What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-03-03 17:49:02 | (Déjà vu) HackerOne Offers Open Source Projects Free Access to Platform (lien direct) | HackerOne announced a free version of its platform for open source projects. | |||
|
2017-03-03 16:00:06 | Threatpost News Wrap, March 3, 2017 (lien direct) | The news of the week is recapped, including the fallout around CloudBleed, the CloudPets breach, and a Slack token bug. The life of Howard Schmidt is also remembered. | |||
|
2017-03-03 13:00:25 | Howard Schmidt\'s Legacy of Service Remembered (lien direct) | Howard Schmidt, top cybersecurity advisor to two U.S. presidents, died on Thursday at the age of 67. | |||
|
2017-03-02 20:27:40 | Cisco Warns of High Severity Bug in NetFlow Appliance (lien direct) | Cisco is warning of a flaw that creates conditions susceptible to a DoS attack in its NetFlow Generation Appliance. | |||
|
2017-03-02 18:03:29 | 132 Google Play Apps Booted For Malicious IFrames (lien direct) | Google removed 132 apps infected with malicious iFrames from its Google Play store. | |||
|
2017-03-02 16:34:51 | Keys for Dharma Ransomware Released (lien direct) | Decryption keys for the Dharma strain of ransomware have been released. | |||
|
2017-03-02 16:25:50 | Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum (lien direct) | Cloudflare said it could not find evidence of malicious exploitation of the Cloudbleed vulnerability, even though the bug was triggered 1.2 million times. | |||
|
2017-03-02 14:55:49 | Yahoo Tells SEC Executives Failed to Act on Breach (lien direct) | Yahoo said in its latest SEC filing that executives and legal reps failed to act sufficiently on the information they had about breaches that exposed more than 1 billion account records. | Yahoo | ||
|
2017-03-02 12:00:35 | Google reCaptcha Bypass Technique Uses Google\'s Own Tools (lien direct) | A proof of concept bypass of Google's CAPTCHA verification system uses Google's own web-based tools to pull off the skirting of the system. | |||
|
2017-03-01 20:40:13 | CloudPets Notifies California AG of Data Breach (lien direct) | Spiral Toys has filed a breach notification with the California Attorney General's office informing them of the CloudPets data breach. | |||
|
2017-03-01 19:58:38 | Slack Fixes Cross-Origin Token Theft Bug (lien direct) | The cloud-based collaboration tool Slack was quick to fix a bug earlier this month that could have let an attacker steal a user's private Slack token. | |||
|
2017-03-01 16:47:18 | Robots Rife With Cybersecurity Holes (lien direct) | IOActive Labs released a report Wednesday warning that consumer, industrial, and service robots in use today have serious security vulnerabilities. | |||
|
2017-03-01 12:00:31 | Million-Plus WordPress Sites Exposed by Vulnerable Plugin (lien direct) | The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe†SQL injection vulnerability that put website databases at risk. | |||
|
2017-02-28 21:59:58 | Siemens RUGGEDCOM NMS Equipment Vulnerable to CSRF, XSS (lien direct) | Siemens line RUGGEDCOM NMS products suffers from vulnerabilities that could allow an attacker to perform administrative actions. | |||
|
2017-02-28 20:17:38 | Dridex Trojan Gets A Major \'AtomBombing\' Update (lien direct) | Dridex has undergone a massive update and now sports a new injection method for evading detection based on the technique known as AtomBombing. | |||
|
2017-02-28 18:44:21 | Unpatched SMB Zero Day Easily Exploitable (lien direct) | Researchers claim the unpatched SMB zero day that affects Windows can be exploited a number of ways. | |||
|
2017-02-28 17:22:29 | Children\'s Voice Messages Leaked in CloudPets Database Breach (lien direct) | Voice messages from children sent through an internet-connected toy called CloudPets were stolen from an exposed MongoDB database, which has been wiped clean and the data held for ransom. | |||
|
2017-02-28 15:21:10 | Torvalds Downplays SHA-1 Threat to Git (lien direct) | The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm. | |||
|
2017-02-27 20:48:04 | Boeing Notifies 36,000 Employees Following Breach (lien direct) | A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse. | |||
|
2017-02-27 18:50:30 | Google Discloses Another \'High Severity\' Microsoft Bug (lien direct) | Google's security researchers disclosed details of an unpatched Microsoft vulnerability in its Edge and Internet Explorer browsers. | |||
|
2017-02-27 15:15:16 | Katie Moussouris on Bug Bounty Programs, Hack the Army, and Wassenaar (lien direct) | Katie Moussouris on how bug bounty programs have gone mainstream, the success of Hack the Pentagon and Hack the Army, and where things stand with the Wassenaar Arrangement. | |||
|
2017-02-27 14:19:38 | Google Releases E2EMail to Open Source (lien direct) | Google's E2EMail Chrome extension brings OpenPGP encryption to Gmail users. | |||
|
2017-02-27 12:00:06 | Necurs Botnet Learns New DDoS Trick (lien direct) | Researchers say Necurs malware has been updated with a module that adds SOCKS/HTTP proxy and DDOS capabilities to this malware. | |||
|
2017-02-24 22:06:29 | Researchers Uncover New Leads Behind Shamoon2 (lien direct) | Researchers from Arbor Networks' Security Engineering and Response Team (ASERT) say they have unearthed fresh leads on the tools and techniques used in the most recent wave of Shamoon attacks. | Guideline | ||
|
2017-02-24 15:48:39 | Cloudflare Bug Leaks Sensitive Data (lien direct) | Cloudflare has fixed an issue where its customer traffic was leaking memory that included sensitive information including authentication cookies, POST data and more. | ★★★ | ||
|
