Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 15:31:22 |
Avast Open Sources Machine-Code Decompiler in Battle Against Malware (lien direct) |
In an effort to boost the fight against malicious software, anti-malware company Avast this week announced the release of its retargetable machine-code decompiler as open source.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 13:53:04 |
New Cisco App Helps Organizations Secure iOS Devices (lien direct) |
Cisco on Thursday announced the availability of Security Connector, an iOS application designed to provide organizations visibility and control for mobile devices running Apple's operating system.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 11:34:42 |
Fortinet\'s FortiClient Product Exposed VPN Credentials (lien direct) |
Updates released by Fortinet for its FortiClient product patch a serious information disclosure vulnerability that can be exploited to obtain VPN authentication credentials.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 09:22:24 |
Traffic to Major Tech Firms Rerouted to Russia (lien direct) |
Internet traffic for some of the world's largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 03:11:10 |
U.S. Prosecutors Confirm Uber Target of Criminal Probe (lien direct) |
A letter made public Wednesday in Waymo's civil suit against Uber over swiped self-driving car secrets confirmed the ride-share service is the target of a US criminal investigation.
|
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 02:38:36 |
U.S. Military to Send Cyber Soldiers to the Battlefield (lien direct) |
The US Army will soon send teams of cyber warriors to the battlefield, officials said Wednesday, as the military increasingly looks to take the offensive against enemy computer networks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 21:19:39 |
Security is Not a Technology Profession (lien direct) |
Security is not a technology profession. Or at least it shouldn't be, I would argue. If this sounds like a provocative statement to you, then I am doing my job well. In the end, though, once I've argued my position, I hope you'll come to agree with me.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 20:55:32 |
Three Plead Guilty in Mirai Botnet Attacks (lien direct) |
US officials unveiled criminal charges Wednesday against a former university student and two others in the Mirai botnet attacks which shut down parts of the internet in several countries starting in mid-2016.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 18:14:37 |
New Spider Ransomware Emerges (lien direct) |
A new ransomware family discovered when analyzing a mid-scale campaign that started over the weekend uses decoy documents auto-synced to enterprise cloud storage and collaborations apps, security researchers have say.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 17:55:15 |
Greek Court Orders Extradition of Russian Bitcoin Suspect to US (lien direct) |
Greece's Supreme Court on Wednesday ordered that a Russian accused of laundering $4 billion using bitcoin digital currency be extradited to the United States, a court source said.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 17:37:49 |
Threat Modeling the Internet of Things: Modeling Reaper (lien direct) |
What a timely way to end this series on Threat Modeling the Internet of Things (IoT). An advanced thingbot, nicknamed Reaper (or IoTroop), was recently discovered infecting hordes of IoT devices. Reaper ups the ante for IoT security.
|
Cloud
|
APT 37
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 16:20:59 |
Singapore Ministry of Defence Announces Bug Bounty Program (lien direct) |
Singapore's Ministry of Defence (MINDEF) has invited roughly 300 white hat hackers from around the world to take part in a two-week bug bounty program targeting eight of its Internet-facing systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 15:34:13 |
Philippine Bank Accuses Bangladesh of Heist \'Cover-Up\' (lien direct) |
A Philippine bank on Tuesday accused Bangladesh's central bank of a "massive cover-up" over an $81-million cyber-heist last year, as it rejected allegations it was mostly to blame.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 15:20:20 |
Apple Patches KRACK Flaws in AirPort Base Station (lien direct) |
Apple this week released security updates to the firmware for its AirPort Base Stations to resolve vulnerabilities that make the network routers at risk to Key Reinstallation Attacks (KRACK).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 14:17:30 |
Critical Flaws Found in Palo Alto Networks Security Platform (lien direct) |
Updates released by Palo Alto Networks for the company's PAN-OS security platform patch critical and high severity vulnerabilities that can be exploited for remote code execution and command injection.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 12:54:18 |
AIG Creates New Model to Score Client Cyber Risk (lien direct) |
Insurance giant American International Group said this week that it has developed a new cyber benchmarking model that quantifies and scores the cyber risk of its clients.
