What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-01-10 16:28:20 | Two New Edge Exploits Integrated into Sundown Exploit Kit (lien direct) | Two recently published proof-of-concept exploits targeted Microsoft Edge were recently integrated into the Sundown Exploit Kit. | |||
|
2017-01-09 22:50:51 | MongoDB Attacks Jump From Hundreds to 28,000 In Just Days (lien direct) | Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. | |||
|
2017-01-09 22:18:30 | St. Jude Medical Patches Vulnerable Cardiac Devices (lien direct) | St. Jude Medical patched the Merlin@home Transmitter, addressing flaws made public last year in a controversial disclosure by MedSec Holdings and Muddy Waters. | |||
|
2017-01-09 19:41:24 | Hello Kitty Database of 3.3 Million Breached Credentials Surfaces (lien direct) | A database of 3.3 million Hello Kitty users tied to a 2015 breach surfaced over the weekend exposing thousands of minors to potential credential theft. | |||
|
2017-01-09 19:26:41 | Following Extortion Attempt, Gaming Network ESEA Breached, 1.5M Profiles Leaked (lien direct) | Data purportedly belonging to 1.5 million members of the video gaming community ESEA, or the E-Sports Entertainment Association League, was leaked over the weekend. | |||
|
2017-01-09 17:46:36 | (Déjà vu) US Voting Systems Deemed Critical Infrastructure (lien direct) | The Department of Homeland Security has designated the U.S. voting infrastructure as critical infrastructure. | |||
|
2017-01-06 21:03:12 | Google Patches Android Custom Boot Mode Vulnerability (lien direct) | IBM's X-Force security team discovers a high-risk vulnerability in the Android platform opening phones up to DoS and elevation of privilege vulnerabilities. | |||
|
2017-01-06 17:00:42 | Threatpost News Wrap, January 6, 2017 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including on this week's U.S. Senate Committee on Armed Service hearing, the Burlington Electric 'Hack', FireCrypt, and Security Without Borders. | |||
|
2017-01-05 22:05:57 | Experts Warn of Novel PDF-Based Phishing Scam (lien direct) | Security experts are warning of an active phishing campaign that utilizes PDF attachments in a novel ploy to harvest email credentials from victims. | |||
|
2017-01-05 21:57:09 | FTC: D-Link Failed to Secure Routers, IP Cameras (lien direct) | The FTC alleged Thursday that D-Link neglected to adequately secure its wireless routers and IP cameras, putting its consumers at risk. | |||
|
2017-01-05 19:53:55 | Attacks On MongoDB Rise As Hijackings Continue (lien direct) | Open MongoDB databases are being targeted by criminals who are deleting the contents and asking for a ransom. | |||
|
2017-01-05 18:14:12 | U.S. Intelligence Report Due Next Week on Election Hack (lien direct) | The U.S. intelligence committee is expected to publish an unclassified report on Russia's involvement with influencing the presidential election. | |||
|
2017-01-05 17:50:59 | FireCrypt Ransomware Contains DDoS Functionality (lien direct) | In addition to encrypting files, a new strain of ransomware, FireCrypt, also attempts to carry out a weak DDoS attack. | ★★ | ||
|
2017-01-05 14:00:42 | Claudio Guarnieri on Security Without Borders (lien direct) | Security researcher and activist Claudio Guarnieri talks to Mike Mimoso about a new project announced last week at the Chaos Communication Congress called Security Without Borders. | |||
|
2017-01-04 20:44:10 | FTC Issues Public Challenge to Improve IoT Patching (lien direct) | The FTC announced the IoT Home Inspector Challenge, a contest with the goal of coming up with a patching solution fit for consumer-grade connected devices used in the home. | |||
|
2017-01-04 19:01:06 | What Hack? Burlington Electric Speaks Out (lien direct) | Burlington Electric Department general manager Neale Lunderville speaks out about last week's incident and response to reports the electric grid had been hacked. | |||
|