2017-02-23 21:37:21 | Policy Experts Push To Make Vulnerability Equities Process Law (lien direct) | By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure. | |||
|
2017-02-23 18:17:34 | First Practical SHA-1 Collision Attack Arrives (lien direct) | Researchers unveiled the first-ever practical collision attack the cryptographic hash function SHA-1. | |||
|
2017-02-23 16:11:43 | Impact of New Linux Kernel DCCP Vulnerability Limited (lien direct) | Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks. | |||
|
2017-02-23 14:19:15 | Java, Python FTP Injection Attacks Bypass Firewalls (lien direct) | Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. | |||
|
2017-02-23 13:00:41 | Publicly Disclosed Windows Vulnerabilities Await Patches (lien direct) | Microsoft's delayed release of its February security bulletins leaves users exposed to a pair of already publicly disclosed vulnerabilities. | |||
|
2017-02-22 21:46:48 | Criminals Monetizing Attacks Against Unpatched WordPress Sites (lien direct) | Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit. | |||
|
2017-02-22 18:44:42 | Google Upspin Secure File-Sharing Released to Open Source (lien direct) | New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user. | |||
|
2017-02-22 18:41:06 | Intermediate CA Caching Could Be Used to Fingerprint Firefox Users (lien direct) | The way Firefox caches intermediate CA certificates could allow for the fingerprinting of users and the leakage of browsing details, a researcher warns. | |||
|
2017-02-21 21:08:34 | Data Stealing Malware TeamSpy Resurfaces in Spam Campaign (lien direct) | After a nearly four-year respite, the data-stealing TeamSpy malware has resurfaced in a spam campaign. | |||
|
2017-02-21 21:02:20 | OpenSSL Update Fixes High-Severity DoS Vulnerability (lien direct) | US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e. | |||
|
2017-02-21 18:02:46 | Google Discloses Unpatched Microsoft Vulnerability (lien direct) | Google Project Zero researchers are warning of an unpatched Microsoft vulnerability in the Windows' GDI library that allows attackers to steal sensitive data from program memory. | |||
|
2017-02-21 16:00:56 | Rook Security on Online Extortion (lien direct) | Mat Gangwer, CTO, and Tom Gorup, Security Operations Lead, at Rook Security talk to Mike Mimoso about the aggressive rise in online extortion and how it threatens not only data but physical safety. | Guideline | ||
|
2017-02-21 15:51:04 | Windows Botnet Spreading Mirai Variant (lien direct) | A Windows-based botnet is spreading a Mirai variant that is also capable of spreading to Linux systems under certain conditions, Kaspersky Lab researchers said. | |||
|
2017-02-17 17:30:50 | Squirrels, Not Hackers, Pose Biggest Threat to Electric Grid (lien direct) | According to Marcus Sachs, CSO with the North American Electric Reliability Corporation, doomsday fears of a cyberattack against the U.S. electric grid are overblown. | |||
|
2017-02-17 15:00:54 | SMTP Strict Transport Security Coming Soon to Gmail, Other Webmail Providers (lien direct) | SMTP Strict Transport Security is coming to major webmail providers this year, a Google engineer said at RSA Conference | |||
|
2017-02-16 18:50:57 | Divide Between Work, Personal Data on Android Breached (lien direct) | Researchers demonstrate how malicious apps can break into secure Android work containers on EMM managed phones. | |||
|
2017-02-16 14:00:58 | Cris Thomas on Cyberwar Rhetoric (lien direct) | Cris Thomas of Tenable Networks, aka Space Rogue of the L0pht, talks to Mike Mimoso during RSA Conference about the rhetoric and hype surrounding cyberwar, as well as a quick trip down memory lane with the L0pht and its famous 1998 testimony before Congress. | |||
|
2017-02-16 00:30:31 | Setting Expectations Between States on Cyberwar (lien direct) | A RSA Conference panel tackles the difficulty in defining cyberwar. | |||
|
2017-02-15 16:45:43 | Turning Tables on Nigerian Business Email Scammers (lien direct) | Researchers from Dell SecureWorks infiltrated a Nigerian business email spoofing and business email compromise operation, shutting down a number of money mule accounts in the process. | |||
|
2017-02-15 15:50:14 | Google Touts Progress in Android Security in 2016 (lien direct) | Google's Android security director touts 2016 mobile OS security accomplishments from encryption, improved APIs and new developer testing tools at the RSA Conference. | |||
|
2017-02-15 12:00:05 | No Firewalls, No Problem for Google (lien direct) | Google secures its perimeter with explicit trust in what it knows about users and the devices connecting to its corporate services. | |||
|
2017-02-15 01:41:26 | DHS Chairman Paints Bleak US Cybersecurity Picture (lien direct) | The United States is losing on the cyber-battlefield and face a bleak threat landscape, according to DHS chairman Michael McCaul. But, he says, there is still hope to turn things around. | |||
|
2017-02-14 23:36:24 | Schneier Brings Campaign for IoT Regulation to RSA (lien direct) | Citing IoT insecurity, Bruce Schneier called on technologists to get involved with IoT policy at RSA. | |||
|
2017-02-14 20:44:49 | Cryptographers Dismiss AI, Quantum Computing Threats (lien direct) | Cryptographers said at the RSA Conference Tuesday they're skeptical that advances in quantum computing and artificial intelligence will profoundly transform computer security. | |||
|
2017-02-14 16:38:54 | Adobe Patches 13 Code Execution Vulnerabilities in Flash (lien direct) | Adobe patched 13 code execution vulnerabilities in Flash Player today as part of its regular patch update cycle. |
To see everything:
Our RSS (filtrered)
