Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-12 09:12:05 |
Incident Response is Changing, Here\'s Why and How (lien direct) |
Organizations can no longer simply dust off their incident response (IR) plan when a breach happens. If you haven't gone through the rigors of various exercises to know what to expect and what to do, pulling out your IR plan during a cyber attack or after a breach has occurred has little impact. Zero-dollar IR retainers aren't the best path forward either. They're cost effective if you aren't breached, but breaches happen.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-12 09:02:04 |
Japan Firm Says $32 Million Missing in Cryptocurrency Hack (lien direct) |
Tokyo-based cryptocurrency exchange said Friday it had halted all services after losing cryptocurrency worth more than $32 million in the latest apparent hack involving virtual money.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-12 07:43:02 |
Flaw in Walkie-Talkie App on Apple Watch Allows Spying (lien direct) |
Apple has disabled the Walkie-Talkie app on the Apple Watch after learning of a serious vulnerability that can be exploited to spy on users.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-12 06:51:00 |
Premera Blue Cross Pays States $10 Million Over Data Breach (lien direct) |
Premera Blue Cross, the largest health insurer in the Pacific Northwest, has agreed to pay $10 million to 30 states following an investigation into a data breach that exposed confidential information on more than 10 million people across the country.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-12 04:36:05 |
Human Workers Can Listen to Google Assistant Recordings (lien direct) |
Google contractors regularly listen to and review some recordings of what people say to artificial-intelligence system Google Assistant, via their phone or through smart speakers such as the Google Home.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 19:31:00 |
Mozilla Introduces Grizzly Browser Fuzzing Framework (lien direct) |
Mozilla this week made public a new browser fuzzing framework designed to enable the fast deployment of fuzzers at scale.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 17:25:03 |
(Déjà vu) Mozilla Moves to Deny UAE Firm\'s Root Inclusion Request (lien direct) |
Mozilla is taking the first step toward denying a request by United Arab Emirates-based DarkMatter to be included as a top-level certificate authority in Mozilla's root certificate program.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 17:05:02 |
State of the Industry: Interoperability and Putting Security First (lien direct) |
Cybersecurity spending has outpaced general IT spend for the last few years, and in 2019 with budgets growing up to 5 percent according to some analysts, this trend is clearly continuing.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 16:53:05 |
Apple Steps in: Removes Zoom Web Server From All Macs (lien direct) |
Apple on Wednesday released an update to remove the Zoom web server from all Macs, following controversy that it puts users' security at risk.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 16:47:03 |
In an Interconnected World, Data Security is a Shared Responsibility (lien direct) |
Taking active steps to safeguard your organization's digital presence on and offline is not a new recommendation; if anything, elaborate security measures are emblematic of our times. Passwords, multi-factor access protocols, biometrics and other forms of user authentication have become standard, and for good reason: the incidence of data loss, theft and misuse is huge.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 16:00:00 |
Users Unable to Log on to Windows Due to McAfee Update (lien direct) |
An update released recently by McAfee for one of its products is preventing Windows users from logging on to their systems, and some major organizations appear to have been affected.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 14:15:01 |
Archive Server of Pale Moon Open Source Browser Hacked (lien direct) |
Developers of the open source web browser Pale Moon revealed on Wednesday that the project's archive server was compromised and all executable files were infected with malware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 13:30:02 |
Widely Used Kiosks Compromised by Hardcoded Credentials (lien direct) |
Hardcoded Credentials in Kiosk Software Allowed Remote Attackers to Compromise API
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 12:21:04 |
enSilo Raises $23 Million in Series B Funding (lien direct) |
Endpoint security firm enSilo on Thursday announced new capabilities for its platform, a $23 million Series B funding round, and significant revenue growth.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 12:10:02 |
SAP Patches Critical Flaw in Diagnostics Agent (lien direct) |
SAP this week released 11 Security Notes as part of the Patch Day – July 2019, one of which was a Hot News Note addressing a Critical vulnerability in Diagnostics Agent.
Tracked as CVE-2019-0330 and featuring a CVSS score of 9.1, the bug is an OS command injection that could lead to the compromise of the entire SAP system.
|
Vulnerability
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 09:47:02 |
Buhtrap Group Used Windows Zero-Day in Government Attack (lien direct) |
One of the two Windows zero-day vulnerabilities fixed by Microsoft with its July 2019 Patch Tuesday updates was used by a threat group known as Buhtrap to target a government organization in Eastern Europe, according to cybersecurity firm ESET.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-11 04:34:04 |
Ex-IT Worker Who Hacked Former Company\'s Website Gets Prison (lien direct) |
An Arizona man has been sentenced to 27 months in federal prison for hacking into computer systems operated by his former California employer and then deleting its website and marketing materials.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 16:03:02 |
Intel Patches Serious Vulnerability in Processor Diagnostic Tool (lien direct) |
Intel's Patch Tuesday updates for July 2019 fix a serious vulnerability in the company's Processor Diagnostic Tool and a less serious issue in its Solid State Drives (SSD) for Data Centers (DC) product.
