What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-07-19 02:26:56 | Rapid7 Acquires Security Orchestration and Automation Firm Komand (lien direct) | Boston-based IT security and operations software maker Rapid7 (NASDAQ: RPD) on Tuesday announced that it has acquired security orchestration and automation firm Komand. | |||
|
2017-07-18 21:04:35 | UK Spy Agency Warns of State-sponsored Hackers Targeting Critical Infrastructure (lien direct) | The U.K. | |||
|
2017-07-18 17:14:35 | Court Upholds Gag Orders in National Security Letters (lien direct) | The Ninth U.S. Circuit Court of Appeals in San Francisco confirmed a lower court decision Monday that gag orders included in FBI National Security Letters (NSLs) do not violate the First Amendment of the U.S. Constitution's free speech protections. | |||
|
2017-07-18 16:24:31 | Malware Targets NAS Devices Via SambaCry Exploit (lien direct) | A piece of malware dubbed by researchers SHELLBIND leverages a recently patched Samba vulnerability in attacks aimed at Internet of Things (IoT) devices, particularly network-attached storage (NAS) appliances. | |||
|
2017-07-18 16:18:24 | EternalSynergy-Based Exploit Targets Recent Windows Versions (lien direct) | A security researcher has devised an EternalSynergy-based exploit that can compromise versions of Windows newer than Windows 8. | |||
|
2017-07-18 14:51:58 | How to Overcome Cyber "Insecurities" (lien direct) | Being a CISO is not an easy job. It takes a certain type of person who has the right mix of passion, discipline, technical knowledge and business acumen to be able to lead their organization in the right direction. Whether they come from a technical, business or even military background, all CISOs experience a number of personal and professional roadblocks on a daily basis that challenge the ultimate success of their company's security. | Guideline | ||
|
2017-07-18 14:15:29 | Millions of Dow Jones Customer Records Exposed Online (lien direct) | American news and financial information firm Dow Jones & Company inadvertently exposed the details of millions of its customers. The data was found online by researchers in an Amazon Web Services (AWS) S3 bucket that had not been configured correctly. | |||
|
2017-07-18 11:56:10 | Organizations Slow to Patch Critical Memcached Flaws (lien direct) | Tens of Thousands of Internet-Exposed Memcached Servers Are Vulnerable to Attacks Tens of thousands of servers running Memcached are exposed to the Internet and affected by several critical vulnerabilities disclosed last year by Cisco's Talos intelligence and research group. | |||
|
2017-07-18 11:35:39 | (Déjà vu) Hacker Steals $7 Million in Ethereum From CoinDash (lien direct) | An actor managed to hack the CoinDash official website during the company's ICO (Initial Coin Offering) and diverted over $7 million worth of Ethereum by replacing the official wallet address with their own. | |||
|
2017-07-18 10:35:18 | Two Iranians Charged in U.S. Over Hacking Defense Materials (lien direct) | Two Iranians were indicted Monday in the United States with hacking a defense contractor and stealing sensitive software used to design bullets and warheads, according to the Justice Department. | |||
|
2017-07-18 09:29:11 | Code Execution, DoS Vulnerabilities Found in FreeRADIUS (lien direct) | Security testing of FreeRADIUS using a technique known as fuzzing revealed more than a dozen issues, including vulnerabilities that can be exploited for denial-of-service (DoS) attacks and remote code execution. | |||
|
2017-07-17 19:37:13 | Lithuania to Extradite $100 Million Email Fraud Suspect to U.S. (lien direct) | A Lithuanian man who allegedly swindled $100 million (87 million euros) from tech giants Google and Facebook must be extradited to the United States, a court ruled on Monday. "The court has ruled in favour of extraditing Lithuanian citizen Evaldas Rimasauskas to the United States for criminal prosecution," Judge Aiva Surviliene said. | |||
|
2017-07-17 19:02:46 | Critical WebEx Flaws Allow Remote Code Execution (lien direct) | Cisco has updated the WebEx extensions for Chrome and Firefox to address critical remote code execution vulnerabilities identified by researchers working for Google and Divergent Security. | |||
|
2017-07-17 17:41:43 | Google Inviting 2-Step Verification SMS Users to Google Prompt (lien direct) | Google this week will start inviting 2-Step Verification (2-SV) SMS users to try Google Prompt, its year-old method of approving sign-in requests on smartphones. | |||
|
2017-07-17 16:51:10 | (Déjà vu) New IBM Z Mainframe Designed to "Pervasively Encrypt" Enterprise Data (lien direct) | New IBM Z14 Mainframe Introduces Encryption Engine Capable of Running More Than 12 Billion Encrypted Transactions Per Day | |||
|
2017-07-17 15:28:54 | OmniRAT-Based Android Backdoor Emerges (lien direct) | A newly discovered Android backdoor appears to be based on the OmniRAT remote administration tool (RAT) that targets Android, Windows, Linux and MacOS devices, Trend Micro security researchers warn. | |||
