Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-06-14 19:26:00 |
(Déjà vu) Decryption Utility Unlocks Files Encrypted by Jaff Ransomware (lien direct) |
Researchers have neutralized the latest strain of the Jaff ransomware, releasing a decryption tool for unlocking files. |
|
|
|
|
2017-06-14 17:17:21 |
DHS, FBI Warn of North Korea \'Hidden Cobra\' Strikes Against US Assets (lien direct) |
DHS and the FBI warned that North Korean attackers are targeting U.S. businesses with malware- and botnet-related attacks that are part of concerted effort dubbed "Hidden Cobra." |
Medical
|
APT 38
|
|
|
2017-06-14 17:13:59 |
Abuse of Apple Search Ads Feature Leading to Fraud (lien direct) |
Apple has removed one of its top 10 grossing productivity apps after an independent developer's story about fraudsters' abuse of the App Store's Search Ads functionality went viral. |
|
|
|
|
2017-06-14 13:05:23 |
Post-WannaCry, 5.5 Million Devices Still Expose SMB Port (lien direct) |
In its annual National Exposure Index report, Rapid7 found 160 million computers, IoT devices and servers with open ports that should not be exposed to the public network. |
|
Wannacry
|
|
|
2017-06-14 12:50:23 |
Rare XP Patches Fix Three Remaining Leaked NSA Exploits (lien direct) |
Microsoft released patches on Tuesday for unsupported versions of Windows, a decision prompted by three NSA exploits that remained unaddressed from April's ShadowBrokers leak. |
|
|
|
|
2017-06-13 20:23:28 |
Microsoft Patches Two Critical Vulnerabilities Under Attack (lien direct) |
Microsoft patched 95 vulnerabilities today, including two under attack. |
|
|
|
|
2017-06-13 19:34:53 |
Risk of \'Destructive Cyber Attacks\' Prompts Microsoft to Update XP Again (lien direct) |
Citing an elevated risk for destructive attacks, Microsoft today included patches for vulnerabilities in Windows XP among its Patch Tuesday updates. |
|
|
|
|
2017-06-13 18:33:56 |
Adobe Fixes 21 Critical Vulnerabilities with June Patch Tuesday Update (lien direct) |
Adobe fixed 21 vulnerabilities across four products - Flash, Shockwave Player, Captivate, and Adobe Digital Editions - on Tuesday. |
|
|
|
|
2017-06-13 15:30:48 |
Patrick Wardle on MacRansom Ransomware-as-a-Service (lien direct) |
Patrick Wardle of Synack and the Objective-See blog talks to Mike Mimoso about the emergence of a ransomware service targeting MacOS machines. Wardle explains why he characterizes MacRansom as “lame†and whether this could kick off a wave of copycats vying for the Apple platform. |
|
|
★★★★
|
|
2017-06-13 11:15:50 |
FIN7 Hitting Restaurants with Fileless Malware (lien direct) |
A campaign attributed to the FIN7 attackers targets restaurants with phishing emails and infected RTF Word documents that carry out fileless malware attacks. |
|
|
|
|
2017-06-12 20:19:00 |
Free Mac-Based Ransomware-as-a-Service MacRansom Surfaces (lien direct) |
A new, free macOS-based ransomware as a service has surfaced on the darkweb. Researchers say once the malware encrypts users' files, they're "pretty much gone for good." |
|
|
★★★★★
|
|
2017-06-12 18:41:25 |
Blinking Router LEDs Leak Data From Air-Gapped Networks (lien direct) |
Researchers say sensitive data can be extracted from air-gapped networks via a wireless router's blinking LEDs. |
|
|
|
|
2017-06-12 13:34:17 |
Attackers Mining Cryptocurrency Using Exploits for Samba Vulnerability (lien direct) |
Kaspersky Lab said it has seen some of the first exploits targeting a patched Samba vulnerability, and those are being used to mine Monero cryptocurrency. |
|
|
|
|
2017-06-09 20:11:27 |
GameStop Online Shoppers Officially Warned of Breach (lien direct) |
Some customers are irked it took GameStop months to inform them that their personal and financial information could have been compromised in a breach of GameStop.com that began in August 2016. |
|
|
|
|
2017-06-09 19:38:20 |
Google Releases reCAPTCHA API for Android (lien direct) |
Google has released a reCAPTCHA API for Android, a first for the mobile applications. |
|
|
|
|
2017-06-09 16:46:20 |
Platinum APT First to Abuse Intel Chip Management Feature (lien direct) |
Microsoft has found a file-transfer tool used by the Platinum APT that leverages Intel Active Management Technology to stealthily load malware onto networked computers. |
|
|
|
|
2017-06-09 13:00:11 |
Threatpost News Wrap, June 9, 2017 (lien direct) |
How EternalBlue was ported to Windows 10, a Facebook phishing study, QakBot, and this week's Apple security announcements are all discussed. |
|
|
|
|
2017-06-08 18:53:58 |
Motorola Moto G4, G5 Vulnerable to Local Root Shell Attacks (lien direct) |
