What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-07-05 18:31:39 | The Changing Face of Pseudo-Darkleech (lien direct) | The chameleon-like pseudo-Darkleech campaign, responsible for prolific exploit kit attacks and ransomware infections, has again made a change to its code that will frustrate researchers. | |||
|
2016-07-05 16:02:09 | Scope of ThinkPwn UEFI Zero Day Expands (lien direct) | The scope of the ThinkPwn UEFI vulnerability disclosed last week has grown past Lenovo and HP laptop firmware to motherboards sold by Gigabyte. | |||
|
2016-07-01 17:05:10 | Siemens Patches Password Reconstruction Vulnerability in SICAM PAS (lien direct) | The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned users several builds of energy automation software this week. | |||
|
2016-06-30 21:06:06 | Massachusetts General Hospital Confirms Third-Party Breach (lien direct) | A breach at Massachusetts General Hospital has potentially compromised the information of roughly 4,300 dental patients, the hospital warned Wednesday. | |||
|
2016-06-30 17:52:34 | Foxit Patches 12 Vulnerabilities in PDF Reader (lien direct) | Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could be used to directly execute arbitrary code on vulnerable installations of the product. | ★★★ | ||
|
2016-06-30 15:48:54 | Conficker Used in New Wave of Hospital IoT Device Attacks (lien direct) | Conficker returns from obsolescence to help hijack medical devices and steal patient records. | |||
|
2016-06-29 21:03:27 | FTC Closes 70 Percent of Data Breach Investigations, Weighing PCI-DSS Standard (lien direct) | The FTC closes roughly 70 percent of the investigations it opens and is weighing how to better handle PCI-DSS and other standards, an agency official said this week. | |||
|
2016-06-29 17:54:48 | Hard Rock Las Vegas, Noodle and Co. Confirm Hacks (lien direct) | In two unrelated breaches, the Hard Rock Hotel and Casino Las Vegas and Noodle and Company confirm hacks. | ★★★ | ||
|
2016-06-29 12:19:20 | Planes, Trains and Automobiles Increasingly in Cybercriminal’s Bullseye (lien direct) | The transportation industry is increasingly targeted by cybercriminals looking to cause chaos, steal frequent flier miles and extort money with DDoS attacks. | |||
|
2016-06-28 19:20:39 | Botnet Powered by 25,000 CCTV Devices Uncovered (lien direct) | A botnet comprised entirely of closed circuit TV devices used a barrage of HTTP requests to knock a small jewelry store offline for days. | |||
|
2016-06-28 16:29:57 | Google Play Hit with Rash of Auto-Rooting Malware (lien direct) | Google takes down LevelDropper app that automatically jailbreaks Android devices giving attackers complete control over devices. | |||
|
2016-06-28 14:00:35 | 655,000 Healthcare Records Being Sold on Dark Web (lien direct) | The hacker selling upwards to 655,000 healthcare records on the dark web obtained them after exploiting a vulnerability in how companies implement RDP. | |||
|
2016-06-27 21:13:27 | Apple Leaves iOS 10 Beta Kernel Unencrypted: Pros and Cons (lien direct) | When Apple decided to unencrypt its iOS 10 beta kernel it sparking a fierce debate over the merits of the move. | |||
|
2016-06-27 15:24:39 | New CryptXXX Can Evade Detection, Outsmart Decryption Tools (lien direct) | Latest CryptXXX ransomware variant masks itself as a DLL for video editing software and now can outsmart decryption tools. | |||
|
2016-06-24 20:21:28 | Medical Study Blasts Hospitals’ Security Practices (lien direct) | An academic study sheds light on how medical professionals are often forced to find analog workarounds to combat unwieldy security solutions, putting patient care at risk. | |||
|
2016-06-24 14:14:39 | Voter Database Leak Exposes 154 Million Sensitive Records (lien direct) | A voter database found by a white hat hacker included gun ownership, preferences on gay marriage and linked to individual social media accounts. | |||
|
2016-06-24 11:00:09 | Popular Anime Site Infected, Redirecting to Exploit Kit, Ransomware (lien direct) | Jkanime, a popular site that streams anime videos, has been infected with malware that redirects to the Neutrino Exploit Kit and CryptXXX ransomware infections. | |||
|