|
Tool
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 15:55:01 |
Sea Turtle\'s DNS Hijacking Continues Despite Exposure (lien direct) |
In April 2019, Cisco Talos researchers reported on an ongoing state-sponsored DNS hijacking campaign that had compromised at least 40 different organizations in 13 countries. They named the campaign Sea Turtle, and described the group as brazen and persistent. If discovered, they do not simply give up and go away.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 14:41:00 |
Flaw in Rockwell PanelView Allows Root-Level Access to Devices (lien direct) |
A serious vulnerability in Rockwell Automation's PanelView graphics terminals allows a remote, unauthenticated attacker to gain root-level access to the device's file system.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 12:47:01 |
Privacy Compliance Firm TrustArc Raises $70 Million (lien direct) |
San Francisco-based privacy compliance and data protection firm TrustArc on Wednesday announced that it raised $70 million in a Series D funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 12:04:00 |
Marriott to Contest $124 Million Fine Imposed by UK Data Protection Regulator (lien direct) |
Marriott International says it will fight a large fine resulting from a massive data breach that was discovered in 2018.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 10:52:04 |
ChatOps is Your Bridge to a True DevSecOps Environment (lien direct) |
The way we build, provision, maintain and secure apps continues to evolve. As agile development practices put pressure on operations, organizations move to DevOps where both functions are synchronized. This in turn puts pressure on the app security organization, and so we see more companies today adopting a DevSecOps model.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 10:42:00 |
Researchers Find 17,490 Anubis Android Malware Samples (lien direct) |
Two related servers were recently found hosting 17,490 samples of the same Android malware, Trend Micro's security researchers say.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 06:09:01 |
GE Says Anesthesia Machine Vulnerability Poses No Risk to Patients (lien direct) |
Researchers have discovered a vulnerability that can be used to hack some of GE Healthcare's hospital anesthesia devices, but the vendor says it does not pose a direct risk to patients.
|
Hack
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-10 01:32:04 |
Marriott Faces $123 Million Fine in UK for Data Breach (lien direct) |
Marriott says it will fight a $123 million U.K. government fine related to its massive data breach.
Marriott has the right to respond to the proposed fine before a final determination is made by the U.K.'s Information Commissioner's Office. The agency says the breach violated the European Union's data protection regulations.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 20:09:01 |
In the Detection and Response Era, a Unified SOC is the Path to Success (lien direct) |
This may be cheesy, and half of you reading this may not have been alive at the time to remember, but President Ronald Reagan's appeal more than 30 years ago to “tear down this wall” is advice security professionals should heed as well. A reunified Germany is now an economic powerhouse, affording its citizens a better quality of life.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 19:48:01 |
Two Windows Privilege Escalation Vulnerabilities Exploited in Attacks (lien direct) |
Microsoft's July 2019 Patch Tuesday updates fix nearly 80 vulnerabilities, including two Windows zero-day flaws and six issues whose details were previously made public.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 18:25:04 |
Vulnerability Gives Attackers Remote Access to Zoom Users\' Cameras (lien direct) |
A vulnerability in the Zoom Client for Mac allows a remote attacker to force a user into joining a video call with the video camera active, a security researcher has discovered.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 16:20:02 |
UK Spy Agency Decrypts Some Secrets With New Exhibition (lien direct) |
Historic gadgets used by British spies will be revealed for the first time later this week, as one of the country's intelligence agencies steps out the shadows to mark its centenary -- and to educate people about the risks of cyber-attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 15:55:05 |
Adobe Fixes Low Priority Flaws With July 2019 Patch Tuesday Updates (lien direct) |
Adobe's Patch Tuesday updates for July 2019 address vulnerabilities in the company's Bridge CC, Experience Manager and Dreamweaver products, but none of the security holes appear serious.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 15:39:01 |
Malware Isolation Firm Menlo Security Raises $75 Million (lien direct) |
Menlo Security, a provider of zero-trust internet isolation services, has raised $75 million in a Series D funding round led by clients advised by JP Morgan Asset Management. Existing investors, including Sutter Hill Ventures, American Express Ventures, HSBC and JP Morgan Chase also participated in the funding.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 15:32:03 |
Fileless Attack Attempts to Run Astaroth Backdoor Directly in Memory (lien direct) |
Microsoft says it recently detected and stopped a fileless campaign looking to deliver the Astaroth Trojan to unsuspecting victims.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 13:24:00 |
Several Siemens Devices Affected by Intel MDS Vulnerabilities (lien direct) |
Siemens informed customers on Tuesday that several of its products are affected by the Microarchitectural Data Sampling (MDS) vulnerabilities impacting a majority of the Intel processors made in the last decade.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 11:51:01 |
Indiana County Disabled by Malware Attack (lien direct) |
LaPorte County, Indiana, reported Sunday that it had been affected by a malware attack. County Commission President Dr. Vidya Kora announced that county employees and the public needing to access any county government email or website would be unable to do so because of a "malicious malware attack that occurred on Saturday morning, July 6, 2019, that has disabled our computer and email systems."