2017-01-04 18:33:01 | Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm (lien direct) | Google patched a critical hole in its problematic Android Mediaserver component that could have allowed an attacker to use email, web browsing, and MMS processing of media files to remotely execute code. | |||
|
2017-01-04 14:30:23 | Costin Raiu on the Importance of Using YARA (lien direct) | Kaspersky Lab's Costin Raiu talks about the benefits of taking the YARA training class available at SAS 2017. | |||
|
2017-01-03 21:28:54 | Box.com Plugs Account Data Leakage Flaw (lien direct) | Confidential documents and data belonging to Box.com users were accessible via search engine queries. Box.com has "fixed" the issue. | |||
|
2017-01-03 20:56:51 | Vermont Grid \'Hack\' Latest Tumble Down Attribution Rabbit Hole (lien direct) | The rush to connect a security incident at a Vermont utility to Russian government hackers is more evidence of the challenges around attribution. | |||
|
2017-01-03 20:40:46 | Pentagon Subcontractor Inadvertently Leaks 11 Gigs of Sensitive Data (lien direct) | A security researcher claims that data belonging to doctors deployed in the United States Special Operations Command was left unsecured online. | |||
|
2016-12-30 19:30:10 | FBI-DHS Report Links Fancy Bear Gang to Election Hacks (lien direct) | Joint report “Grizzly Steppe†implicates Russian hacking group Fancy Bear in U.S. election-related hacking. | APT 29 APT 28 | ||
|
2016-12-29 19:20:38 | PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities (lien direct) | Critical remote code execution vulnerabilities in PHPMailer and SwiftMailer, libraries used to send emails via PHP, were patched this week. | |||
|
2016-12-29 16:30:28 | Threatpost 2016 Year in Review (lien direct) | Threatpost writers recap 2016's biggest news stories, including the proliferation of IoT botnets, ransomware, the FBI vs. Apple story, and more. | |||
|
2016-12-28 14:00:30 | Four New Normals for 2017 (lien direct) | Ransomware, insecure connected devices, bug bounties and governments buying bugs: All four ceased to be novelties in 2016; they're all new normals for cybersecurity. | |||
|
2016-12-28 09:00:26 | Android Trojan Switcher Infects Routers via DNS Hijacking (lien direct) | A new Android Trojan, Switcher, uses victims' devices to infect WiFi routers and funnel users of the network to malicious sites. | |||
|
2016-12-27 18:22:54 | PHPMailer Bug Leaves Millions of Websites Open to Attack (lien direct) | A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack. | |||
|
2016-12-23 22:19:23 | Clever Facebook Hack Reveals Private Email Address of Any User (lien direct) | A bug bounty hunter earned $5,000 for a Facebook hack that allowed him to bypass security protection and access any Facebook user's true email address. | |||
|
2016-12-23 17:06:45 | Cisco Warns of Critical Flaw in CloudCenter Orchestrator Systems (lien direct) | Cisco is warning customers of a privilege escalation flaw in Cisco CloudCenter Orchestrator systems that could allow an attacker to gain root privileges on affected systems. | |||
|
2016-12-23 14:21:31 | Apple Delays App Transport Security Deadline (lien direct) | Apple extended the deadline of Dec. 31 for developers adopt App Transport Security standards for applications submitted to the App Store. | |||
|
2016-12-22 17:33:43 | NIST Calls for Submissions to Secure Data Against Quantum Computing (lien direct) | NIST has made a public plea for submissions for new crypto algorithms that can stand up against quantum computing and protect data. | |||
|
2016-12-22 17:28:37 | Siemens Patches Insufficient Entropy Vulnerability in ICS Systems (lien direct) | German industrial giant Siemens has provided a firmware update addressing software vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware. | |||
|
2016-12-22 11:00:55 | Congressional Group Says Encryption Backdoors Are a Bad Idea (lien direct) | Members of the bipartisan encryption working group released a year-end report concluding that encryption backdoor laws would do more harm than good. | |||
|
2016-12-21 18:12:04 | New Wave of Hailstorm Spam Pelts Inboxes (lien direct) | Spammers are turning to an old technique known as hailstorm to slip past anti-spam and anti-malware filters to deliver Dridex banking malware and Locky ransomware. | |||