2016-06-23 20:10:04 | Necurs Botnet is Back, Updated With Smarter Locky Variant (lien direct) | After a mysterious three weeks off the grid, Necurs has returned to spewing massive volumes of email containing improved versions of the potent Locky ransomware and Dridex banking Trojan. | |||
|
2016-06-23 16:06:35 | Mobile Advertising Firm Found Tracking Users To Pay $950K (lien direct) | A mobile advertising company that settled charges with the Federal Trade Commission this week will pay nearly $1M after it was determined the company tracked customers – including children – without their consent. | |||
|
2016-06-23 13:43:27 | Unpatched Remote Code Execution Flaw Exists in Swagger (lien direct) | Researchers at Rapid7 found a vulnerability in the Swagger Code Generator that could execute arbitrary code embedded in a Swagger document. | |||
|
2016-06-23 11:00:15 | Let’s Encrypt Celebrates Big HTTPS Milestone (lien direct) | Certificate authority Let's Encrypt is celebrating a major milestone in the young nonprofit's existence issuing its 5 millionth certificate this month. | |||
|
2016-06-22 19:26:26 | Email Servers For More Than Half of World’s Top Sites Can Be Spoofed (lien direct) | More than half of the world's top sites suffer from misconfigured email servers, something that heightens the risk of having spoofed emails sent from their domains, researchers warn. | |||
|
2016-06-22 16:27:03 | Advantech Patches WebAccess Remote Code Execution Flaws (lien direct) | Advantech has published a new version of its WebAccess product to address vulnerabilities that put installations at risk to remote code execution attacks. | |||
|
2016-06-21 19:15:57 | Meet the 18-Year-Old Who Hacked the Pentagon (lien direct) | The Department of Defense last week released the results of the first Hack the Pentagon bounty program and 18-year-old David Dworken was among those who participated. | |||
|
2016-06-21 14:08:41 | Apple Patches AirPort Remote Code Execution Flaw (lien direct) | Apple has patched a remote code execution vulnerability in its AirPort base stations, AirPort Express, AirPort Extreme and AirPort Time Capsule. | |||
|
2016-06-20 21:53:11 | GoToMyPC Suffers Major Password Reuse Attack (lien direct) | Citrix Systems is forcing all its GoToMyPC remote desktop access service customers to reset their passwords because of a “very sophisticated attack” that targeted the service over the weekend. | |||
|
2016-06-20 16:15:49 | Acer Ecommerce Site Spills Credit Card Information of Thousands (lien direct) | Taiwanese electronics company Acer sent letters to customers indicating that some of their financial information - credit card data included – may have been accessed over the last year. | |||
|
2016-06-20 13:00:28 | Patrick Wardle on macOS Gatekeeper, Crypto Enhancements (lien direct) | At last week's Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address some problems he'd disclosed to Apple. | |||
|
2016-06-17 18:40:44 | Google’s Android Rewards Program Pays Out Half Million in First Year (lien direct) | Google announced that it paid just north of half a million dollars to security researchers as part of the first year of its Android Security Rewards program. | |||
|
2016-06-17 15:01:55 | Breached Credentials Used to Access Github Repositories (lien direct) | Password reuse strikes GitHub users, some of whom will have to reset their credentials after unauthorized attempts were made to access a large number of GitHub accounts. | |||
|
2016-06-17 10:00:38 | ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks (lien direct) | The ScarCruft APT gang has made use of a Flash zero day patched Thursday by Adobe to attack more than two dozen high-profile targets in Russia and Asia primarily. | Cloud | APT 37 | |
|
2016-06-16 18:03:26 | Report: FBI Doing Poor Job Securing 411 Million Facial Recognition Photos (lien direct) | Privacy experts are arguing this week the FBI isn't doing enough to safeguard the treasure trove of facial recognition photos in its possession. | |||
|
2016-06-16 12:00:24 | Like Macros Before It, Attackers Shifting to OLE to Spread Malware (lien direct) | Like macros before it, attackers have been placing malicious code alongside object linking and embedding (OLE) code, along with well-formatted text and images, to spread malware and ransomware. | |||
