Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-02 13:46:41 |
Cisco Patches Serious DoS, Injection Flaws in Several Products (lien direct) |
Cisco has released updates for several of its security, networking and cloud products to address over a dozen vulnerabilities, including high severity issues that can be used for command injections and denial-of-service (DoS) attacks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-02 10:57:39 |
The Sometimes Forgotten Foundation for the OODA Loop - the Human (lien direct) |
Applying the OODA Loop to Cybersecurity Will Help Accelerate the Process of Translating Threat Data Into Action
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-02 10:45:43 |
Automated System Defeats reCAPTCHA With High Accuracy (lien direct) |
A newly devised system that targets the audio version of Google's reCAPTCHA challenges can break them with very high accuracy.
Dubbed unCAPTCHA, the automated system designed by computer science experts from the University of Maryland (UM) is said to be able to defeat the audio reCaptcha system with 85% accuracy.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-02 10:10:22 |
Smartphone Exploits Earn Hackers Over $500,000 (lien direct) |
White hat hackers earned more than half a million dollars at this year's Mobile Pwn2Own competition after successfully demonstrating exploits against Samsung's Galaxy S8, Apple's iPhone 7 and Huawei's Mate 9 Pro.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 20:46:33 |
Facebook\'s Zuckerberg Says Security Costs Will Hurt Profits (lien direct) |
Facebook Chief Says Protecting Community is More Important Than Maximizing Profits
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 18:03:40 |
New "Silence Trojan" Used in Ongoing Bank Attacks (lien direct) |
Silence Trojan is a Fresh Example of Cybercriminals Shifting From Attacks on Users to Direct Attacks Against Banks
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 17:24:13 |
Windows 10 Exploit Guard Boosts Endpoint Defenses (lien direct) |
Courtesy of the Windows Defender Exploit Guard that ships with Windows 10 Fall Creators Update, systems running Microsoft's Windows 10 operating system can fend off emerging threats, Microsoft says.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 16:46:18 |
Standalone Signal Desktop Messaging App Released (lien direct) |
Signal, a popular secure messaging application, is now available for Windows, macOS, and Linux computers as a standalone program.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 16:00:14 |
Hilton Reaches $700,000 Settlement Over Data Breaches (lien direct) |
U.S. hotel chain Hilton has reached a settlement with the states of New York and Vermont over the payment card breaches suffered by the company in 2014 and 2015.
Hilton has agreed to pay $700,000 – $400,000 to New York and $300,000 to Vermont – and promised to take steps to improve its data security and breach disclosure practices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 15:04:34 |
To Share or Not to Share: The Security Researcher\'s Dilemma (lien direct) |
The End User Community is at the Mercy of Security Researchers to Act Responsibly
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 14:53:30 |
Website Blindspots Show GDPR is a Global Game Changer (lien direct) |
One of the less publicized features of the European General Data Protection Regulation (GDPR) is that US companies can be held liable even if they do not actively trade with Europe. This is because the regulation is about the collection and storage of European personal information, not about business.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 14:13:00 |
(Déjà vu) DigiCert Addresses Mozilla\'s Concerns on Symantec CA Acquisition (lien direct) |
DigiCert has addressed the concerns raised by Mozilla and others regarding the company's acquisition of Symantec's certificate business after some web browser vendors announced that certificates issued by the security firm would no longer be trusted.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 12:42:48 |
Apple Patches Dangerous KRACK Wi-Fi Vulnerabilities (lien direct) |
Apple on Tuesday released a new set of security patches for its products, including fixes for Wi-Fi vulnerabilities disclosed in mid October.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 12:22:00 |
All Hail The Ambulance Chasers of Security (lien direct) |
Wikipedia defines “ambulance chasing†as follows: “Ambulance chasing, sometimes known as barratry, is a professional slur which refers to a lawyer soliciting for clients at a disaster site. The term 'ambulance chasing' comes from the stereotype of lawyers that follow ambulances to the emergency room to find clients. The phrase ambulance chaser is also used more loosely as a derogatory term for a personal injury lawyer.â€
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 11:44:00 |
Samsung, Apple, Huawei Phones Hacked at Mobile Pwn2Own (lien direct) |
Researchers have managed to hack the Samsung Galaxy S8, the iPhone 7 and the Huawei Mate 9 Pro on the first day of the Mobile Pwn2Own 2017 competition taking place alongside the PacSec conference in Tokyo, Japan.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-11-01 09:00:46 |
Serious SQL Injection Flaw Patched in WordPress (lien direct) |
A serious SQL injection vulnerability was patched on Tuesday by WordPress developers with the release of version 4.8.3.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 18:28:56 |
Meet MBR-ONI, Bootkit Ransomware Used as a Targeted Wiper (lien direct) |
Earlier this year a new ransomware, dubbed ONI, was discovered in Japan. It is described as a sub-species of the GlobeImposter ransomware. Researchers blogged in July, "When it infects it, it encrypts the file, assigns the extension .oni to the filename, and asks for payment to decrypt it."
