Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-06-19 04:55:00 |
New Plurox malware is a backdoor, cryptominer, and worm, all packed into one (lien direct) |
New Plurox malware spotted in the wild in February; uses leaked NSA exploits; focuses on cryptocurrency mining. |
Malware
|
|
|
|
2019-06-18 19:29:01 |
Mozilla patches Firefox zero-day abused in the wild (lien direct) |
Mozilla releases Firefox 67.0.3 to fix actively exploited zero-day. |
|
|
|
|
2019-06-18 18:25:05 |
FBI warning: Foreign spies using social media to target government contractors (lien direct) |
FBI warns security clearance holders to be careful when disclosing work information on social media profiles. |
|
|
|
|
2019-06-18 17:00:00 |
Google launches Chrome extension for flagging bad URLs to the Safe Browsing team (lien direct) |
Google launches new "Suspicious Site Reporter" Chrome extension. |
|
|
|
|
2019-06-18 10:53:00 |
EatStreet food ordering service discloses security breach (lien direct) |
Hacker "Gnosticplayers" took credit for the hack in a private conversation with ZDNet last month. |
Hack
|
|
|
|
2019-06-18 10:00:00 |
Critical remote execution flaw lurks in TP-Link Wi-Fi Extenders (lien direct) |
The zero-day bug impacts multiple models in the TP-Link product line. |
|
|
|
|
2019-06-18 09:46:05 |
Info stealing Android apps can grab one time passwords to evade 2FA protections (lien direct) |
Google restricted SMS controls. Hackers found a way around it. |
|
|
|
|
2019-06-17 23:54:04 |
Disgruntled security firm discloses zero-days in Facebook\'s WordPress plugins (lien direct) |
Zero-days disclosed in "Facebook for WooCommerce" and "Messenger Customer Chat." |
|
|
|
|
2019-06-17 21:34:04 |
Cloudflare launches decentralized service for generating random numbers (lien direct) |
New "League of Entropy" service will generate a stream of random numbers using five servers located across the globe. |
|
|
|
|
2019-06-17 17:48:00 |
A quarter of major CMSs use outdated MD5 as the default password hashing scheme (lien direct) |
Offenders include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB, SugarCRM, and others. |
|
|
|
|
2019-06-17 10:31:00 |
Equifax breach impacted the online ID verification process at many US govt agencies (lien direct) |
Impacted agencies include the Centers for Medicare and Medicaid Services (CMS), the Social Security Administration (SSA), the US Postal Service (USPS), and the Department of Veterans Affairs (VA). |
|
Equifax
|
|
|
2019-06-17 08:30:00 |
Houdini malware targets victims with keylogger, online bank account theft tools (lien direct) |
The new Trojan variant is actively striking commercial banking customers. |
Malware
|
|
|
|
2019-06-17 08:20:03 |
New Echobot malware is a smorgasbord of vulnerabilities (lien direct) |
Security researchers spot new Mirai variant called Echobot that targets a wide range of IoT devices and enterprise apps. |
Malware
|
|
|
|
2019-06-17 06:49:01 |
Oregon State University breach exposed student, family data (lien direct) |
OSU is one of several US universities impacted by data breaches in recent weeks. |
|
|
|
|
2019-06-17 06:08:01 |
Mermaids transgender charity data breach exposed confidential emails (lien direct) |
Private emails between the charity and parents were reportedly available for public viewing. |
Data Breach
|
|
|
|
2019-06-16 14:20:00 |
Microsoft warns Azure customers of Exim worm (lien direct) |
Microsoft says Azure infrastructure stops the worm's self-spreading component, but VMs remain compromised. |
|
|
|
|
2019-06-14 22:07:00 |
(Déjà vu) AMCA data breach has now gone over the 20 million mark (lien direct) |
Healthcare billing vendor got hacked last year and hackers put patient data for sale online. |
Data Breach
|
|
|
|
2019-06-14 22:07:00 |
(Déjà vu) AMCA data breach has now went over the 20 million mark (lien direct) |
Healthcare billing vendor got hacked last year and hackers put patient data for sale online. |
Data Breach
|
|
|
|
2019-06-14 18:06:02 |
Mysterious Iranian group is hacking into DNA sequencers (lien direct) |
Hacker is scanning the internet and planting shells on web-based DNA sequencing apps. |
|
|
|
|
2019-06-14 15:54:01 |
(Déjà vu) Security bug would have allowed hackers access to Google\'s internal network (lien direct) |
Security researcher finds dangerous XSS bug in Google's Invoice Submission Portal. |
|
|
|
|
2019-06-14 15:54:00 |
Security researcher finds critical XSS bug in Google\'s Invoice Submission Portal (lien direct) |
Security bug would have allowed hackers access to one of Google's backend apps. |
|
|
|
|
2019-06-14 14:01:04 |
Twitter wipes out thousands of fake accounts connected to Iran, Russia (lien direct) |
The accounts specialized in manipulating and influencing political conversations. |
|
|
|
|
2019-06-14 13:03:05 |
Europol turns cryptocurrency crimes into a game (lien direct) |
Gamification is the way forward when it comes to training officers in tracking down criminals. |
|
|
|
|
2019-06-14 04:30:00 |
JavaScript Template Attacks expose new browser fingerprinting vectors (lien direct) |
Environment-dependent JavaScript property values allow for user fingerprinting. |
|
|
|
|
