Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-18 04:01:00 |
Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew (lien direct) |
The source code of malware from the ancient Chinese military-affiliated group appears to have changed hands. |
Malware
|
APT 32
APT 1
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-18 04:00:02 |
MIT invention builds memory walls to protect against Meltdown, Spectre attacks (lien direct) |
The new system could potentially prevent similar memory-based attacks from risking our PCs and global services. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-17 21:39:00 |
Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading (lien direct) |
SEC said engineer figured out on its own that the website he was building was for his own company's security breach. |
|
Equifax
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-17 19:11:00 |
Tumblr discloses vulnerability but says \'no evidence that this bug was abused\' (lien direct) |
Bug hunter finds security flaw in Tumblr's "Recommended Blogs" widget. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-17 15:49:01 |
Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months (lien direct) |
"RID Hijacking" technique lets hackers assign admin rights to guest and other low-level accounts. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-17 09:20:02 |
Rapid7 acquires web app security developer tCell (lien direct) |
The deal is designed to boost Rapid7's Insight platform. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-17 08:37:00 |
Creator of remote access tool LuminosityLink sent behind bars (lien direct) |
The RAT software was a popular choice for cyberattackers. |
Tool
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-17 06:42:00 |
Security flaw in libssh leaves thousands of servers at risk of hijacking (lien direct) |
Vulnerability not as bad as it gets, as most servers use the openssh library to support server-side SSH logins. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-17 05:15:01 |
Oracle patches 301 vulnerabilities, including 46 with a 9.8+ severity rating (lien direct) |
This wasn't Oracle's biggest patch ever. That title goes to the July 2018 CPU. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 21:30:00 |
Chrome 70 released with revamped Google account login system (lien direct) |
Chrome 70 also comes with support for the final version of the TLS 1.3 standard and the AV1 video format. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 18:22:00 |
Google to charge phone vendors for its Android apps in Europe (lien direct) |
If device makers want to ship Android phones with Google apps --and especially the Play Store app-- in Europe, they'll now have to pay a licensing fee. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 14:00:01 |
Zero-days, fileless attacks are now the most dangerous threats to the enterprise (lien direct) |
These attacks cost the average organization millions and SMBs are the worst affected. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 12:46:04 |
Epson reported to Texas AG for bricking third-party ink cartridges (lien direct) |
EFF argues Epson's practice is making users avoid installing firmware updates, leaving millions of printers and companies vulnerable to cyber attacks. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 12:42:04 |
GPU-Z now warns users if they have purchased fake Nvidia graphics cards (lien direct) |
As the demand for high-power graphics cards continues to surge, some sellers are seeking to cash in on Nvidia's name. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 11:27:02 |
Anthem agrees to pay $16 million in data breach privacy settlement (lien direct) |
The insurer will shell out to settle a privacy violations case issued by the US government. |
Data Breach
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 11:00:01 |
Temasek snaps up Sygnia, founded by Israel\'s NSA, in $250m deal (lien direct) |
The cybersecurity consulting firm was created by former members of Israel's 8200 unit. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 10:07:04 |
Hackers tamper with exploit chain to drop Agent Tesla, circumvent antivirus solutions (lien direct) |
A new campaign is spreading information-stealing malware including Agent Tesla and Loki. |
Malware
|
Tesla
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-16 05:00:02 |
Czech intelligence service shuts down Hezbollah hacking operation (lien direct) |
Hezbollah agents used Facebook profiles for attractive women to trick targets into installing spyware-infected apps. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-15 19:00:00 |
US voter records from 19 states sold on hacking forum (lien direct) |
Seller is asking $42,200 for all 19 US state voter databases. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-15 15:58:02 |
Microsoft to disable TLS 1.0 and TLS 1.1 support in Edge and Internet Explorer (lien direct) |
TLS 1.0 and 1.1 deprecation in Edge and IE scheduled for the first half of 2020. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-15 15:58:00 |
Chrome, Edge, IE, Firefox, and Safari to disable TLS 1.0 and TLS 1.1 in 2020 (lien direct) |
UPDATE: The big four --Apple, Google, Microsoft, and Mozilla-- announce end of support for TLS 1.0 and 1.1 standards. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-15 15:05:03 |
Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia (lien direct) |
A fresh attack wave is launching Octopus at diplomatic organizations across the region. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-15 14:44:00 |
Sony working on a fix for bug that\'s crashing PlayStation 4 consoles (lien direct) |
Bug crashes and freezes PlayStation 4 consoles. The only way to recover is by performing a factory reset for the entire console. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-15 13:14:00 |
Apple VoiceOver iOS vulnerability permits hacker access to user photos (lien direct) |
The bug can be exploited to gain access to photos stored on a user's device. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-14 08:00:00 |
Around 62% of all Internet sites will run an unsupported PHP version in 10 weeks (lien direct) |
The highly popular PHP 5.x branch will stop receiving security updates at the end of the year. |