Moto G4 and Moto G5 model Motorola phones are vulnerable to kernel command line injection vulnerabilities. |
|
|
|
|
2017-06-08 16:12:59 |
VMware Patches Critical Vulnerabilities in vSphere Data Protection (lien direct) |
VMware fixed two critical vulnerabilities in its vSphere Data Protection solution this week that could have allowed an attacker to execute commands on the appliance, among other outcomes. |
|
|
★★★★
|
|
2017-06-08 14:53:55 |
Cisco Patches Critical Flaws in Prime Data Center Network Manager (lien direct) |
Cisco patched two critical flaws in its Prime Data Center Network Manager, including one that could be exploited remotely and allow an attacker root access. |
|
|
|
|
2017-06-08 13:00:17 |
Authentication Bypass, Potential Backdoors Plague Old WiMAX Routers (lien direct) |
WiMAX routers manufactured by several companies, including Huawei and ZyXEL, are vulnerable to an authentication bypass and potential backdoors. |
|
|
★★★★★
|
|
2017-06-08 09:00:53 |
Google Removes Rooting Trojan Dvmap From Play Store (lien direct) |
Google removed a rooting an Android Trojan called Dvmap from Google Play that injects malicious code into an infected device's system library. |
|
|
|
|
2017-06-07 21:18:13 |
EFF Sues DOJ Over National Security Letter Disclosure Rules (lien direct) |
The Electronic Frontier Foundation sued the United States Department of Justice demanding to know whether the agency is complying with rules that mandate a periodic review of National Security Letter gag orders. |
|
|
|
|
2017-06-07 19:25:19 |
Windows 10 Mitigations Make Future EternalBlue Attacks Difficult (lien direct) |
Now that researchers have built a port of EternalBlue to Windows 10, they've probably only now caught up to what the NSA has had for a long while. |
|
|
|
|
2017-06-07 18:36:01 |
Zusy Malware Installs Via Mouseover – No Clicking Required (lien direct) |
Zusy malware installs when victims hover over an opened PowerPoint file – no clicking needed. |
|
|
|
|
2017-06-06 19:20:25 |
Curiosity Kills Security When it Comes to Phishing (lien direct) |
The results of an academic experiment reveal that recipients of Facebook messages are much more likely to click on suspicious links. |
|
|
|
|
2017-06-06 19:16:38 |
IBM Backup Bug Gets Workaround Fix After Nine Months of Exposure (lien direct) |
IBM quietly released a workaround fix for a vulnerability in its Spectrum Protect enterprise backup software it has known about since September 2016. |
|
|
|
|
2017-06-06 17:36:40 |
Google Fixes 30 Vulnerabilities, Five High Severity, in Chrome 59 (lien direct) |
Google fixed 30 vulnerabilities, including five high severity issues, in the latest version of Chrome, Chrome 59, on Monday.
|
|
|
|
|
2017-06-06 14:55:42 |
NSA\'s EternalBlue Exploit Ported to Windows 10 (lien direct) |
Researchers have ported the EternalBlue exploit to Windows 10, meaning that any unpatched version of Windows can be affected by the NSA attack. |
|
|
|
|
2017-06-05 20:28:28 |
QakBot Returns, Locking Out Active Directory Accounts (lien direct) |
QakBot, a worm-like, information-stealing strain of malware is back and locking users out of their Active Directory accounts. |
|
|
|
|
2017-06-05 19:16:22 |
40,000 Subdomains Tied to RIG Exploit Kit Shut Down (lien direct) |
GoDaddy, along with researchers from RSA Security and other companies, shut down tens of thousands of illegal established subdomains tied to the RIG Exploit Kit. |
|
|
★★★
|
|
2017-06-05 19:10:51 |
53 Percent of Enterprise Flash Installs are Outdated (lien direct) |
More than half of enterprises are exposing themselves to unnecessary risk by running out-of-date versions of Flash. |
|
|
|
|
2017-06-03 12:00:50 |
Jaff Malware Probe Uncovers Link to Cybercrime Marketplace (lien direct) |
Researchers have discovered a shared backend infrastructure between the Jaff ransomware and a black market carder shop. |
|
|
|
|
2017-06-02 18:32:11 |
EternalBlue Exploit Spreading Gh0st RAT, Nitol (lien direct) |
FireEye said threat actors are using the NSA's EternalBlue exploit of the same Microsoft SMBv1 vulnerability as WannaCry to spread Nitol and Gh0st RAT. |
|
Wannacry
|
|
|
2017-06-02 16:46:43 |
SSH Configuration on Nexpose Servers Allowed Weak Encryption Algorithms (lien direct) |
Rapid7 warned this week that its Nexpose appliances were shipped with a SSH configuration that could have let obsolete algorithms be used for key exchange. |
|
|
|
|
2017-06-02 14:30:15 |
Threatpost News Wrap, June 2, 2017 (lien direct) |
Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week's Samba vulnerability, and the OneLogin breach.
