What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-05-10 11:00:51 | Yahoo Releases Second Wave of Unsealed FISC Documents (lien direct) | Yahoo releases a second wave of unsealed documents tied to its battle with the secret Foreign Intelligence Surveillance Court. | Yahoo | ||
|
2016-05-09 18:34:46 | Police Allege SWIFT Technicians Left Bangladesh Bank Vulnerable (lien direct) | Police in Bangladesh this week alleged that technicians associated with the financial network SWIFT introduced vulnerabilities which made it easier for hackers to infiltrate the systems of Bangladesh Bank. | |||
|
2016-05-09 16:21:18 | Twitter Turns Off Fire Hose For Intelligence Community (lien direct) | Twitter has asked its business partner Dataminr to no longer provide it services to the U.S. intelligence community. | |||
|
2016-05-07 13:52:06 | Old Exploits Die Hard, Says Microsoft Report (lien direct) | Microsoft's twice-annual SIR bellwether security report highlights malware, fraudulent login attempts and the staying power of really old software bugs. | ★★★★ | ||
|
2016-05-06 15:45:32 | Threatpost News Wrap, May 6, 2016 (lien direct) | Mike Mimoso, Chris Brook, and Tom Spring, discuss the week in news, including a first hand account of an online casino getting hit by ransomware, Brazil shutting down WhatsApp, and attackers mining an ADP portal for W-2s. | |||
|
2016-05-06 13:00:47 | New Security Flaw Found in Lenovo Solution Center Software (lien direct) | Security researchers at Trustwave SpiderLabs have discovered a new vulnerability in Lenovo's much maligned Lenovo Solution Center software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code. | |||
|
2016-05-05 19:45:11 | Criminals Peddling Affordable AlphaLocker Ransomware (lien direct) | A relatively affordable and difficult to detect ransomware-as-a-service named AlphaLocker has begun making the rounds, researchers warn. | |||
|
2016-05-05 15:22:59 | Diary of a Ransomware Victim (lien direct) | A major online casino ran headfirst into a ransomware infection, and learned some lessons the hard way about how simple mistakes that can lead to complicated problems. | Guideline | ||
|
2016-05-05 12:00:19 | Five-Year-Old Android Flaw Exposes SMS, Call History (lien direct) | A five-year-old privilege escalation vulnerability in Android disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. | |||
|
2016-05-04 21:17:04 | Cisco Patches Critical Telepresence Vulnerability (lien direct) | Cisco alerted customers three vulnerabilities, one critical and two high, along with patches to fix them. | |||
|
2016-05-04 19:02:23 | Apple Updates Xcode’s Git Implementation (lien direct) | Apple has updated its Xcode development environment, patching two vulnerabilities in its implementation of git. | |||
|
2016-05-04 16:17:05 | Public Exploits Available for ImageMagick Vulnerabilities (lien direct) | Public exploits are available for critical ImageMagick vulnerabilities, increasing the risk to websites that use the open source image-processing software. | |||
|
2016-05-04 16:15:18 | 10-Year-Old Instagram Bug Hunter Earns $10,000 (lien direct) | Facebook says a 10-year-old is the youngest ever to earn a bug bounty for reporting Instagram API bug. | |||
|
2016-05-03 20:55:29 | Brazilian Judge Orders 72-Hour WhatsApp Suspension (lien direct) | A judge in Brazil has again demanded that phone companies there block the popular messaging app WhatsApp from operating for 72 hours. | |||
|
2016-05-03 18:01:03 | Linux Foundation Badge Program to Boost Open Source Security (lien direct) | A new CII Best Practices Badge program will help companies, interested in adopting open source technologies evaluate projects based on security, quality and stability. | |||
|
2016-05-03 15:36:52 | FreedomPop Account Hijacking Flaws Remain Unpatched (lien direct) | A serious vulnerability in mobile provider FreedomPop has yet to be patched and can be leveraged with online banking flaws to put customer accounts at risk. | ★★★★ | ||
|
2016-05-03 12:14:59 | Nano Server Added to Microsoft Bug Bounty Program (lien direct) | Microsoft expands bug bounty program adding Windows Server 2016 Nano Server payouts between $500 and $15,000. | |||
