Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-02 08:39:30 |
Singapore Lays Out Plans for Operational Technology Cybersecurity (lien direct) |
Singapore's Cyber Security Agency (CSA) on Tuesday unveiled the country's Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-02 06:27:31 |
Iranian Official Denies Plans to Interfere With US Election (lien direct) |
Iranian Foreign Minister Mohammad Javad Zarif is denying his country would interfere with the upcoming U.S. presidential election and says his government doesn't have a preference in the race.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-02 06:03:17 |
NZ Sports Store Apologises Over Porn Played on Big Screens (lien direct) |
The New Zealand arm of Japanese sports brand Asics has apologised after pornography was broadcast on large television screens above its central Auckland store for several hours, startling Sunday morning shoppers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 15:32:02 |
Organizations Prefer Quick Technological Fix Over Deep-Rooted Cyber Resiliency: Report (lien direct) |
The Marsh/Microsoft 2019 Global Risk Perception Survey is a follow-on to a similar survey published in February 2018 (conducted in 2017). SecurityWeek criticized the earlier survey results for not including a specific cybersecurity function among the respondents.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 14:15:19 |
Medical Practice Closing Permanently After Ransomware Attack (lien direct) |
Medical Practice Closing Doors Permanently After Ransomware Destroys Patient Records and Backups
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 14:05:22 |
WebEx, Zoom Meetings Exposed to Snooping via Enumeration Attacks (lien direct) |
Malicious actors may be able to easily access unprotected Cisco WebEx and Zoom meetings due to an API enumeration vulnerability, Cequence Security's CQ Prime threat research team revealed on Tuesday.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 13:24:45 |
Former Yahoo Programmer Pleads Guilty to Hacking User Accounts (lien direct) |
A former Yahoo software engineer has admitted in court to hacking into the accounts of thousands of the platform's users.
The man, Reyes Daniel Ruiz, 34, of Tracy, California, pleaded guilty to accessing about 6,000 Yahoo accounts, in search of private and personal records, mainly sexual images and videos.
|
Guideline
|
Yahoo
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 12:36:10 |
Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability (lien direct) |
A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the forums of cybersecurity solutions provider Comodo.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 11:06:51 |
Users Need to Consent to Online Tracking Cookies: EU Court (lien direct) |
Online companies in the EU can no longer present internet users with a pre-checked box telling them cookies will be planted on their smartphone or computer if they don't deselect the option, under a ruling issued Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 11:01:39 |
The Impact of Recycling on Industrial Cyber Security (lien direct) |
In the decade since the Stuxnet worm was discovered, multiple attacks that have been launched against operational technology (OT) networks including Shamoon, Havex, Wannycry, and Lockergoga. Looking back, a disturbing trend has emerged. Industrial attacks are being recycled.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 11:00:18 |
BlackBerry Launches New Cybersecurity R&D Unit (lien direct) |
BlackBerry on Monday announced the launch of BlackBerry Advanced Technology Development Labs, a new business unit focusing on cybersecurity research and development.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 10:44:53 |
Singapore Ministry of Defence Launches New Bug Bounty Program (lien direct) |
Singapore's Ministry of Defence (MINDEF) is inviting 400 white-hat hackers to find vulnerabilities in its systems, as part of a three-week program hosted on hacker-powered pentesting and bug bounty platform HackerOne.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 08:51:38 |
Senate Passes DHS Cyber Hunt and Incident Response Teams Act (lien direct) |
The United States Senate recently passed the DHS Cyber Hunt and Incident Response Teams Act, a piece of legislation that instructs the DHS to help organizations protect themselves against cyber threats and respond to incidents.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-10-01 06:58:00 |
American Man Jailed in US Over Singapore HIV Data Leak (lien direct) |
An American man who leaked confidential details of thousands of HIV-positive people in Singapore, most of them foreigners, has been jailed in the United States for two years.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 16:47:04 |
Critical Remote Code Execution Vulnerability Patched in Exim Email Server (lien direct) |
A Critical vulnerability recently addressed in the popular open-source email server Exim could lead to remote code execution.
Exim is an open source mail transfer agent (MTA) widely used in systems running Linux and macOS. At the moment, Exim powers over half of email servers out there.
