Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 19:29:44 |
(Déjà vu) FedEx Profit Takes $300 Million Hit After Malware Attack (lien direct) |
The malware attack that hit international delivery services company TNT Express in June had a negative impact of roughly $300 million on FedEx's profit in the latest quarter.
|
|
FedEx
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 15:27:42 |
Iranian Hackers Target Aerospace, Energy Companies (lien direct) |
A cyber espionage group linked by security researchers to the Iranian government has been observed targeting aerospace and energy organizations in the United States, Saudi Arabia and South Korea.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 14:18:51 |
AWS Bucket Leaks Viacom Critical Data (lien direct) |
An Amazon Web Services S3 cloud storage bucket containing a great deal of Viacom internal access credentials and other critical data was left publicly accessible, UpGuard security researchers have discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 13:33:12 |
Infrared Cameras Allow Hackers to Jump Air Gaps (lien direct) |
A team of researchers from Israel has developed a piece of malware that demonstrates how hackers can abuse security cameras with infrared (IR) capabilities to send and receive data to and from an air-gapped network.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 12:23:52 |
Intrusion Detection Startup Threat Stack Raises $45 Million (lien direct) |
Threat Stack, a Boston, Mass.-based intrusion detection startup has raised $45 million in a Series C funding, bringing the total raised by the company to more than $70 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 10:38:07 |
Hacker or Hero? Why a Hacker Isn\'t Always a Supervillain (lien direct) |
Summer is coming to a close, and with it the end of a steady stream of superhero movies that have been lighting up the box office over the past few months. But while on-screen heroes have been lassoing bad guys or saving the galaxy, here in the real world we've been witnessing a different type of anti-criminal activity: defense against cybercrime.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 10:30:03 |
iOS 11 Patches 8 Security Vulnerabilities (lien direct) |
Apple this week announced the availability of 8 security patches for its iPhone 5s and later, iPad Air and later, and iPod touch 6th generation users, released as part of the iOS 11 platform upgrade.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 10:25:07 |
Twitter Suspends Nearly 1 Million Accounts Associated with Terrorism (lien direct) |
Twitter has suspended a total of 935,897 accounts for the promotion of terrorism between August 1, 2015, and June 30, 2017, the company says in its latest transparency report.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-20 09:52:42 |
\'Optionsbleed\' Flaw Causes Apache to Leak Data (lien direct) |
A vulnerability found in Apache HTTP Server (httpd) can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests, a researcher warned.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 18:32:53 |
Equifax Breach Affects 100,000 Canadians (lien direct) |
Equifax revealed on Tuesday that the recent data breach affects roughly 100,000 Canadian consumers, but the company's systems in Canada were not compromised.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 17:41:54 |
The Truth About Micro-Segmentation: Healthy Heterogeneity (Part 3) (lien direct) |
“Civilization is a progress from indefinite, incoherent homogeneity toward a definite, coherent heterogeneity.†― Herbert Spencer
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 17:20:46 |
Android AV App Collected Data on Tens of Millions Users (lien direct) |
Tens of millions of Android users potentially had their information collected by a security application distributed through Google Play, Check Point security researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 16:22:01 |
EU to Launch Cybersecurity \'Safety Labels\' (lien direct) |
The European Union unveiled plans Tuesday to step up its response to cyber attacks, including a new intelligence-sharing agency, cyber war games and product safety labels.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 15:46:58 |
Siemens, PAS Partner on Industrial Cybersecurity (lien direct) |
Engineering giant Siemens and PAS, a company that specializes in cyber security solutions for industrial control systems (ICS), announced on Tuesday a new strategic partnership.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 15:27:11 |
New "Red Alert" Android Banking Trojan Emerges (lien direct) |
A recently discovered Android banking Trojan features a bot and command and control panel fully written from scratch, SfyLabs has discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 15:15:10 |
POS Malware Abuses Exposed ElasticSearch Nodes for C&C (lien direct) |
Two point of sale (POS) malware families have been abusing thousands of publicly accessible ElasticSearch nodes for command and control (C&C) purposes, Kromtech security researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 14:36:00 |
Google, Spotify Release Open Source Cloud Security Tools (lien direct) |
Google and music service Spotify announced last week the launch of Forseti Security, a community-driven collection of open source tools designed to improve security in Google Cloud Platform (GCP) environments.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 14:07:28 |
U.S., Moscow Seek Russian Held in Greece over Bitcoin Laundering (lien direct) |
Moscow has requested the extradition of a Russian national also wanted in the United States for laundering billions of dollars through a Bitcoin exchange he operated, a judicial source said Tuesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 13:13:54 |
Container Security Firm Aqua Raises $25 Million (lien direct) |
Aqua Security, a Tel Aviv, Israel-based container security startup, today announced that it has raised $25 million in Series B funding, bringing the total amount raised by the company to $38.5 million.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 12:16:42 |
Ex-porn Actor German Spy Guilty of Trying to Share State Secrets (lien direct) |
A former German intelligence agent who was also an ex-gay porn actor was Tuesday given a one-year suspended sentence for attempting to share state secrets while pretending to be a jihadist online.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 10:58:41 |
(Déjà vu) CCleaner Server Was Compromised in Early July (lien direct) |
A server distributing a version of PC utility CCleaner infected with malware might have been compromised in early July, Avast revealed.
