Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-06 16:09:48 |
Injection Attacks Common in Energy and Utilities Sector: IBM (lien direct) |
The energy and utilities sector has seen an increasing number of cybersecurity incidents and attacks, according to a new IBM X-Force report published on Wednesday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-06 15:03:42 |
Autodesk A360 Drive Used to Spread Malware (lien direct) |
Cloud-based online storage service Autodesk A360 Drive has been recently abused as a malware delivery platform, according to Trend Micro.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-06 13:31:27 |
Hackers Target Control Systems in U.S. Energy Firms: Symantec (lien direct) |
A group of cyberspies believed to be operating out of Russia has been observed targeting energy facilities in the United States and other countries, and the attackers appear to be increasingly interested in gaining access to the control systems housed by these organizations.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-06 13:00:23 |
Variant of Android WireX Bot Delivers Powerful UDP Flood Attacks (lien direct) |
Variant of WireX Android Botnet is Able to Deliver High-volume UDP Flood DDoS Attacks
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-06 12:21:29 |
Get Security and Business Teams Aligned by Assuming You\'ve Been Hacked (lien direct) |
Security Organizations and Businesses Must Plan and Prepare for Information Security Incidents and Breaches Together as One Team
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-06 11:49:02 |
Europe Court Backs Employee Fired Over Private Messages (lien direct) |
Europe's top rights court on Tuesday restricted the ability of employers to snoop on their staff's private messages, in a landmark ruling with wide ramifications for privacy in the workplace.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-06 10:13:47 |
Lenovo Settles FTC Charges Over Superfish Adware (lien direct) |
Lenovo has reached a settlement with the U.S. Federal Trade Commission (FTC) and Attorneys General in 32 states regarding the company's decision to preinstall man-in-the-middle (MitM) software on its laptops.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-06 08:12:40 |
Exploit Available for Critical Apache Struts Vulnerability (lien direct) |
The latest version of Apache Struts 2 addresses several vulnerabilities, including a critical remote code execution flaw for which an exploit was created within hours after the release of a patch.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 18:44:57 |
Multiple Vulnerabilities Found in Mobile Bootloaders (lien direct) |
A team of security researchers from the University of California, Santa Barbara has discovered a series of code execution and denial of service vulnerabilities in the bootloaders of popular mobile platforms.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 14:51:47 |
Serious Flaws Found in Westermo Industrial Routers (lien direct) |
Sweden-based industrial data communications company Westermo has released firmware updates for some of its wireless 3G and 4G routers to address several potentially serious vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 13:36:40 |
Security is the Goal, Not Compliance (lien direct) |
Just Because You Passed Your Compliance Audit Does Not Mean That You Are Secure
When asked why he robs banks, Willie Sutton famously responded, “because that's where the money is.†In today's day and age, physical currency is no longer the target of the bad guys.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 13:15:38 |
xRAT Mobile Malware Emerges (lien direct) |
A recently discovered mobile remote access Trojan includes extensive data collection capabilities and is associated with known mobile and Windows-targeting threats, Lookout security researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 12:38:44 |
Fake Chrome Font Update Attack Distributes Backdoor (lien direct) |
A malicious campaign targeting users of the Chrome web browser on Windows systems recently started distributing a remote access Trojan, security researchers have discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 12:29:32 |
Hackers Sell Celebrity Info Obtained in Instagram Hack (lien direct) |
Hackers claim to have obtained the personal details of millions of Instagram users, including celebrities, after exploiting a vulnerability in the Facebook-owned photo-sharing service.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 12:07:39 |
Researchers Devise Hopeful Defense Against Credential Spear Phishing Attacks (lien direct) |
Security Researchers Have Proposed a New and Effective Way to Detect Credential Spearphishing Attacks in the Enterprise
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 10:05:21 |
Siemens Patches Flaws in Automation, Power Distribution Products (lien direct) |
Siemens customers were informed last week that some of the company's automation and power distribution products are affected by vulnerabilities that can be exploited for denial-of-service (DoS) attacks and session hijacking.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-05 08:20:12 |
Details of U.S. \'Top Secret\' Clearance Holders Leaked Online (lien direct) |