|
2016-06-15 17:35:28 | Underground Market Selling Cheap Access to Hacked Servers (lien direct) | Kaspersky Lab uncovers the xDedic marketplace, a trading forum selling access to hacked servers. | |||
|
2016-06-15 15:40:08 | Telegram Calls Claims of Bug in Messaging Service Bogus (lien direct) | Researchers claim to have found a bug in the Telegram messaging service that can crash devices and run up wireless data charges. | |||
|
2016-06-14 19:06:32 | DNC Hacked, Research on Trump Stolen (lien direct) | Two separate APT groups believed to have ties to the Russian government have been fingered in attacks against the Democratic National Committee. | |||
|
2016-06-14 16:06:53 | RAA Ransomware Composed Entirely of JavaScript (lien direct) | Researchers this week claim they've noticed a new strain of ransomware unlike any they've seen prior – a type composed entirely of JavaScript. | |||
|
2016-06-14 14:03:52 | D-Link Patches Weak Crypto in mydlink Devices (lien direct) | IoT security company Firmalyzer found that mydlink devices from D-Link use weak versions of SSL for remote connections. D-Link has updated its firmware. | |||
|
2016-06-13 20:32:40 | Let’s Encrypt Accidentally Spills 7,600 User Emails (lien direct) | Certificate authority Let's Encrypt blamed a bug for accidentally disclosing the email addresses of a couple thousand of its users this weekend. | |||
|
2016-06-13 16:31:01 | One Year After Hack, IRS Debuts Updated Get Transcript Service (lien direct) | More than a year after hackers managed to manipulate the system the Internal Revenue Service has reinstated its Get Transcript service. | |||
|
2016-06-11 13:00:02 | Netgear Router Update Removes Hardcoded Crypto Keys (lien direct) | Netgear on Friday released firmware updates for two of its router products lines, patching a hardcoded cryptographic key and an authentication bypass flaw that were reported six months ago. | |||
|
2016-06-10 16:16:29 | Decryption Utilities Unlock Files Encrypted by All TeslaCrypt Versions (lien direct) | Cisco released a decryption utility that unlocks files encrypted by all four versions of TeslaCrypt; Kaspersky Lab has also published a similar decryptor. | Tesla | ||
|
2016-06-10 12:00:01 | $90K Windows Zero Day Gets a Price Cut (lien direct) | Hackers who claim to have found a zero-day vulnerability in Windows have dropped their price on the exploit from to $85,000. | |||
|
2016-06-09 17:46:59 | Google Patches High Severity Browser PDF Vulnerability (lien direct) | Google patched a Chrome vulnerability that allowed remote code execution on targeted computers simply by viewing a specially crafted PDF. | |||
|
2016-06-09 14:57:44 | Stolen Twitter Credentials Latest Dataset For Sale (lien direct) | LeakedSource says it has a set of 32 million Twitter account details, including plaintext passwords that were put up for sale on a black market website. | |||
|
2016-06-09 12:43:57 | CryptXXX Ransomware Jumps From Angler to Neutrino Exploit Kit (lien direct) | Internet Storm Center researchers spot more distribution changes for CryptXXX ransomware. | |||
|
2016-06-08 21:06:51 | University of Calgary Pays $20K Following Ransomware Attack (lien direct) | Officials at the University of Calgary admitted they paid $20,000 CDN this week to rid its system of ransomware. | ★★★ | ||
|
2016-06-08 17:22:15 | Firefox 47 Fixes 13 Vulnerabilities, Removes Click-To-Activate Plugin Whitelist (lien direct) | Mozilla fixed 13 security issues, including two critical vulnerabilities that could have led to spoofing and clickjacking, among other issues, when it updated Firefox to the latest build, Firefox 47, this week. | |||
|
2016-06-08 12:28:19 | Google To Deprecate SSLv3, RC4 in Gmail IMAP/POP Clients (lien direct) | Google will next week begin a gradual deprecation of unsafe crypto protocol SSLv3 and cipher RC4 in Gmail IMAP/POP clients. | |||
|
2016-06-07 16:48:31 | Uber Pays Researcher $10K for Login Bypass Exploit (lien direct) | Uber patched a bug in its site recently that could have allowed an attacker to log into some of its sites without a password and further compromise its internal network. | Uber |
To see everything:
Our RSS (filtrered)