2019-06-13 18:12:00 |
Yubico to replace vulnerable YubiKey FIPS security keys (lien direct) |
Yubico staff discovers bug in YubiKey FIPS Series keys; offers replacements for affected customers. |
|
|
|
|
2019-06-13 15:28:00 |
Exim email servers are now under attack (lien direct) |
Almost half of the internet's email servers are now being attacked with a new exploit. |
|
|
|
|
2019-06-13 14:32:03 |
Fish ponds disguised theft of oil field power in cryptocurrency mining scheme (lien direct) |
Drones were deployed to foil the cryptojacking attacks. |
|
|
|
|
2019-06-13 12:58:02 |
SEC security alert warns about misconfigured NAS, DBs, and cloud storage servers (lien direct) |
SEC OCIE inspections finds that companies have failed to properly secure network-accessible storage systems. |
|
|
|
|
2019-06-13 11:01:00 |
EFF asks for DOJ efforts to break Facebook encryption to be made public (lien direct) |
The heart of the matter stems from an investigation into suspected gang activity. |
|
|
|
|
2019-06-13 09:52:05 |
Outlaw hackers return with cryptocurrency mining botnet (lien direct) |
The group is using Chinese victims as guinea pigs to try out their malware. |
|
|
|
|
2019-06-13 00:13:00 |
Google promises to play nice with ad blockers (again) (lien direct) |
Google relaxes control on new Chrome extensions API that would have crippled ad blockers. |
|
|
|
|
2019-06-12 19:27:00 |
Ransomware halts production for days at major airplane parts manufacturer (lien direct) |
Nearly 1,000 employees sent home for the entire week, on paid leave. |
Ransomware
|
|
|
|
2019-06-12 16:56:03 |
Google expands Android\'s built-in security key to iOS devices (lien direct) |
iPhone and iPad users can now use their secondary Android smartphones as 2SV/2FA security keys. |
|
|
|
|
2019-06-12 12:42:02 |
Two hacking groups responsible for huge spike in hacked Magento 2.x stores (lien direct) |
Number of hacked Magento 2.x stores doubles for the third month in a row. |
|
|
|
|
2019-06-12 12:00:03 |
Intel fixes severe NUC firmware, web console vulnerabilities (lien direct) |
Left unpatched, the bugs can lead to data leaks, service denial, and privilege escalation. |
Guideline
|
|
|
|
2019-06-12 09:37:02 |
Adobe fixes critical security flaws in Flash, ColdFusion, Campaign (lien direct) |
Fixing code execution bugs was a priority this month for Adobe. |
|
|
|
|
2019-06-12 08:42:01 |
1,700 alleged online sex offenders arrested during operation \'Broken Heart\' (lien direct) |
The DoJ's nationwide campaign investigated close to 20,000 complaints. |
|
|
|
|
2019-06-11 22:56:02 |
Microsoft blocks BLE security keys with known pairing vulnerability (lien direct) |
Windows security update will block pairing of certain weak BLE security keys at the OS level. |
Vulnerability
|
|
|
|
2019-06-11 19:41:00 |
Microsoft\'s June 2019 Patch Tuesday fixes many of SandboxEscaper\'s zero-days (lien direct) |
Microsoft patches four of five zero-days published by SandboxEscaper. |
|
|
|
|
2019-06-11 17:00:00 |
\'RAMBleed\' Rowhammer attack can now steal data, not just alter it (lien direct) |
Academics detail new Rowhammer attack named RAMBleed. |
|
|
|
|
2019-06-11 16:02:00 |
Evite e-invite website admits security breach (lien direct) |
Company comes clean after a hacker put its data up for sale on the dark web in April. |
|
|
|
|
2019-06-11 12:31:04 |
FIN8 hackers return after two years with attacks against hospitality sector (lien direct) |
FIN8 returns with improved malware and new attacks aimed at POS systems in the hotel industry. |
Malware
|
|
|
|
2019-06-11 12:02:01 |
This is how scammers are now abusing Google Calendar to pillage your data (lien direct) |
Recent attacks abuse invitation and event notification mechanisms. |
|
|
|
|
2019-06-11 09:33:04 |
HaveIBeenPwned: It\'s time to grow up and smell the acquisition potential (lien direct) |
Troy Hunt says he is in early discussions for his life's work to be purchased. |
|
|
|
|
2019-06-10 21:33:00 |
CBP says hackers stole license plate and travelers\' photos (lien direct) |
CBP said subcontractor stored photos on its internal servers without authorization, and then got hacked. |
|
|
|
|
2019-06-10 17:40:02 |
Mozilla CEO: Premium version of Firefox coming this fall (lien direct) |
Browser maker working on premium version of Firefox with extra features like VPN access and secure storage. |
|
|
|
|
2019-06-10 11:51:04 |
Eight years later, the case against the Mariposa malware gang moves forward in the US (lien direct) |
Feds put stronger case forward against Mariposa creator and Darkode forum founder. |
Malware
|
|
|
|
2019-06-10 11:29:00 |
8.4TB in email metadata exposed in university data leak (lien direct) |
A database owned by Shanghai Jiao Tong University required no authentication to access. |
|
|
|
|
2019-06-10 10:42:00 |
Emuparadise gaming emulator website suffers data breach (lien direct) |
Over one million accounts were leaked, and a vulnerable encryption algorithm may have been in play. |
Data Breach
|
|
|
|
2019-06-10 00:44:04 |
Major HSM vulnerabilities impact banks, cloud providers, governments (lien direct) |
Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules). |
|
|
|