Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-18 15:04:23 |
Antiquated Policy Complicates Threat Intelligence Collection (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-18 07:00:07 |
Google Researcher Finds Critical Flaw in Keeper Password Manager (lien direct) |
Google Project Zero researcher Tavis Ormandy recently discovered that the Keeper password manager had been affected by a critical flaw similar to one he identified just over one year ago in the same application.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-18 05:29:52 |
vBulletin to Patch Disclosed Code Execution, File Deletion Flaws (lien direct) |
The details of two potentially serious vulnerabilities affecting version 5 of the vBulletin forum software were disclosed by researchers last week. The flaws are currently unpatched, but vBulletin developers have promised to release fixes soon.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-17 17:43:14 |
French Aerospace Giant Thales Acquires SIM Maker Gemalto (lien direct) |
French aerospace and defence group Thales said Sunday it has bought European SIM manufacturer Gemalto in a bid to become a global leader in digital security.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-16 23:11:12 |
Microsoft Disables Dynamic Update Exchange Protocol in Word (lien direct) |
In an attempt to prevent cybercriminals from abusing the Dynamic Update Exchange protocol (DDE) for nefarious operations, Microsoft has disabled the feature in all supported versions of Word.
The DDE protocol was designed to allow Windows applications to transfer data between each other and consists of a set of messages and guidelines.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-15 17:32:28 |
Iran Used "Triton" Malware to Target Saudi Arabia: Researchers (lien direct) |
The recently uncovered malware known as “Triton†and “Trisis†was likely developed by Iran and used to target an organization in Saudi Arabia, according to industrial cybersecurity and threat intelligence firm CyberX.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-15 15:32:10 |
Facebook Releases New Certificate Transparency Tools (lien direct) |
Following the release of the |
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-15 15:19:56 |
Study Examines Value of Data (lien direct) |
IP is Valued Above Email but Below PII, Survey Finds
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-15 14:59:15 |
New "PRILEX" ATM Malware Used in Targeted Attacks (lien direct) |
Trend Micro security researchers recently discovered a highly targeted piece of malware designed to steal information from automated teller machines (ATMs).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-15 14:47:42 |
Nigerian Sentenced to Prison in U.S. for BEC Scams (lien direct) |
A Nigerian national has been sentenced by a United States court to 41 months in prison for his role in business email compromise (BEC) scams, the Department of Justice announced on Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-15 12:13:09 |
Synaptics to Remove "Keylogger" Functionality From Drivers (lien direct) |
Synaptics says recent reports inaccurately characterized a debugging tool found in its touchpad drivers as a keylogger, but the company has decided to remove the functionality from its products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-15 10:37:36 |
Hackers Target Security Firm Fox-IT (lien direct) |
Fox-IT, the Netherlands-based cybersecurity firm owned by NCC Group, revealed on Thursday that it had been the victim of a man-in-the-middle (MitM) attack made possible by DNS records getting changed at its third-party domain registrar.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 21:05:30 |
How to Make Adversaries Work Harder, While We Work Smarter, in 2018 (lien direct) |
2018 Should Not Be Another Year Where Attackers Continue to Exploit the Known
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 19:17:55 |
Google Details How It Protects Data Within Its Infrastructure (lien direct) |
Google has decided to share detailed information on how it protects service-to-service communications within its infrastructure at the application layer and the the system it uses for data protection.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 19:10:28 |
UK Spy Chiefs Peel Back Secrecy -- to Fight Cybercrime (lien direct) |
Britain's cyber-spooks are reaching out from behind their veil of secrecy with the aim of cultivating the nation's next generation of high-tech sentries -- a move not without security risks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 17:50:39 |
2018 Predictions: Customers Demand Outcomes to End Balkanization of Security Practices (lien direct) |
“It's much more pleasant to be obsessed over how the hero gets out his predicament than it is over how I get out of mine†– Woody Allen
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 17:47:55 |
New "Triton" ICS Malware Used in Critical Infrastructure Attack (lien direct) |
A new piece of malware designed to target industrial control systems (ICS) has been used in an attack aimed at a critical infrastructure organization, FireEye reported on Thursday. Experts believe the attack was launched by a state-sponsored actor whose goal may have been to cause physical damage.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 17:12:33 |
Critical 0-Day Allows Remote Hacking of DirecTV Video Bridge (lien direct) |