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 16:01:59 |
Comodo Sells Certificate Business to Private Equity Firm (lien direct) |
Francisco Partners Acquires Comodo's Certifiate Authority Business
Tech-focused private equity firm Francisco Partners announced on Tuesday that it has acquired Comodo CA Limited, Comodo's certificate authority business, for an undisclosed amount.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 15:46:00 |
Google to Remove Support for PKP in Chrome (lien direct) |
Google is planning to deprecate and eventually completely remove support for public key pinning (PKP) from the Chrome web browser.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 15:35:31 |
Firefox to Block Canvas-based Browser Fingerprinting (lien direct) |
Firefox will soon provide users with increased privacy by blocking browser fingerprinting performed through the HTML5 canvas element.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 14:39:41 |
Threat Intelligence Firm Recorded Future Raises $25 Million (lien direct) |
Threat intelligence provider Recorded Future today announced that it has raised $25 million in a Series E round of funding Led by Insight Venture Partners.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 14:32:53 |
Mozilla Raises Concerns Over DigiCert Acquiring Symantec CA (lien direct) |
Mozilla has raised some concerns regarding DigiCert acquiring Symantec's website security and related public key infrastructure (PKI) solutions after major web browser vendors announced that certificates issued by the security firm would no longer be trusted.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 12:21:58 |
Backdoor Attacks From Windigo Operation Still Active (lien direct) |
Windigo, a malicious operation uncovered over three years ago, continues to be active despite a takedown attempt in 2014 and the sentencing of one conspirator in August 2017.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 11:32:00 |
North Korea Denies Involvement in WannaCry Cyberattack (lien direct) |
North Korea has slammed Britain for accusing it of being behind a global ransomware attack that hit the National Health Service, calling the allegation a "wicked attempt" to further tighten international sanctions against Pyongyang.
|
|
Wannacry
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 10:56:35 |
IBM Helps Banks Prevent New Account Fraud (lien direct) |
IBM Security announced on Tuesday the launch of a product designed to help banks and other service providers protect their customers against new account fraud (NAF).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 10:37:53 |
Life Between Absolutes - The Challenge of a Security Professional (lien direct) |
Security has never been about being 'secure' or 'insecure'; I think we as an industry of professionals can broadly agree on this. What we don't seem to agree on, pretty much ever, is how to strike the balance of good enough security.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 08:55:54 |
Google Bug Tracker Exposed Details of Unpatched Vulnerabilities (lien direct) |
A bug bounty hunter has earned more than $15,000 from Google after finding several potentially serious vulnerabilities related to the company's Issue Tracker, including one that exposed the details of unpatched flaws.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-31 02:23:54 |
FireEye Releases Managed Password Cracking Tool (lien direct) |
FireEye on Monday released a tool designed to help red teams manage password cracking tasks across multiple GPU servers. Called GoCrack, the open source tool provides an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 19:30:20 |
Sage Ransomware Gets Anti-Analysis Capabilities (lien direct) |
The Sage ransomware, which emerged toward the beginning of this year, has added new functionality that allows it to escalate privileges and evade analysis, Fortinet warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 18:07:38 |
New iPhone Brings Face Recognition (and Fears) to the Masses (lien direct) |
Apple will let you unlock the iPhone X with your face -- a move likely to bring facial recognition to the masses, along with concerns over how the technology may be used for nefarious purposes.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 16:49:36 |
Heathrow Probes How Security Data Found on London Street (lien direct) |
Heathrow Airport said Sunday it has launched an internal investigation after a memory stick containing extensive security information was found on a London street by a member of the public.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 16:28:44 |
Hamas-Linked \'Gaza Cybergang\' Has New Tools, Targets (lien direct) |
A threat actor believed to be linked to the Palestinian terrorist organization Hamas continues to target organizations in the Middle East and North Africa (MENA) region, and their operations now include some new tools and techniques, Kaspersky Lab reported on Monday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 14:29:33 |
Oracle Patches Critical Flaw in Identity Manager (lien direct) |
Oracle informed customers on Friday that its Identity Manager product is affected by a critical vulnerability that can be easily exploited by malicious actors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 13:23:24 |
What More Does It Take to Make Cyber Security a Top Priority? (lien direct) |
It has been yet another busy month in the world of cyber security news. What does it mean when breaches reach private sector and public institutions that are supposed to be experts in risk oversight? It means that security is hard even when it is treated as a priority, let alone when it is an afterthought, as it is in most institutions.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 12:55:31 |
Researchers Downplay Size of Reaper IoT Botnet (lien direct) |
The Mirai-like "Reaper" botnet that began infecting Internet of Things (IoT) devices in late September has only ensnared up to 20,000 bots so far, according to estimates from Arbor Networks.
|
Cloud
|
APT 37
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 12:13:17 |
Police Probe Hack of London Plastic Surgery Clinic (lien direct) |
British police said Tuesday they were investigating the theft of data from a London plastic surgery clinic, with reports that sensitive images of celebrities have been stolen.