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-09 06:02:00 |
U.S. Coast Guard Issues Cybersecurity Warnings for Commercial Vessels (lien direct) |
The U.S. Coast Guard on Monday issued a safety alert advising commercial vessel owners and operators to ensure that effective cybersecurity measures are in place to protect the network and important control systems on their ships.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-08 20:54:02 |
Iran-Linked Malware Shared by USCYBERCOM First Seen in December 2016: Kaspersky (lien direct) |
Iran-linked malware uploaded to VirusTotal last week by United States Cyber Command (USCYBERCOM) was first observed in Dec 2016 and Jan 2017, according to security firm Kaspersky.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-08 20:34:05 |
Maryland Department of Labor Announces Data Breach (lien direct) |
The Maryland Department of Labor has announced that databases containing personally identifiable information (PII) were accessed in a cyber-incident discovered earlier this year.
|
Data Breach
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-08 15:23:02 |
Malicious Code Planted in \'strong_password\' Ruby Gem (lien direct) |
A developer discovered that an update released for the 'strong_password' Ruby gem contained malicious code that allowed an attacker to remotely execute arbitrary code.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-08 14:03:02 |
British Airways Faces $230 Million Fine for 2018 Breach (lien direct) |
UK ICO Shows its Teeth in Fining BA £183 Million for 2018 Breach
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-08 12:11:02 |
Eurofins Scientific Paid Up in Response to Ransomware Attack: Report (lien direct) |
Luxembourg-based laboratory testing services giant Eurofins Scientific reportedly paid the ransom demanded by cybercriminals following a successful ransomware attack that led to the company taking offline many of its systems and servers.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-08 05:42:00 |
Canonical GitHub Account Hijacked (lien direct) |
Canonical, the company behind the Ubuntu operating system, confirmed over the weekend that one of its GitHub accounts was hacked.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-08 04:41:02 |
Mystery of NSA Leak Lingers as Stolen Document Case Winds Up (lien direct) |
Federal agents descended on the suburban Maryland house with the flash and bang of a stun grenade, blocked off the street and spent hours questioning the homeowner about a theft of government documents that prosecutors would later describe as “breathtaking” in its scale.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-05 13:42:05 |
Cryptomining Campaign Targets Linux Servers with Go Malware (lien direct) |
A recently uncovered cryptomining campaign is delivering a new Golang malware to target Linux-based servers, F5 Networks security researchers report.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-05 13:02:00 |
EFF, OTI Respond to UK\'s Online Harms Legislative Proposal (lien direct) |
The Electronic Frontier Foundation (EFF) and New America's Open Technology Institute (OTI) have published their combined response to the UK government's Online Harms White Paper. The white paper, published in April 2019, with a public consultation period ending July 1, 2019, proposes legislation designed to increase the safety of users online.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-04 12:28:00 |
Hacker Who Disrupted Sony Gaming Firm Gets Federal Prison (lien direct) |
A hacker who disrupted Sony Online Entertainment and other gaming companies has been sentenced to more than two years in federal prison.
Twenty-three-year-old Austin Thompson of Utah received the 27-month sentence on Tuesday in San Diego.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-04 05:25:03 |
Magento Patches Flaws Leading to Site Takeover (lien direct) |
Magento recently addressed vulnerabilities that could be exploited by unauthenticated attackers to hijack administrative sessions and then completely take over vulnerable web stores.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-04 05:13:00 |
Certificates Issued to Huawei Subsidiary Found in Cisco Switches (lien direct) |
Researchers noticed that the firmware for some Cisco switches contains X.509 certificates and associated private keys issued to a US-based subsidiary of Huawei. An investigation by the networking giant revealed that it was an oversight related to the use of an open-source third-party component.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-03 20:07:04 |
Georgia Failed to Subpoena Image of Wiped Elections Server (lien direct) |
The case of whether hackers may have tampered with elections in Georgia has taken another strange turn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-07-03 18:56:00 |
Multiple Chinese Groups Share the Same RTF Weaponizer (lien direct) |
During an investigation into a possibly shared RTF weaponizer by Indian and Chinese APT groups, researchers have discovered that multiple Chinese groups have updated the weaponizer to exploit the Microsoft Equation Editor (EE) vulnerability CVE-2018-0798. The same weaponizer had previously delivered exploits for EE vulnerabilities CVE-2017-11882 and CVE-2018-0802.
|
Vulnerability
|
|
|