The personal details of thousands of individuals who submitted job applications to an international security firm were exposed online due to an unprotected storage server set up by a recruiting services provider.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-01 13:49:51 |
China-linked KHRAT Operators Adopt New Delivery Techniques (lien direct) |
A recently observed KHRAT remote access Trojan (RAT) infection campaign uses updated spear phishing, download and execution techniques, Palo Alto Networks security researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-01 13:44:38 |
Serious Vulnerabilities Disclosed in Modems Used by AT&T\'s U-verse Service (lien direct) |
Five vulnerabilities have been found in Arris-manufactured home networking equipment supplied in AT&T's U-verse service. The vulnerabilities are considered so trivial to exploit that they have been disclosed to the public without waiting for remedial work from either Arris or AT&T.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-01 13:35:15 |
Mozilla to Completely Ban WoSign, StartCom Certificates in Firefox 58 (lien direct) |
Mozilla this week announced plans to completely remove trust in the digital certificates issued by Chinese certificate authority WoSign and its subsidiary StartCom starting with Firefox 58.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-09-01 11:10:31 |
Backdoored RAT Builder Kit Offered for Free (lien direct) |
The builder kit of a remote access Trojan (RAT) that was initially spotted in early 2017 contains a backdoored module, Zscaler reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 17:04:56 |
CIA\'s "AngelFire" Modifies Windows\' Boot Sector to Load Malware (lien direct) |
Wikileaks on Thursday published documents detailing AngelFire, a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to load and execute implants on Windows-based systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 16:59:32 |
700 Million Records Found on Server Powering Onliner Spambot (lien direct) |
A Paris-based malware researcher known as Benkow has discovered more than 700 million records used by the Onliner spambot on a misconfigured server. The records comprise a large number of email addresses, passwords and SMTP configurations. Researcher Troy Hunt has subsequently added the lists to his Have I Been Pwned (HIBP) website and service.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 16:41:59 |
Former Columbia Sportswear IT Worker Admits to Illegally Accessing Company Network (lien direct) |
A former employee of Columbia Sportswear pleaded guilty on Wednesday to intentionally accessing the Columbia Sportswear IT network without authorization.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 13:37:19 |
St. Jude Medical Recalls 465,000 Pacemakers Over Security Vulnerabilities (lien direct) |
Pacemaker Patients Must Visit Healthcare Provider for Firmware Update That Addresses Security Vulnerabilities
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 13:08:39 |
The "Imitation Game" - The Need for Human Intelligence in Threat Operations (lien direct) |
“What if only a machine could defeat another machine?â€
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 12:26:36 |
Need to Jumpstart IoT Security? Consider Segmentation (lien direct) |
The Internet of Things (IoT) holds great promise for business collaboration and innovation through connections unimaginable a decade ago.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 12:13:42 |
Researchers Link New "Gazer" Backdoor to Turla Cyberspies (lien direct) |
Gazer/WhiteBear is Sophisticated Malware That Has Been Used Against High-profile Targets
Security researchers and ESET and Kaspersky Lab have unveiled details on a new backdoor used by the Russia-linked cyber-espionage group Turla in attacks against embassies and consulates worldwide.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 12:02:47 |
Unpatched Code Execution Vulnerability Affects LabVIEW (lien direct) |
Cisco Talos security researchers have discovered a code execution vulnerability in National Instruments' LabVIEW system design and development platform.
The LabVIEW engineering software is used in applications that require test, measurement, and control functions.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 11:55:59 |
Researchers Poison Machine Learning Engines (lien direct) |
The more that artificial intelligence is incorporated into our computer systems, the more it will be explored by adversaries looking for weaknesses to exploit.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-31 11:14:59 |
With Security at the Foundation, Blockchain Can Revolutionize the World (lien direct) |
The Only Way to Ensure That the Blockchain Revolution is Successful is Through Security
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-30 13:09:33 |
Breach at Used Tech Goods Seller CeX Exposes Two Million Customers (lien direct) |
CeX, a second-hand technology goods chain, is notifying up to 2 million of its online customers that their personal details may have been compromised.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-30 11:45:43 |
Snapping Links in the Kill Chain: Lessons Learned from a Stealth Pilot (lien direct) |
"Adversaries have to build a kill chain. We're not trying to prevent every aspect of that chain, just snap one of those links."
