Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-26 08:00:28 |
New Windows Backdoor Linked to SambaCry Linux Malware (lien direct) |
The cybercriminals who had recently delivered a cryptocurrency miner to Linux servers by exploiting the Samba vulnerability known as EternalRed and SambaCry are believed to have developed a backdoor designed for Windows systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-26 05:53:08 |
Hacker Steals $8.4 Million in Ethereum from Veritaseum (lien direct) |
An unknown hacker stole around 37,000 VERI tokens from Veritaseum peer-to-peer platform and sold them for around $8.4 million in Ethereum during the company's ICO (Initial Coin Offering).
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 22:49:33 |
Sweden Rattled by Massive Confidential Data Leak (lien direct) |
Sweden's minority government was battling to contain the fallout Monday after a massive leak that may have made confidential military information accessible abroad, as well as the private data of millions of citizens.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 16:43:54 |
Adobe to Kill Flash Player, End Support by 2020 (lien direct) |
[Breaking] Adobe on Tuesday said that it would kill its Flash Player and stop providing security updates by the end of 2020.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 16:30:37 |
IBM Launches Security Testing Services For Cars, IoT (lien direct) |
IBM Security announced on Monday that the services provided by its X-Force Red penetration testing group have been expanded to include connected vehicles and Internet of Things (IoT) devices.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 15:33:39 |
Bot vs Bot in Never-Ending Cycle of Improving Artificial intelligence (lien direct) |
Artificial intelligence, usually in the form of machine learning (ML), is infosecurity's current buzz. Many consider it will be the savior of the internet, able to defeat hackers and malware by learning and responding to their behavior in all-but real time.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 15:00:59 |
CrowdStrike Launches Cybersecurity Search Engine (lien direct) |
Cloud-based endpoint security firm CrowdStrike announced on Tuesday that it has expanded the capabilities of its Falcon platform by adding a powerful search engine.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 13:22:51 |
Ursnif Banking Trojan Gets Mouse-Based Anti-Sandboxing (lien direct) |
Recently discovered variants of the Ursnif banking Trojan include anti-sandboxing features based on a combination of mouse position and file timestamps, while also attempting to steal data from the Thunderbird email client, Forcepoint security researchers reveal.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 12:51:54 |
Iranian \'CopyKittens\' Conduct Foreign Espionage (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 11:45:09 |
Tech Firms Target Domains Used by Russia-linked Threat Group (lien direct) |
Tech companies ThreatConnect and Microsoft are moving toward exposing and taking down domains associated with Russia-linked threat group known as Fancy Bear.
|
|
APT 28
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 11:22:26 |
Georgian News Site Serves New Version of Old Mac Trojan (lien direct) |
Researchers at security firm Volexity noticed that the website of a media organization based in the country of Georgia had been serving a new version of an old Mac Trojan to specific visitors.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-25 11:06:29 |
ICS Networks Not Immune To Insider Threats (lien direct) |
Organizations Need Specialized Monitoring and Control Technologies for ICS Networks
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 17:21:39 |
One in Ten U.S. Organizations Hit by WannaCry: Study (lien direct) |
A recent survey discovered that the vast majority of organizations in the United States weren't prepared for the WannaCry ransomware attack, but just one in ten ended up being infected by the malware.
