Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-05-15 16:19:04 |
Attackers Use UPnP to Sidestep DDoS Defenses (lien direct) |
Universal Plug and Play networking protocols can be exploited to bypass DDoS mitigations. |
|
|
|
|
2018-05-15 15:26:05 |
Adobe Doles Out Second Round of Higher Priority Patches (lien direct) |
Adobe has issued a round of higher priority patches less than a week after its Patch Tuesday updates last week. |
|
|
|
|
2018-05-14 20:09:05 |
EFAIL Opens Up Encrypted Email to Prying Eyes (lien direct) |
The flaws threaten to expose corporate communications in Outlook as well as the messages of at-risk users like political dissidents. |
|
|
|
|
2018-05-14 20:06:05 |
Chili\'s Doesn\'t Leave Data Breach on the Back Burner (lien direct) |
The fajitas purveyor announced the point-of-sale payment-card breach on Friday May 11, the same day that it learned about it. |
|
|
|
|
2018-05-14 19:19:02 |
GDPR Phishing Scam Targets Apple Accounts, Financial Data (lien direct) |
A phishing scam fooled victims by claiming to be Apple and scooping up personal details – including financial information and Apple account information. |
|
|
|
|
2018-05-14 18:04:00 |
Samsung Patches Six Critical Bugs in Flagship Handsets (lien direct) |
Samsung updates S9, Note 8 and S8 phones with 27 patches from a RCE bug to a patch that prevents an ancient peek-and-poke attack first identified in 1980s. |
|
|
|
|
2018-05-11 21:18:01 |
Google Project Zero Calls Windows 10 Edge Defense \'ACG\' Flawed (lien direct) |
Researchers maintain Microsoft's vaunted Arbitrary Code Guard in the Edge browser can't stop hackers from mounting attacks. |
|
|
|
|
2018-05-11 19:44:00 |
Vega Stealer Malware Takes Aim at Chrome, Firefox (lien direct) |
While it's a simple payload for now, researchers said Vega has the ability to evolve into something more concerning in the future. |
|
|
|
|
2018-05-11 17:29:03 |
Panda Banking Trojan Diversifies into Cryptocurrency, Porn, Other Targets (lien direct) |
The Panda banking trojan, a spin-off from the infamous Zeus malware, is widening its net to attack more than just financial services targets, as seen in three ongoing campaigns discovered in May. |
|
|
|
|
2018-05-10 20:23:02 |
GandCrab Ransomware Found Hiding on Legitimate Websites (lien direct) |
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. |
|
|
|
|
2018-05-10 20:04:02 |
PoS Malware \'TreasureHunter\' Source Code Leaked (lien direct) |
The leak of point-of-sale malware source code is a double-edge sword to researchers who view it as boon to research, but a headache when it comes to inspiring future variants and attacks. |
|
|
|
|
2018-05-10 18:00:03 |
New Facebook-Spread Malware Triggers Credential Theft, Cryptomining (lien direct) |
A new malware campaign being rapidly spread on Facebook is infecting users' systems to perform credential theft, cryptomining, and click fraud. |
|
|
|
|
2018-05-10 15:37:00 |
Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked (lien direct) |
Apple, Microsoft, Red Hat and others have built an uncannily similar privilege escalation flaw into their Intel-based products. |
|
|
|
|
2018-05-10 14:45:03 |
Nigerian BEC Scammers Growing Smarter, More Dangerous (lien direct) |
Nigerian-based cybercriminals are growing more dangerous as they add sophisticated tools to their arsenal, including complex remote access trojans, a new report reveals. |
|
|
|
|
2018-05-10 10:35:02 |
Secrets of the Wiper: Inside the World\'s Most Destructive Malware (lien direct) |
The actors behind this kind of code, whether they're bent on sending a political message or simply wanting to cover their tracks after data exfiltration, have adopted various techniques to carry out those activities. |
|
|
|
|
2018-05-09 20:20:03 |
Bugs in Logitech Harmony Hub Put Connected IoT Devices at \'High Risk\' (lien direct) |
Researchers found an array of vulnerabilities in the Logitech Harmony Hub, shedding light on IoT security. |
|
|
|
|
2018-05-09 17:00:01 |
Severe Keyboard Flaws in LG Smartphones Allow Remote Code Execution (lien direct) |
An attacker can gain man-in-the-middle access to inject a rogue executable file onto the phone. |
|
|
|
|
2018-05-09 16:08:02 |
Georgia Governor Vetoes Controversial Hack-Back Bill (lien direct) |
The bill would have allowed companies in the state to perform offensive cyberactions in the face of an attack. |
|
|
|
|
2018-05-08 20:42:02 |
May Patch Tuesday Fixes Two Bugs Under Active Attack (lien direct) |
In total, Microsoft's May Patch Tuesday roundup included 68 security patches, with 21 listed as critical, 45 rated important and two listed low in severity. |
|
|
|
|
2018-05-08 20:27:00 |
Sierra Wireless Patches Critical Vulns in Range of Wireless Routers (lien direct) |
The flaws would leave the enterprise devices helpless to a range of remote threats, including the charms of the Reaper IoT botnet. |
Cloud
|
APT 37
|
|
|
2018-05-08 16:56:04 |
Adobe Patches Critical Bugs In Flash Player, Creative Cloud (lien direct) |
Adobe fixed critical vulnerabilities in Adobe Flash Player and Creative Cloud as part of its regularly scheduled May Security Bulletin, on Tuesday. |
|
|
|
|
2018-05-08 16:45:05 |
“Equi-Facts”: Equifax Clarifies the Numbers for Its Massive Breach (lien direct) |
As companies continue to install the vulnerable version of Apache Struts behind the breach, Equifax has filed a clarification statement. |
|
Equifax
|
|
|
2018-05-08 15:39:00 |
FBI: Cyber-Fraud Losses Rise to Reach $1.4B (lien direct) |
Tech-support scams took off during the year, while whaling/business email compromise was the main threat, accounting for losses of more than $675 million. |
|
|
|
|
2018-05-07 19:06:04 |
Romanian Hackers Extradited to U.S. over $18M Vishing Scam (lien direct) |
The two have been arraigned in a Georgia district court on charges relating to an elaborate voice- and SMS-phishing (i.e., vishing/smishing) scheme. |
|
|
|
|
2018-05-07 18:54:04 |
Variant of SynAck Malware Adopts Doppelgänging Technique (lien direct) |
Ransomware adopts Process Doppelgänging technique to avoid antivirus researchers and avoid detection in a newly identified malware double threat targeting users in the U.S., Kuwait and Germany. |
|
|
|
|
2018-05-07 17:14:02 |
Asylo Open-Source Framework Tackles TEEs for Cloud (lien direct) |
The idea is to use trusted execution environments to build trust across various cloud-related use cases, including 5G, virtual network functions (VNFs), blockchain and more. |
|
|
|
|
2018-05-04 20:38:00 |
Report: Intel Facing New Spectre-Like Security Flaws (lien direct) |
Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a German magazine alleges. |
|
|
|
|
2018-05-04 20:36:01 |
Pr0nbot is Back – and Evading Twitter Censors (lien direct) |
A rapidly swelling botnet of Twitter accounts advertising “adult dating”-themed scam websites has at least 80,000 nodes to date. |
|
|
|
|
2018-05-04 19:27:00 |
Abbott Addresses Life-Threatening Flaw in a Half-Million Pacemakers (lien direct) |
A backdoor could be exploited to allow an attacker to manipulate the implants and cause heart problems and even death, |
|
|
|
|
2018-05-03 22:13:01 |
(Déjà vu) Twitter Urges Users to Change Passwords Due to Glitch (lien direct) |
A glitch caused Twitter passwords to be stored in plain text on an internal log. |
|
|
|
|
2018-05-03 20:26:03 |
MassMiner Takes a Kitchen-Sink Approach to Cryptomining (lien direct) |
The malware targets Windows servers with a cornucopia of well-known exploits, all within a single executable -- including the EternalBlue NSA hacking tool. |
|
|
|
|
2018-05-03 20:14:00 |
Phone Maker BLU Settles with FTC Over Unauthorized User Data Extraction (lien direct) |
Florida-based phone maker BLU is facing an FTC complaint over allegations it shared detailed personal user data with a third-party firm that included full text messages, call logs and contact lists. |
|
|
|
|
2018-05-03 19:57:05 |
A Look Inside: Bug Bounties and Pen Testing (lien direct) |
Threatpost talks to Christie Terrill of Bishop Fox about the pros and cons of using bug bounty programs versus penetration testing for companies. |
|
|
|
|
2018-05-03 16:57:01 |
Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0 (lien direct) |