An unpatched critical vulnerability impacting a wireless video bridge used by DirecTV allows for an attacker to remotely execute code on the vulnerable devices, Zero-Day Initiative researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 16:12:01 |
Open Source Vulnerabilities: Are You Prepared to Run the Race? (lien direct) |
After going through 24 seasons of cross-country, winter track, and spring track with my boys, I fully understand that if you put your toe on the line, you had better be prepared to race, or bad things happen.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 15:31:22 |
Avast Open Sources Machine-Code Decompiler in Battle Against Malware (lien direct) |
In an effort to boost the fight against malicious software, anti-malware company Avast this week announced the release of its retargetable machine-code decompiler as open source.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 13:53:04 |
New Cisco App Helps Organizations Secure iOS Devices (lien direct) |
Cisco on Thursday announced the availability of Security Connector, an iOS application designed to provide organizations visibility and control for mobile devices running Apple's operating system.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 11:34:42 |
Fortinet\'s FortiClient Product Exposed VPN Credentials (lien direct) |
Updates released by Fortinet for its FortiClient product patch a serious information disclosure vulnerability that can be exploited to obtain VPN authentication credentials.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 09:22:24 |
Traffic to Major Tech Firms Rerouted to Russia (lien direct) |
Internet traffic for some of the world's largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 03:11:10 |
U.S. Prosecutors Confirm Uber Target of Criminal Probe (lien direct) |
A letter made public Wednesday in Waymo's civil suit against Uber over swiped self-driving car secrets confirmed the ride-share service is the target of a US criminal investigation.
|
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-14 02:38:36 |
U.S. Military to Send Cyber Soldiers to the Battlefield (lien direct) |
The US Army will soon send teams of cyber warriors to the battlefield, officials said Wednesday, as the military increasingly looks to take the offensive against enemy computer networks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 21:19:39 |
Security is Not a Technology Profession (lien direct) |
Security is not a technology profession. Or at least it shouldn't be, I would argue. If this sounds like a provocative statement to you, then I am doing my job well. In the end, though, once I've argued my position, I hope you'll come to agree with me.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 20:55:32 |
Three Plead Guilty in Mirai Botnet Attacks (lien direct) |
US officials unveiled criminal charges Wednesday against a former university student and two others in the Mirai botnet attacks which shut down parts of the internet in several countries starting in mid-2016.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 18:14:37 |
New Spider Ransomware Emerges (lien direct) |
A new ransomware family discovered when analyzing a mid-scale campaign that started over the weekend uses decoy documents auto-synced to enterprise cloud storage and collaborations apps, security researchers have say.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 17:55:15 |
Greek Court Orders Extradition of Russian Bitcoin Suspect to US (lien direct) |
Greece's Supreme Court on Wednesday ordered that a Russian accused of laundering $4 billion using bitcoin digital currency be extradited to the United States, a court source said.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 17:37:49 |
Threat Modeling the Internet of Things: Modeling Reaper (lien direct) |
What a timely way to end this series on Threat Modeling the Internet of Things (IoT). An advanced thingbot, nicknamed Reaper (or IoTroop), was recently discovered infecting hordes of IoT devices. Reaper ups the ante for IoT security.
|
Cloud
|
APT 37
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 16:20:59 |
Singapore Ministry of Defence Announces Bug Bounty Program (lien direct) |
Singapore's Ministry of Defence (MINDEF) has invited roughly 300 white hat hackers from around the world to take part in a two-week bug bounty program targeting eight of its Internet-facing systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 15:34:13 |
Philippine Bank Accuses Bangladesh of Heist \'Cover-Up\' (lien direct) |
A Philippine bank on Tuesday accused Bangladesh's central bank of a "massive cover-up" over an $81-million cyber-heist last year, as it rejected allegations it was mostly to blame.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 15:20:20 |
Apple Patches KRACK Flaws in AirPort Base Station (lien direct) |
Apple this week released security updates to the firmware for its AirPort Base Stations to resolve vulnerabilities that make the network routers at risk to Key Reinstallation Attacks (KRACK).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 14:17:30 |
Critical Flaws Found in Palo Alto Networks Security Platform (lien direct) |
Updates released by Palo Alto Networks for the company's PAN-OS security platform patch critical and high severity vulnerabilities that can be exploited for remote code execution and command injection.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 12:54:18 |
AIG Creates New Model to Score Client Cyber Risk (lien direct) |
Insurance giant American International Group said this week that it has developed a new cyber benchmarking model that quantifies and scores the cyber risk of its clients.
The new model, AIG says, evaluates a client's cyber security maturity against 10 common attack patterns across 11 commonly used technology devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 12:31:27 |
Old Crypto Vulnerability Hits Major Tech Firms (lien direct) |
A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world's top websites.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 11:43:10 |
Upstream Security Raises $9 Million to Protect Connected Cars Through the Cloud (lien direct) |
Upstream Security, a Herzliya, Israel-based cybersecurity company that helps protect connected cars and autonomous vehicles from cyber threats, today announced that it has raised $9 million through a Series A funding round.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-13 06:13:13 |
Trump Signs Bill Banning Kaspersky Products (lien direct) |
U.S. President Donald Trump on Tuesday signed a bill that prohibits the use of Kaspersky Lab products and services in federal agencies.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 20:42:19 |
(Déjà vu) Microsoft Patches 19 Critical Browser Vulnerabilities (lien direct) |
Microsoft's Patch Tuesday updates for December 2017 address more than 30 vulnerabilities, including 19 critical flaws affecting the company's Internet Explorer and Edge web browsers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 20:24:26 |
Machine Learning & Security: Making Users Part of the Equation (lien direct) |
The Best Security Doesn't Exclude Users, it Empowers Them
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 19:38:03 |
Stealthy Admin Accounts Found in Hybrid Office 365 Deployments (lien direct) |
Vulnerability in Azure AD Connect Software Can Provide Stealthy Admins With Full Domain Control
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 19:07:25 |
SAP Becomes CVE Numbering Authority (lien direct) |
Released this week with fixes for 11 vulnerabilities, SAP's Security Patch Day for December 2017 marks a change in the history of SAP patches: it also includes CVE numbers in the titles of the security notes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 17:58:23 |
Millions Impacted by Credential-Stealers in Google Play (lien direct) |
During October and November 2017, Kaspersky Lab researchers discovered 85 applications in Google Play that were designed to steal credentials for Russian social network VK.com. One of the malicious applications had more than a million downloads.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 17:49:20 |
Adobe Patches \'Business Logic Error\' in Flash Player (lien direct) |
The only security update released by Adobe this Patch Tuesday addresses a moderate severity regression issue affecting Flash Player.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 17:45:04 |
Golduck Malware Infects Classic Android Games (lien direct) |
Several classic game applications in Google Play have been silently downloading and installing a malicious APK file onto Android devices, Appthority reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 16:50:01 |
Patchwork Cyberspies Adopt New Exploit Techniques (lien direct) |
Malware campaigns attributed to the Patchwork cyberespionage group have been using a new delivery mechanism and exploiting recently patched vulnerabilities, Trend Micro warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 15:35:27 |
Cloud Security Startup ShieldX Networks Raises $25 Million (lien direct) |
ShieldX Networks, a San Jose, Calif.-based cloud security company, announced that it has closed a $25 million Series B round of funding with participation from new investors including FireEye founder Ashar Aziz, Dimension Data and Symantec Ventures.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 13:34:30 |
Cybersecurity Incidents Hit 83% of U.S. Physicians: Survey (lien direct) |
A majority of physicians in the United States have experienced a cybersecurity incident, and many are very concerned about the potential impact of a cyberattack, according to a study conducted by professional services company Accenture and the American Medical Association (AMA).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 08:11:34 |
Google Researcher Releases iOS 11 Jailbreak Exploit (lien direct) |
Google Project Zero researcher Ian Beer has released a proof-of-concept (PoC) exploit that could pave the way for the first iOS 11 jailbreak.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-12-12 02:07:36 |
Facing Dissent From Abroad, Ethiopia Turns to Spyware (lien direct) |
As soon as Ethiopian opposition activist Henok Gabisa read the email, he knew something was not right.
With the subject line "Democracy in Ethiopia: Can it be saved?", the message seemed tailor-made for him.
|
|
|
|