Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 13:32:04 |
Nearly Half of SMBs, Enterprises Still Using Windows 7: Kaspersky (lien direct) |
Data collected by Kaspersky shows that many businesses are still using Windows 7, for which Microsoft plans on ending extended support in just a few months from now.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 13:31:04 |
Apple Patches Re-Introduced Jailbreak Vulnerability (lien direct) |
Apple this week released patches that address a recently re-introduced vulnerability that allows hackers to jailbreak devices.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 13:11:03 |
Free Windows 7 Extended Security Updates for Some Microsoft Customers (lien direct) |
Microsoft will be providing some of its customers with one year of free Windows 7 Extended Security Updates (ESU) after January 2020, when extended support for the platform officially ends.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-27 06:31:05 |
Code Execution Flaw in QEMU Mostly Impacts Development, Test VMs (lien direct) |
The open source machine emulator QEMU is affected by a vulnerability that can lead to a denial-of-service (DoS) condition or arbitrary code execution, but developers say users should not be too concerned about its impact.
|
Vulnerability
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 16:12:01 |
Senators Question NHTSA on Risks of Connected Vehicles (lien direct) |
Two United States senators have sent a letter to the National Highway Traffic Safety Administration (NHTSA) to inquire about cyber-risks associated with connected vehicles.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 15:22:04 |
Hacker Finds Instagram Account Takeover Flaw Worth $10,000 (lien direct) |
A researcher says he has received $10,000 from Facebook after finding another critical vulnerability that could have been exploited to hack Instagram accounts.
|
Hack
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 15:03:00 |
Hostinger Resets User Passwords Following System Breach (lien direct) |
Web hosting provider Hostinger reset all customer passwords over the weekend, after learning that an attacker gained unauthorized access to one of its internal systems.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 14:36:01 |
Company Sues Black Hat Conference Over Mocked Presentation (lien direct) |
California-based cryptography firm Crown Sterling has filed a lawsuit against UBM, the organizer of the Black Hat cybersecurity conference, after the company's talk at the latest event in the United States was disrupted by some attendees.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 14:34:02 |
The Growing Threat of Deepfake Videos (lien direct) |
Deepfakes are a growing threat. They are primarily a social engineering tool. That means they will increasingly be used in phishing attacks, BEC attacks, reputation attacks, and public opinion attacks (such as election meddling). Existing methods in all these areas are already successful; but the arrival of deepfake videos will take them to a different level.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 11:17:03 |
Airlines That Manage Booking Systems Themselves Expose Customer Data (lien direct) |
Some of the airlines that manage booking systems themselves have failed to implement important protection mechanisms, exposing their customers' personal information, a researcher has warned.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-26 04:58:05 |
Judge Orders Woman in Capital One Case to Remain in Custody (lien direct) |
A U.S. judge on Friday ordered a woman accused of hacking Capital One and at least 30 other organizations to remain in custody pending trial because she is a flight risk and poses a physical danger to herself and others.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-24 11:10:05 |
Vulnerability Found in SimpleMDM Apple Device Management Solution (lien direct) |
An XML external entity (XXE) vulnerability has been found and patched in the SimpleMDM Apple device management solution, but the researcher who found the flaw and the vendor disagree on its impact.
SimpleMDM is an increasingly popular mobile device management (MDM) solution used by companies such as FedEx, Deloitte and the Discovery Channel.
|
Vulnerability
|
FedEx
Deloitte
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 18:07:02 |
Cyberattacks on Texas Cities Put Other Governments on Guard (lien direct) |
Cyberattacks that recently crippled nearly two dozen Texas cities have put other local governments on guard, offering the latest evidence that hackers can halt routine operations by locking up computers and public records and demanding steep ransoms.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 17:48:05 |
Kubernetes Patches Recent HTTP/2 Vulnerabilities (lien direct) |
Software updates released by Kubernetes this week address HTTP/2 implementation vulnerabilities that were disclosed earlier this month.
|
|
Uber
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 17:36:00 |
US Wants Woman Accused in Capital One Hack to Stay Locked Up (lien direct) |
A woman accused of hacking Capital One and at least 30 other organizations is a flight risk, a threat and should be kept locked up until her trial, U.S. prosecutors said in court documents filed ahead of a Friday detention hearing in Seattle.
|
Hack
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 17:23:05 |
Asruex Malware Exploits Old vulnerabilities to Infect PDF, Word Docs (lien direct) |
A recently observed variant of the Asruex backdoor acts as an infector by targeting old vulnerabilities in Microsoft Office and Adobe Reader and Acrobat 9.x, Trend Micro reports.