|
|
★★★★
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-13 17:11:03 |
Pentagon discloses card breach (lien direct) |
Around 30,000 DOD civilian and military personnel are believed to be affected. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-13 07:25:01 |
Microsoft JET vulnerability still open to attacks, despite recent patch (lien direct) |
Microsoft's patch for a JET database engine zero-day deemed incomplete. |
Vulnerability
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-12 18:12:05 |
Facebook downgrades breach count from 50 million to 30 million users (lien direct) |
Company said 29 million of the 30 million also had personal data scraped by the attackers. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-12 13:04:04 |
A mysterious grey-hat is patching people\'s outdated MikroTik routers (lien direct) |
Internet vigilante claims he patched over 100,000 MikroTik routers already. |
Patching
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-12 11:56:01 |
Yale smart lock, alarm app debacle causes chaos across UK homes (lien direct) |
Customers have reported that app failures left them powerless to disable or enable alarms. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-12 10:28:02 |
GandCrab ransomware operators team up with crypter service (lien direct) |
The hacking agreement could result in the ransomware strain becoming more difficult to spot and analyze in the future. |
Ransomware
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-12 09:30:01 |
This Trojan masquerades as Google Play to hide on your phone in plain sight (lien direct) |
GPlayed is a new Trojan which attacks Android devices while acting as a legitimate Google service. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-12 05:25:01 |
IETF approves new internet standards to secure authentication tokens (lien direct) |
New IETF standards aim to protect authentication tokens against replay attacks. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-12 00:25:01 |
Proof-of-concept code published for Microsoft Edge remote code execution bug (lien direct) |
The PoC can be hosted on any website and requires that users press the Enter key just once. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-11 20:45:05 |
Facebook removes 800 accounts and pages for political spam, disinformation (lien direct) |
Social network cracks down on spammers using political topics to drive traffic towards ad farms. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-11 17:41:04 |
Senators demand Google hand over internal memo urging Google+ cover-up (lien direct) |
Republican senators start inquiry in Google's handling of Google+ security breach. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-11 14:05:00 |
FitMetrix user data exposed via passwordless ElasticSearch server cluster (lien direct) |
Exact number of affected users is unknown but the server cluster is now secure. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-11 13:53:05 |
Hackers breach web hosting provider for the second time in the past year (lien direct) |
Company hacked again despite claiming to have boosted security measures and undergone a security audit. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-11 12:00:00 |
Security researchers find solid evidence linking Industroyer to NotPetya (lien direct) |
A web of code reuse and shared infrastructure links together a slew of famous cyber-attacks. |
|
NotPetya
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-10 23:47:04 |
Arrest of top Chinese intelligence officer sparks fears of new Chinese hacking efforts (lien direct) |
Suspect is a top official in one of China's intelligence agencies, accused of controlling China's state hacking operations. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-10 19:22:02 |
Google\'s Pixel 3 is the first Android device to ship with new CFI kernel protections (lien direct) |
Google adds Control Flow Integrity protection to the Android kernel. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-10 14:10:02 |
Five years later, Italian police identify hacker behind 2013 NASA hacks (lien direct) |
Hacker pleaded guilty to breaching and defacing sites belonging to NASA, Italian police, Italian government, and an Italian TV station. |
Guideline
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-10 14:01:04 |
A deep dive into the forces driving Russian and Chinese hacker forums (lien direct) |
Profit, hacktivism, and politics are only some of the differences between Russia and China's hacking communities. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-10 12:28:05 |
Google opens up G Suite security threat alert service to businesses (lien direct) |
The alert center's security notification system has been opened up days after Google revealed a service-ending Google+ data leak. |
Threat
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-10 09:50:01 |
Adobe security update fixes a handful of critical bugs, ignores Flash Player (lien direct) |
The light set of updates does not contain a single security patch for Flash, an unusual event for the company. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-10 00:08:04 |
WhatsApp fixes bug that let hackers take over app when answering a video call (lien direct) |
Bug only affects WhatsApp for Android and iOS, but the issue has been fixed this week. |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-09 22:22:05 |
Pentagon\'s new next-gen weapons systems are laughably easy to hack (lien direct) |
Bad passwords, non-encrypted communications, and a lot of unpatched bugs. |
Hack
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-09 19:22:04 |
Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT (lien direct) |
Microsoft also fixes 48 other security bugs, 18 of which are rated "Critical." |
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-09 16:00:00 |
Panda Banker Trojan becomes part of Emotet threat distribution platform (lien direct) |
The Zeus variant is now actively targeting organizations in the US, Canada, and Japan. |
Threat
|
|
|
![ZDNet.webp](./Ressources/img/ZDNet.webp) |
2018-10-09 15:35:03 |
Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs (lien direct) |
Re-branded IP cameras and DVRs sold by over 100 companies can be easily hacked, researchers say. |
|
|
|