Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-19 19:28:01 |
TP-Link Patches Remote Code Execution Flaws in SOHO Router (lien direct) |
Vulnerabilities recently addressed by WiFi device maker TP-Link in its TL-R600VPN small and home office (SOHO) router could allow remote code execution, Cisco Talos security researchers warn.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-19 17:25:01 |
New Vehicle Hack Exposes Users\' Private Data Via Bluetooth (lien direct) |
People who have synced their mobile phones with a wide variety of vehicle infotainment systems may have have their personal information exposed to a new type of vehicle hack, security researchers say.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-19 16:40:05 |
Instagram Download Tool Exposes User Passwords (lien direct) |
Instagram informed some users last week that their passwords may have been exposed as a result of using the “Download Your Data” tool.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-19 15:41:04 |
Microsoft Enhances Windows Defender ATP (lien direct) |
Microsoft has unveiled several enhancements to its Windows Defender Advanced Threat Protection (ATP) product to improve its protection capabilities.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-19 14:56:05 |
Small Businesses, Big Breaches (lien direct) |
I love the fall. Brisk morning weather. Football. And politicians tripping over themselves to say nice things about small businesses. In this age of divisive politics, it's nice that politicians of all stripes can agree that small businesses are awesome.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-19 14:26:03 |
Iran-Linked Hackers Use Just-in-Time Creation of Weaponized Attack Docs (lien direct) |
Researchers Analyzed How the Iran-linked "OilRig" Hacking Group Tests Malicious Documents Before Use in Attacks
|
|
APT 34
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-19 13:32:03 |
Singapore Signs Cybersecurity Agreements With US, Canada (lien direct) |
Singapore last week signed cybersecurity-related agreements with both Canada and the United States as officials from both countries visited Singapore for the 33rd ASEAN Summit.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-19 11:42:04 |
Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition (lien direct) |
White hat hackers earned more than $1 million for exploits disclosed at the Tianfu Cup PWN hacking competition that took place on November 16-17 in Chengdu, the capital of China's Sichuan province.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-18 02:03:00 |
Suspected Russian Hackers Impersonate State Department Aide (lien direct) |
WASHINGTON (AP) - U.S. cybersecurity experts say hackers impersonating a State Department official have targeted U.S. government agencies, businesses and think tanks in an attack that bears similarity to past campaigns linked to Russia.
The "spear phishing" attempts began on Wednesday, sending e-mail messages purported to come from a department public affairs official.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 20:14:05 |
Smartphones: A Double-edged Sword for Terrorists (lien direct) |
Bombs and guns aside, a smartphone can be a powerful weapon in the hands of a terrorist -- but it can also provide intelligence services with the tools to track them down.
Three years ago to the day, the Paris attacks of November 13, 2015 remain one of the best known examples of a large-scale assault that could not have been planned without phones.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 20:06:01 |
Does Not Compute: Japan Cyber Security Minister Admits Shunning PCs (lien direct) |
A Japanese minister in charge of cyber security has provoked astonishment by admitting he has never used a computer in his professional life, and appearing confused by the concept of a USB drive.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 18:55:04 |
SamSam and GandCrab Illustrate Evolution of Ransomware (lien direct) |
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 18:09:00 |
AWS Adds New Feature for Preventing Data Leaks (lien direct) |
Amazon announced this week that a new feature designed to prevent data leaks has been added to Amazon Web Services (AWS).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 16:04:03 |
Google Scours the Internet for Dirty Android Apps (lien direct) |
Google is analyzing all the apps that it can find across the Internet in an effort to keep Android users protected from Potentially Harmful Applications (PHAs).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 15:43:03 |
Europol, Diebold Nixdorf to Share Information on Cyber Threats (lien direct) |
Europol on Friday announced that it has signed a cybersecurity-focused memorandum of understanding (MoU) with Diebold Nixdorf, one of the world's largest providers of ATM and point-of-sale (PoS) services.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 15:05:04 |
Many ATMs Can be Hacked in Minutes: Report (lien direct) |
Many automated teller machines (ATMs) lack adequate security mechanisms and can be compromised in minutes using various methods, according to a new report from vulnerability assessment firm Positive Technologies.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 13:19:00 |
Google Helps G Suite Admins Enforce Strong Passwords (lien direct) |
Google this week announced new features to G Suite designed to help administrators enforce rigorous password requirements and increase security.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 11:10:04 |
BlackBerry to Acquire Cylance for $1.4 Billion in Cash (lien direct) |
BlackBerry on Friday announced that it has agreed to acquire next-generation endpoint security firm Cylance for US $1.4 billion in cash.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 07:20:04 |
Trend Micro, Moxa Form New IIoT Security Company (lien direct) |
Cybersecurity firm Trend Micro and industrial networking solutions provider Moxa on Thursday announced plans to form a joint venture corporation focusing on securing industrial internet of things (IIoT) environments.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-16 02:53:03 |
Dridex/Locky Operators Unleash New Malware in Recent Attack (lien direct) |
The threat actor(s) behind many Dridex and Locky campaigns have been using a new Remote Access Trojan (RAT), Proofpoint security researchers warn.