|
2016-12-21 14:00:57 | Panasonic, IOActive Clash on Vulnerability Report (lien direct) | Panasonic Avionics has pushed back against research released Tuesday by IOActive disclosing vulnerabilities in in-flight entertainment systems. | |||
|
2016-12-20 20:34:13 | Wassenaar Renegotiation Will Be in Trump Administration\'s Hands (lien direct) | Now that a proposed revision to the Wassenaar Arrangement has been rejected, it will be up to the Trump administration to decide whether to attempt to renegotiate again. | |||
|
2016-12-20 15:50:55 | New Decryptor Unlocks CryptXXX v3 Files (lien direct) | Researchers have neutralized the threat of the latest strain of CryptXXX v.3 ransomware, releasing a decryption tool for unlocking files. | |||
|
2016-12-20 14:00:48 | Fraudulent Video Ad Bot Rakes in Close to $5 Million Daily (lien direct) | An cybercrime group from Russia earns $3 million to $5 million daily through defrauding major U.S. websites of video ad revenue. | |||
|
2016-12-20 13:10:46 | In-Flight Entertainment System Flaws Put Passenger Data at Risk (lien direct) | IOActive researchers disclosed vulnerabilities in Panasonic Avionics In-Flight Entertainment systems that could be abused to manipulate flight data shown to passengers, or steal their personal information. | |||
|
2016-12-19 21:43:01 | ShadowBrokers Dump Came from Internal Code Repository, Insider (lien direct) | Researchers at Flashpoint said their analysis of the latest ShadowBrokers dump of NSA tools leads them to believe an insider with access to a code repository stole the data. | Guideline | ||
|
2016-12-19 20:15:45 | Google Unveils Cryptographic Library Test Suite Wycheproof (lien direct) | Google on Monday announced Project Wycheproof, a collection of unit tests designed to help check for weaknesses in cryptographic algorithms. | |||
|
2016-12-19 18:42:51 | Stolen Yahoo Data Sold to Spammers, One Government Client (lien direct) | Experts at InfoArmor said the stolen database of 1 billion Yahoo accounts has been sold multiple times for at least $300,000 each time. | Yahoo | ||
|
2016-12-19 17:18:32 | Insecure NAS Device Exposes 350 Ameriprise Investment Accounts (lien direct) | A trove of data belonging to Ameriprise Financial was found earlier this month and included Social Security number, decryption keys and confidential internal company documents. | |||
|
2016-12-17 14:00:18 | SQL Injection Attack is Tied to Election Commission Breach (lien direct) | A hacker offered to sell an unpatched system vulnerability in the U.S. Election Assistance Commission website on the Dark Web for “thousands†of dollars. | |||
|
2016-12-16 16:14:00 | Remote Code Execution Bug Found in Ubuntu Quantal (lien direct) | A remote code execution bug in Ubuntu Desktop was patched; the vulnerability affected all default installations of Quantal version 12.10 and later. | |||
|
2016-12-16 16:00:13 | Nagios Core Patches Root, RCE Vulnerabilities (lien direct) | Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software. | |||
|
2016-12-16 15:00:28 | Tales of WordPress Plugin Insecurity Overblown, Researchers Say (lien direct) | The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it's not as bad as it seems, experts claim. | |||
|
2016-12-16 14:00:18 | Threatpost News Wrap, December 16, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week including Yahoo's latest breach announcement, a DDoS-for-hire crackdown, hackers seeking help with Mirai, and some new Adobe patches. | Yahoo | ★★★★★ | |
|
2016-12-15 18:56:45 | DNSChanger Exploit Kit Hijacks Routers, Not Browsers (lien direct) | An exploit kit called DNSChanger is attacking routers, not browsers, through a malvertising campaign. | ★★★ | ||
|
2016-12-15 18:46:02 | Microsoft, Google to Block Flash by Default in Edge, Chrome (lien direct) | Microsoft followed Google's lead and said it will soon block Flash Player by default in the Edge browser. | Guideline |
To see everything:
Our RSS (filtrered)