|
|
CCleaner
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 10:47:28 |
DigitalOcean Warns of Vulnerability Affecting Cloud Users (lien direct) |
DigitalOcean is warning customers that some 1-Click applications running MySQL have an account with the same default password across all instances, and the company says the issue affects other cloud providers as well.
|
|
APT 32
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-19 10:23:58 |
New York Pushes to Regulate Credit Agencies After Equifax Breach (lien direct) |
New York Governor Andrew Cuomo announced on Monday plans to make credit reporting firms comply with the 23 NYCRR 500 cybersecurity regulations enacted earlier this year.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 19:49:37 |
Equifax Cybersecurity Failings Revealed Following Breach (lien direct) |
Shortcomings revealed by researchers and cybersecurity firms following the massive data breach suffered by Equifax show that a successful hacker attack on the credit reporting agency's systems was inevitable.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 17:59:53 |
New Attack Fingerprints Users Using Word Documents (lien direct) |
A newly detailed attack method leverages Microsoft Word documents to gather information on users, but doesn't use macros, exploits or any other active content to do so, security researchers at Kaspersky Lab have discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 14:41:59 |
Windows 10 Users to Get Improved Privacy Controls (lien direct) |
The upcoming Windows 10 Fall Creators Update will bring enhanced privacy controls to both consumers and commercial customers, Microsoft says.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 13:12:24 |
CyberGRX Partners With BitSight to Address Supply Chain Risks (lien direct) |
Partnership Integrates BitSight's Security Ratings Capabilities With CyberGRX Third-Party Cyber Risk Exchange
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 12:39:35 |
Flaws Patched in Trend Micro Mobile Security for Enterprise (lien direct) |
A patch released last week by Trend Micro for its Mobile Security for Enterprise product resolves several vulnerabilities, including remote code execution issues rated critical and high severity.
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 12:38:25 |
Millions Download Maliciously Modified PC Utility (lien direct) |
Infected CCleaner Utility Highlights Dangers of Software Supply Chain Attacks
|
|
CCleaner
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 11:25:42 |
Microsoft Extends Office Bounty Program (lien direct) |
Microsoft has announced an extension to its Microsoft Office Bounty Program, which is now set to run until December 31, 2017.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 10:46:55 |
Threat Report Says 1 in 50 iOS Apps Could Leak Data (lien direct) |
A new global threat report for the mobile ecosystem shows that iOS provides a bigger threat than is often perceived. While the insecurities of the Android operating system are well-documented, the report notes that 1 in 50 iOS apps used in enterprise environments could potentially leak sensitive data.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 09:40:38 |
Equifax Shares More Details About Breach (lien direct) |
Equifax has shared more details about the recent breach that affects roughly 143 million U.S. consumers, including how it discovered the unauthorized access and the number of individuals impacted by the incident in the United Kingdom.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-18 01:15:55 |
Millions Download "ExpensiveWall" Malware via Google Play (lien direct) |
A newly discovered Android malware that managed to infect at least 50 applications in Google Play has been downloaded between 1 million and 4.2 million times, Check Point researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 22:09:25 |
Equifax Security Chief, CIO to \'Retire\' Immediately (lien direct) |
Following the massive data breach that was disclosed on September 7, Equifax announced on Friday that Chief Security Officer Susan Mauldin and Chief Information Officer David Webb are retiring from the company effective immediately.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 17:45:25 |
VMware Patches Critical SVGA Code Execution Flaw (lien direct) |
Patches released this week by VMware address several vulnerabilities, including one rated critical, in the company's ESXi, vCenter Server, Workstation and Fusion products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 16:51:33 |
HWP Documents and PostScript Abused to Spread Malware (lien direct) |