The new model, AIG says, evaluates a client's cyber security maturity against 10 common attack patterns across 11 commonly used technology devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 12:31:27 |
Old Crypto Vulnerability Hits Major Tech Firms (lien direct) |
A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world's top websites.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 11:43:10 |
Upstream Security Raises $9 Million to Protect Connected Cars Through the Cloud (lien direct) |
Upstream Security, a Herzliya, Israel-based cybersecurity company that helps protect connected cars and autonomous vehicles from cyber threats, today announced that it has raised $9 million through a Series A funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 06:13:13 |
Trump Signs Bill Banning Kaspersky Products (lien direct) |
U.S. President Donald Trump on Tuesday signed a bill that prohibits the use of Kaspersky Lab products and services in federal agencies.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 20:42:19 |
(Déjà vu) Microsoft Patches 19 Critical Browser Vulnerabilities (lien direct) |
Microsoft's Patch Tuesday updates for December 2017 address more than 30 vulnerabilities, including 19 critical flaws affecting the company's Internet Explorer and Edge web browsers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 20:24:26 |
Machine Learning & Security: Making Users Part of the Equation (lien direct) |
The Best Security Doesn't Exclude Users, it Empowers Them
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 19:38:03 |
Stealthy Admin Accounts Found in Hybrid Office 365 Deployments (lien direct) |
Vulnerability in Azure AD Connect Software Can Provide Stealthy Admins With Full Domain Control
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 19:07:25 |
SAP Becomes CVE Numbering Authority (lien direct) |
Released this week with fixes for 11 vulnerabilities, SAP's Security Patch Day for December 2017 marks a change in the history of SAP patches: it also includes CVE numbers in the titles of the security notes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 17:58:23 |
Millions Impacted by Credential-Stealers in Google Play (lien direct) |
During October and November 2017, Kaspersky Lab researchers discovered 85 applications in Google Play that were designed to steal credentials for Russian social network VK.com. One of the malicious applications had more than a million downloads.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 17:49:20 |
Adobe Patches \'Business Logic Error\' in Flash Player (lien direct) |
The only security update released by Adobe this Patch Tuesday addresses a moderate severity regression issue affecting Flash Player.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 17:45:04 |
Golduck Malware Infects Classic Android Games (lien direct) |
Several classic game applications in Google Play have been silently downloading and installing a malicious APK file onto Android devices, Appthority reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 16:50:01 |
Patchwork Cyberspies Adopt New Exploit Techniques (lien direct) |
Malware campaigns attributed to the Patchwork cyberespionage group have been using a new delivery mechanism and exploiting recently patched vulnerabilities, Trend Micro warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 15:35:27 |
Cloud Security Startup ShieldX Networks Raises $25 Million (lien direct) |
ShieldX Networks, a San Jose, Calif.-based cloud security company, announced that it has closed a $25 million Series B round of funding with participation from new investors including FireEye founder Ashar Aziz, Dimension Data and Symantec Ventures.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 13:34:30 |
Cybersecurity Incidents Hit 83% of U.S. Physicians: Survey (lien direct) |
A majority of physicians in the United States have experienced a cybersecurity incident, and many are very concerned about the potential impact of a cyberattack, according to a study conducted by professional services company Accenture and the American Medical Association (AMA).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 08:11:34 |
Google Researcher Releases iOS 11 Jailbreak Exploit (lien direct) |
Google Project Zero researcher Ian Beer has released a proof-of-concept (PoC) exploit that could pave the way for the first iOS 11 jailbreak.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 02:07:36 |
Facing Dissent From Abroad, Ethiopia Turns to Spyware (lien direct) |
As soon as Ethiopian opposition activist Henok Gabisa read the email, he knew something was not right.
