What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-09-10 18:51:04 | (Déjà vu) Microsoft Patches Two Privilege Escalation Flaws Exploited in Attacks (lien direct) | Microsoft's Patch Tuesday updates for September 2019 fix 80 vulnerabilities, including two Windows flaws that have been exploited in attacks. | |||
|
2019-09-10 16:27:02 | New Stealth Falcon Backdoor Discovered (lien direct) | ESET security researchers have discovered a new backdoor associated with the United Arab Emirates (UAE)-linked Stealth Falcon threat actor. | Threat | ||
|
2019-09-10 15:35:04 | Adobe Patches Two Code Execution Vulnerabilities in Flash Player (lien direct) | Adobe's September 2019 Patch Tuesday updates fix two code execution vulnerabilities in Flash Player and a DLL hijacking flaw in Application Manager. | |||
|
2019-09-10 13:17:02 | Vulnerabilities Exposed 2 Million Verizon Customer Contracts (lien direct) | Vulnerabilities discovered by a security researcher in Verizon Wireless systems could have been exploited by hackers to gain access to 2 million customer contracts. | ★★★★★ | ||
|
2019-09-10 13:07:04 | Stop Using CVSS to Score Risk (lien direct) | The mechanics of prioritizing one vulnerability's business risk over another has always been fraught with concern. What began as securing business applications and infrastructure from full-disclosure bugs a couple of decades ago, has grown to encompass vaguely referenced flaws in insulin-pumps and fly-by-wire aircraft with lives potentially hanging in the balance. | ★★★★★ | ||
|
2019-09-10 07:39:02 | (Déjà vu) HackerOne Raises $36.4 Million in Series D Funding Round (lien direct) | Pentesting and bug bounty platform provider HackerOne on Monday announced that it raised $36.4 million in a Series D funding round, which brings the total raised by the company to date to more than $110 million. | |||
|
2019-09-09 19:08:01 | DNS-over-HTTPS Coming to Firefox (lien direct) | Mozilla this week announced plans to gradually roll-out DNS-over-HTTPS (DoH) in Firefox starting this month, though only users in the United States will receive it in the beginning. | |||
|
2019-09-09 15:46:01 | Swedish GDPR Fine Highlights Legal Challenges in Use of Biometrics (lien direct) | A small fine of $20,000 in Sweden highlights a potential problem for the use of biometrics in security throughout Europe, including American firms with offices in Europe. | |||
|
2019-09-09 15:17:01 | Cyberattack Disrupted Firewalls at U.S. Power Utility (lien direct) | A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization. | Vulnerability | ||
|
2019-09-09 14:09:05 | U.S. Cyber Command Adds North Korean Malware Samples to VirusTotal (lien direct) | The U.S. Cyber Command (USCYBERCOM) this week released 11 malware samples to VirusTotal, all of which appear related to the notorious North Korean-linked threat group Lazarus. | Malware Threat | APT 38 | |
|
2019-09-09 13:57:00 | BlueKeep Exploit Added to Metasploit (lien direct) | An initial public exploit targeting the recently addressed BlueKeep vulnerability in Microsoft Windows has been added to Rapid7's Metasploit framework. | Vulnerability | ||
|
2019-09-09 13:29:02 | Man Pleads Guilty for Trying to Access Trump\'s Tax Returns (lien direct) | A Philadelphia man has pleaded guilty to trying to hack the IRS to obtain President Donald Trump's tax returns. Andrew Harris pleaded guilty Thursday to two computer fraud counts in federal court. The 23-year-old faces up to two years in prison and $200,000 fine. | Hack Guideline | ||
|
2019-09-09 13:00:03 | Private Equity Firms Interested in Buying Symantec for $16 Billion: Report (lien direct) | Private equity firms Permira and Advent International are interested in acquiring Symantec's consumer business for more than $16 billion, The Wall Street Journal reports. | |||
|
2019-09-09 12:04:01 | Several Vulnerabilities Found in Red Lion HMI Software (lien direct) | Researchers have discovered several vulnerabilities, including ones that have been classified as serious, in a human-machine interface (HMI) programming software made by U.S.-based Red Lion. | |||
|
2019-09-09 10:07:02 | China-Linked \'Thrip\' Cyberspies Continue Attacks on Southeast Asia (lien direct) | The China-linked threat actor tracked by Symantec as Thrip has continued to target entities in Southeast Asia even after the cybersecurity firm exposed its operations. | Threat | ||
|
2019-09-09 08:09:02 | Cisco Releases GhIDA and Ghidraaas Tools for IDA Pro (lien direct) | Cisco Talos has released two new open source tools for IDA Pro, namely GhIDA, an IDA Pro plugin, and Ghidraaas (Ghidra as a Service), a docker container. | |||
|
2019-09-09 04:42:01 | Parts of Wikipedia Offline After \'Malicious\' Attack (lien direct) | Popular online reference website Wikipedia went down in several countries after the website was targeted by what it described as a "malicious attack". The server of the Wikimedia Foundation, which hosts the site, suffered a "massive" Distributed Denial of Service (DDoS) attack, the organization's German account said in a tweet late Friday. | |||
|