|
2016-05-02 21:14:14 | FBI Reaffirms Stance Not to Pay Ransomware Attackers (lien direct) | An FBI warning urges organizations to be vigilant about ransomware, and reaffirmed its position that companies should not pay ransoms to recover their files. | |||
|
2016-05-02 18:00:59 | Google Patches More Trouble in Mediaserver (lien direct) | Google's monthly patch release has a new name, and a slew of old bugs in Mediaserver. | |||
|
2016-04-30 11:25:42 | Slack Plugs Token Security Hole (lien direct) | Slack fixes a security loophole that opened hundreds of corporate Slack accounts to the public. | |||
|
2016-04-29 15:50:03 | Major Campaigns Spreading CryptXXX Ransomware Via Exploit Kits (lien direct) | Attackers behind a campaign distributing Locky ransomware via the Nuclear Exploit Kit have switched to distributing CryptXXX using the feature-laden Angler Exploit Kit. | |||
|
2016-04-28 20:12:37 | Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle (lien direct) | In a vote of 419-0, the U.S. House of Representatives passed the Email Privacy Act on Wednesday that would require the government to obtain a warrant in order to access digital communications stored in the cloud. | |||
|
2016-04-28 17:12:29 | Scourge of Android Overlay Malware on Rise (lien direct) | The black market for malicious Android software is heating up thanks to a rise in popularity of overlay malware. | ★★ | ||
|
2016-04-28 14:44:58 | Office 365 Vulnerability Exposed Any Federated Account (lien direct) | Microsoft in January patched a severe Office 365 vulnerability that exposed accounts whose domains were configured as federated. | |||
|
2016-04-27 16:49:26 | Firefox 46 Patches Critical Memory Vulnerabilities (lien direct) | Mozilla released Firefox 46, which includes patches for one critical and four high-severity vulnerabilities, all of which can lead to remote code execution. | Guideline | ★★★ | |
|
2016-04-27 14:28:22 | Platinum APT Group Abuses Windows Hotpatching (lien direct) | Microsoft disclosed details on the Platinum APT group and its arsenal of backdoors, keyloggers and its abuse of Windows hotpatching to load malicious code on compromised computers. | |||
|
2016-04-26 18:16:04 | Verizon DBIR Top Threats: Credential Theft, Phishing and PoS (lien direct) | Most alarming is not what's new in Verizon's 2016 Data Breach Investigations Report, rather what's old and still causing chaos behind corporate firewalls. | |||
|
2016-04-26 15:33:42 | New Decryptor Unlocks CryptXXX Ransomware (lien direct) | Researchers at Kaspersky Lab today published a decryptor that recovers files encrypted by the CryptXXX ransomware. | |||
|
2016-04-25 18:35:49 | Attackers Behind GozNym Trojan Set Sights on Europe (lien direct) | The banking malware GozNym has spread into Europe and begun plaguing banking customers in Poland with redirection attacks, IBM said. | ★★ | ||
|
2016-04-25 16:03:32 | Bangladesh Bank Hackers Accessed SWIFT System to Steal, Cover Tracks (lien direct) | Hackers behind the $81 million heist in February at Bangladesh Bank used a malware toolkit to access the financial institution's SWIFT payment system | |||
|
2016-04-22 17:55:50 | Experts Weigh-In Over FBI $1.3 Million iPhone Zero-Day Payout (lien direct) | Was the Federal Bureau of Investigation justified in paying over $1.3 million for a hacking tool that opened the iPhone 5c of San Bernardino terrorist? | |||
|
2016-04-22 14:21:53 | Threatpost News Wrap, April 22, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including BlackBerry CEO's stance on lawful access principles, the FBI/Apple hearing, Viber adding end-to-end crypto, Teslacrypt, and more. | Tesla | ||
|
2016-04-22 00:38:21 | Core Windows Utility Can Be Used to Bypass AppLocker (lien direct) | A researcher has discovered that Windows' Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker's whitelisting protections. | |||
|
2016-04-21 19:31:27 | PoS Attacks Net Crooks 20 Million Stolen Bank Cards (lien direct) | A report released Thursday shines a bright light on point-of-sales system attack targeting hospitality and retail businesses that could of given earned cyber crooks a $400 million payday. | |||
|
