Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-08-22 22:21:02 |
Employees connect nuclear plant to the internet so they can mine cryptocurrency (lien direct) |
The Ukrainian Secret Service is investigating the incident as a potential security breach. |
|
|
|
|
2019-08-22 18:08:00 |
Valve patches recent Steam zero-days, calls turning away researcher \'a mistake\' (lien direct) |
Valve also updates bug bounty rules to prevent similar incidents from happening again. |
|
|
|
|
2019-08-22 15:46:05 |
Chrome devs propose Privacy Sandbox to balance ad targeting & user privacy (lien direct) |
New technical spec will allow advertisers to track users in groups and categories, rather than individually. |
|
|
|
|
2019-08-22 13:13:01 |
UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks (lien direct) |
NCSC likens companies continuing to use Python 2 past its EOL to tempting another WannaCry or Equifax incident. |
|
Wannacry
Equifax
|
|
|
2019-08-22 10:16:05 |
Open-source spyware makes it on the Google Play Store (lien direct) |
Spyware based on two-year-old AhMyth RAT makes past Play Store's scans, despite not being anything special. |
|
|
|
|
2019-08-22 09:05:01 |
US military veterans swindled out of millions by former army employee (lien direct) |
Millions of dollars were stolen from those who have served after their PII was taken. |
|
|
|
|
2019-08-21 22:39:00 |
A botnet has been cannibalizing other hackers\' web shells for more than a year (lien direct) |
Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells. |
|
|
|
|
2019-08-21 16:00:00 |
Intel, IBM, Google, Microsoft & others join new security-focused industry group (lien direct) |
New Confidential Computing Consortium will promote the use of TEEs (trusted execution environments). |
|
|
|
|
2019-08-21 12:52:05 |
Suspected Capital One hacker requests release from jail on health grounds (lien direct) |
It is believed the alleged cybercriminal stole information belonging to 100 million citizens. |
|
|
|
|
2019-08-21 12:45:02 |
(Déjà vu) Researcher publishes second Steam 0-day after getting banned on Valve\'s bug bounty program (lien direct) |
Valve gets heavily criticized for mishandling a crucial bug report. |
|
|
|
|
2019-08-21 12:45:00 |
Researcher publishes second Steam zero day after getting banned on Valve\'s bug bounty program (lien direct) |
Valve gets heavily criticized for mishandling a crucial bug report. |
|
|
|
|
2019-08-21 12:08:00 |
SEC charges rating service $269,000 for hiding ICO touting payments (lien direct) |
The company failed to mention some Initial Coin Offerings were paying for inclusion. |
|
|
|
|
2019-08-21 10:00:00 |
(Déjà vu) Apple, Google, and Mozilla block Kazakhstan\'s HTTPS intercepting certificate (lien direct) |
Kazakhstan government's root certificate banned inside Chrome, Firefox, and Safari. |
|
|
|
|
2019-08-21 10:00:00 |
Google and Mozilla block Kazakhstan\'s HTTPS intercepting certificate (lien direct) |
Kazakhstan government's root certificate banned inside Chrome and Firefox. |
|
|
|
|
2019-08-21 09:02:00 |
Cancer research organizations are now the focus of Chinese hacking groups (lien direct) |
One way to speed up research? Steal it. |
|
|
|
|
2019-08-20 22:57:01 |
Moscow\'s blockchain voting system cracked a month before election (lien direct) |
French researcher nets $15,000 prize for finding bugs in Moscow's Ethereum-based voting system. |
|
|
|
|
2019-08-20 16:02:00 |
Backdoor code found in 11 Ruby libraries (lien direct) |
RubyGems staff have removed 18 malicious Ruby library versions that have been downloaded 3,584 times since July 8. |
|
|
|
|
2019-08-20 12:14:01 |
Unpatchable security flaw found in popular SoC boards (lien direct) |
Xilinx Zynq UltraScale+ SoCs are normally used in automotive, aviation, consumer electronics, industrial, and military components. |
|
|
|
|
2019-08-20 11:28:01 |
Vulnerabilities in Google Nest Cam IQ can be used to hijack the camera, leak data (lien direct) |
The indoor security device was subject to bugs which threatened user privacy. |
|
|
|
|
2019-08-20 09:26:00 |
Adult website data leak connected private users to content uploads (lien direct) |
An open database provided full access to user emails and the content they uploaded, liked, and shared. |
|
|
|
|
2019-08-20 00:27:00 |
Facebook awards $100,000 prize for new code isolation technique (lien direct) |
Facebook awards the 2019 Internet Defense Prize to a team of German researchers for their work on ERIM. |
|
|
|
|
2019-08-19 19:51:00 |
Twitter bans 936 accounts managed by the Chinese state, aimed at Hong Kong protests (lien direct) |
Twitter will also stop accepting ads paid for by state-run news agencies. |
|
|
|
|
2019-08-19 18:47:02 |
Backdoor found in Webmin, a popular web-based utility for managing Unix servers (lien direct) |
Backdoored Webmin versions were available for download for more than a year through the official site. |
|
|
|
|
2019-08-19 18:00:00 |
Facebook to pay researchers to hunt down Instagram apps that abuse user data (lien direct) |
Facebook expands Data Abuse Bounty program to Instagram apps. |
|
|
|
|
2019-08-19 11:29:04 |
Malicious Android photography, gaming apps downloaded 8 million times from Google Play (lien direct) |
Users of 85 apps were spammed with relentless fullscreen advertising. |
|
|
|
|
2019-08-19 10:36:01 |