|
Malware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 20:00:00 |
Data Protection Firm Cognigo Raises $8.5 Million (lien direct) |
Cognigo, a Tel Aviv, Israel-based startup focused on data protection and compliance, this week announced that it has completed an $8.5 million Series A round of funding.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 15:57:05 |
Firefox Alerts Users When Visiting Breached Sites (lien direct) |
Mozilla has added a new feature to Firefox to alert users when they visit a website that has been part of a data breach in the past.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 15:43:03 |
Adversaries Take Advantage of the Seams. Let\'s Close Them. (lien direct) |
Adversaries are Increasingly Masterful at Taking Advantage of Seams Between Technologies and Teams to Infiltrate Organizations
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 15:18:05 |
\'Tis the Season for Mobile Threats (lien direct) |
Keeping Your Organization Safe From Mobile Threats During the Holidays
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 15:04:00 |
Report Shows Increase in Email Attacks Using .com File Extensions (lien direct) |
Leesburg, VA-based anti-phishing firm Cofense (formerly PhishMe) has discovered an uptick in the use of .com file extensions in phishing emails.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 14:47:02 |
GreatHorn Expands Email Security Platform (lien direct) |
Waltham, MA-based GreatHorn has expanded its machine-learning phishing protection system into a complete email security platform. "This major new expansion of the Company's flagship solution," it announced on November 14, "addresses every potential stage of a phishing attack with integrated threat detection, protection, defense, and incident response."
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 13:52:00 |
OPM Security Improves, But Many Issues Still Unresolved: GAO (lien direct) |
The U.S. Office of Personnel Management (OPM) has improved its security posture since the data breaches disclosed in 2015, but many issues are still unresolved, according to a report published this week by the Government Accountability Office (GAO).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 13:06:01 |
What Does Your Cloud Strategy Include, and Are You Transitioning Securely? (lien direct) |
Organizations Need the Right Technologies and Talent in Place to Ensure a Secure Transition to the Cloud
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 09:10:02 |
Congress Passes Bill Creating Cybersecurity Agency at DHS (lien direct) |
The U.S. House of Representatives this week passed a bill that creates a new cybersecurity agency at the Department of Homeland Security (DHS).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-15 08:07:04 |
(Déjà vu) Industrial Cybersecurity Firm Dragos Raises $37 Million (lien direct) |
Industrial cybersecurity firm Dragos on Wednesday announced that it has raised $37 million in a Series B funding round, which brings the total raised by the company to date to over $48 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 17:59:04 |
Researchers Disclose 7 New Meltdown, Spectre Attacks (lien direct) |
A team of researchers has described seven new variants of the notorious Meltdown and Spectre attacks, and they claim some of these methods are not mitigated by existing patches, but Intel disagrees.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 17:06:00 |
Chinese Hackers Target UK Engineering Company: Report (lien direct) |
Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 15:41:00 |
iPhone X Exploits Earn Hackers Over $100,000 (lien direct) |
The Zero Day Initiative's Pwn2Own Tokyo hacking competition has come to an end, with participants earning over $300,000 for disclosing vulnerabilities affecting iPhone X, Xiaomi Mi 6 and Samsung Galaxy S9 smartphones.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 15:25:00 |
Cathay Apologizes Over Data Breach but Denies Cover-up (lien direct) |
The top two executives at Hong Kong carrier Cathay Pacific on Wednesday apologized for the firm's handling of the world's biggest airline hack that saw millions of customers' data breached but denied trying to cover it up.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 14:44:03 |
US Panel Warns Against Government Purchase of Chinese Tech (lien direct) |
A congressional advisory panel says the purchase of internet-linked devices manufactured in China leaves the United States vulnerable to security breaches that could put critical infrastructure at risk.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 14:35:00 |
Siemens Releases 7 Advisories for SIMATIC, SCALANCE Vulnerabilities (lien direct) |
Siemens on Tuesday released 7 new advisories to inform customers of potentially serious vulnerabilities affecting various SIMATIC and SCALANCE products. Patches and/or mitigations are available for all impacted products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 11:59:04 |