2016-04-21 16:22:25 | Cisco Patches Denial-of-Service Flaws Across Three Products (lien direct) | Cisco released software updates to address five separate denial of service vulnerabilities, all which the company considers either high or critical severity, across its product line this week. | |||
|
2016-04-21 13:00:52 | Misunderstanding Indicators of Compromise (lien direct) | In this Threatpost op-ed, Dave Dittrich and Katherine Carpenter explain the dangers of conflating measurable events, or observables, with indicators of compromise, which require context and other constructs to provide true threat intelligence. | |||
|
2016-04-20 21:17:16 | Viber Heats Up Cypto Debate: Adds Encryption to 711 Million Users (lien direct) | Messaging platform firm Viber is adding end-to-end encryption to 711 million of its users, becoming the latest tech firm to embrace encryption on a massive scale. | |||
|
2016-04-20 17:26:03 | Oracle Fixes 136 Vulnerabilities With April Critical Patch Update (lien direct) | Oracle fixed 136 vulnerabilities across 46 different products this week as part of its regularly scheduled Critical Patch Update. | |||
|
2016-04-20 12:00:35 | Generic Ransomware Detection Comes to OS X (lien direct) | Researcher Patrick Wardle has developed a utility called RansomWhere? that he released today that he says does generic ransomware detection on OS X. | |||
|
2016-04-19 20:12:52 | Apple and FBI Faceoff at House Encryption Hearing (lien direct) | Apple and the FBI vow to work together to find compromise solution in encryption debate. | |||
|
2016-04-19 16:32:37 | Android Security Report: 29 Percent of Active Devices Not Up To Patch Levels (lien direct) | Google released its annual Android Security Report, a state of the union on the Android ecosystem. | |||
|
2016-04-19 13:30:34 | Range of Mousejack Attack More Than Doubles (lien direct) | Researchers at Bastille said they've more than doubled the range with which an attacker can exploit the Mousejack vulnerability. | |||
|
2016-04-19 11:00:14 | APT Targeting Tibetans Packs Four Vulnerabilities in One Compromise (lien direct) | Tibetans along with journalists and human rights workers in Hong Kong and Taiwan have been targeted in campaigns using phishing emails laced with Microsoft RTF attachments that exploit four vulnerabilities. | |||
|
2016-04-18 19:51:30 | New MIT Scanner Finds Web App Flaws in a Minute (lien direct) | A Berkeley postdoctoral researcher and former MIT student will soon unveil Space, a static-analysis web-application security tool that can find vulnerabilities in a minute. | |||
|
2016-04-18 16:11:47 | Google Aims For Transparency With New Chrome Web Store Policies (lien direct) | Google put app developers on notice last week, urging them to comply with a new set of privacy policies designed to better promote transparency it plans on enforcing this summer. | |||
|
2016-04-15 19:22:02 | Microsoft Wins Widespread Support in Privacy Clash With Government (lien direct) | Privacy advocates are cheering Microsoft's lawsuit against the US government over data requests. | |||
|
2016-04-15 17:52:51 | VMware Patches Critical Session-Handling Vulnerability (lien direct) | VMware fixed a critical vulnerability in one of its products this week that could've led to a man in a middle attack if exploited by an attacker. | |||
|
2016-04-15 15:31:03 | Short URLs a Big Problem for Cloud Collaboration, Stored Data (lien direct) | A newly published research paper exposes weaknesses in short URLs used by cloud-based services such as OneDrive that put supposedly private data at risk. | |||
|
2016-04-15 15:08:12 | Threatpost News Wrap, April 15, 2016 (lien direct) | Mike Mimoso and Chris Brook recap the news of the week, including the Badlock bust, encryption legislation, and cryptoworm ransomware. Mike also discusses last week's Infiltrate Con. | |||
|
2016-04-15 12:00:12 | The Time Has Come to Hack the Planet (lien direct) | In this Threatpost Op-Ed, Katie Moussouris explains the significance of the newly free availability of ISO Standard 29147 Vulnerability disclosure, and why it keeps an important dialogue open between hackers and industry. |
To see everything:
Our RSS (filtrered)
