What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
SecurityWeek.png 2019-09-12 13:13:01 North Korean Hackers Use New Tricks in Attacks on U.S. (lien direct)

Hackers linked to North Korea have been targeting entities in the United States using evasion techniques that involve an uncommon file format, U.S.-based business compromise intelligence startup Prevailion reported on Wednesday.

read more

itsecurityguru.png 2019-09-12 13:03:04 Cyber-Security exporters needed in Scotland. (lien direct)

There’s concern a growing number of vacancies for cyber security jobs in Scotland could see a rise in hackers gaining our personal data. According to industry experts there\'s a skill shortage and in 2017 it was estimated there were likely to be between 360 and 480 unfilled positions. These figures are expected to rise by […]

The post Cyber-Security exporters needed in Scotland. appeared first on IT Security Guru.

itsecurityguru.png 2019-09-12 13:02:05 IT Teams will need to work even harder with proposed browser security guidelines. (lien direct)

CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren’t equipped to cope. For years, Secure Sockets Layer (SSL) certificates - a digital tool used to allow secure web connections between a web server and web browser - has been a baseline for a business’s digital trust. The […]

The post IT Teams will need to work even harder with proposed browser security guidelines. appeared first on IT Security Guru.

Tool
itsecurityguru.png 2019-09-12 13:02:01 (Déjà vu) Confidential Military, Financial Files stolen from Ryuk Related Malware. (lien direct)

A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. While Ryuk Ransomware encrypts a victim’s files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, […]

The post Confidential Military, Financial Files stolen from Ryuk Related Malware. appeared first on IT Security Guru.

Ransomware,Malware
Checkpoint.png 2019-09-12 13:00:01 August 2019\'s Most Wanted Malware: Echobot Launches Widespread Attack Against IoT Devices (lien direct)

In August, the research team saw an increase in a new variant of the Mirai IoT Botnet, Echobot, which has launched widespread attacks against a range of IoT devices. First seen in May 2019, Echobot has exploited over 50 different vulnerabilities, causing a sharp rise in the \'Command Injection Over HTTP\' vulnerability which has impacted…

The post August 2019\'s Most Wanted Malware: Echobot Launches Widespread Attack Against IoT Devices appeared first on Check Point Software.

Vulnerability
WiredThreatLevel.png 2019-09-12 13:00:00 How Wi-Fi Almost Didn\'t Happen (lien direct)

Opinion: Launched 20 years ago this week, Wi-Fi nearly hit a dead spot.

WiredThreatLevel.png 2019-09-12 13:00:00 WIRED\'s 13 Must-Read Books for Fall (lien direct)

From the *Handmaid\'s Tale* sequel to Edward Snowden\'s memoir, the upcoming book season is looking deadly serious. Up to and including lesbian necromancers.

WiredThreatLevel.png 2019-09-12 13:00:00 Need Some Fashion Advice? Just Ask Stitch Fix\'s Algorithm (lien direct)

Stitch Fix is launching a new service, driven by machine learning, that builds an outfit to suit your personal style.

WiredThreatLevel.png 2019-09-12 13:00:00 The Best iPhone 11 Preorder Deals (and Which Model to Pick) (lien direct)

Are you planning to buy an iPhone 11, iPhone 11 Pro, or iPhone 11 Pro Max? Here\'s the WIRED guide to choosing between them, how to preorder, and the best preorder deals.

itsecurityguru.png 2019-09-12 12:55:04 (Déjà vu) Over 198 Million Car-Buyer Records Exposed. (lien direct)

An Elastica DB belonging to Dealer Leads exposed a raft of information collected by “research” websites aimed at prospective car buyers. Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. […]

The post Over 198 Million Car-Buyer Records Exposed. appeared first on IT Security Guru.

itsecurityguru.png 2019-09-12 12:54:05 Philadelphia based Entercom hacked for $500,000 ransom. (lien direct)

Radio giant Entercom, the Philadelphia-based owner of more than 235 stations nationwide, was reportedly hit with a ransomware attack last weekend affecting its internal systems including email, production and billing. The ransomware attack appears to have compromised a machine on Entercom’s programming side, forcing some stations to complete music logs by hand and run without […]

The post Philadelphia based Entercom hacked for $500,000 ransom. appeared first on IT Security Guru.

Ransomware
no_ico.png 2019-09-12 12:53:04 198 Million Car-Buyer Records Exposed – Experts Comments (lien direct)

Reports are surfacing that an Elastica DB belonging to Dealer Leads exposed a raft of information collected by “research” websites aimed at prospective car buyers. Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet …

The ISBuzz Post: This Post 198 Million Car-Buyer Records Exposed – Experts Comments appeared first on Information Security Buzz.