|
Vulnerability
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 15:46:46 |
\'Masad Stealer\' Uses Telegram to Exfiltrate Data (lien direct) |
A recently identified data stealer is using Telegram to exfiltrate information harvested from infected machines, Juniper Networks security researchers say.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 15:39:03 |
Vulnerability Management Firm Kenna Security Raises $48 Million (lien direct) |
San Francisco-based vulnerability management solutions provider Kenna Security on Monday announced that it has raised $48 million in a Series D funding round, which brings the total raised by the company to $98 million.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 15:12:29 |
Tridium Niagara Affected by BlackBerry QNX Vulnerabilities (lien direct) |
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) informed organizations last week that Tridium's Niagara product is affected by two vulnerabilities in BlackBerry's QNX operating system for embedded devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 15:05:45 |
\'WhiteShadow\' Downloader Employs Microsoft SQL for Malware Delivery (lien direct) |
Microsoft Office macros that collectively act as a stage downloader are utilizing Microsoft SQL queries to fetch malicious payloads, Proofpoint's security researchers report.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 13:25:07 |
New Anomali Tool Finds Threat Data in News, Blogs, Social Networks (lien direct) |
Threat intelligence firm Anomali on Monday announced the launch of Lens, a new tool designed to make it easier for organizations to find and use threat data from a wide range of sources.
|
Tool
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 12:38:15 |
Spain Security Firm Probed \'for Spying on Assange for CIA\' (lien direct) |
A Spanish private security firm, which is under investigation in Madrid, spied on Wikileaks founder Julian Assange on behalf of the CIA while he was inside the Ecudoran embassy in London, El Pais daily reported Friday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 12:10:18 |
New \'Gucci\' IoT Botnet Targets Europe (lien direct) |
Security researchers with SecNiche Security Labs have discovered a new piece of malware that attempts to ensnare Internet of Things (IoT) devices in Europe into a distributed denial-of-service (DDoS)-capable botnet.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-30 06:36:48 |
Iran\'s Oil Sector on \'Full Alert\' Against Attacks (lien direct) |
Iran's oil minister on Sunday ordered his country's energy sector to be on high alert to the threat of "physical and cyber" attacks.
Bijan Namdar Zanganeh said "it is necessary for all companies and installations of the oil industry to be on full alert against physical and cyber threats," in a statement published on the oil ministry's Shana website.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-28 18:27:50 |
Driver\'s License Thefts Spur ADOT to Boost Online Safeguards (lien direct) |
Arizona transportation officials announced enhanced security measures Thursday for a state website that identity thieves exploited to get dozens of duplicate driver's licenses.
The Arizona Department of Transportation announced new safeguards after acknowledging to Azfamily.com this week that at least 164 drivers have been the victims of theft.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-28 12:26:10 |
Germany Cracks \'Cyber Bunker\' Hosting Darknet Sites (lien direct) |
German police said Friday they had busted a network hosting so-called Darknet platforms illegally trading drugs, stolen data and child pornography online on servers hidden in a former NATO bunker.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-28 12:17:26 |
Microsoft Expands List of Blocked File Types in Outlook on the Web (lien direct) |
Microsoft this week announced plans to add some new file extensions to the list of file types that are blocked in Outlook on the web.
When the change will be operated, it will immediately result in Outlook on the web users no longer being allowed to download attachments that have those file extensions, the tech giant explains.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-28 11:46:19 |
Apple Patches iOS 13 Bug Allowing Third-Party Keyboards "Full Access" (lien direct) |
Apple on Friday released security updates for iOS 13 and iPadOS to address a vulnerability that allowed third-party keyboard extensions to gain “full access” without being granted permission.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 18:45:52 |
Malware Delivery Campaign Employs Advanced Fileless Techniques (lien direct) |
A recently observed malware delivery campaign employs advanced fileless techniques and an elusive network infrastructure that allows it to remain largely undetected.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 18:35:25 |
Dunkin\' Donuts Sued by New York\'s State Attorney General Over Data Breaches (lien direct) |
New York Attorney General Letitia James filed a lawsuit against Dunkin' Donuts in the Supreme Court of the State of New York on Thursday, September 26, 2019. The complaint alleges fraudulent, deceptive and illegal conduct, and focuses on Dunkin' Donuts breaches in 2015 and 2018. It claims an alleged failure to respond to these breaches in violation of state laws.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 15:47:34 |
\'Unpatchable\' iOS Bootrom Exploit Allows Jailbreaking of Many iPhones (lien direct) |
A researcher specializing in iOS security claims to have created a bootrom exploit that can be leveraged to jailbreak hundreds of millions of iOS devices, including all iPhones between iPhone 4S and iPhone X.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 14:01:34 |
China Rejects \'Smear\' After Airbus Hacking Report (lien direct) |
Beijing on Friday rejected an AFP report that Chinese hackers were suspected of being behind a series of cyber attacks on European aerospace giant Airbus.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 13:40:25 |
Airbus Says Taking \'Appropriate Measures\' Against Hackers (lien direct) |
Airbus played down the risk of cyberattacks on Friday and said it had "appropriate measures" to mitigate any danger after an AFP investigation revealed a series of hacking incidents targeting the European aerospace giant.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 13:35:30 |
GAO Says Electric Grid Cybersecurity Risks Only Partially Assessed (lien direct) |
A new report from the United States Government Accountability Office (GAO) shows that the Department of Energy (DOE) has yet to fully analyze the electric grid cybersecurity risks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 13:08:04 |
German Auto and Defense Firm Rheinmetall Says Malware Hit Several Plants (lien direct) |
Germany-based car parts and defense solutions provider Rheinmetall announced on Thursday that production at its automotive plants in the United States, Brazil and Mexico was disrupted as a result of a malware attack.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 11:33:27 |
Researchers Disclose Another SIM Card Attack Possibly Impacting Millions (lien direct) |
A new variant of a recently disclosed SIM card attack method could expose millions of mobile phones to remote hacking, researchers have warned.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 07:31:42 |
FBI Reviewed Cybersecurity Firm\'s Evidence in 2016 DNC Election Hack (lien direct) |
CLAIM: The FBI only relied on the word of a cybersecurity firm, CrowdStrike, to determine that Russia hacked the emails of the Democratic National Committee.