|
Malware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 16:49:04 |
New Tool From Cisco Hunts Flaws in Automotive Computers (lien direct) |
Cisco has released a new hardware tool designed to help researchers, developers and automakers discover vulnerabilities in automobile computers.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 15:52:05 |
U.S. Charges 80 in Massive Online Fraud Scheme (lien direct) |
The United States Department of Justice this week unsealed an indictment that charges 80 defendants, most of them Nigerians, for their roles in a massive fraud and money laundering scheme.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 15:31:04 |
Black Hat 2019: Bounties, Breaches and Deepfakes, Oh My! (lien direct) |
Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world of cybersecurity. While we saw the expected releases of new threat research, vulnerabilities and breakdowns on nation-state level attacks, the reason I, and many others, attend this annual conference is to see what trends are emerging, and be surprised by the unexpected.
|
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 15:02:04 |
Classification Concerns Over FISMA Report on Improving Agency Cybersecurity (lien direct) |
The Federal Information Security Modernization Act (FISMA) annual report to Congress for full year 2018 indicates considerable success in improving the cybersecurity of federal agencies.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 13:19:04 |
VMWare to Acquire Endpoint Security Firm Carbon Black (lien direct) |
Virtualization and cloud infrastructure giant VMWare (NYSE: VMW) announced on Thursday that it has agreed to acquire endpoint security firm Carbon Black (NASDAQ: CBLK) in a deal representing an enterprise value of $2.1 billion.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 12:17:00 |
Illegal Cryptocurrency Mining at Ukraine Nuclear Plant Exposed Sensitive Data (lien direct) |
Sensitive information from a nuclear power plant in Ukraine was exposed due to an illegal cryptocurrency mining operation run by workers, according to several media reports.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 09:41:01 |
Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge (lien direct) |
Microsoft is offering up to $30,000 for vulnerabilities found in the new version of its Edge browser.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-23 07:31:03 |
Claroty Releases Free Diagnostic Tool for Urgent/11 Vulnerabilities (lien direct) |
Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-22 19:17:00 |
Hackers Target Vulnerabilities in Fortinet, Pulse Secure Products (lien direct) |
Recently disclosed vulnerabilities affecting enterprise virtual private network (VPN) products from Fortinet and Pulse Secure have been exploited in the wild, a researcher reported on Thursday.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-22 18:20:01 |
Majority of Malicious Job Attacks on Microsoft SQL Server Target Asia (lien direct) |
Vietnam emerges as the country affected the most by Microsoft SQL Server attacks that leverage malicious jobs, a new report from Kaspersky reveals.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-22 17:53:01 |
Remote Code Execution Flaws Impact Aspose APIs (lien direct) |
Vulnerabilities that Cisco Talos security researchers have discovered in various Aspose APIs could allow a remote attacker to execute code on affected machines.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-22 14:59:02 |
DLL Hijacking Flaw Found in Bitdefender Antivirus Free 2020 (lien direct) |
A DLL hijacking vulnerability affecting Bitdefender Antivirus Free 2020 could have been exploited for privilege escalation and other malicious purposes, SafeBreach researchers revealed on Wednesday.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-22 13:02:01 |
Privileged Access Management Provider Remediant Raises $15 Million (lien direct) |
San Francisco, CA-based privileged access management (PAM) solution provider Remediant has closed a $15 million Series A funding round co-led by Dell Technologies Capital and ForgePoint Capital. The money will be used to expand Remediant's marketing and field operations, product engineering, channel and customer success programs, following quintupled sales revenue between 2017 and 2018.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-22 12:46:01 |
Attackers Demand Millions in Texas Ransomware Incident (lien direct) |
The cybercriminals behind the recent ransomware incident that impacted over 20 local governments in Texas are apparently demanding $2.5 million in exchange for access to encrypted data.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-22 12:07:04 |
Tech Giants Join Forces on Confidential Computing (lien direct) |
The Linux Foundation this week announced an industry-wide effort aimed at accelerating the adoption of confidential computing.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-22 08:36:04 |
Cisco Patches Many Serious Vulnerabilities in Unified Computing Products (lien direct) |
Cisco informed customers on Wednesday that it has released patches for 17 critical and high-severity vulnerabilities affecting some of its Unified Computing products.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-20 12:24:02 |
VideoLAN Patches Dozen Vulnerabilities in VLC (lien direct) |
VideoLAN this week released a software update to its highly popular VLC media player to address a dozen vulnerabilities, the most important of which could lead to arbitrary code execution.