London Bridge Plastic Surgery said it was still establishing the extent of the hack, adding that it believed those responsible have previously targeted US medical providers.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 09:21:55 |
Code Execution Flaws Patched in Apache OpenOffice (lien direct) |
Researchers at Cisco Talos have discovered three vulnerabilities in Apache OpenOffice that can be exploited by malicious actors for remote code execution using specially crafted document files.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-30 08:33:54 |
NotPetya Attack Had Significant Impact on Merck Revenue (lien direct) |
American pharmaceutical giant Merck reported last week that the recent NotPetya malware attack caused losses of hundreds of millions of dollars in revenue.
|
|
NotPetya
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-29 14:18:25 |
VPN Law Latest Step in Kremlin Online Crackdown: Experts (lien direct) |
A law coming into force on Wednesday will give the Kremlin greater control over what Russians can access online ahead of a presidential election next March.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-27 18:44:24 |
Files Encrypted by Bad Rabbit Recoverable Without Paying Ransom (lien direct) |
Some users may be able to recover the files encrypted by the Bad Rabbit ransomware without paying the ransom, Kaspersky researchers discovered after analyzing the malware's encryption functionality.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-27 15:36:38 |
Vulnerabilities Found in Ship Communication System (lien direct) |
IOActive has long been interested in the security of satellite communications. In 2014, it published a report on “multiple high risk vulnerabilities†in all the satellite systems it studied.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-27 12:38:26 |
UK Blames North Korea for Cyberattack That Crippled Hospitals (lien direct) |
Britain on Friday blamed North Korea for a ransomware attack this year that a new report revealed affected a third of English hospitals and could have been prevented with "basic" IT security.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-27 12:38:23 |
Industrial Products Also Vulnerable to KRACK Wi-Fi Attack (lien direct) |
Some industrial networking devices are also vulnerable to the recently disclosed KRACK Wi-Fi attack, including products from Cisco, Rockwell Automation and Sierra Wireless.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-27 08:00:45 |
Profiling Tool Suggests \'Bad Rabbit\' Not Financially Motivated (lien direct) |
Researchers at FireEye noticed that some of the websites redirecting users to the Bad Rabbit ransomware hosted a profiling framework, which could suggest that the attack was not financially motivated.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-26 17:01:33 |
\'Bad Rabbit\' Ransomware Uses NSA Exploit to Spread (lien direct) |
Contrary to initial reports, the Bad Rabbit ransomware that hit Russia and Ukraine this week does in fact leverage an exploit linked to the U.S. National Security Agency (NSA).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-26 16:27:22 |
Security Flaw Could Have Let Hackers Turn on Smart Ovens (lien direct) |
A security flaw in LG's smart home devices gave hackers a way to control the household appliances of millions of customers, including the ability to turn on ovens, a computer security firm revealed on Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-26 15:21:39 |
Microsoft Open Sources Website Scanning Tool \'Sonar\' (lien direct) |
Microsoft announced this week the availability of Sonar, an open source linting and website scanning tool designed to help developers identify and fix performance and security issues.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-26 13:16:24 |
Moving Target Defense Startup Cryptonite Emerges From Stealth (lien direct) |
Cryptonite, a Rockville, Maryland-based startup that aims to prevent reconnaissance and lateral movement in the network using moving target defense and micro-segmentation technologies, has emerged from stealth mode.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-26 12:46:19 |
Skybox Raises $150 Million to Advance its Security Management Product (lien direct) |
Security analytics firm Skybox announced Wednesday that it has secured $150 million growth equity comprising $100 million from CVC Capital Partners' Growth Fund (CVC Growth), and $50 million from Pantheon. This more than doubles existing investment in the firm, which now stands at around $280 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-10-26 11:40:39 |
Symantec Claims It Is Leapfrogging the Competition (lien direct) |
The latest version of Symantec Endpoint Protection, SEP 14.1, adds new capabilities to the signatureless machine learning malware detection SEP product it introduced last year, and integrates with other Symantec security solutions. The stated purpose is to provide end-to-end protection for endpoints in a single agent.
|
|
|
|