What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-12-15 15:30:45 | Bug Hunters Prefer Communication Over Compensation (lien direct) | Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure. | |||
|
2016-12-15 15:00:39 | Code Reuse a Peril for Secure Software Development (lien direct) | Open source and third-party software bugs haunt even the best developers' projects, despite the industry's best efforts to avoid them. | |||
|
2016-12-15 00:16:35 | Yahoo Discloses Data From 1 Billion Accounts Stolen in 2013 (lien direct) | Yahoo disclosed today that attackers in 2013 stole data associated with more than 1 billion accounts. CISO Bob Lord said this incident is "distinct" from a 2014 attack in which 500 million accounts were breached. | Yahoo | ||
|
2016-12-14 19:12:06 | Mirai Giving DDoS-as-a-Service Industry a Boost (lien direct) | Activity on a number of Dark Web hacker forums indicates that while people are downloading the Mirai malware source code, they need help setting it up. | |||
|
2016-12-14 18:57:48 | (Déjà vu) Google Discloses Contents of Eight National Security Letters (lien direct) | Google Tuesday disclosed the contents of eight National Security Letters it received between 2010 and 2015, becoming the latest company under reforms afforded by the USA Freedom Act to do so. | |||
|
2016-12-14 18:04:18 | Apple Fixes 97 Vulnerabilities Across macOS, iTunes, Safari, iCloud (lien direct) | Apple released a massive update for macOS Sierra on Tuesday to address 72 vulnerabilities in the operating system. | |||
|
2016-12-14 17:21:25 | Flash Player Bug An Eavesdropper\'s Delight (lien direct) | Details have surfaced on another patched Flash Player flaw that is a potential privacy nightmare. | |||
|
2016-12-14 12:16:07 | Law Enforcement Targets Users of DDoS-For-Hire Services (lien direct) | Law enforcement from more than a dozen countries last week carried out a series of operations designed to crack down on DDoS-for-hire services. | |||
|
2016-12-13 22:42:23 | Zcash Spurs Rash of Malicious Mining Software (lien direct) | Hackers are mining Zcash cryptocurrency surreptitiously on PCs infected with cleverly named programs such as system.exe, taskmngr.exe and svchost.exe. | |||
|
2016-12-13 21:25:38 | Beta Firmware Updates Available for Vulnerable Netgear Routers (lien direct) | Netgear has built beta firmware updates for its Nighthawk routers vulnerable to a command injection attack disclosed last week. | |||
|
2016-12-13 20:27:58 | Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities (lien direct) | Microsoft patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet. | |||
|
2016-12-13 18:00:42 | Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack (lien direct) | As part of Patch Tuesday Adobe patched a zero-day vulnerability in Flash Player the company claims is being used in targeted attacks against Internet Explorer users on Windows. | |||
|
2016-12-13 17:08:22 | KFC Warns 1.2 Million UK Customers of Colonel\'s Club Breach (lien direct) | KFC Corporation warned 1.2 million of its UK-based Colonel's Club members to reset their passwords after 30 members were targeted in an attack. | |||
|
2016-12-13 14:00:02 | Facebook Releases Free Certificate Transparency Monitoring Tool (lien direct) | Facebook makes freely available an internal tool used to monitor CT logs for new TLS certificates issued for a domain. Users can monitor and audit this information for malicious or mistakenly issued certs. | |||
|
2016-12-12 19:30:31 | Netgear Routers Remain Exposed to Critical Flaw (lien direct) | Netgear has confirmed a critical vulnerability in its Nighthawk routers that expose devices to command injection attacks. A public exploit is available. | |||
|
2016-12-12 18:47:14 | Alpha Version of Sandboxed Tor Browser Released (lien direct) | A sandboxed alpha version of the Tor Browser was released over the weekend and while there are still some rough edges and bugs, it could be a step toward protecting Tor users from recent de-anonymization exploits. | |||
|
