What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-10-30 15:47:00 | Google Updates reCAPTCHA: No More Boxes to Check (lien direct) | Puzzles and check-boxes have been replaced with in-the-background behavioral analysis. | |||
|
2018-10-30 15:39:03 | ThreatList: Dead Web Apps Haunt 70 Percent of FT 500 Firms (lien direct) | Abandoned web applications used by FT 500 Global Companies have exploitable flaws and weaknesses. | |||
|
2018-10-29 20:50:01 | IoT Flaw Allows Hijacking of Connected Construction Cranes (lien direct) | An attacker can send spoofed commands to the crane's controller. | |||
|
2018-10-29 18:16:03 | Girl Scouts Issues Data Breach Warning to 2,800 Members (lien direct) | Someone gained access to an email account for the Orange County chapter, which was rife with personal data. | Data Breach | ★★★★★ | |
|
2018-10-29 16:25:05 | Nation-State Phishing: A Country-Sized Catch (lien direct) | Sophisticated nation-state groups now integrate phishing as a core component of their statecraft. | |||
|
2018-10-29 16:13:02 | X.Org Flaw Allows Privilege Escalation in Linux Systems (lien direct) | The issue impacts many large distros with GUI interfaces. | |||
|
2018-10-26 22:13:05 | ThreatList: 1 Out of 5 Would Ditch a Business After a Data Breach (lien direct) | A full 21 percent of survey respondents would walk away from a business permanently after a major hack. | Data Breach | ||
|
2018-10-26 19:56:00 | PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware (lien direct) | Microsoft has been notified, but no patch is yet available. | Malware | ||
|
2018-10-26 15:42:00 | British Airways Data Breach Takes Off Again with 185K More Victims (lien direct) | The news comes on the heels of a breach at Cathay Pacific exposing 9.4 million people. | Data Breach | ||
|
2018-10-26 15:36:04 | DemonBot Fans DDoS Flames with Hadoop Enslavement (lien direct) | An unsophisticated but effective botnet is targeting exposed cloud servers and racking up millions of infections. | |||
|
2018-10-25 15:32:04 | UK Slaps Facebook with $645K Fine Over Cambridge Analytica Scandal (lien direct) | The amount is the max allowed under pre-GDPR regulation, but is barely a financial slap on the risk for the social-media giant. | |||
|
2018-10-25 15:27:03 | Pentagon Expands Bug-Bounty Program to Include Physical Systems (lien direct) | The news comes shortly after the DoD was called out for having rampant bugs in its weapons systems. | |||
|
2018-10-25 15:13:00 | Debunking AI\'s Impact on the Cybersecurity Skills Gap (lien direct) | There is no argument artificial intelligence will have an impact on the cybersecurity skills gap. The question is how. | |||
|
2018-10-24 20:17:02 | Magecart Cybergang Targets 0days in Third-Party Magento Extensions (lien direct) | Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign. | |||
|
2018-10-24 20:04:01 | Windows \'Deletebug\' Zero-Day Allows Privilege Escalation, Destruction (lien direct) | The unpatched flaw allows an attacker to delete any kind of file on a victim machine, including system data. | |||
|
2018-10-24 16:32:05 | sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting (lien direct) | The sLoad downloader is an example of the stealthy, smart malware trend. | Malware | ★★★★ | |
|
2018-10-24 16:18:05 | ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends (lien direct) | After a two-quarter lull in the action, malware activity resurged in the third quarter of the year, especially on the business front. | Malware | ★★★ | |
|
2018-10-23 20:54:01 | City Pays $2K in Ransomware, Stirs \'Never Pay\' Debate (lien direct) | Many municipalities hit with ransomware don't have much of a choice when it comes to paying up, experts say. | Ransomware | ||
|
2018-10-23 16:00:05 | StrongPity APT Changes Tactics to Stay Stealthy (lien direct) | After being exposed, the APT made minor adjustments in their tactics to stay off the security radar. | |||
|
2018-10-23 14:58:00 | ThreatList: 3 Out of 4 Employees Pose a Security Risk to Businesses (lien direct) | Finance-sector employees fared the worst in an awareness survey, with 85 percent showing some lack of cybersecurity and data privacy knowledge. | ★★★★★ | ||
|
2018-10-23 14:48:02 | Adult Website Hack Exposes 1.2M \'Wife Lover\' Fans (lien direct) | A 40-year-old, easily cracked encryption method was used to protect the 98MB database of user information. | Hack | ||
|
2018-10-23 12:31:00 | Thousands of Applications Vulnerable to RCE via jQuery File Upload (lien direct) | The flaw has existed for eight years thanks to a security change in Apache. | |||
|
2018-10-22 15:52:05 | The Danger and Opportunity in 5G Connectivity and IoT (lien direct) | The advent of 5G presents an opportunity for us to think the exploding number of IoT devices and how we securely connect to the digital world. | ★★★★ | ||
|
2018-10-22 14:41:04 | Critical Bug Impacts Live555 Media Streaming Libraries (lien direct) | A critical streaming bug impacts Live Networks LIVE555 RTSPServer, but not the popular VLC and MPLayer client-side software. | |||
|