|
|
Wannacry
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 16:08:03 |
Misconfigured Google Groups Expose Sensitive Data (lien direct) |
Researchers at cloud security firm RedLock believe hundreds of organizations may be exposing highly sensitive information by failing to properly configure Google Groups.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 16:00:52 |
A Business-Driven Approach to Prioritizing Security Alerts (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 15:26:59 |
Researcher Analyzes Psychology of Ransomware Splash Screens (lien direct) |
The 'splash screens' of seventy-six different types of ransomware have been analyzed by a cyber-psychologist from De Montfort University.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 14:02:53 |
Endpoint Protection: Spotting the Cyber Wolf in Sheep\'s Clothing (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 13:31:37 |
Google Rolls-Out Play Protect Services for Android (lien direct) |
After introducing the product at the Google I/O conference in May, Google has now made its Play Protect security services available to all Android users.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 12:56:02 |
Over 600 Malware Samples Linked to Chinese Cyberspy Group (lien direct) |
A China-linked cyber espionage group tracked by security firms as Lotus Blossom, Elise, Esile and Spring Dragon has used more than 600 malware samples in its attacks over the past years, according to Kaspersky Lab.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 12:34:51 |
Threat Hunters Analyze Trends in Destructive Cyber-Attacks (lien direct) |
The three primary trends in the incidence of destructive cyber-attacks are that they are increasing; they are usually state-sponsored; and they do not, apart from a few rare occurrences, involve anything more than basic tools. Potentially more concerning for private industry, however, is a lack of concern over what, in kinetic warfare, would be termed 'collateral damage'.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 09:48:49 |
Internet Bug Bounty Project Receives $300,000 Donation (lien direct) |
The Internet Bug Bounty (IBB), a project whose goal is to make the Web safer by rewarding white hat hackers who find vulnerabilities in core Internet infrastructure and open source software, announced on Friday that it has secured a $300,000 donation.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-24 08:37:39 |
Briton Pleads Guilty to Mirai Attacks in German Court (lien direct) |
A British man pleaded guilty last week in a German court to launching a cyberattack that resulted in more than one million customers of telecommunications provider Deutsche Telekom experiencing Internet disruptions.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-22 01:48:24 |
Russia Moves to Ban Tools Used to Surf Outlawed Websites (lien direct) |
Russia's parliament on Friday voted to outlaw web tools that allow internet users to sidestep official bans of certain websites, the nation's latest effort to tighten controls of online services.
Members of the lower house, the Duma, passed the bill to prohibit the services from Russian territory if they were used to access blacklisted sites.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-21 16:42:54 |
Hundreds of Java Flaws Patched by Schneider in Trio TView Software (lien direct) |
Energy management and automation solutions giant Schneider Electric was informed by a researcher that its Trio TView software uses a version of Java that was released in 2011 and is affected by hundreds of vulnerabilities.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-21 14:01:12 |
Network Spreading Capabilities Added to Emotet Trojan (lien direct) |
Researchers at Fidelis Cybersecurity have spotted a variant of the Emotet Trojan that has what appears to be a feature designed to help the malware spread on internal networks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-21 12:12:27 |
Security Automation is About Trust, Not Technology (lien direct) |
We Can Automate the Action, Without Automating the Decision...
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-21 11:23:31 |
Undetected For Years, Stantinko Malware Infected Half a Million Systems (lien direct) |
A massive botnet that remained under the radar for the past five years managed to infect around half a million computers and allows operators to “execute anything on the infected host,†ESET researchers warn.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-21 10:48:37 |
Symantec Tricked Into Revoking Certificates Using Fake Keys (lien direct) |
Researcher Hanno Böck has tricked Symantec into revoking TLS certificates by falsely claiming that their private keys had been compromised. Comodo was also targeted, but the company did not fall for the same ruse.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-21 10:13:38 |
Citadel Author Sentenced to Five Years in Prison (lien direct) |
A Russian man this week was sentenced to five years in prison for his involvement in the development and maintenance of the Citadel banking malware.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 18:12:30 |
Defenders Gaining on Attackers, But Attacks Becoming More Destructive: Cisco (lien direct) |
Cisco Publishes 2017 Midyear Cybersecurity Report
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 16:32:02 |
Hacker Steals $30 Million in Ethereum from Parity Wallets (lien direct) |
A hacker was allegedly able to exploit a vulnerability in Ethereum wallet client Parity and steal over $30 million worth of crypto-currency.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 15:50:26 |
U.S., European Police Say \'Dark Web\' Markets Shut Down (lien direct) |
Washington - US and European police on Thursday announced the shutdown of two huge "dark web" marketplaces that allowed the anonymous online trade of drugs, hacking software and guns.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 15:45:57 |
New CyberX Technology Predicts ICS Attack Vectors (lien direct) |
Industrial cybersecurity and threat intelligence firm CyberX announced on Thursday the availability of a new simulation technology that allows organizations to predict breach and attack vectors on their networks.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 14:38:35 |
Avast Acquires CCleaner Developer Piriform (lien direct) |
Antivirus firm Avast announced on Wednesday the acquisition of Piriform, a London, UK-based company that develops the popular cleaning and optimization tool CCleaner.
