What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-12-12 19:01:34 | New Spider Ransomware Comes With 96-Hour Deadline (lien direct) | A ransomware campaign targeting the Balkans comes with a 96-hour deadline and includes a link to a video that assures victims payments can be made easily. | |||
|
2017-12-11 23:34:04 | Vulnerability Found in Two Keyless Entry Locks (lien direct) | Researchers are warning of a default-configuration vulnerability in the enterprise-class keyless entry products made by AMAG Technology. | |||
|
2017-12-11 17:59:06 | Leftover Debugger Doubles as a Keylogger on Hundreds of HP Laptop Models (lien direct) | HP released an update that fixes debugger code that could allow an attacker to use a Synaptics Touchpad driver as a keylogger. | |||
|
2017-12-08 22:20:41 | Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code (lien direct) | An Android vulnerability called Janus allows attackers to inject malicious code into signed Android apps. | ★★★ | ||
|
2017-12-08 15:31:01 | Apple Fixes Flaw Impacting HomeKit Devices (lien direct) | Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers. | ★★★★ | ||
|
2017-12-07 18:51:55 | Banking Apps Found Vulnerable to MITM Attacks (lien direct) | Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks. | |||
|
2017-12-06 19:48:24 | Google Patches Critical Encryption Bug Impacting Pixel, Nexus Phones (lien direct) | As part of its December Android and Pixel/Nexus security updates, Google has issued patches addressing a bevy of flaws, 11 of which are rated critical. | |||
|
2017-12-05 21:04:17 | TeamViewer Rushes Fix for Permissions Bug (lien direct) | TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other's computer without permission. | ★★★ | ||
|
2017-12-05 17:27:44 | Developers Targeted in \'ParseDroid\' PoC Attack (lien direct) | A proof of concept attack developed by researchers target users of the development platforms for Android and Java. | ★★ | ||
|
2017-12-04 20:28:36 | Google Cracks Down On Nosy Android Apps (lien direct) | Google beefs up privacy protections on apps distributed via third-party Android marketplaces and Google Play that that collect personal data without user consent. | |||
|
2017-12-04 16:41:37 | Ursnif Trojan Adopts New Code Injection Technique (lien direct) | Researchers have found a variant of Ursnif Trojan they said is a “v3 build†that targets Australian bank customers with new redirection attack techniques. | |||
|
2017-12-01 16:43:06 | Flaw Found In Dirty COW Patch (lien direct) | Researchers have found a flaw in the original fix for the Dirty COW vulnerability patched in October 2016. | |||
|
2017-11-30 19:22:02 | Cisco Patches Critical Playback Bugs in WebEx Players (lien direct) | A Cisco Systems security advisory is urges users of its WebEx platform to patch six vulnerabilities that could allow attackers to execute remote code. | |||
|
2017-11-30 17:02:38 | RAT Distributed Via Google Drive Targets East Asia (lien direct) | Researchers say a new remote access Trojan dubbed UBoatRAT is targeting individuals or organizations linked to South Korea or video games industry. | |||
|
2017-11-29 18:17:13 | Apple Announces Emergency Patch to Fix High Sierra Login Bug (lien direct) | Apple said on Wednesday that it will rush an emergency patch to users that fixes an embarrassing login bug in its High Sierra operating system. | |||
|
2017-11-29 01:47:00 | Critical Apple Login Bug Puts macOS High Sierra Systems at Risk (lien direct) | A major bug in Apple's macOS High Sierra gives anyone with physical access to a system running the latest version of the OS root access simply by putting "root" in the user name field. | |||
|
2017-11-28 22:11:38 | Leaky AWS Storage Bucket Spills Military Secrets, Again (lien direct) | For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online. | |||
|
2017-11-28 17:40:09 | Google Detects and Boots Tizi Spyware Off Google Play (lien direct) | Google discovered a spyware app that uses nearly a dozen old vulnerabilities to root devices and steal sensitive data from social media applications. | |||
|
2017-11-27 18:17:40 | Imgur Confirms 2014 Breach of 1.7 Million User Accounts (lien direct) | Researcher Troy Hunt is credited for tipping image sharing site Imgur off to a 2014 breach of 1.7 million user accounts. | |||
|
2017-11-27 14:06:27 | Newly Published Exploit Code Used to Spread Mirai Variant (lien direct) | Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in activity associated with what it said is a variant of the Mirai botnet. | |||
|
2017-11-24 15:39:17 | SAML Post-Intrusion Attack Mirrors \'Golden Ticket\' (lien direct) | A proof-of-concept attack demonstrates how adversaries can abuse the Security Assertion Markup Language framework to go unnoticed and assume multiple user identities. | |||
|
2017-11-22 18:22:24 | HP to Patch Bug Impacting 50 Enterprise Printer Models (lien direct) | HP said dozens of enterprise-class printer models will receive a patch for an arbitrary code execution vulnerability sometime this week. | |||
|
2017-11-22 05:40:13 | Uber Reveals 2016 Breach of 57 Million User Accounts (lien direct) | Uber CEO said a 2016 data breach that exposed 57 million Uber user accounts and a subsequent payment of $100,000 to a hacker to delete data and keep it a secret is inexcusable. | Uber | ★★★★ | |
|
2017-11-21 20:03:01 | Intel Patches CPU Bugs Impacting Millions of PCs, Servers (lien direct) | Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications. | |||
|
2017-11-20 22:30:24 | US-CERT Warns of ASLR Implementation Flaw In Windows (lien direct) | US-CERT is warning of a vulnerability in Microsoft's implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10. | |||
|
2017-11-20 18:15:37 | CENTCOM Says Massive Data Cache Found on Leaky Server is Benign (lien direct) | Pentagon contractor left 1.8 billion mostly benign publicly accessible social-media posts scraped from the internet on a publicly accessible Amazon storage bucket. | |||
|
2017-11-20 13:00:20 | The First Threatpost Alumni Podcast (lien direct) | With Mike Mimoso leaving Threatpost, it was high time to get many of the people responsible for the site's success throughout the years together for a podcast. Founding editors Ryan Naraine and Dennis Fisher along with Mike, Chris Brook, Brian Donohue and Christen Gentile are aboard for a memorable all-smiles podcast. | |||
|
2017-11-17 21:50:56 | Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks (lien direct) | Hackers using a specially crafted XLS files can trigger several remote code execution vulnerabilities in the LibXL library. | |||
|
2017-11-17 18:59:56 | Amazon Promises Fix to Stop Key Service Hack (lien direct) | Amazon said it will offer a fix for its Amazon Key delivery service that allows hackers to tamper with a home security camera. | |||
|
2017-11-16 22:05:32 | Oracle Issues Emergency Patches for \'JoltandBleed\' Vulnerabilities (lien direct) | Oracle pushed out an emergency update for vulnerabilities dubbed 'JoltandBleed' affecting five of its products that rely on its proprietary Jolt protocol. | |||
|
2017-11-16 19:19:04 | White House Releases VEP Disclosure Rules (lien direct) | The White House released a charter document on Wednesday outlining how the U.S. government will disclose cyber security flaws and when it will keep them secret. | |||
|
2017-11-15 18:11:21 | Microsoft Patches 17-Year-Old Office Bug (lien direct) | Researchers warn of a Microsoft remote code execution bug that has persisted for 17 years in Office, leaving the OS unprotected until the vulnerability was patched Tuesday. | |||
|
2017-11-14 22:10:48 | Microsoft Patches 20 Critical Vulnerabilities (lien direct) | This month, Microsoft's Patch Tuesday updates tackle fixes for 53 security bugs in Windows, Office, Internet Explorer, Edge, ASP.NET Core, .NET Core, and its Chackra Core browser engine. | |||
|
2017-11-14 19:21:14 | Debugging Tool Left on OnePlus Phones, Enables Root Access (lien direct) | Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device. | |||
|
2017-11-14 17:14:00 | Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat (lien direct) | Adobe released a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with a Flash Player update addressing a handful of critical flaws. | |||
|
2017-11-14 14:00:07 | Apple iPhone X Face ID Fooled by a Mask (lien direct) | Vietnamese security company Bkav says it has built a proof-of-concept mask that fools Apple's Face ID technology. | |||
|
2017-11-13 18:29:35 | Phishing Biggest Threat to Google Account Security (lien direct) | Phishing remains the biggest account takeover threat to Google users, surpassing keyloggers and credential leaks. | |||
|
2017-11-13 17:42:29 | New IcedID Trojan Targets US Banks (lien direct) | A new banking Trojan dubbed IcedID is is being distributed by a seasoned cybergang or hacker targeting U.S. financial institutions. | |||
|
2017-11-10 17:00:34 | AutoIt Scripting Used By Overlay Malware to Bypass AV Detection (lien direct) | IBM's X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection. | |||
|
2017-11-10 14:00:20 | (Déjà vu) Threatpost News Wrap Podcast for Nov. 10 (lien direct) | Threatpost editors Mike Mimoso and Tom Spring discuss the week's information security news. | |||
|
2017-11-09 18:48:33 | Eavesdropper Vulnerability Exposes Mobile Call, Text Data (lien direct) | Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure. | |||
|
2017-11-09 14:15:28 | Microsoft Provides Guidance on Mitigating DDE Attacks (lien direct) | Microsoft published guidance for Windows admins on how to safely disable Dynamic Data Exchange (DDE) fields in Office that are being used to spread malware in email-based attacks. | |||
|
2017-11-08 20:29:29 | IoT is Insecure, Get Over It! Say Researchers (lien direct) | Security experts Charlie Miller and Chris Valasek, contemplate the larger universe of the Internet of things and security. | |||
|
2017-11-08 18:31:38 | Hundreds of Millions in Digital Currency Remains Frozen (lien direct) | Between $150 million and $300 million in digital currency called ether remains inaccessible today after a user said he “accidentally†triggered a vulnerability that froze the funds in the popular Parity wallet. | |||
|
2017-11-08 15:10:30 | Google Patches KRACK Vulnerability in Android (lien direct) | Google this week finally addressed the KRACK vulnerability in Android, three weeks after the WPA2 protocol flaw was publicly disclosed. | |||
|
2017-11-08 13:00:35 | Privacy Clouds Form Over Mantistek Gaming Keyboard (lien direct) | Questions brew over whether Mantistek GK2 Mechanical Gaming Keyboard is snooping on users as they type. | |||
|
2017-11-07 20:32:21 | Texas Shooter\'s Phone Encrypted (lien direct) | The FBI cannot access a cellphone belonging to the dead suspect in Sunday's Texas shooting, a situation that could reignite the government's debate over encryption. | |||
|
2017-11-07 18:07:41 | Assessing Weaknesses in Public Key Infrastructure (lien direct) | Academic researchers size up weaknesses in the the code-signing Public Key Infrastructure and highlight three types of flaws. | |||
|
2017-11-07 14:30:40 | Brother Printers Susceptible to Remote Denial of Service Attacks (lien direct) | Trustwave discloses an unpatched vulnerability in Brother printers with the Debut embedded webserver after numerous attempts to contact the vendor failed. | |||
|
2017-11-06 18:15:48 | US-CERT Warns of Crypto Bugs in IEEE Standard (lien direct) | Weak cryptography in the IEEE P1735 electronics standard allow attackers to recover valuable intellectual property in plaintext from SoCs and integrated circuits. |
To see everything:
Our RSS (filtrered)
