures'.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 09:58:02 |
The Top 3 Threats to Industrial Control Systems (lien direct) |
Adversaries are getting smarter, more efficient, and consequently more successful at penetrating industrial networks. Statistics from a recent Booz Allen Hamilton survey reinforce this fact. The firm surveyed 314 organizations operating Industrial Control Systems (ICS) around the world, and revealed that 34 percent were breached more than twice in the last 12 months. In 2015, ICS operators reported more security incidents to U.S.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-30 08:58:48 |
FBI Warns of Attacks on State Election Systems (lien direct) |
A flash alert issued by the FBI earlier this month warns that unknown threat actors targeted the board of election systems of two U.S. states using widely available security testing tools.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-29 17:04:27 |
Kelihos Botnet Triples in Size Overnight (lien direct) |
The Kelihos botnet has kept a low profile following takedown attempts a few years ago when it was highly active, but has shown significant spikes in activity recently, MalwareTech warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-29 14:53:14 |
US Jury Convicts Russian MP\'s Son for Hacking Scheme (lien direct) |
Roman Valerevich Seleznev, a 32-year-old Russian national known online as “Track2,†has been convicted by a federal jury in the United States for his role in a major hacking scheme that is estimated to have cost banks more than $169 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-29 12:33:10 |
Why Chief Information Security Officers Need Their Own Cockpits (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-29 11:52:57 |
Kaspersky Patches Vulnerabilities in Consumer Products (lien direct) |
Kaspersky Lab has released updates for its consumer products to address several denial-of-service (DoS) and memory disclosure vulnerabilities identified by researchers at Cisco's Talos group.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-29 11:52:21 |
RIPPER ATM Malware Linked to Thailand Heist (lien direct) |
The malicious software used earlier this month to steal 12 million baht ($346,000) from ATMs at banks in Thailand might be a new ATM malware variant called RIPPER, FireEye researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-29 10:50:42 |
iPhone Spyware Spotlights Israel\'s Secretive Surveillance Industry (lien direct) |
The discovery of sophisticated spyware to infiltrate and remotely take control of iPhones without leaving a trace has put a spotlight on Israel's secretive surveillance industry, considered among the world's most advanced.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-29 09:59:40 |
St. Jude Refutes Medical Device Vulnerability Claims (lien direct) |
Medical device manufacturer St. Jude Medical (STJ) has denied that its products are plagued by serious vulnerabilities following a controversial disclosure by MedSec and Muddy Waters that forced the vendor to temporarily suspend trading.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-29 08:21:35 |
User Data Possibly Stolen in Opera Sync Breach (lien direct) |
Norway-based browser company Opera advised Sync customers on Friday to change their passwords after someone hacked the service and possibly accessed user data.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-27 13:48:16 |
Ramnit Banking Trojan Resumes Activity (lien direct) |
After an eight-month pause, the Ramnit Trojan has resurfaced with two new live attack servers and a new command and control (C&C) server, IBM researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 16:57:13 |
F-Secure\'s Mikko Hypponen Talks Cyber Crime and Cyber Unicorns (lien direct) |
At some point in the recent past -- he is not sure exactly when -- F-Secure's Chief Research Officer Mikko Hypponen coined the term 'cyber crime unicorn'. His purpose was to highlight the growing professionalism of cyber criminals; and the term caught on. Now he has asked the question seriously: could a ransomware product actually be a criminal tech unicorn; that is, a start-up business valued at more than $1 billion?
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 16:34:32 |
Industry Reactions to Shadow Brokers Leak: Feedback Friday (lien direct) |
A group calling itself Shadow Brokers has leaked many exploits, implants and other tools allegedly stolen from the NSA-linked Equation Group, and it claims to possess much more information that it's prepared to sell for 1 million Bitcoins.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 14:48:28 |
Locky Ransomware Switches to DLLs for Distribution (lien direct) |
Locky, one of the most popular ransomware families at the moment, has changed its distribution method once again and is now using DLLs for infection, Cyren researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 14:11:01 |
Mozilla Launches Website Security Testing Tool (lien direct) |
Mozilla has released a free tool that allows website developers and administrators to determine if they are using all available security technologies at their full potential.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 13:34:50 |
Answering the "So What" Question on Cyber Threat Intelligence (lien direct) |
Cyber threat intelligence comes in many different flavors that address different problems and different roles within the organization. At the end of the day, however, as with any cyber security-related capability, you need to answer the “so what†question. What does any of this intelligence mean? And does it help us achieve the desired outcome(s)?
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 12:48:20 |
Machine Learning CrowdStrike Joins VirusTotal (lien direct) |
On May 4, VirusTotal (VT) made two specific changes to its policies that were at the time seen as particularly aimed at the nex
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 12:00:57 |
Apple Issues Emergency Fix for iOS Zero-Days: What You Need to Know (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 11:07:52 |
Security Firm Discloses Medical Device Flaws as Part of Investment Strategy (lien direct) |
The stock of medical device manufacturer St. Jude Medical plunged on Thursday after the release of a report describing serious cybersecurity vulnerabilities in the company's products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-26 03:46:08 |
Critical Vulnerabilities Affect Open Source Base Transceiver Stations (lien direct) |
BTS (base transceiver station) products are susceptible to complete takeover because of critical vulnerabilities affecting the underlying software, security firm Zimperium warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-25 16:35:03 |
Millennium Hotels & Resorts Investigating Possible PoS Breach (lien direct) |
Millennium Hotels & Resorts North America (MHR) informed customers on Thursday that it's investigating a possible breach involving the point-of-sale (PoS) systems at over a dozen of its locations in the United States.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-25 14:29:36 |
Researchers Use MiTM Attack Against Ransomware Operator (lien direct) |
Researchers Help Alma Ransomware Victims Decrypt Files By Using MitM Attack Against Operators
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-25 13:51:12 |
Attackers Can Target Enterprises via GroupWise Collaboration Tool (lien direct) |
Enterprise software maker Micro Focus has released patches for its GroupWise collaboration tool to address several critical vulnerabilities that expose organizations to remote attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-25 13:04:22 |
Secret Data Leak Hits French Submarine Maker: Report (lien direct) |
French defense contractor DCNS has been hit by a massive leak of secret data on its submarines likely to alarm India, Malaysia and Chile which use the boats, The Australian newspaper reported on Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2016-08-25 11:46:45 |
10 Ways to Protect Against Dual Revenue Attacks (lien direct) |
To many financially motivated cybercriminals, one of the most valuable commodities is data. But not all data is valued equally. They want data that is fresh, good quality and easily monetized. For credit cards and prepaid cards this translates into low balances and high credit limits or card values. For healthcare data it means health history that includes personally identifiable information.
|
|
|
|