What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-04-25 11:00:29 | Hard Target: Fileless Malware (lien direct) | Researchers say fileless in-memory malware attacks have become a major nuisance to businesses and have become even harder to detect and defend. | |||
|
2017-04-25 10:00:50 | Original XPan Ransomware Returns, Targets Brazilian SMBs (lien direct) | Brazilian cybercriminals are using the original version of the XPan ransomware, targeting small to medium-sized business based in Brazil with the malware. | |||
|
2017-04-24 19:31:28 | NSA\'s DoublePulsar Kernel Exploit In Use Internet-Wide (lien direct) | Scans show tens of thousands of Windows servers infected with the DoublePulsar kernel exploit leaked by the ShadowBrokers two weeks ago. | |||
|
2017-04-24 18:53:58 | Locky Ransomware Roars Back to Life Via Necurs Botnet (lien direct) | The first large scale Locky campaign in months has been detected via the Necurs botnet. | |||
|
2017-04-24 17:52:44 | No Fix for SquirrelMail Remote Code Execution Vulnerability (lien direct) | SquirrelMail suffers from a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the remote system. | |||
|
2017-04-06 18:27:01 | Chrome Security Team Tackles \'Friendly Fire\' To Keep Browser Safe (lien direct) | Justin Schuh, lead engineer of Chrome Security, said ensuring browser security for Chrome users is a balancing act juggling OEM pressures, questionable certificate authorities and quashing third-party software incompatibility issues. | Guideline | ||
|
2017-04-05 17:01:01 | Malware Scanning Services Containers for Sensitive Business Information (lien direct) | At the Kaspersky Lab Security Analyst Summit, one researcher shared how he was able to find corporate emails, confidential business plans and classified FBI flash alerts. | |||
|
2017-04-05 15:16:00 | Security Analyst Summit 2017 Day Two Recap (lien direct) | Mike Mimoso and Chris Brook recap the second day of Kaspersky Lab's Security Analyst Summit, including how a Brazilian bank was compromised, and more. | |||
|
2017-04-04 22:10:20 | Android Variant of Notorious Pegasus Spyware Found (lien direct) | Researchers say a variant of the notorious surveillance software called Pegasus has been targeting Android users allowing third parties to take screenshots, capture audio, read email and exfiltrate data from targeted phones. | |||
|
2017-04-04 21:46:41 | Details Around Romanian Phishing Kit Creator, Campaign Revealed (lien direct) | Researchers at the Security Analyst Summit on Monday divulged details behind the alleged creator of a Romanian phishing kit. | |||
|
2017-04-04 19:50:22 | Lessons From Top-to-Bottom Compromise of Brazilian Bank (lien direct) | Hackers pulled off a stunning compromise of a Brazilian bank's operations, gaining control of each of the bank's 36 domains, corporate email and DNS. | |||
|
2017-04-04 18:59:30 | Trump Signs Repeal of ISP Privacy Rules (lien direct) | President Trump signed a resolution to complete the overturning of internet privacy protections that would have prevented ISPs from tracking you online without first asking users to opt-in. | |||
|
2017-04-04 15:35:50 | New RAT Targets Koreans And Is Skilled At Evading Detection (lien direct) | Cisco Talos researchers spot a stealthy new remote administration tool calling ROKRAT that targets Korean-language Microsoft Word alternative Hangul Word Processor. | |||
|
2017-04-03 22:53:52 | Security Analyst Summit 2017 Day One Recap (lien direct) | Mike Mimoso and Chris Brook recap the first day of this year's Security Analyst Summit, including Mark Dowd's memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT. | APT 38 | ||
|
2017-04-03 20:38:44 | Lazarus APT Spinoff Linked to Banking Hacks (lien direct) | The Lazarus Group has splintered off a group whose mission is to attack banks and steal money in order to fund its operations. | Medical | APT 38 | |
|
2017-04-03 19:57:01 | Fileless Banking Malware Attackers Break In, Cash Out, Disappear (lien direct) | Attackers behind February's fileless malware attacks dropped malware on some bank ATMs that gave them the ability to dispense money, "at any time, at the touch of a button." | |||