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-29 20:00:16 |
Jimmy Banking Trojan Reuses NukeBot Code (lien direct) |
A recently discovered modification of the Neutrino banking Trojan reuses parts of the NukeBot source code that was made publicly available earlier this year, Kaspersky Lab researchers discovered.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-29 18:06:22 |
Over $500,000 Up For Grabs at Mobile Pwn2Own 2017 Hacking Competition (lien direct) |
Trend Micro this week said that it will offer over $500,000 in cash prizes at Zero Day Initiative's Mobile Pwn2Own contest, set to take place Nov. 1-2, during the PacSec 2017 Conference in Tokyo, Japan.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-29 17:55:53 |
North Korea Accused of Stealing Bitcoin to Bolster Finances (lien direct) |
North Korea (DPRK) appears to be targeting bitcoin (both users and exchanges) as a means to counter the increasing effect of international sanctions. Earlier this month the UN Security Council unanimously imposed new sanctions targeting the country's primary exports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-29 17:19:09 |
IoT Device Hit by Credential Attack Every Two Minutes: Experiment (lien direct) |
Internet of Things (IoT) botnets such as Mirai might not be in the headlines as often as they were several months ago, but the threat posed by insecure IoT devices is as high as before, a recent experiment has revealed.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-29 15:11:53 |
Unpatched Vulnerabilities Impact Popular Browser Extension Systems (lien direct) |
Security researchers have discovered two vulnerabilities that impact the extension systems of major browsers, including Chrome, Firefox, Safari, and Opera.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-29 12:10:32 |
MoqHao Banking Trojan Targets South Korean Android Users (lien direct) |
A recently spotted Android banking Trojan targeting South Korean users via SMS phishing messages (smishing) was linked to an infection campaign from two years ago, McAfee security researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-28 17:24:55 |
Tech Firms Unite to Neutralize WireX Android Botnet (lien direct) |
Major New WireX Android Botnet Neutralized by Cross-Vendor Collaborative Research
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-28 16:01:16 |
Defray Ransomware Used in Selective Attacks Against Multiple Sectors (lien direct) |
A newly discovered ransomware variant has been used in small, selectively targeted attacks aimed at healthcare and education, and manufacturing and technology, respectively.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-28 15:52:31 |
Thousands of IoT Devices Impacted by Published Credentials List (lien direct) |
Over 1,700 Internet of Things (IoT) devices worldwide are potentially exposed to hackers after a list containing their IPs and default login credentials emerged on Pastebin.com.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-28 11:32:59 |
U.S. Government Cybersecurity Ranks 16th Out of 18 Industry Sectors (lien direct) |
The U.S. state and federal government's cybersecurity standing is ranked 16th of 18 industry sectors in a new report. This is a very small improvement on last year's comparable position, which was 18th out of 18; but it still paints a grim picture of public sector readiness to fight cybercrime and cyber espionage.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-28 11:17:18 |
China Demands Internet Platforms Verify Users\' True Identity (lien direct) |
China has ordered the country's internet platforms to verify users' true identity before letting them post online content, the latest step by authorities to tighten policing of the web.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-27 18:48:30 |
Hundreds of Russians Protest Tighter Internet Controls (lien direct) |
About 1,000 Russians braved pouring rain in Moscow on Saturday to demonstrate against the government's moves to tighten controls on internet use, with police arresting about a dozen protesters.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-25 15:23:57 |
PoS Flaws Allow Hackers to Steal Card Data, Change Prices (lien direct) |
Point-of-sale (PoS) systems developed by SAP and other vendors have serious vulnerabilities that can be exploited by hackers to steal payment card data from the targeted organization's network and change the price of items they want to purchase.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-25 13:36:29 |
Chinese National Charged With U.S. Hacking (lien direct) |
The FBI has charged a Chinese national with using malicious software widely linked to a devastating hack of government databases that saw the personal information of millions of federal workers and contractors stolen.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-25 13:35:38 |
Cisco IOS Flaws Expose Rockwell Industrial Switches to Remote Attacks (lien direct) |
Rockwell Automation has informed customers that some of its Allen-Bradley Stratix and ArmorStratix industrial ethernet switches are exposed to remote attacks due to vulnerabilities in Cisco's IOS software.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-25 11:03:40 |
Google Introduces App Engine Firewall (lien direct) |
Google on Thursday informed cloud platform customers that the beta release of its App Engine firewall is available for testing.
The Google App Engine firewall allows developers and administrators to easily allow or block traffic from specified IP addresses by defining a set of rules and ordering them based on priority.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-08-25 09:41:51 |
PoC Released for Dangerous iOS Kernel Exploit (lien direct) |
Proof-of-concept (PoC) code has been released for recently patched iOS vulnerabilities that can be chained to take full control of a mobile device. The flaws could also be useful for a jailbreak, according to the researcher who found them.
|
|
|
|