2019-09-07 17:02:04 | Apple: Security Report on iPhone Hack Created \'False Impression\' (lien direct) | Apple hit back Friday at a Google research report suggesting iPhones may have been targeted by a long-running hacking operation, calling it inaccurate and misleading. | Hack Guideline | ||
|
2019-09-06 18:34:02 | Three Strategies to Combat Anti-Analysis and Evasion Techniques (lien direct) | “What happens if our network is compromised?” is a question that security professionals have been asking for some time. But for a variety of reasons – ranging from network transformation efforts to more sophisticated attack methods – this question has now become, “how do we even know if our network has been compromised?” | |||
|
2019-09-06 18:26:02 | "Splintering" Makes Hacking Passwords 14 Million Percent Harder (lien direct) | Tide Foundation Creating Marketplace Where PII Can be Safely Sold | |||
|
2019-09-06 18:20:01 | Industrial Manufacturing Firm DK-LOK Exposes Emails, Customer Data (lien direct) | South Korean-based manufacturer DK-LOK was found to leak internal and external communications, including data on clients, vpnMentor's researchers warn. An industrial pipe, valve, and fittings manufacturer, DK-LOK has clients all around the world, and also has branches in various countries, including the United States. | |||
|
2019-09-06 18:00:04 | Oklahoma Pension Fund Reports $4.2 Million Cyber Theft (lien direct) | Officials with the pension system for retired Oklahoma Highway Patrol troopers and other state law enforcement officers say the FBI is investigating after computer hackers stole $4.2 million in funds. A notice posted on the Oklahoma Law Enforcement Retirement System website on Friday said no pension benefits of any members are at risk. | |||
|
2019-09-06 15:32:04 | Industry Reactions to Iranian Mole Planting Stuxnet: Feedback Friday (lien direct) | Yahoo News reported this week that an Iranian mole recruited by Dutch intelligence helped the United States and Israel sabotage Iran's nuclear program by planting the | Yahoo | ||
|
2019-09-06 14:16:04 | Exim Vulnerability Allows Remote Code Execution as Root (lien direct) | Exim mail servers are vulnerable to attacks due to a security hole that allows a local or remote attacker to execute arbitrary code with root privileges. | Vulnerability | ||
|
2019-09-06 12:49:03 | Cisco Patches Remote Command Execution in Webex Teams Client (lien direct) | Cisco this week addressed a High severity vulnerability in the Webex Teams client for Windows that could allow an attacker to execute commands remotely. The issue is created “due to improper restrictions on software logging features used by the application on Windows operating systems.” | Vulnerability | ||
|
2019-09-06 12:34:01 | Unpatched Privilege Escalation Vulnerability Impacts Android (lien direct) | The Android operating system is affected by a zero-day privilege escalation bug residing in the V4L2 driver, Trend Micro's Zero Day Initiative (ZDI) reveals. | Vulnerability | ||
|
2019-09-06 11:19:00 | PerimeterX Raises Another $14 Million in Series C Round (lien direct) | Website and mobile application protection company PerimeterX this week announced a $14 million extension to the Series C funding round it completed in February 2019. | |||
|
2019-09-06 11:04:05 | Firefox 69 Patches Critical Code Execution Flaw (lien direct) | Mozilla this week released Firefox 69 in the stable channel with patches for 20 vulnerabilities, including one code execution bug rated Critical severity. | |||
|
2019-09-06 10:50:03 | No Ransom Paid in Recent Attack, Texas Says (lien direct) | The Texas Department of Information Resources (DIR) says it is not aware of any ransom being paid to recover systems affected by a recent ransomware attack. | Ransomware | ||
|
2019-09-06 10:21:01 | Data Protection Firm BigID Raises $50 Million (lien direct) | Data protection firm BigID announced on Thursday that it has raised $50 million in a Series C funding round, which brings the total raised by the company to nearly $100 million. | |||
|
2019-09-06 04:33:00 | Ransomware Attack Locks Out New Bedford City Data (lien direct) | A Massachusetts mayor says hackers demanded $5.3 million from his city in a ransomware attack this summer. New Bedford Mayor Jon Mitchell disclosed Wednesday that a variant of the Ryuk virus blocked access to information on 158 city computers in July. The Standard-Times reports the city had previously blamed an unspecified virus. | Ransomware | ||
|
2019-09-05 14:39:01 | Palo Alto Networks Acquires IoT Security Firm Zingbox for $75 Million (lien direct) | Palo Alto Networks on Wednesday announced the acquisition of IoT security firm Zingbox for $75 million in cash, and made public its financial results for the fiscal year 2019. Zingbox provides a cloud-based lifecycle management solution that uses AI and machine learning technologies to identify, secure and optimize devices. | |||
|
2019-09-05 13:37:01 | CircleCI Customer Data Exposed Through Third-Party Vendor (lien direct) | CircleCI, a San Francisco-based company that specializes in continuous integration and delivery solutions, on Thursday informed customers that some of their information may have been exposed through a third-party analytics vendor. | |||