ZDNet.png 2019-09-12 12:18:01 California mulls over ban of facial recognition tech in police body cameras (lien direct)

The state Senate appears to be listening to appeals to reel in the widespread use of biometrics.

Trend.png 2019-09-12 12:08:14 From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-2019-1208 in Internet Explorer (lien direct)

Last June, I disclosed a use-after-free (UAF) vulnerability in Internet Explorer (IE) to Microsoft. It was rated as critical, designated as CVE-2019-1208, and then addressed in Microsoft\'s September Patch Tuesday. I discovered this flaw through BinDiff (a binary code analysis tool) and wrote a proof of concept (PoC) showing how it can be fully and consistently exploited in Windows 10 RS5.

A more in-depth analysis of this vulnerability is in this technical brief. As mentioned, CVE-2019-1208 is a UAF vulnerability. This class of security flaws can corrupt valid data, crash a process, and, depending on when it is triggered, can enable an attacker to execute arbitrary or remote code. In the case of CVE-2019-1208, an attacker successfully exploiting this vulnerability could gain the same rights as the current user in the system. If the current user has administrative privileges, the attacker can hijack the affected system - from installing or uninstalling programs and viewing and modifying data to creating user accounts with full privileges.

The post From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-2019-1208 in Internet Explorer appeared first on .

Vulnerability
WiredThreatLevel.png 2019-09-12 12:00:00 Best iPads (2019): Which New iPad Should You Actually Buy? (lien direct)

Choosing an iPad is more complicated than it needs to be, but we\'re here to help with our complete guide to all of Apple\'s tablets, from the new 2019 models all the way back to the original.

WiredThreatLevel.png 2019-09-12 12:00:00 How to Practice Long-Term Thinking in a Distracted World (lien direct)

Bina Venkataraman, author of *The Optimist\'s Telescope*, talks about the future: how to imagine it, how to be optimistic, how to not kill a million babies.

WiredThreatLevel.png 2019-09-12 12:00:00 It\'s Time for IoT Security\'s Next Big Step (lien direct)

Connected devices are more secure than ever. That\'s still not nearly enough.

WiredThreatLevel.png 2019-09-12 12:00:00 The Land Rover Defender Is Back-With a Softer, Smarter Look (lien direct)

The angular off-roader returns to Land Rover\'s lineup with a few rounded corners and a lot of tech-heavy features.

TechRepublic.png 2019-09-12 11:14:04 Windows 10 Start menu problems? Microsoft investigates if latest fix breaks search (lien direct)

This week\'s patch for the earlier CPU spike bug appears to have caused fresh problems for Microsoft\'s flagship OS.

Pirate.png 2019-09-12 11:11:05 Les logiciels malveillants " les plus recherchés " en août 2019 : Echobot lance une attaque généralisée contre des objets connectés (lien direct)
En août, l\'équipe de chercheurs a constaté l\'accélération d\'une nouvelle variante du botnet Mirai, qui a lancé des attaques généralisées contre un ensemble d\'objets connectés. Découvert en mai 2019, Echobot exploite plus de 50 vulnérabilités différentes, ce qui a entraîné une forte augmentation des exploitations de vulnérabilités de " commande d\'injection sur HTTP " qui a touché 34 % des entreprises dans le monde.
The_State_of_Security.png 2019-09-12 11:11:01 COBALT DICKENS Launched New Phishing Operation against Universities (lien direct)

The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities. In July and August 2019, Secureworks’ Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used in the Iranian threat group’s previous […]… Read More

The post COBALT DICKENS Launched New Phishing Operation against Universities appeared first on The State of Security.

Threat
Pirate.png 2019-09-12 11:07:05 e-Sport : Kaspersky dévoile une solution anti-triche (lien direct)
Kaspersky dévoile une solution pour empêcher la triche lors des tournois e-Sport.
securityintelligence.png 2019-09-12 11:00:02 The Art of Patch Management (lien direct)

>Reading Time: 4 minutes The vagaries of systems and organizations, compounded by the irrationality of the human mind and variations in patches themselves, means that patch management is not an exact science - it\'s an art.

The post The Art of Patch Management appeared first on Security Intelligence.

TechRepublic.png 2019-09-12 11:00:02 The real reason businesses are failing at AI (lien direct)

While the majority of businesses have a data strategy, many still fail to successfully yield tangible results. Here\'s why.

TechRepublic.png 2019-09-12 11:00:02 IBM z15: Multicloud makes the case for why mainframes still matter (lien direct)

IBM\'s rethinking what a mainframe should be in the age of cloud computing. Here\'s why it matters for the enterprise.

