Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-10 14:23:00 |
Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws (lien direct) |
By implementing the "Equifax bug," it's the first known time a Mirai IoT botnet variant has targeted an Apache Struts vulnerability. |
|
Equifax
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-07 21:11:03 |
\'Domestic Kitten\' Mobile Spyware Campaign Aims at Iranian Targets (lien direct) |
Spreading via fake Android apps, the malware lifts a range of sensitive information from victims' devices. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-07 19:01:03 |
Open .Git Directories Leave 390K Websites Vulnerable (lien direct) |
An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-07 15:36:04 |
British Airways Website, Mobile App Breach Compromises 380k (lien direct) |
The airline said information like name, address and bank card details like CVC code were compromised. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-07 14:00:01 |
Threatpost News Wrap Podcast For Sept. 7 (lien direct) |
The Threatpost team breaks down the biggest news from the week ended Sept. 7. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-07 13:08:01 |
Threat Actors Eyeing IQY Files To Peddle Malspam (lien direct) |
The Necurs Botnet, DarkHydrus and other threat actors are turning to the inconspicuous files. |
Threat
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-07 12:00:05 |
Top MacOS App Exfiltrates Browser Histories Behind Users\' Backs (lien direct) |
A macOS App called Adware Doctor blocks ads, but share's user browser history with a China-based domain. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-07 11:00:04 |
ThreatList: Attacks on Industrial Control Systems on the Rise (lien direct) |
The main source of infection on industrial control systems was the internet, researchers at Kaspersky Lab found in a new report. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-06 23:00:05 |
U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy (lien direct) |
The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world." |
|
APT 38
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-06 16:01:03 |
Active Spy Campaign Exploits Unpatched Windows Zero-Day (lien direct) |
The PowerPool gang launched its attack just two days after the zero-day in the Windows Task Scheduler was disclosed. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-06 14:34:02 |
Mozilla Patches Critical Code Execution Bug in Firefox 62 (lien direct) |
The update includes nine security patches overall. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-06 11:30:05 |
High-Severity Flaws in Cisco Secure Internet Gateway Service Patched (lien direct) |
The two bugs were disclosed Wednesday in Cisco Umbrella, the tech giant's cloud-based security service. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-05 21:04:04 |
OilRig Sends an OopsIE to Mideast Government Targets (lien direct) |
The Iran-linked group is using a variant of the data-exfiltration OopsIE trojan to attack a Mideast government entity. |
|
APT 34
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-05 18:34:04 |
Google Rolls Out 40 Fixes with Chrome 69 (lien direct) |
The official release of the version includes 40 fixes, seven of which are rated "High." |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-05 17:48:00 |
Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild (lien direct) |
A Monero cryptomining script is spreading in an ongoing campaign using the recently disclosed critical remote command-execution flaw. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-05 17:03:00 |
The Vulnerability Disclosure Process: Still Broken (lien direct) |
Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits. |
Vulnerability
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-05 11:00:01 |
Tiny Island Atoll\'s Domain Used in Widespread Ad Fraud (lien direct) |
The campaign is believed to bring in close to $22,000 per month for bad actors. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-04 20:21:01 |
Multiple Remote Code-Execution Flaws Patched in Opsview Monitor (lien direct) |
Five flaws were disclosed Tuesday in monitoring software Opsview Monitor. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-04 18:34:01 |
Thousands of MikroTik Routers Hijacked for Eavesdropping (lien direct) |
Using a known vulnerability, the threat actor is listening to a variety of ports. |
Threat
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-04 17:49:05 |
ThreatList: 60% of BEC Attacks Fly Under the Radar (lien direct) |
The report also found that simply protecting employees in sensitive departments is not sufficient to protect against BEC. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-04 10:00:04 |
\'CamuBot\' Banking Malware Ups the Trojan Game with Biometric Bypass (lien direct) |
CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-09-03 12:49:03 |
APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security (lien direct) |
An advanced threat actor has been associated with China's Ministry of State Security via two individuals and a Chinese firm. |
Threat
|
APT 10
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-07-12 15:15:04 |
Chrome Now Features Site Isolation to Defend Against Spectre (lien direct) |
A new feature called site isolation is being tapped to protect Chrome users against Spectre. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-07-01 19:19:03 |
Bug Bounty Programs Turn Attention to Data Abuse (lien direct) |
More companies – particularly social media firms – may follow Facebook's footsteps in turning to bug bounty programs to scout out any data privacy abuse on their platforms, experts say. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-07-01 18:58:00 |
MacOS Malware Targets Cryptocurrency Community on Slack, Discord (lien direct) |
New macOS malware targets crypto community via chat networks Slack and Discord. |
Malware
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-29 17:51:04 |
EFF Sues to Repeal Controversial Online Sex Trafficking FOSTA Law (lien direct) |
The Electronic Frontier Foundation on Thursday announced a lawsuit against the recently passed controversial FOSTA law. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-29 16:27:05 |
Rowhammer Variant \'RAMpage\' Targets Android Devices All Over Again (lien direct) |