|
|
CCleaner
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 13:54:09 |
FedEx May Have Permanently Lost Data Encrypted by NotPetya (lien direct) |
FedEx-owned international delivery services company TNT Express is still working on restoring systems hit last month by the destructive NotPetya malware attack, but some business data may never be recovered, FedEx said in a Securities and Exchange Commission (SEC) filing this week.
|
|
FedEx
NotPetya
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 13:32:00 |
Firms Unite to Hunt Threats From Network to Endpoint (lien direct) |
Network and Endpoint Threat Hunters Corvil and Endgame Combine to Provide Pan-Infrastructure Detection and Response
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 13:22:28 |
(Déjà vu) Tor Offers $4,000 Per Flaw in Public Bug Bounty Program (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 13:15:30 |
The Art of Measuring Security Success (lien direct) |
It's Time to Stop Measuring Security Success by Only Internal, Readily-available Metrics
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 12:25:56 |
Apple Patches Vulnerabilities Across All Platforms (lien direct) |
Apple this week released security patches for all four of its operating systems to resolve tens of security bugs in each of them.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-20 08:50:46 |
Segway miniPRO Flaws Put Riders at Risk of Injury (lien direct) |
The Ninebot by Segway miniPRO hoverboard-style electric scooter is affected by several vulnerabilities that can be exploited to take control of the device and possibly injure the rider, security consulting firm IOActive warned.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 19:33:06 |
CrowdStrike, Dragos Partner to Deliver Comprehensive ICS Security Services (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 16:59:18 |
Overcoming Appeasement: Think About Risk From the Business Out (lien direct) |
For a couple of decades now, the career path of a cybersecurity professional has been evolving just like the rest of the tech industry. Years ago the top title was the dedicated “security officer,†who was generally also the CIO, the CFO, or some other officer of the company.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 16:06:12 |
\'DarkHotel\' APT Uses New Methods to Target Politicians (lien direct) |
The DarkHotel threat group has been using some new methods in attacks aimed at government employees with an interest in North Korea, according to a report published this week by security firm Bitdefender.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 14:45:50 |
Google Warns Users of Potentially Risky Web Apps (lien direct) |
Google is taking another step to better protect users from malicious third-party web applications: it is now warning users of newly created web apps and Apps Scripts that are pending verification.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 14:27:15 |
Prioritization and Automation – Using Threat Intelligence to Scale Security Operations (lien direct) |
In my last article I shared five steps you can take to turn threat intelligence into a threat operations program, putting yourself in a better position to reduce risk – now and in the future.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 13:43:52 |
(Déjà vu) 2017 ICS Cyber Security Conference Call for Speakers Open Through August 15 (lien direct) |
Longest Running ICS/SCADA Cybersecurity Conference to take Place Oct. 23-26, 2017 at InterContinental Hotel Atlanta
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 13:09:24 |
Mozilla Conducts Security Audit of Firefox Accounts (lien direct) |
Mozilla has asked Germany-based security firm Cure53 to conduct an audit of the Firefox Accounts system and researchers identified a total of 15 issues, including vulnerabilities rated critical and high severity.
|
|
|
★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 11:11:21 |
An Outside-In Look at Digital Transformation (lien direct) |
Digital Transformation is a Massive Undertaking and Must be Entered into With Equal Thought to Security and Business Strategy
|
|
|
★★★★★
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 10:25:17 |
Oracle Patches Record-Breaking 308 Vulnerabilities in July Update (lien direct) |
Oracle on Tuesday released its July 2017 Critical Patch Update (CPU) to address a total of 308 vulnerabilities, the highest number of security fixes ever released in a quarter by the enterprise software giant.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2017-07-19 08:57:39 |
Millions of IoT Devices Possibly Affected by \'Devil\'s Ivy\' Flaw (lien direct) |
A vulnerability dubbed by researchers “Devil's Ivy,†which exists in an open source library present in the products of many companies, could affect millions of security cameras and other Internet of Things (IoT) devices.
|
|
|
|