|
2017-07-17 15:11:30 | Intel, Defense Bills Amended to Include Russian Hacking (lien direct) | Intelligence and defense policy legislation passed last week shows that the United States government is increasingly concerned about cyberattacks, particularly attacks coming from Russia. | |||
|
2017-07-17 12:58:29 | Industry Massively Underinsured Against Global Cyber Attacks: Study (lien direct) | Industry is massively underinsured against a major global cyberattack -- which could trigger losses on a par with natural disasters such as Hurricane (Superstorm) Sandy. This is one of the main conclusions of a study conducted by Lloyds of London (the world's oldest insurance organization with more than 20% of the global cyber insurance market), and Cyence (a risk modeling firm). | |||
|
2017-07-17 11:39:43 | Ashley Madison Offers $11 Million in Data Breach Settlement (lien direct) | Ruby Life Inc., the owner and operator of the online adultery service Ashley Madison, has offered to pay $11.2 million to individuals affected by the 2015 data breach. | |||
|
2017-07-17 10:01:08 | Backdoor Uses FFmpeg Application to Spy on Victims (lien direct) | A recently observed feature-rich backdoor is capable of spying on its victim's activities by recording full videos with the help of the "FFmpeg" application, Malwarebytes warns. | |||
|
2017-07-17 09:55:23 | Hundreds of Domains Hijacked From French Registrar Gandi (lien direct) | Hundreds of domains were hijacked earlier this month and redirected to an exploit kit landing page as part of an attack targeting the French domain name registrar and hosting services provider Gandi. | |||
|
2017-07-14 18:32:44 | Risk Intelligence Firm Flashpoint Raises $28 Million (lien direct) | Flashpoint, a New York, NY-based threat intelligence and research company that focuses on what it calls “Business Risk Intelligence†(BRI) gleaned from combing the Deep & Dark Web, has raised $28 million in Series C funding. | ★★★★ | ||
|
2017-07-14 17:24:13 | Insider Steals Customer Data From Global Healthcare Group (lien direct) | Major International Healthcare Organization Bupa Loses Customer Details to Insider Threat | |||
|
2017-07-14 17:08:53 | Dark Web Market AlphaBay Goes Down (lien direct) | AlphaBay, a Dark Web markerplace for illegal products, went down last week after authorities seized equipment following raids in three different countries. | |||
|
2017-07-14 16:04:55 | Atlassian Launches Public Bug Bounty Program (lien direct) | Team collaboration and productivity software provider Atlassian announced this week the launch of a Bugcrowd-based public bug bounty program with rewards of up to $3,000 per vulnerability. | |||
|
2017-07-14 14:15:04 | New "WPSetup" Attack Targets Fresh WordPress Installs (lien direct) | A new type of attack against WordPress is targeting fresh installations to get admin access and execute PHP code in the victim's web hosting account, Wordfence reveals. | |||
|
2017-07-14 13:54:39 | How to Reduce Risk While Saving on the Cost of Resolving Security Defects (lien direct) | 
1. Shift Left.
2. Test earlier in the development cycle.
|
|||
|
2017-07-14 13:11:50 | Inadequate Boundary Protections Common in Critical Infrastructure: ICS-CERT (lien direct) | The assessments conducted by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in 2016 showed that inadequate boundary protection has remained the most prevalent weakness in critical infrastructure organizations. | |||
|
2017-07-14 12:05:27 | Australia to Compel Chat Apps to Hand Over Encrypted Messages (lien direct) | Social media giants like Facebook and WhatsApp will be compelled to share encrypted messages of suspected terrorists and other criminals with Australian police under new laws unveiled Friday. | |||
|
2017-07-14 11:57:36 | The Path of Least Resistance Beats the Road Less Travelled (lien direct) | Attackers May be Looking for the Path of Least Resistance, But There is No Shortcut to Securing your Platform | ★★ | ||
|
2017-07-14 11:04:41 | Old Kerberos Bypass Flaw Patched in Windows, Linux (lien direct) | A 20-year-old authentication bypass vulnerability affecting some implementations of the Kerberos protocol has been patched in Windows, Linux and BSD operating systems. | |||
|
2017-07-13 20:26:28 | EFF Reviews Privacy Practices of Online Service Providers (lien direct) | During 2016, the US government made 49,868 requests to Facebook for user data; 27,850 requests to Google; and 9,076 requests to Apple. Governments will not stop making these requests, since the internet has become a major avenue for mass surveillance. The real issue is to what extent internet companies will seek to protect their users' data from unwarranted government intrusions. | |||
|
2017-07-13 16:47:40 | Samsung Tizen Accused of Being Home to at Least 27,000 Findable Bugs (lien direct) | A purveyor of static code analysis wished to pitch his product to Samsung. What better way, he thought, than to run his product against the Samsung Tizen operating system, and demonstrate the results. The demonstration fell through, and the purveyor decided instead to publish his findings. | |||