|
|
Wannacry
|
|
|
2017-06-02 13:00:28 |
WikiLeaks Dumps CIA Patient Zero Windows Implant (lien direct) |
Pandemic is a Windows implant built by the CIA that turns file servers into Patient Zero on a local network, infecting machines requesting files with Trojanized replacements. |
|
|
|
|
2017-06-02 12:00:30 |
(Déjà vu) Fireball Malware Infects 250 Million Computers Worldwide (lien direct) |
A massive malware campaign has already infected 250 million Windows and Mac OS computers worldwide. |
|
|
|
|
2017-06-01 18:53:10 |
Insecure Backend Databases Blamed for Leaking 43TB of App Data (lien direct) |
More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others. |
|
|
|
|
2017-06-01 16:38:54 |
Crowdfunding Effort to Buy ShadowBrokers Exploits Shuts Down (lien direct) |
A crowdfunding effort to buy a subscription to the ShadowBrokers' Monthly Dump Service of stolen exploits and data was shut down citing legal and ethical concerns. |
|
|
|
|
2017-06-01 16:29:17 |
OneLogin Breach Compromised Customer Data, Ability to Decrypt Encrypted Data (lien direct) |
A breach at OneLogin appears to have compromised customer data, including the ability to decrypt encrypted data. |
|
|
|
|
2017-06-01 14:09:04 |
WannaCry Development Errors Enable File Recovery (lien direct) |
Researchers at Kaspersky Lab have found a number of programming errors in the WannaCry ransomware code that put file recovery within reach of sysadmins. |
|
Wannacry
|
|
|
2017-05-31 20:25:35 |
Hack Department of Homeland Security Act Would Bring Bug Bounty Program to DHS (lien direct) |
Senators introduced a bill last week to establish a bug bounty pilot program within the Department of Homeland Security. |
|
|
|
|
2017-05-31 17:55:30 |
Patches Available for Linux Sudo Vulnerability (lien direct) |
A high-severity vulnerability in sudo has been patched in a number of Linux distributions; the flaw allows local attackers to elevate privileges to root. |
|
|
|
|
2017-05-31 17:51:56 |
Cisco, Netgear Readying Patches for Samba Vulnerability (lien direct) |
Cisco is prepping fixes for two of its products affected by last week's Samba vulnerability. Netgear has also pushed out a fix for NAS devices that were affected. |
|
|
|
|
2017-05-31 17:00:30 |
New Machine Learning Behind Early Phishing Detection in Gmail (lien direct) |
Google announced today new security features in Gmail, including the news that it will enhance early phishing detection in Gmail through dedicated machine learning.
|
|
|
|
|
2017-05-31 13:05:26 |
Privacy Issue Fixed in Yopify Ecommerce Notification Plugin (lien direct) |
Ecommerce sites using the Yopify plugin were leaking customers' names, locations and purchases. |
|
|
|
|
2017-05-30 18:39:55 |
FreeRADIUS Update Resolves Authentication Bypass (lien direct) |
Developers behind FreeRADIUS, an open source implementation of the networking protocol RADIUS, are encouraging users to update to address an authentication bypass found in the server. |
|
|
|
|
2017-05-30 15:47:34 |
ShadowBrokers Put Price on Monthly Zero Day Leaks (lien direct) |
The ShadowBrokers announced details on how to subscribe to its Monthly Dump Service, which is available for 100 Zcash. |
|
|
|
|
2017-05-28 10:00:15 |
Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw (lien direct) |
Microsoft quietly patched a critical vulnerability found by Google's Project Zero team in the Malware Protection Engine. |
|
|
|