|
2019-09-05 12:17:00 | (Déjà vu) WordPress 5.2.3 Patches Several XSS Vulnerabilities (lien direct) | WordPress developers on Thursday announced the availability of version 5.2.3, a maintenance and security release that includes 29 fixes and enhancements, along with several security patches. | |||
|
2019-09-05 11:19:00 | 400 Mn Facebook Users\' Phone Numbers Exposed in Privacy Lapse: Reports (lien direct) | Phone numbers linked to more than 400 million Facebook accounts were listed online in the latest privacy lapse for the social media giant, US media reported Wednesday. | |||
|
2019-09-05 10:43:03 | The Power of Visualization to Accelerate Security Operations (lien direct) | Every day we seem to hear of new and interesting linkages discovered by the medical and scientific communities. Just yesterday there was a report that young people who vape are 3.5 times more likely to try or use marijuana, compared to those who don't. Today, I heard another report on the radio stating if a person can keep their blood pressure in check, especially in middle age, it could lower the risk of developing dementia. | |||
|
2019-09-05 09:37:04 | Crimeware Risk Underestimated, Chronicle Finds (lien direct) | The risk associated with crimeware is underestimated, despite a continuous increase in attacks involving financially motivated malware, a new report from Alphabet-owned security firm Chronicle reveals. | |||
|
2019-09-05 07:30:00 | Tech Firms, US Officials Talk Election Protection at Facebook (lien direct) | Facebook said technology firms and US officials met at its Silicon Valley headquarters on Wednesday to collaborate on protecting next year's presidential election from cyber threats. | |||
|
2019-09-05 07:24:01 | Twitter Temporarily Disables Tweeting via SMS After CEO Hack (lien direct) | Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts. | Hack | ||
|
2019-09-04 18:17:05 | TrickBot Makes Heavy Use of Evasion in Recent Attacks (lien direct) | The operators behind the TrickBot malware have made heavy use of evasion and anti-analysis techniques in recently observed attacks, security researchers warn. | Malware | ★★★ | |
|
2019-09-04 17:58:04 | Android\'s September 2019 Patches Fix Nearly 50 Vulnerabilities (lien direct) | Google this week released a new set of security patches for the Android platform, to address nearly 50 vulnerabilities in multiple components, including two critical flaws impacting the Media framework. | ★★ | ||
|
2019-09-04 17:44:03 | Vulnerability in Network Provisioning Affects Majority of All Android Phones (lien direct) | An SMS phishing attack against many modern Android phones could route all internet traffic through a proxy controlled by the attacker. The problem lies in weak (sometimes non-existent) authentication for over-the-air (OTA) provisioning. | Vulnerability | ★★ | |
|
2019-09-04 14:06:02 | FireEye Releases Open Source Persistence Toolkit \'SharPersist\' (lien direct) | FireEye on Tuesday announced the release of SharPersist, a free and open source Windows persistence toolkit designed for Red Teams, which help organizations test the efficiency of their protection systems and improve their security posture by assuming the role of an adversary. | ★★★ | ||
|
2019-09-04 13:49:02 | (Déjà vu) What the Segway Can Teach Us About Information Security (lien direct) | 
The Segway Can Offer More Security Insight Than You Might Realize
|
|||
|
2019-09-04 12:36:04 | Twitter CEO Hack Highlights Dangers of \'SIM Swap\' Fraud (lien direct) | Even with considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his phone number. | Hack | ||
|
2019-09-04 12:35:01 | MITRE ATT&CK Used for Cybersecurity Skills Development (lien direct) | By Mapping Skills and Training to MITRE ATT&CK, Skill Levels Can be Visualized in Real-Time | |||
|
2019-09-04 12:29:00 | Code Execution Flaws Found in EZAutomation PLC, HMI Software (lien direct) | Researchers discovered that two pieces of software made by U.S.-based industrial automation solutions provider EZAutomation are affected by potentially serious vulnerabilities that can be exploited for remote code execution. | |||
|
2019-09-04 11:27:02 | Huawei Accuses US of Cyberattacks, Coercing Employees (lien direct) | Chinese telecom equipment maker Huawei accused U.S. authorities on Wednesday of attempting to break into its information systems and of trying to coerce its employees to gather information on the company. | |||
|
2019-09-04 04:50:03 | Over 328,000 Users Hit by Foxit Data Breach (lien direct) | PDF solutions provider Foxit last week informed customers that it had recently detected unauthorized access to data associated with its “My Account” service. | Data Breach | ||
|
2019-09-04 04:30:00 | Zerodium Offers Up to $2.5 Million for Android Exploits (lien direct) | Exploit acquisition firm Zerodium announced on Tuesday that it's offering up to $2.5 million for powerful Android exploits, more than what it's offering for the same type of exploit on iOS. |
To see everything:
