Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-11-06 16:15:39 |
Cisco Patches DoS Flaw in BGP over Ethernet VPN Implementation (lien direct) |
Cisco has updated its IOS XE software to address a denial of service vulnerability in its implementation of BGP over an Ethernet VPN. |
|
|
|
|
2017-11-06 14:45:47 |
1M Downloads Later, Google Pulls Phony WhatsApp From Google Play (lien direct) |
An adware-laden phony WhatsApp download has been removed from Google Play and the developer's account suspended, but not before it was downloaded one million times. |
|
|
|
|
2017-11-06 13:00:06 |
Data Pours from Cloud-And \'The Enemy is Us\' (lien direct) |
Enterprises are grappling with widespread incidents of misconfigured servers leaking sensitive data to the public internet. |
|
|
|
|
2017-11-04 11:00:48 |
Tor Browser Users Urged to Patch Critical \'TorMoil\' Vulnerability (lien direct) |
The Tor Project released a patch for a vulnerability that leaks the real IP addresses of macOS and Linux users of its Tor Browser. |
|
|
|
|
2017-11-03 18:59:45 |
Poisoned Search Results Deliver Banking Malware (lien direct) |
Zeus Panda, a banking Trojan designed to steal credentials, is being distributed via poisoned Google search results. |
|
|
|
|
2017-11-03 16:30:32 |
Threatpost News Wrap Podcast for Nov. 3 (lien direct) |
Threatpost editors Mike Mimoso and Tom Spring discuss the week's top information security news stories. |
|
|
|
|
2017-11-03 15:00:18 |
Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions (lien direct) |
Siemens has fixed a remotely executable vulnerability in some versions of its SIMATIC PCS 7 distributed control system, and said that it is working on a fix for remaining affected versions. |
|
|
|
|
2017-11-02 18:01:48 |
Taking HTTPS Denial to an Absurd Level (lien direct) |
Researcher Troy Hunt discovers as far as the internet has come in adopting HTTPS, it still has a ways to go. |
|
|
|
|
2017-11-02 17:35:39 |
Chain of 11 Bugs Takes Down Galaxy S8 at Mobile Pwn2Own (lien direct) |
Researchers from MWR Labs used 11 vulnerabilities across six different mobile applications to execute code on a Samsung Galaxy S8 at Mobile Pwn2Own. |
|
|
|
|
2017-11-02 13:44:27 |
Devilish ONI Attacks in Japan Use Wiper to Cover Tracks (lien direct) |
The ONI ransomware attacks targeting organizations in Japan are also dropping wiper malware which is being used to delete logs and cover the attackers' tracks. |
|
|
|
|
2017-11-01 18:35:18 |
WordPress Delivers Second Patch For SQL Injection Bug (lien direct) |
A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL-injection attack. |
|
|
|
|
2017-11-01 16:24:52 |
Silence Gang Borrows From Carbanak To Steal From Banks (lien direct) |
A cybercrime outfit stealing from as many as 10 banks in Russia, Armenia and Malaysia has borrowed heavily from one of the kingpins in this realm, Carbanak. |
|
|
|
|
2017-10-31 21:37:50 |
Popular \'Circle with Disney\' Parental Control System Riddled With 23 Vulnerabilities (lien direct) |
A popular parental monitoring system, called Circle with Disney, receives 23 patches for a wide range of serious vulnerabilities. |
|
|
|
|
2017-10-31 19:12:18 |
Apple Patches KRACK Vulnerability in iOS 11.1 (lien direct) |
Apple has patched the KRACK vulnerability in iOS and elsewhere in its product line, closing a key re-installation vulnerability in the WPA2 protocol implemented used by its software. |
|
|
|
|
2017-10-31 18:15:12 |
Firefox Bolsters Privacy, Pulls Plug on Browser Canvas Fingerprinting (lien direct) |
Firefox is to stop using the privacy-busting canvas-based browser fingerprinting that allows websites to track users' online activities. |
|
|
|
|
2017-10-31 16:48:37 |
Emergency Oracle Patch Closes Bug Rated 10 in Severity (lien direct) |
Oracle released an emergency patch for a remote code execution vulnerability in Oracle Identity Manager rated a 10 out of 10 in severity. |
|
|
|
|
2017-10-30 21:11:01 |
Google\'s reCaptcha Cracked Again (lien direct) |
Google's reCaptcha service has been cracked by researchers who devised an automated attack called unCaptcha that can break the service with 85 percent accuracy. |
|
|
|
|
2017-10-30 20:39:30 |
Flaw in Google Bug Tracker Exposed Reports About Unpatched Vulnerabilities (lien direct) |
Google's Issue Tracker contained until recently a vulnerability that would allow an external party access to any unpatched bug listed and described in the database. |
|
|
|
|
2017-10-30 18:17:50 |
Google to Ditch Public Key Pinning in Chrome (lien direct) |
Google says upcoming version of Chrome will deprecate the browser's support for HTTP public key pinning. |
|
|
|
|
2017-10-30 17:45:13 |
Malicious Chrome Extension Steals Data Posted to Any Website (lien direct) |
A malicious Google Chrome extension being spread in phishing emails steals any data posted online by victims. |
|
|
|
|
2017-10-28 11:00:08 |
Apache OpenOffice Update Patches Four Vulnerabilities (lien direct) |
Apache OpenOffice patches four vulnerabilities tied its suite of free office applications impacting it word processing and graphics applications. |
|
|
|
|
2017-10-27 16:28:13 |
Google Patches \'High Severity\' Browser Bug (lien direct) |
Google began pushing out updates to its desktop browser Friday with a patch that repairs a stack-based buffer overflow vulnerability. |
|
|
|
|
2017-10-27 16:23:26 |
Rockwell Automation Patches Wireless Access Point against Krack (lien direct) |
Rockwell Automation has patched its Stratix wireless access point against the KRACK vulnerability, joining a growing list of vendors in the commercial and industrial controls spaces moving quickly to reduce their exposure. |
|
|
|
|
2017-10-27 12:00:32 |
Slack Plugs \'Severe\' SAML User Authentication Hole (lien direct) |
Cloud-based communications platform Slack finished patching a severe security hole Thursday affecting portions of its platform that used Security Assertion Markup Language for user authentication. |
|
|
|
|
2017-10-26 17:53:40 |
EternalRomance Exploit Found in Bad Rabbit Ransomware (lien direct) |
Researchers at Cisco found a modified version of the leaked NSA exploit EternalRomance in this week's Bad Rabbit attack. |
|
|
|
|
2017-10-26 17:51:20 |
Ursnif Banking Trojan Spreading In Japan (lien direct) |
Threat actors behind the pervasive banking Trojan Ursnif made Japan one of their number one targets with fresh waves malspam attacks spotted last month. |
|
|
|
|
2017-10-26 12:00:43 |
Two Critical Vulnerabilities Found In Inmarsat\'s SATCOM Systems (lien direct) |
Global satellite telecommunications company Inmarsat is warning customers of two critical vulnerabilities that could allow attackers to infiltrate a ship's on-board computer system. |
|
|
|
|
2017-10-25 18:33:18 |
Hackers Prepping IOTroop Botnet with Exploits (lien direct) |
Researchers warn that hackers have weaponized a vulnerability that could be used in an IOTroop (or Reaper) attack, bringing the likelihood of an attack one step closer. |
Cloud
|
APT 37
|
|
|
2017-10-25 18:03:40 |
Bad Rabbit Linked to ExPetr/Not Petya Attacks (lien direct) |
Researchers have linked the Bad Rabbit ransomware attack to this summer's ExPetr/Not Petya outbreak. |
|
|
|
|
2017-10-25 12:28:31 |
Malvertising Campaign Redirects Browsers To Terror Exploit Kit (lien direct) |
Hackers behind the Terror exploit kit ramp up distribution via a two-month long malvertising campaign. |
|
|
|
|
2017-10-24 19:37:20 |
BadRabbit Ransomware Attacks Hitting Russia, Ukraine (lien direct) |
A ransomware attack called BadRabbit has put a halt to business inside a handful of Russian and Ukrainian businesses. |
|
|
|
|
2017-10-24 18:23:09 |
Whois Maintainer Accidentally Makes Password Hashes Available For Download (lien direct) |
Whois maintainer for Asia Pacific notifies customers of an error where hashed authentication details for were inadvertently available for download. |
|
|
|
|
2017-10-24 16:44:05 |
DUHK Attack Exposes Gaps in FIPS Certification (lien direct) |
The DUHK Attack leverages a 20-year-old random number generator flaw to recover private keys. More pertinent, researchers said, is that the flaw exposes gaps in the FIPS certification process. |
|
|
|
|
2017-10-23 17:00:41 |
Latest Sofacy Campaign Targeting Security Researchers (lien direct) |
Sofacy has been using a lure document connected to a cyber conflict conference to target researchers and others interested in cybersecurity. |
|
|
|
|
2017-10-23 14:52:02 |
DHS Alert on Dragonfly APT Contains IOCs, Rules Likely to Trigger False Positives (lien direct) |
A joint Technical Alert, TA17–293A, describing the activities of a Russian APT may contain signatures and rules likely to trigger false positives in some security systems. |
|
|
|
|
2017-10-21 14:00:04 |
New Magniber Ransomware Targets South Korea, Asia Pacific (lien direct) |
Researchers identified a new ransomware family called Magniber that uniquely only targets users in South Korea and the Asia Pacific regions. |
|
|
|
|
2017-10-20 18:17:27 |
\'IOTroop\' Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher (lien direct) |
Malware dubbed IOTroop that researchers say is "worse than Mirai" has already infected one million businesses worldwide. |
|
|
|
|
2017-10-20 16:05:12 |
Necurs-Based DDE Attacks Now Spreading Locky Ransomware (lien direct) |
Researchers have spotted Locky ransomware infections emanating from the Necurs botnet via Word attachments using a DDE technique that Microsoft says is an Office feature and does not merit a security patch. |
|
|
|
|
2017-10-20 14:15:38 |
Threatpost News Wrap, Oct. 20, 2017 (lien direct) |
This week's Threatpost News Wrap Podcast recaps the ROCA, KRACK and Boundhook attacks, as well as the release of Google Advanced Protection for Gmail. |
|
|
|
|
2017-10-20 11:00:59 |
Cisco Warns 69 Products Impacted by KRACK (lien direct) |
Cisco patched a critical bug in its Cloud Services Platform 2100 hardware and at the same time told customers 96 of its products are vulnerable to KRACK vulnerabilities. |
|
|
|
|
2017-10-19 19:26:44 |
Google Play Bounty Promises $1,000 Rewards for Flaws in Popular Apps (lien direct) |
Google announced a public bug bounty for Google Play that brings developers and researchers together to find and patch flaws in popular apps. |
|
|
|
|
2017-10-19 18:26:42 |
Hackers Take Aim at SSH Keys in New Attacks (lien direct) |
SSH private keys are being targeted by hackers who have stepped up the scanning of thousands of WordPress website in search of private keys. |
|
|
|
|
2017-10-19 13:51:21 |
Google Advanced Protection Trades Ease-of-Use for Security (lien direct) |
Experts applaud a new Google service, Advanced Protection, which beefs up account password protection and limits access to a user's Gmail and Drive. |
|
|
|
|
2017-10-18 20:08:46 |
FBI Asks Businesses to Share Details About DDoS Attacks (lien direct) |
The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents. |
|
|
|
|
2017-10-18 17:37:57 |
BoundHook Attack Exploits Intel Skylake MPX Feature (lien direct) |
A new attack method takes advantage a feature in Intel's Skylake microprocessor allowing for post-intrusion application hooking and stealth manipulation of applications. |
|
|
|
|
2017-10-18 13:51:04 |
Critical Code Execution Flaw Patched in PeopleSoft Core Engine (lien direct) |
Organizations running PeopleSoft exposed to the internet should pay attention to a remote code execution vulnerability patched in the latest Oracle Critical Patch Update. |
|
|
|
|
2017-10-17 22:13:09 |
Oracle Patches 250 Bugs in Quarterly Critical Patch Update (lien direct) |
Three critical SQL injection vulnerabilities in Oracle's popular E-Business Suite make up a part of 250 bugs patched for the company's quarterly Critical Patch Update, |
|
|
|
|
2017-10-17 13:00:10 |
Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones (lien direct) |
Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices. |
|
|
|
|
2017-10-16 18:05:51 |
Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible (lien direct) |
A flawed Infineon Technology chipset left HP, Lenovo and Microsoft devices open to what is called a 'practical factorization attack,' in which an attacker computes the private part of an RSA key. |
|
|
|
|
2017-10-16 15:46:13 |
Adobe Patches Flash Zero Day Exploited by Black Oasis APT (lien direct) |
Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group called Black Oasis. |
|
|
|