IRS begins tax clampdown on unreported cryptocurrency profits (lien direct) |
If you've been trading but not declaring, the tax service might be on your case. |
|
|
|
|
2019-08-19 09:18:05 |
UK hacker-for-hire jailed for role in SIM-swapping attacks, data theft (lien direct) |
The teenager touted his services in exchange for cryptocurrency. |
|
|
|
|
2019-08-18 22:54:00 |
Degrading Tor network performance only costs a few thousand dollars per month (lien direct) |
Attackers can flood Tor's bridges with just $17k/month, Tor's load balancers for only $2.8k/month, academics say. |
|
|
|
|
2019-08-18 19:31:02 |
Hy-Vee issues warning to customers after discovering point-of-sale breach (lien direct) |
Company doesn't know what locations were impacted, but it's warning customers early so they can keep an eye out for suspicious transactions. |
|
|
|
|
2019-08-18 14:04:00 |
Over 20 Texas local governments hit in \'coordinated ransomware attack\' (lien direct) |
Infection blamed on a strain of ransomware known only as the ".JSE ransomware." |
Ransomware
|
|
|
|
2019-08-17 06:49:04 |
Google wants to reduce lifespan for HTTPS certificates to one year (lien direct) |
A Google proposal would cut lifespan of SSL certificates from 825 days to 397 days. |
|
|
|
|
2019-08-16 11:34:00 |
Apple files lawsuit against Corellium for flogging virtual iOS copies for security tests (lien direct) |
The copies are marketed for security research. Apple disputes the validity of the business model. |
|
|
|
|
2019-08-16 10:53:04 |
UK watchdog to investigate King\'s Cross facial recognition tech used to spy on public (lien direct) |
Thousands of people pass through the busy London area on a daily basis. |
|
|
|
|
2019-08-15 11:57:02 |
DanaBot banking Trojan jumps from Australia to Germany in quest for new targets (lien direct) |
The malware has evolved from a basic threat to profitable, global crimeware. |
Malware
Threat
|
|
|
|
2019-08-15 11:06:02 |
(Déjà vu) 700,000 Choice Hotels records leaked in data breach, ransom demanded (lien direct) |
Researchers found the unsecured database, but hackers got there first. |
|
|
|
|
2019-08-15 10:18:01 |
Trend Micro fixes privilege escalation security flaw in Password Manager (lien direct) |
The vulnerability could be used for privilege escalation and code execution attacks. |
Vulnerability
|
|
|
|
2019-08-14 16:53:00 |
Capital One hacker took data from more than 30 companies, new court docs reveal (lien direct) |
New court documents reveal the government is investigating the Capital One hacker for 30+ other breaches. |
|
|
|
|
2019-08-14 12:43:00 |
Major biometrics data leak impacts UK Metropolitan Police, banks, enterprise companies (lien direct) |
Millions of records including biometric information and fingerprints were exposed. |
|
|
|
|
2019-08-14 11:19:03 |
Facebook is the latest tech giant to admit contractors are snooping on your conversations (lien direct) |
Following the example of Apple and Google, Facebook has also “paused” the program, for now. |
|
|
|
|
2019-08-14 10:35:00 |
Adobe security patch update tackles Photoshop, Acrobat, Reader, and more (lien direct) |
A wide range of software and critical security issues are included this month. |
|
|
|
|
2019-08-13 19:44:04 |
Microsoft August 2019 Patch Tuesday fixes 93 security bugs (lien direct) |
Of the 93 vulnerabilities Microsoft patched today, 29 are rated Critical and 64 are rated Important in severity. |
|
|
|
|
2019-08-13 18:39:03 |
Microsoft warns of two new \'wormable\' flaws in Windows Remote Desktop Services (lien direct) |
Microsoft warns of BlueKeep II & III. Says they're wormable, just like the original BlueKeep vulnerability. |
|
|
|
|
2019-08-13 18:02:03 |
Vulnerability in Microsoft CTF protocol goes back to Windows XP (lien direct) |
Insecure CTF protocol allows hackers to hijack any Windows app, escape sandboxes, get admin rights. |
Vulnerability
|
|
★★★★
|
|
2019-08-13 12:32:01 |
Steam vulnerability reportedly exposes Windows gamers to system hijacking (lien direct) |
The researcher was asked not to disclose the bug but did so anyway. |
Vulnerability
|
|
|
|
2019-08-13 10:04:02 |
Four major dating apps expose precise locations of 10 million users (lien direct) |
In some countries, such lax security can be of real risk to a user's personal safety. |
|
|
|
|
2019-08-12 13:05:05 |
Cloud Atlas threat group updates weaponry with polymorphic malware (lien direct) |
Unique IoCs can be generated for each successful infection. |
Malware
Threat
|
|
|
|
2019-08-12 11:22:04 |
FBI seeks to monitor Facebook, oversee mass social media data collection (lien direct) |
Plans to track social media activity will potentially clash with existing privacy policies. |
|
|
|
|
2019-08-10 22:45:00 |
Researchers find security flaws in 40 kernel drivers from 20 vendors (lien direct) |
Affected vendors include the likes of Intel, AMD, NVIDIA, ASRock, AMI, Gigabyte, Realtek, Huawei, and more. |
|
|
|
|
2019-08-10 21:27:00 |
Clever attack uses SQLite databases to hack other apps, malware servers (lien direct) |
Tainted SQLite database can run malicious code inside other apps, such as web apps or Apple's iMessage. |
Malware
Hack
|
|
|
|
2019-08-09 12:47:01 |
New Saefko Trojan focuses on stealing your credit card details, crypto wallets (lien direct) |
The multi-tool malware is being sold on the Dark Web. |
Malware
|
|
|