|
2017-07-13 16:05:17 | Dell Launches Endpoint Security Product for Air-Gapped Systems (lien direct) | Dell announced on Thursday the availability of a new version of its Endpoint Security Suite Enterprise product designed specifically for air-gapped systems. | |||
|
2017-07-13 15:31:17 | Free Scanner Finds 50,000 EternalBlue-Vulnerable Systems (lien direct) | More than 50,000 computers vulnerable to the NSA-linked EternalBlue exploit were found by a free vulnerability scanner in recent weeks. | |||
|
2017-07-13 15:11:56 | Researchers Remotely Hijack Oracle OAM 10g Sessions (lien direct) | Two security researchers recently discovered an issue with improperly configured Oracle Access Manager (OAM) 10g that can be exploited by remote attackers to hijack sessions from unsuspecting users. | |||
|
2017-07-13 14:28:00 | \'HighRise\' Android Malware Used by CIA to Intercept SMS Messages (lien direct) | WikiLeaks on Thursday published a user guide describing what appears to be a tool used by the U.S. Central Intelligence Agency (CIA) to intercept SMS messages on Android mobile devices. | |||
|
2017-07-13 12:51:32 | RSA Webinar Today: Evolution from Two-Factor Authentication to Identity Assurance (lien direct) | 
|
|||
|
2017-07-13 12:46:37 | Trend Micro Patches Flaws in Deep Discovery Product (lien direct) | Trend Micro has released a critical patch for its Deep Discovery Director product to address several vulnerabilities that can be combined to achieve arbitrary command execution. | |||
|
2017-07-13 12:45:46 | Five Steps to Turn Threat Intelligence into a Threat Operations Program (lien direct) | Last month at the Gartner Security and Risk Management conference, I had the opportunity to speak with many CISOs, analysts and other security professionals. One of the common threads through many of these conversations was how to use threat intelligence more effectively to understand and act upon the highest priority threats facing their organizations. They have acquired multiple data feeds from multiple sources, but without the ability to sift through the data it has just become noise. | |||
|
2017-07-13 12:40:00 | Democracy at Risk from Poor Cybersecurity, Foreign Interference: Survey (lien direct) | Survey Shows Distinct Voter Concern for Elections and Cybersecurity | |||
|
2017-07-13 12:23:42 | Windows 10 Boosts Protections Against Code Injection Attacks (lien direct) | Enhancements in Windows 10 Creators Update include improvements in Windows Defender Advanced Threat Protection (Windows Defender ATP) to keep users protected from threats such as Kovter and Dridex Trojans, Microsoft says. | ★★★★★ | ||
|
2017-07-13 11:05:46 | Plans Are Worthless, But Planning is Everything (lien direct) | Planning for Cyber Protection and Resiliency is a Large Topic That Requires the Right Framework and a Balance of Strategic and Tactical Thinking | |||
|
2017-07-13 10:12:36 | Verizon Downplays Leak of Millions of Customer Records (lien direct) | The personal details of millions of Verizon customers were exposed online due to a misconfigured Amazon Web Services (AWS) S3 bucket operated by a third-party vendor, but the telecoms giant has downplayed the incident. | |||
|
2017-07-12 17:53:27 | How Tall is the Water Fountain? (lien direct) | Recently, I was thinking about the time during high school when I took a trip to visit my elementary school. I'm not sure why this memory suddenly popped into my head, but it did remind me of an important topic in security that I've been meaning to write about. | |||
|
2017-07-12 17:23:49 | LockPoS Point of Sale Malware Emerges (lien direct) | A newly discovered Point of Sale (PoS) malware is being delivered via a dropper that is manually loaded and executed on the targeted systems, Arbor Networks Security researchers warn. | |||
|
2017-07-12 16:27:35 | Let\'s Encrypt Wildcard Certificates a \'Boon\' for Cybercriminals, Expert Says (lien direct) | To speed up the adoption of HTTPS, free and open Certificate Authority (CA) Let's Encrypt will start issuing wildcard certificates as of January 2018. | |||
|
2017-07-12 16:08:59 | Organizations Only Slightly Improved Security Posture: Report (lien direct) | Organizations made some improvements to their security posture last year, but only marginally, as the average time-to-fix is still too high and remediation rates are too low, according to the 12th annual application security statistics report from WhiteHat Security. | |||
|
2017-07-12 15:48:29 | Edgewise Networks Emerges From Stealth to Bring Zero Trust Networking to the Data Center (lien direct) | Burlington, MA-based Edgewise Networks has emerged from stealth mode with a product designed to implement a zero-trust approach to network security. | |||
|
2017-07-12 15:22:48 | Apple Builds Data Center in China, Promises No Backdoors (lien direct) | 
|
To see everything:
Our RSS (filtrered)