AP'S ASSESSMENT: False. CrowdStrike provided forensic evidence and analysis for the FBI to review during its investigation into a 2016 hack of DNC emails.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 07:11:59 |
Magecart Hackers Target L7 Routers (lien direct) |
One of the financially motivated threat actors operating under the Magecart umbrella appears to be testing malicious code to inject into commercial-grade layer 7 (L7) routers, IBM reports.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-27 06:57:06 |
DoorDash Breach Exposes Data of Nearly 5 Mn Users (lien direct) |
On-demand restaurant meal delivery service DoorDash on Thursday said a breach of its system exposed nearly five million customers, eateries and "Dashers" to a data breach.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 18:23:05 |
Chinese Hackers Hit Technology Firms in Southeast Asia With PcShare Backdoor (lien direct) |
Attacks conducted by a suspected Chinese threat actor on technology companies in Southeast Asia employ a version of the open-source PcShare backdoor, BlackBerry Cylance security researchers warn.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 18:21:28 |
Incident Pruning, Cutting a Path to More Effective Investigations (lien direct) |
Make Sure You do Some Incident Pruning to Maintain Security Operations Efficiency and Focus
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 16:27:05 |
Adopt Insertion Point Security for a Microservices World (lien direct) |
In the old world, applications generally consisted of a web server, an app server and a database. Traffic went from router to switch to firewall. There was a network perimeter, which was our ingress.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 15:03:06 |
\'Chameleon\' Spam Campaign Employs Randomized Email Headers (lien direct) |
A large number of spam messages recently sent from the same botnet were observed featuring randomized headers and even different templates, with some emails resembling phishing, Trustwave reports.
|
Spam
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 14:25:42 |
There Is Life for the CISO After a Breach (lien direct) |
A new survey of CISO attitudes conducted by Symantec and Dr Chris Brauer of Goldsmiths, University of London will surprise few CISOs, but should be required reading for other business leaders. It describes adrenaline junkies that fear burnout and worry about being scapegoats in an impossible position, but remain dedicated to their job.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 13:48:56 |
(Déjà vu) Hackers Target Airbus Suppliers in Quest for Commercial Secrets (lien direct) |
European aerospace giant Airbus has been hit by a series of attacks by hackers targeting its suppliers in search of commercial secrets, sources told AFP, adding they suspected a Chinese link.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 12:36:59 |
Cylance Founder Stuart McClure Leaves BlackBerry (lien direct) |
Stuart McClure, the co-founder and CEO of Cylance, has decided to leave following BlackBerry's recent acquisition of his company.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 11:38:46 |
VMware Patches Critical Harbor Vulnerability (lien direct) |
VMware this week released patches to address a critical vulnerability in Harbor, which was found to impact VMware Cloud Foundation and VMware Harbor Container Registry for PCF.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 11:13:01 |
Airbus Hit by Series of Cyber Attacks on Suppliers: Security Sources (lien direct) |
European aerospace giant Airbus has been hit by a series of attacks by hackers who have targeted its suppliers in their search for technical secrets, security sources told AFP, adding they suspected a China link.
There have been four major attacks on Airbus in the last 12 months, according to two security sources involved in investigating the hacking.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 08:46:48 |
iOS 13 Bug Gives Third-Party Keyboards "Full Access" Permissions (lien direct) |
An update that Apple will soon release for iOS 13 and iPadOS should resolve an issue that leads to third-party keyboard apps getting elevated permissions without the user's approval.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-26 07:14:27 |
vBulletin Patches Vulnerability Exploited in the Wild (lien direct) |
Developers of the vBulletin forum software have rushed to release a patch for a recently disclosed remote command execution vulnerability, but the flaw has already been exploited in the wild, with some claiming that its existence has been known for years.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-09-25 18:37:40 |
Czech Intelligence Blames China for Major Cyber Attack (lien direct) |
China was behind a major cyber attack at a key government institution in the Czech Republic last year, the EU member's intelligence agency said in a report Wednesday.
|
|
|
|