|
2017-04-03 18:00:10 | Lines Around Cyber Threat Intelligence Sharing Blurring (lien direct) | The lines between between information shared between intelligence services, companies, and the government are getting increasingly blurry, a Georgetown professor warned. | |||
|
2017-04-03 17:00:40 | Memory Corruption Mitigations Doing Their Job (lien direct) | At the Security Analyst Summit, Mark Dowd described how memory corruption mitigations are successfully driving up exploit development costs. | |||
|
2017-04-03 16:29:01 | Fake SEO Plugin Used In WordPress Malware Attacks (lien direct) | Malware that passes itself off as a WordPress SEO plugin has been infecting sites and opening a backdoor for hackers on thousands of sites. | |||
|
2017-04-03 16:09:22 | Russian-Speaking Turla Joins APT Elite (lien direct) | Researchers may have found a link between Moonlight Maze of the late '90s and the Turla APT, which would elevate Turla to the ranks of the Equation Group as an elite nation-state attacker. | |||
|
2017-03-31 20:33:46 | Verizon Rebuts Critics of Data-Collecting App (lien direct) | The Electronic Frontier Foundation retracted a blog post today highly critical of Verizon and the upcoming rollout of an app called AppFlash made by Evie Labs. | |||
|
2017-03-31 15:55:57 | Threatpost News Wrap, March 31, 2017 (lien direct) | This year's Security Analyst Summit is previewed and the news of the week is discussed, including a Microsoft IIS zero day, a new Mirai variant, and the broadband privacy ruling. | |||
|
2017-03-31 11:00:17 | Aviation-Related Phishing Campaigns Seeking Credentials (lien direct) | Researchers warn of a wave in aviation-themed phishing attacks that aim to steal credentials and install malware. | |||
|
2017-03-30 18:50:51 | New Mirai Variant Carries Out 54-Hour DDoS Attacks (lien direct) | Researchers are tracking a new variant of the Mirai malware after it launched a 54-hour long DDoS attack against a U.S. college. | |||
|
2017-03-30 18:29:01 | Github Repository Owners Targeted by Data-Stealing Malware (lien direct) | Owners of Github repositories were the focus of a phishing campaign spreading the Dimnie information-stealing malware. | |||
|
2017-03-30 18:21:08 | NukeBot Banking Trojan Source Code Leaked Online by Author (lien direct) | The author behind the banking Trojan NukeBot released source code for the malware earlier this month in an apparent effort to regain the trust of the cybercrime community. | |||
|
2017-03-30 10:00:31 | Industry Braces for Repeal of ISP Privacy Rules (lien direct) | Businesses say overturning one of the nation's strongest internet privacy protection rules will deal a blow to data privacy, security and integrity for businesses and consumers alike. | |||
|
2017-03-29 19:15:50 | Publicly Attacked Microsoft IIS Zero Day Unlikely to be Patched (lien direct) | Researchers have disclosed a zero-day vulnerability and proof-of-concept exploit for a flaw in Microsoft IIS 6.0. The zero-day has been under attack since last July, the researchers said. | |||
|
2017-03-29 17:29:19 | Workarounds Available for Flaws in Siemens RUGGEDCOM Gear (lien direct) | Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it's unknown whether patches will be made available. | |||
|
2017-03-29 16:00:04 | VMware Patches Pwn2Own VM Escape Vulnerabilities (lien direct) | VMware patched vulnerabilities uncovered earlier this month at Pwn2Own that could have let an attacker execute code on the VMware Workstation and carry out a virtual machine escape. | |||
|
2017-03-29 14:00:30 | \'Anonymous\' FTP Servers Leaving Healthcare Data Exposed (lien direct) | The FBI warned medical and dental offices running FTP servers in anonymous mode that criminals are targeting these installations and stealing personal healthcare information. | |||
|
2017-03-28 21:12:08 | Microsoft Offers Analysis of Zero-Day Exploited By Zirconium Group (lien direct) | Microsoft patched a zero-day vulnerability actively used in a campaign by a hacking group known as Zirconium. | APT 31 | ||
|
2017-03-28 18:38:42 | Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari (lien direct) | Apple fixed hundreds of bugs, 223 to be exact, across macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. | |||
|
2017-03-27 20:51:22 | New Clues Surface on Shamoon 2\'s Destructive Behavior (lien direct) | Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks. | Conference | APT 35 | |
|
2017-03-27 20:14:12 | APT29 Used Domain Fronting, Tor to Execute Backdoor (lien direct) | APT29, a/k/a Cozy Bear, has used Tor and a technique called domain fronting in order to secure backdoor access to targets for nearly two years running. | APT 29 | ||
|
2017-03-27 16:13:55 | Fileless UAC Bypass Uses Windows Backup and Restore Utility (lien direct) | Researcher Matt Nelson disclosed another Windows UAC bypass, this one abusing the sdclt.exe backup and restore utility to execute a payload without triggering an alert. | |||
|
2017-03-25 12:00:43 | Experts Doubt Hackers\' Claim Of Millions Of Breached Apple Credentials (lien direct) | Security experts say they are skeptical that a group called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials. | |||
|
2017-03-24 17:59:19 | Privacy Advocates Vow to Fight Rollback of Broadband Privacy Rules (lien direct) | Privacy activists say rolling-back ISP privacy rules means health, financial and browsing habits can be used, shared and sold to the highest bidder without consent. | |||
|
2017-03-24 17:46:35 | Instagram Adds Two-Factor Authentication (lien direct) | Instagram became the latest in a long line of services over the years to offer users two-factor authentication. | |||
|
2017-03-24 14:45:15 | Threatpost News Wrap, March 27, 2017 (lien direct) | The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed. | LastPass | ||
|
2017-03-24 13:37:50 | Adware Apps Booted from Google Play (lien direct) | More than a dozen apps removed from Google Play store after it was determined they were overly aggressive adware. | |||
|
2017-03-23 19:26:32 | WikiLeaks Dump Shows CIA Interdiction of iPhone Supply Chain (lien direct) | Today's WikiLeaks Vault 7 Dark Matter release shows the CIA's capabilities to attack and persist on Apple iPhone and Mac firmware and an apparent interdiction of the iPhone supply chain. | |||
|
2017-03-23 19:24:47 | Cisco Patches Critical IOx Vulnerability (lien direct) | Cisco Systems patched a critical vulnerability that could give an attacker root privileges to software running on two of its IoT router models. | |||
|
2017-03-23 19:21:43 | Malware That Targets Both Microsoft, Apple Operating Systems Found (lien direct) | A new strain of malware is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it's opened. | |||
|
2017-03-23 16:11:09 | Half of Android Devices Unpatched Last Year (lien direct) | Google said half of Android devices are unpatched and that percentage of potentially harmful apps on phones installed from all sources rose in 2016. | |||
|
2017-03-23 15:16:16 | Paper Spells Out Tech, Legal Options for Encryption Workarounds (lien direct) | Bruce Schneier and Orin Kerr have written a paper that explains the technological and legal issues associated with six encryption workarounds available to law enforcement. | |||
|
2017-03-22 19:38:41 | Google, Jigsaw Partner on Free Tools to Secure Elections (lien direct) | Jigsaw and Google said they would offer a free suite of security tools aimed at securing political elections. | |||
|
2017-03-22 17:45:47 | Blank Slate Spam Campaign Spreads Cerber Ransomware (lien direct) | A spam campaign called Blank Slate is spreading Cerber ransomware and abusing hosting providers to register new domains as soon as they're taken down. | |||
|
2017-03-22 15:48:24 | SAP Vulnerability Puts Business Data at Risk for Thousands of Companies (lien direct) | Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week. | |||
|
2017-03-22 15:08:08 | LastPass Fixes Three Password Theft Vulnerabilities (lien direct) | LastPass has fixed three bugs in the password manager discovered by Google research Tavis Ormandy in the last 24 hours. | LastPass |
To see everything:
Our RSS (filtrered)