DUST Identity Emerges From Stealth to Protect Device Supply Chain (lien direct) |
Boston, MA-based start-up firm DUST Identity has emerged from stealth with $2.3 million seed funding led by Kleiner Perkins, with participation from New Science Ventures, Angular Ventures, and Castle Island Ventures. It was founded in 2018 by Ophir Gaathon (CEO), Jonathan Hodges (VP engineering) and Dirk Englund (board member).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 11:31:02 |
Digital Takeaways From the Supreme Court Fight (lien direct) |
It's always interesting to watch how the ongoing digital transformation of our lives is changing the world in ways we never would have anticipated years ago. Financial information, social interactions, even our physical locations may be up for grabs in cyberspace, with real-world ramifications.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-14 07:14:01 |
(Déjà vu) APT Group Uses Windows Zero-Day in Middle East Attacks (lien direct) |
A Windows zero-day vulnerability addressed this week by Microsoft with its November 2018 Patch Tuesday updates has been exploited by an advanced persistent threat (APT) group in attacks aimed at entities in the Middle East.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 21:47:00 |
Microsoft Patches Actively Exploited Windows Vulnerability (lien direct) |
Microsoft's Patch Tuesday updates for November 2018 address more than 60 vulnerabilities, including zero-days and publicly disclosed flaws.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 20:08:02 |
(Déjà vu) Adobe Patches Disclosed Acrobat Vulnerability (lien direct) |
Adobe has released Patch Tuesday updates for Flash Player, Acrobat and Reader, and Photoshop CC to address three vulnerabilities – one in each product.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 19:30:01 |
SAP Patches Critical Vulnerability in HANA Streaming Analytics (lien direct) |
SAP this week published its November 2018 set of security patches, which include 11 new Security Patch Day Notes, along with 3 updates for previously released notes.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 19:12:03 |
Seven Hacking Groups Operate Under “Magecart” Umbrella, Analysis Shows (lien direct) |
At least seven different cybercrime groups referred to as "Magecart hackers" are placing digital credit card skimmers on compromised e-commerce sites, Flashpoint and RiskIQ reveal in a joint report.
Active since at least 2015, the Magecart hackers steal credit card information by placing digital skimmers on the websites they visit.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 18:14:01 |
State vs. Federal Privacy Laws: The Battle for Consumer Data Protection (lien direct) |
The Battle for Privacy in the United States is Just Beginning
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 17:12:05 |
Cathay Says \'Most Intense\' Period of Data Breach Lasted Months (lien direct) |
The world's biggest airline data breach, affecting millions of Cathay Pacific customers, was the result of a sustained cyber attack that lasted for three months, the carrier admitted, while insisting it was on alert for further intrusions.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 16:24:01 |
Sophisticated Cyberattack Targets Pakistani Military (lien direct) |
A previously undisclosed threat actor is targeting nuclear-armed government and military in Pakistan as part of a new, unusually complex espionage campaign, Cylance security researchers warn.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 15:40:02 |
What the Onslow Water and Sewer Authority Can Teach About Responsible Disclosure (lien direct) |
Critical Infrastructure Operators Must Plan for Scenarios in Which a Physical and Cyber Event Occur Simultaneously
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 15:36:03 |
APT Simulation Provider XM Cyber Raises $22 Million (lien direct) |
XM Cyber, an Israel-based company that provides an automated APT simulation and remediation platform, on Tuesday announced that it has raised $22 million in a Series A funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 14:08:00 |
Cloud Security Firm Netskope Raises $168.7 Million (lien direct) |
Cloud security firm Netskope on Tuesday announced that it has raised $168.7 million in a Series F funding round, which brings the total raised by the company to date to over $400 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2018-11-13 13:06:02 |
Samsung Galaxy S9, iPhone X Hacked at Pwn2Own Tokyo (lien direct) |
Apple iPhone X, Samsung Galaxy S9 and Xiaomi Mi 6 smartphones have all been hacked on the first day of the Pwn2Own Tokyo 2018 contest taking place these days alongside the PacSec security conference in Tokyo, Japan.
|
|
|
|