2016-12-12 15:38:50 | German Industrial Giant Victim of Cyber Espionage (lien direct) | German industrial firm ThyssenKrupp said it's working with authorities to investigate a data breach of unspecified amount of internal data. | |||
|
2016-12-09 17:49:31 | Ransomware Gives Free Decryption Keys to Victims Who Infect Others (lien direct) | Ransomware still under development called Popcorn Time forces victims to either pay the ransom, or try to infect other machines in exchange for the decryption key. | |||
|
2016-12-09 16:00:38 | NYU Students Apply Blockchain Solution to Electronic Voting Security (lien direct) | A team of New York University students architected a permissioned blockchain system called Votebook that could be applied to secure electronic voting. Their solution was the winning entry of the Cybersecurity Case Study Competition sponsored by Kaspersky Lab and The Economist. | |||
|
2016-12-09 14:00:04 | Threatpost News Wrap, December 8, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google's new open source fuzzer. | |||
|
2016-12-09 13:00:39 | Yahoo Mail XSS Bug Worth Another $10K to Researcher (lien direct) | Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties. | Yahoo | ||
|
2016-12-08 18:22:03 | Researchers Question Security in AMD\'s Upcoming Zen Chips (lien direct) | Two German researchers are calling into question the security afforded by AMD's Secure Encrypted Virtualization feature debuting in the chip maker's upcoming Zen server chips. | |||
|
2016-12-08 17:19:35 | OpenVPN to Undergo Cryptographic Audit (lien direct) | Matthew D. Green, PhD, a well-known cryptographer and researcher at Johns Hopkins University, will carry out an audit of OpenVPN. | |||
|
2016-12-08 16:27:43 | New Call to Regulate IoT Security By Design (lien direct) | A D.C. think tank recommends regulations that mandate IoT security by design before attacks infiltrate critical infrastructure, financial and health care organizations. | |||
|
2016-12-08 14:15:57 | Old Linux Kernel Code Execution Bug Patched (lien direct) | A local, race condition vulnerability in the af_packet implementation in Linux was patched this week. The bug allows a local attacker to execute code or crash a server. | |||
|
2016-12-08 13:30:12 | Solar Power Firm Patches Meters Vulnerable to Command Injection Attacks (lien direct) | Locus Energy has patched 100,000 of its residential and commercial power meters that were vulnerable to command injection attacks and code execution. | |||
|
2016-12-07 20:26:16 | Zeus Variant \'Floki Bot\' Targets PoS Data (lien direct) | Researchers have observed an uptick in attacks using the banking malware Floki Bot against U.S., Canadian and Brazilian banks and insurance firms. | |||
|
2016-12-07 19:55:28 | Buffer Overflow in BSD libc Library Patched (lien direct) | The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code. | |||
|
2016-12-07 15:00:42 | Critical Vulnerability Patched in Roundcube Webmail (lien direct) | Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts. | |||
|
2016-12-07 13:00:19 | Hackers Gamify DDoS Attacks With Collaborative Platform (lien direct) | A hacking group is luring participants to use a DDoS platform where they can compete with peers to earn redeemable points exchangeable for hacking tools and click-fraud software. | |||
|
2016-12-06 18:58:56 | Flash Exploit Found in Seven Exploit Kits (lien direct) | An Adobe Flash Player vulnerability used by the Sofacy APT gang was also found in seven of the top exploit kits, according to an analysis by Recorded Future. | |||
|
2016-12-06 18:45:20 | DailyMotion Hack Leaks Emails, Passwords of 87M Users (lien direct) | The video sharing website DailyMotion admitted early Tuesday that it recently suffered an "external security problem" which resulted in the compromise of its users data. | |||
|
2016-12-06 16:24:38 | Sony Closes Backdoors in IP-Enabled Cameras (lien direct) | Backdoors, likely intentional remote administration features, were closed off in 80 different Sony IP-enabled cameras running the IPELA Engine technology. | |||