|
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-20 11:53:05 |
Open Source-Based Ransomware Targets Fortnite Players (lien direct) |
A new ransomware family specifically targeting users of the Fortnite game is based on the open source Hidden-Cry malware, Cyren's security researchers have discovered.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-20 11:10:01 |
Flaw in New Facebook Design Allowed Removal of Profile Photos (lien direct) |
A security flaw in the new Facebook design could have been exploited to remove any user's profile photo.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-20 09:42:01 |
Harnessing Stunt Hacking for Enterprise Defense (lien direct) |
Make Sure You Understand the Root Cause of the Vulnerabilities or Attack Vectors Behind the Next Over-Hyped Stunt Hack
Every year, at least one mediocre security vulnerability surprisingly snatches global media attention, causing CISOs and security researchers to scratch their heads and sigh “who cares?”
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-20 08:39:05 |
GitHub Now Scans Commits for Atlassian, Dropbox, Discord Tokens (lien direct) |
Microsoft-owned GitHub on Monday announced that its token scanning service will also check commits for Atlassian, Dropbox, Discord, Proctorio and Pulumi tokens that have been accidentally shared.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-20 07:18:03 |
Facebook Offers Rewards for Instagram Data Abuse Reports (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-19 17:45:00 |
Webmin Backdoored for Over a Year (lien direct) |
Webmin, the open source web-based interface for managing Linux and UNIX systems, contained a remote code execution vulnerability for more than a year and it's believed to be an intentional backdoor.
|
Vulnerability
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-19 14:17:03 |
AWS: No Significant Issues at Other Alleged Targets of Capital One Hacker (lien direct) |
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-19 14:09:05 |
Data Protection and Privacy: Think 360, Demand 360 (lien direct) |
When it Comes to Data Protection and Privacy, it is Important to Evaluate Where You Are, and Where You Need to Go
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-19 13:37:00 |
UK Hacker Sentenced to 20 Months in Prison (lien direct) |
Hacker Elliot Gunton has been sentenced to 20 months in prison by Norwich (UK) County Court, but released immediately because of time already served in custody.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-19 11:55:00 |
Organizations Expose Sensitive Data via Malware Analysis Sandboxes (lien direct) |
Researchers at UK-based threat intelligence firm Cyjax have studied files submitted to three popular online malware analysis sandboxes and found that many of the publicly accessible files contain sensitive information.
|
Malware
Threat
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-19 10:57:00 |
Ransomware Hits Texas Local Governments (lien direct) |
A ransomware attack hit 23 local government entities in Texas last week, the Texas Department of Information Resources (DIR) has revealed.
|
Ransomware
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-19 04:56:00 |
Uganda, Zambia Deny Huawei Helped Spy on Political Opponents (lien direct) |
Uganda and Zambia on Friday denied a report that employees of Chinese telecom giant Huawei had helped them spy on political opponents.
The Wall Street Journal (WSJ) reported this week that Huawei technicians helped the two African governments intercept communications and social media activity of their opponents, while also tracking their movements.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-16 19:12:01 |
Iowa Grocery Chain Investigating Possible Hack of Payment Processing Systems (lien direct) |
A West Des Moines, Iowa-based grocery chain that also operates restaurants, fuel-pumps and drive-thru coffee shops is warning its customers about a security incident involving some of its payment card systems.
|
Hack
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-16 16:09:05 |
Apple Sues Corellium Over Security Research Tool (lien direct) |
Apple has filed a copyright infringement lawsuit against Florida-based virtualization company Corellium for creating “perfect replicas” of iOS that can be used for security research and other purposes.
|
Tool
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-16 13:34:04 |
Uganda Slams Report Huawei Helped Spy on Opposition Leader (lien direct) |
Uganda on Friday denied a report that employees of Chinese telecom giant Huawei had aided a domestic spying operation targeting pop star turned opposition icon Bobi Wine.
The Wall Street Journal reported this week that Huawei technicians helped Ugandan authorities use spyware to intercept Wine's Skype and WhatsApp communications.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-16 13:14:00 |
Many Users Don\'t Change Unsafe Passwords After Being Warned: Google (lien direct) |
Google has shared some interesting data collected by the company from users of its Password Checkup extension for Chrome.
|
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2019-08-16 11:45:01 |
Sherlock in the SOC: Leveraging Security Knowledge in a Behavior-Based Approach (lien direct) |
“There is a strong family resemblance about misdeeds, and if you have all the details of a thousand at your finger ends, it is odd if you can't unravel the thousand and first.”
|
|
|
|