A recently malware attack has been leveraging the Hangul Word Processor (HWP) word processing application and its ability to run PostScript code, Trend Micro reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 15:03:06 |
Chrome to Label FTP Resources as "Not Secure" (lien direct) |
Google announced on Thursday that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.â€
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 13:14:10 |
Scammers Offer to Sell Data Stolen in Equifax Hack (lien direct) |
While the large amount of information stolen in the recent Equifax hack might be up for sale somewhere on the dark web, scammers have also set up websites offering the data from the U.S. credit reporting agency.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 12:56:17 |
Trump Blocks Chinese Acquisition of U.S. Semiconductor Firm (lien direct) |
President Donald Trump on Wednesday blocked attempts by a Chinese state-owned firm to acquire an American semiconductor manufacturer on national security concerns, drawing a rebuke from Beijing.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 12:15:38 |
Mocana Integrates Embedded Security Software With Industrial Cloud Platforms (lien direct) |
Mocana Integrates Embedded Security Software with AWS IoT, Microsoft Azure IoT, and VMware Liota to Protect Devices
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 10:53:28 |
Magento Patches Critical Vulnerability in eCommerce Platforms (lien direct) |
Magento this week released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 to address numerous vulnerabilities, including a remote code execution bug rated Critical severity.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 10:41:42 |
U.S. Politicians Demand Probe of Equifax After Hack (lien direct) |
A senior US senator called Wednesday for a federal investigation of credit rating agency Equifax after the company lost the personal data of 143 million customers to hackers.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 08:58:41 |
Kaspersky CEO to Testify Before Congress (lien direct) |
After the U.S. Department of Homeland Security (DHS) issued a binding operational directive ordering government departments and agencies to stop using products from Russia-based Kaspersky Lab, the security firm's CEO has been invited to testify before Congress.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-15 02:40:10 |
Mozilla Implements Faster Diffie-Hellman Function in Firefox (lien direct) |
Mozilla on this week revealed plans to introduce a new key establishment algorithm in Firefox to improve both security and performance of the web browser.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-14 15:33:49 |
U.S. Watchdog Confirms Probe of Huge Equifax Data Breach (lien direct) |
A U.S. consumer protection watchdog agency said Thursday it has begun an investigation into a massive data breach at credit bureau Equifax that may have leaked sensitive information on 143 million people.
|
|
Equifax
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-14 15:25:49 |
Secure Kernel Extension Loading in macOS Easily Bypassed: Researcher (lien direct) |
Apple's new Secure Kernel Extension Loading (SKEL) security feature, set to be implemented in the upcoming macOS 10.13 High Sierra, can be easily bypassed, a security researcher claims.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-14 14:17:32 |
Trouble in Paradise as Cyber Attackers Circumvent 2FA (lien direct) |
Two-Factor Authentication (2FA) has for years been one of the very dependable security technologies that was invoked to address high-risk scenarios -- whether to safeguard enterprise resources accessed through the firewall, financial accounts, or -- for high-value targets -- protect each email login.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-14 12:52:32 |
New Attack Abuses CDNs to Spread Malware (lien direct) |
Content delivery networks (CDNs) are being increasingly abused to spread malware, courtesy of standards that allow the download and execution of payloads on computers, ESET warns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-14 12:22:40 |
Backdoored Plugin Impacts 200,000 WordPress Sites (lien direct) |
Around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code, Wordfence reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-14 11:12:38 |
Equifax Confirms Apache Struts Flaw Used in Hack (lien direct) |
U.S. credit reporting agency Equifax confirmed on Wednesday that an Apache Struts vulnerability exploited in the wild since March was used to breach its systems.
|
|
Equifax
|
|