With the subject line "Democracy in Ethiopia: Can it be saved?", the message seemed tailor-made for him.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 21:51:04 |
Synopsys Completes $550 Million Acquisition of Black Duck Software (lien direct) |
Synopsys, a company that provides tools and services for designing chips and electronic systems, has completed its acquisition of Black Duck Software, a privately held company that offers solutions for securing and managing open source software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 21:37:45 |
Malware Isolation Firm Menlo Security Raises $40 Million (lien direct) |
Menlo Security, a provider of malware isolation technology, announced on Monday that it has closed a $40 million Series C funding round, bringing the total amount raised by the company to $85 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 18:58:32 |
\'MoneyTaker\' Hackers Stole Millions from Banks: Report (lien direct) |
A group of Russian-speaking cybercriminals has launched over 20 successful attacks against financial institutions and legal firms in the US, UK and Russia over the past two years, according to cybecrime research firm Group-IB.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 18:29:46 |
Event Logs Manipulated With NSA Hacking Tool Recoverable (lien direct) |
Researchers at security firm Fox-IT have developed a tool that allows investigators to detect the use of specific NSA-linked malware and recover event log data it may have deleted from a machine.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 16:31:26 |
How Safe Are Your Assets in the Cloud? (lien direct) |
When Migrating to Cloud Environments, Visibility is a Must-Have
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 15:44:42 |
Vulnerability Allows Modification of Signed Android Apps (lien direct) |
One of the vulnerabilities patched by Google as part of the December 2017 Android security patches is a High severity bug that could result in tampering with applications' code without altering their signature.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 14:18:00 |
Google May Allow Innovative Use of Android Accessibility Service (lien direct) |
After getting complaints from many developers, Google is evaluating whether it should continue allowing Android applications to use accessibility services for purposes other than assisting people with disabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 13:35:31 |
Database of 1.4 Billion Credentials Found on Dark Web (lien direct) |
Researchers have found a database of 1.4 billion clear text credentials in what appears to be the single largest aggregate database yet found on the dark web. These are not from a new breach, but a compilation of 252 previous breaches, including the previous largest combo list, Exploit.in.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 10:48:18 |
Microsoft Says ERP Product Private Key Leak Posed Little Risk (lien direct) |
It took Microsoft more than 100 days to address a problem related to the use of the same digital certificate for all installations of its Dynamics 365 enterprise resource planning (ERP) product, but the company said the issue posed little risk.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-11 09:09:03 |
Dormant Keylogging Functionality Found in HP Laptops (lien direct) |
A researcher has discovered that a touchpad driver present on hundreds of HP laptops includes functionality that can be abused for logging keystrokes. The vendor has released patches for a vast majority of affected devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-09 13:36:04 |
IoT Botnet Used in Website Hacking Attacks (lien direct) |
Embedded Malware Launches SOCKS Proxy Server on Infected IoT Devices
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-08 19:16:20 |
Onapsis Helps SAP Customers Check GDPR Compliance (lien direct) |
Onapsis, a company that specializes in securing SAP and Oracle business-critical applications, announced this week that it has added automated GDPR compliance capabilities to the Onapsis Security Platform.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-08 18:19:51 |
IT Security Spending to Reach $96 Billion in 2018: Gartner (lien direct) |
Gartner is predicting that worldwide security spend will reach $96 billion dollars in 2018. This is up 8% from the 2017 spend of $89 billion. Interestingly, the latest 2017 and 2018 figures show substantial increases over similar predictions made in August of this year. The earlier prediction has 2017 figures at $86.4 billion with 2018 figures at $93 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-08 16:33:33 |
Fighting Automation with Automation (lien direct) |
Disruptions Caused by Autonomous Malware Could Have Devastating Implications
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-08 16:22:40 |
Orcus RAT Campaign Targets Bitcoin Investors (lien direct) |
In an attempt to benefit from the recent spike in the value of Bitcoin, the authors of a remote access Trojan have started targeting Bitcoin investors with their malicious software, Fortinet has discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-08 15:58:49 |
Microsoft Patches Critical Vulnerability in Malware Protection Engine (lien direct) |
Microsoft this week released an update for the Microsoft Malware Protection Engine (MPE) to address a critical severity remote code execution (RCE) vulnerability in it.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-08 15:46:12 |
NIST Publishes Second Draft of Cybersecurity Framework (lien direct) |
The National Institute of Standards and Technology (NIST) announced this week that it has published a second draft of a proposed update to the “Framework for Improving Critical Infrastructure Cybersecurity,†better known as the NIST Cybersecurity Framework.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-08 14:19:00 |
Rockwell Automation Patches Serious Flaw in FactoryTalk Product (lien direct) |
ICS-CERT informed organizations this week that Rockwell Automation has patched a high severity denial-of-service (DoS) vulnerability in one of its FactoryTalk products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-08 14:02:04 |
Fighting Back Against the Cyber Mafia (lien direct) |
Four distinct groups of cybercriminals have emerged, serving as the new syndicates of cybercrime: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire. This is the central thesis of a new report titled 'The New Mafia: Gangs and Vigilantes'. In this report, the gangs are the criminals and the vigilantes are consumers and businesses -- and the vigilantes are urged to 'fight back'.
|
|
|
|