The attack allows malicious applications to break out of their sandbox and access the entire operating system, giving an adversary complete control of the targeted device. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-28 19:06:00 |
Norwegian Agency Dings Facebook, Google For “Unethical” Privacy Tactics (lien direct) |
Facebook and Google are doing anything they can to nudge users away from data privacy, a Norwegian agency alleged in a new report. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-28 17:38:00 |
Rewards Points Targeted by Teens in Hack of 500K Accounts (lien direct) |
The two teens used the rewards points built up in the accounts to make purchases, before selling the account credentials on the Dark Web. |
Hack
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-28 14:41:04 |
Ticketmaster Chat Feature Leads to Credit-Card Breach (lien direct) |
Name, address, email address, telephone number, payment details and Ticketmaster login details were potentially compromised for tens of thousands of customers. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-28 13:02:03 |
Reality Winner, N.S.A. Contractor, Sentenced to 5+ Years in Leak Case (lien direct) |
A former National Security Agency contractor pleaded guilty Tuesday to espionage, becoming the first person to be prosecuted under the Trump administration for leaking classified information. |
Guideline
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-27 18:26:03 |
WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches (lien direct) |
The planned threading in shared memory update gives bad actors a way around the timer mitigations released by browser vendors. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-26 21:51:03 |
Mozilla Announces Firefox Monitor Tool Testing, Firefox 61 (lien direct) |
Mozilla is testing a new tool that securely checks to see if users' accounts have been hacked. |
Tool
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-26 15:14:01 |
Simple Security Flaws Could Steer Ships Off Course (lien direct) |
A PoC shows how ships could be hacked and fooled into changing direction - all due to simple security issues. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-25 20:02:05 |
WannaCry Extortion Fraud Reemerges (lien direct) |
The emails claim that all of the victim's devices have been hacked and infected with the infamous ransomware -- and then ask for Bitcoin to "fix" it. |
Ransomware
|
Wannacry
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-25 16:12:00 |
UK Tax Agency Collects 5.1M Biometric Voice IDs, May Violate GDPR (lien direct) |
The agency doesn't ask for explicit consent to collect the voiceprints; and, the deletion and erasure process lacks transparency. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-22 20:44:00 |
Fortnite Fraudsters Infest the Web with Fake Apps, Scams (lien direct) |
Malefactors have doubled down on duping Fortnite enthusiasts, releasing YouTube videos with links to scam versions of the game. And that's not all. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-22 19:09:01 |
Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries (lien direct) |
A battery-saving app enables attackers to snatch text messages and read sensitive log data - but it also holds true to its advertising. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-22 17:40:00 |
Supreme Court Bolsters Mobile-Phone Privacy Rights (lien direct) |
Supreme Court decision requires law enforcement to obtain a warrant to gain access to cellphone records for tracking citizens. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-22 17:13:02 |
DDoS-Happy \'Bitcoin Baron\' Sentenced to Almost 2 Years in Jail (lien direct) |
Far from being a simple hacktivist filled with an impulse for social justice, a different picture emerges when his activity is collated together. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-22 15:35:05 |
Roku TV, Sonos Speaker Devices Open to Takeover (lien direct) |
The Roku streaming video device and the Sonos Wi-Fi speakers suffer from the same DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-21 20:47:05 |
Sneaky Web Tracking Technique Under Heavy Scrutiny by GDPR (lien direct) |
Don't expect tracking methods such as browser fingerprinting to disappear anytime soon, even with GDPR, warns the EFF. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-21 18:36:04 |
Financial Services Sector Rife with Hidden Tunnels (lien direct) |
Attackers use the approach to look like legitimate traffic and hide data exfiltration in plain sight. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-20 19:43:04 |
New Phishing Scam Reels in Netflix Users to TLS-Certified Sites (lien direct) |
Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates. |
Guideline
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-20 17:12:03 |
Mylobot Botnet Emerges with Rare Level of Complexity (lien direct) |
A new botnet from the Dark Web displays a never-before-seen level of complexity in terms of the sheer breadth of its various tools. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-19 21:58:03 |
APT15 Pokes Its Head Out With Upgraded MirageFox RAT (lien direct) |
This is the first evidence of the China-linked threat actor's activity since hacked the U.K. government and military in 2017 (which wasn't made public until 2018). |
|
APT 15
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-19 21:05:03 |
When It Comes To IoT Security, Liability Is Muddled (lien direct) |
The onus behind IoT security has become so muddled that no one knows who to point fingers at. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-19 19:29:05 |
Olympic Destroyer Returns to Target Biochemical Labs (lien direct) |
The threat actors appear to be in a reconnaissance phase, which could be a prelude to a larger cyber-sabotage attack meant to destroy and paralyze infrastructure. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-18 20:57:02 |
“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch (lien direct) |
Researchers were able to discover a way to hack the device in less than an hour. |
|
|
|
![Kaspersky.webp](./Ressources/img/Kaspersky.webp) |
2018-06-18 20:38:00 |
Google Home, Chromecast Leak Location Information (lien direct) |
The devices don't require authentication for connections received on a local network; and, HTTP is used to configure or control embedded devices. |
|
|
|