Bad actors are leveraging the critical Drupal vulnerability to install cryptomining malware on servers and browsers, |
|
|
|
|
2018-05-03 14:42:04 |
Critical Cisco WebEx Bug Allows Remote Code Execution (lien direct) |
Attackers can leverage the flaw by convincing users to open a file purported to be a recording of a past WebEx event. |
|
|
|
|
2018-05-03 11:54:04 |
Free Speech Advocates Blast Amazon Over Threats Against Signal (lien direct) |
Secure-messaging firm Signal was told by Amazon not to use its AWS servers for domain-fronting, a technique used to enable communications in countries such as Egypt, Oman, Qatar and UAE where the service is banned. |
|
|
|
|
2018-05-03 10:00:04 |
Boutique Shops Offering Rewards Points Pop Up on the Dark Web (lien direct) |
These small specialty shops make rewards-point abuse more accessible to fraudsters by offering credentials for direct account access. |
|
|
|
|
2018-05-02 20:13:03 |
Hacktivists, Tech Giants Protest Georgia\'s \'Hack-Back\' Bill (lien direct) |
Google, Microsoft, security researchers and hacking groups have lined up to protest the bill, which would criminalize unauthorized computer access. |
|
|
|
|
2018-05-02 16:07:05 |
Facebook Introduces \'Clear History\' Option Amid Data Scandal (lien direct) |
Facebook hopes to improve data privacy with a new feature letting users flush their history so that it is cleared from their account. |
|
|
|
|
2018-05-02 14:13:00 |
Schneider Electric Patches Critical RCE Vulnerability (lien direct) |
Researchers found a critical remote code execution vulnerability afflicting two Schneider Electric products that could give attackers to disrupt or shut down plant operations.
|
|
|
|
|
2018-05-01 21:21:01 |
Millions of Home Fiber Routers Vulnerable to Complete Takeover (lien direct) |
Exploitation can result in hackers gaining access to full browsing histories and all of the user's internet activities. |
|
|
|
|
2018-05-01 20:55:00 |
Samples of SiliVaccine Offer Rare Peek Inside North Korea\'s Antivirus Software (lien direct) |
Samples of North Korean antivirus software called SiliVaccine crib software code from a competitor and come loaded with malware and a backdoor. |
|
|
|
|
2018-05-01 20:19:04 |
Volkswagen Cars Open To Remote Hacking, Researchers Warn (lien direct) |
Vulnerable in-vehicle infotainment systems have left some Volkswagen cars open to remote hacking, researchers warn. |
|
|
|
|
2018-05-01 14:53:04 |
Tens of Thousands of Malicious Apps Using Facebook APIs (lien direct) |
The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls. |
|
|
|
|
2018-04-30 20:52:05 |
USB Sticks Can Trigger BSOD – Even on a Locked Device (lien direct) |
Thanks to auto-play, it's possible to crash Windows systems by simply inserting the drive into the USB port, no further user interaction necessary. |
|
|
|
|
2018-04-30 20:43:01 |
KRACK Vulnerability Puts Medical Devices At Risk (lien direct) |
A slew of products from medical dispensing company BD are susceptible to the KRACK vulnerability disclosed last fall. |
|
|
|
|
2018-04-30 18:20:04 |
Updated GravityRAT Malware Adds Advanced AV Detection (lien direct) |
Researchers warn that the code behind this remote access trojan has been tweaked in an attempt to decrease antivirus detection. |
|
|
|
|
2018-04-30 15:49:05 |
NIST Updates Cybersecurity Framework to Tackle Supply Chain Threats, Vulnerability Disclosure and More (lien direct) |
Version 1.1 includes updates on authentication and identity, self-assessment, supply-chain security and vulnerability disclosure, among other changes. |
|
|
|
|
2018-04-30 15:02:01 |
Twitter Sold Data To Cambridge Analytica-Linked Company (lien direct) |
Twitter is the latest company to face backlash for how it handles data privacy after disclosing that it sold data access to a Cambridge Analytica-linked researcher. |
|
|
|
|
2018-04-27 19:41:03 |
SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies (lien direct) |
The gang behind the Atlanta city shutdown and other attacks is selecting victims carefully and offering volume discounts to unlock whole organizations. |
|
|
|