2018-10-20 17:09:04 | Two Critical RCE Bugs Patched in Drupal 7 and 8 (lien direct) | Drupal's advisory also included three patches for "moderately critical" bugs. | |||
|
2018-10-19 15:24:00 | AWS FreeRTOS Bugs Allow Compromise of IoT Devices (lien direct) | The bugs let hackers crash IoT devices, leak their information, and completely take them over. | |||
|
2018-10-19 14:22:04 | Trivial Post-Intrusion Attack Exploits Windows RID (lien direct) | Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise. | |||
|
2018-10-18 19:17:05 | New APT Could Signal Reemergence of Notorious Comment Crew (lien direct) | A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew's proprietary code. | Malware | APT 1 | |
|
2018-10-18 15:08:03 | GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure (lien direct) | The group is a successor to BlackEnergy and a subset of the TeleBots gang--and its activity is potentially a prelude to a much more destructive attack. | |||
|
2018-10-17 18:49:00 | Oracle Fixes 301 Flaws in October Critical Patch Update (lien direct) | The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0. | |||
|
2018-10-17 17:08:04 | libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers (lien direct) | The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected. | |||
|
2018-10-17 16:06:02 | Podcast: A Utility Ransomware Attack, Post-Hurricane (lien direct) | A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data […] | Ransomware | ||
|
2018-10-17 15:24:02 | Multiple D-Link Routers Open to Complete Takeover with Simple Attack (lien direct) | The vendor only plans to patch two of the eight impacted devices, according to a researcher. | |||
|
2018-10-17 14:04:04 | On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy (lien direct) | The update also features 23 security fixes. | |||
|
2018-10-17 11:00:01 | Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers (lien direct) | The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors. | |||
|
2018-10-16 21:29:02 | As End of Life Nears, More Than Half of Websites Still Use PHP V5 (lien direct) | Support for PHP 5.6 drops on December 31 - but a recent report found that almost 62 percent of websites are still using version 5. | |||
|
2018-10-16 18:29:04 | Anthem, Apple and the Pentagon: A Data-Breach Cornucopia (lien direct) | A record fine and two new compromises kick off the autumn compromise season. | |||
|
2018-10-16 17:00:03 | In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack (lien direct) | The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority. | Ransomware | ||
|
2018-10-16 15:36:05 | ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident (lien direct) | Deloitte estimates cybercrime costs to reach $6 trillion annually -- but companies still lag in preparedness. | Deloitte | ||
|
2018-10-16 15:26:04 | Facebook Expands Efforts to Squash Voter Suppression (lien direct) | The social network will crack down on those spreading disinformation in an effort to keep people away from the polls. | |||
|
2018-10-16 14:45:05 | Privacy Regulation Could Be a Test for States\' Rights (lien direct) | As more states take cybersecurity and privacy issues into their own hands, experts worry that big tech will push for preemption. | |||
|
2018-10-15 19:57:01 | Up to 35 Million 2018 Voter Records For Sale on Hacking Forum (lien direct) | Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web. | |||
|
2018-10-15 15:38:02 | NotPetya Linked to Industroyer Attack on Ukraine Energy Grid (lien direct) | Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT. | NotPetya | ||
|
2018-10-15 14:35:03 | Facebook Offers Details on \'View As\' Breach, Revises Numbers (lien direct) | Facebook's VP of product management was able to discuss more specifics about how the breach itself occurred. | ★★ | ||
|
2018-10-12 21:09:01 | ICS Security Plagued with Basic, Avoidable Mistakes (lien direct) | A survey of ICS security posture found outdated firewalls, improper segmentation password mistakes and more. | ★★★★★ | ||
|
2018-10-12 19:38:05 | (Déjà vu) Threatpost News Wrap Podcast For Oct. 12 (lien direct) | Threatpost's editors discuss the top news of this week. | |||
|
2018-10-12 17:01:01 | Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm (lien direct) | The official update from Microsoft only limits the vulnerability, according to 0Patch. | |||
|
2018-10-12 15:25:03 | Shining a Light on a New Technique for Stealth Persistence (lien direct) | Researchers devise post-intrusion attack that use existing system binaries to achieve arbitrary code execution to maintain stealth and persistence. | |||
|
2018-10-12 14:19:04 | Facebook Bans More Than 800 Accounts in Disinformation Purge (lien direct) | The move comes a month before the November midterm elections – and at a time when all eyes are on Facebook to see how it protects against disinformation. | |||
|
2018-10-11 21:11:02 | FitMetrix Exposes Millions of Customer Details, Accessed by Criminals (lien direct) | Gym customer data, including contact information, birth dates and height/weight data, opens the door to convincing follow-on social-engineering attacks. |
To see everything:
Our RSS (filtrered)