|
2016-12-05 20:32:51 | Dirty Cow Vulnerability Patched in Android Security Bulletin (lien direct) | Today's Android Security Bulletin included a patch for the Dirty Cow vulnerability, a seven-year-old Linux bug that had yet to be patched by Google. | |||
|
2016-12-05 20:22:19 | Google Debuts Continuous Fuzzer for Open Source Software (lien direct) | A new Google program OSS-Fuzz is aimed at continuously fuzzing open source software and has already detected over 150 bugs. | |||
|
2016-12-05 19:10:38 | Distributed Guessing Attack Reels in Payment Card Data (lien direct) | A research paper describes vulnerabilities enabling distributed guessing attacks which allow an attacker to collect payment card data across a number of sites without triggering alerts. | |||
|
2016-12-05 18:52:33 | New Large-Scale DDoS Attacks Follow Schedule (lien direct) | Researchers are tracking a new wave of DDoS attacks that rival Mirai when it comes to intensity and scope. | |||
|
2016-12-05 14:00:34 | EFF Blasts DEA in Ongoing Secret \'Super Search Engine\' Lawsuit (lien direct) | EFF is dismayed by the cavalier attitude by law enforcement over warrantless searches of trillions of phone records and its refusal to turn over documents. | |||
|
2016-12-02 16:45:07 | Google Fixes 12 High-Severity Flaws In Chrome Browser (lien direct) | Chrome 55.0.2883.75 for Windows, Mac, and Linux was released Thursday and patched 36 vulnerabilities, including 12 high-severity flaws eligible for bounties. | |||
|
2016-12-01 20:17:44 | Rule 41 Opponents Vow to Fight Government\'s New Hacking Powers (lien direct) | Opponents of the controversial Rule 41 say they are committed to fighting the government's expanded powers. | |||
|
2016-12-01 17:00:44 | Mozilla Patches Firefox Zero Day Used to Unmask Tor Browser Users (lien direct) | Mozilla released a new version of Firefox on Wednesday to address a zero day vulnerability that was actively being exploited to de-anonymize Tor Browser users. | |||
|
2016-12-01 10:00:43 | Gooligan Malware Breaches 1 Million Google Accounts (lien direct) | The Gooligan Android malware steals Google authentication tokens from mobile devices to breach user and corporate accounts. | |||
|
2016-11-30 21:10:05 | Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass (lien direct) | Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google's Chrome browser. | |||
|
2016-11-30 17:44:07 | Tor Patched Against Zero Day Under Attack (lien direct) | The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users. | |||
|
2016-11-30 12:00:33 | New Cerber Variant Leverages Tor2Web Proxies, Google Redirects (lien direct) | Researchers have discovered that criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection. | |||
|
2016-11-29 20:40:35 | NetWire RAT Back, Stealing Payment Card Data (lien direct) | Researchers say they spotted the remote access Trojan NetWire stealing payment card data from one organization. | ★★ | ||
|
2016-11-29 19:17:09 | New Mirai Variant Targets Routers, Knocks 900,000 Offline (lien direct) | Attackers are targeting DSL routers this week with what's being called a potent new variant of the Mirai malware that knocked offline major Internet companies like Twitter and Spotify last month. | |||
|
2016-11-28 20:52:57 | PayPal Fixes OAuth Token Leaking Vulnerability (lien direct) | PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. | |||
|
2016-11-28 20:30:04 | Hackers Make New Claim in San Francisco Transit Ransomware Attack (lien direct) | The San Francisco Municipal Transport Agency says it has contained a ransomware attack, but now it faces new unsubstantiated claims by attackers who say they have 30GB of the agency's data. | |||
|
2016-11-23 15:00:16 | Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers (lien direct) | Vulnerabilities in UberCENTRAL, a portal used by businesses to facilitate rides, could have leaked the names, phone numbers, email addresses, and unique IDs. | Uber |
To see everything:
Our RSS (filtrered)