WiredThreatLevel.png 2019-09-12 11:00:00 (Déjà vu) The Biggest iPhone News Is the Apple U1 Chip Inside It (lien direct)

By embracing ultra-wideband location tech, Apple has a chance to reshape experiences way beyond AirDrop.

WiredThreatLevel.png 2019-09-12 11:00:00 The Biggest iPhone News Is Apple\'s New U1 Chip Inside It (lien direct)

By embracing ultra-wideband location tech, Apple has a chance to reshape experiences way beyond AirDrop.

WiredThreatLevel.png 2019-09-12 11:00:00 Why Uber Thinks It Can *Still* Call Its Drivers Contractors (lien direct)

A pending California law was designed to make ride-hail companies classify drivers as employees. Uber says it can evade the requirement.

WiredThreatLevel.png 2019-09-12 11:00:00 Would the Internet Be Healthier Without \'Like\' Counts? (lien direct)

Facebook, Instagram, Twitter, and YouTube have moved to hide or obscure measures of popularity, in the name of less toxic dialog. Users give a thumbs-down.

securityintelligence.png 2019-09-12 10:45:02 5 Things You Can Do After a Data Breach to Help Mitigate Cost (lien direct)

>Reading Time: 5 minutes The cost of a data breach is rising, and a carefully planned and regularly rehearsed response can go a long way toward saving your company money in the wake of a security incident.

The post 5 Things You Can Do After a Data Breach to Help Mitigate Cost appeared first on Security Intelligence.

Data Breach
securityintelligence.png 2019-09-12 10:35:02 How Will Strong Customer Authentication Impact the Security of Electronic Payments? (lien direct)

>Reading Time: 3 minutes The EU\'s updated Payment Services Directive, PSD2, will introduce a new technical standard that regulates strong customer authentication (SCA).

The post How Will Strong Customer Authentication Impact the Security of Electronic Payments? appeared first on Security Intelligence.

ZDNet.png 2019-09-12 10:20:03 Google discloses vulnerability in Chrome OS \'built-in security key\' feature (lien direct)

Security issue fixed in late June, with the release of Chrome OS 75. Additional remediation steps below.

Vulnerability
ZDNet.png 2019-09-12 10:08:00 Most consumers will refuse to work with enterprises that won\'t keep their data secure (lien direct)

There are ramifications for enterprise customer retention as an understanding of data protection increases.

SecurityWeek.png 2019-09-12 10:02:03 (Déjà vu) Microsoft Makes Automated Incident Response in Office 365 ATP Generally Available (lien direct)

The Automated Incident Response feature in Office 365 Advanced Threat Protection (ATP) is now generally available, Microsoft has announced.

read more

Threat
securityintelligence.png 2019-09-12 10:00:03 New Poll Shows Consumers\' Expectations on Data Privacy Evolve, But So Does Technology (lien direct)

Reading Time: 5 minutes Consumers\' understanding of data privacy is evolving. Nearly two-thirds of poll respondents strongly agree that companies should be doing more to protect them against cybersecurity threats.

The post New Poll Shows Consumers’ Expectations on Data Privacy Evolve, But So Does Technology appeared first on Security Intelligence.

WiredThreatLevel.png 2019-09-12 10:00:00 The WIRED25 Festival Is Back-Get Ready to Fix Things (lien direct)

Join us for four days of lively stage chats and workshops with luminaries and icons, from Chris Evans and N. K. Jemisin to Stewart Butterfield and NSA cybersecurity head Anne Neuberger.

SecurityAffairs.png 2019-09-12 09:27:00 Iran-linked group Cobalt Dickens hit over 60 universities worldwide (lien direct)

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. Researchers at Secureworks’ Counter Threat Unit (CTU) uncovered a phishing campaign carried out by the Iran-linked Cobalt Dickens APT group (also known as Silent Librarian) that targeted more than 60 universities four continents in July and August. According to […]

The post Iran-linked group Cobalt Dickens hit over 60 universities worldwide appeared first on Security Affairs.

Threat
bleepingcomputer.png 2019-09-12 09:10:02 Microsoft Publishes Solutions for Windows 10 Search Issues (lien direct)

Microsoft today published a support article detailing solutions on how to fix problems in Windows Search after previously fixing a known issue where users reported not receiving results on Windows 10, version 1903 devices. [...]

CSO.png 2019-09-12 09:07:00 BrandPost: Challenges Abound in Securing Complex Networks (lien direct)

Securing your Internet attack surface today is more complex and challenging than ever. Machine-speed attacks mean that bad actors can find compromised assets in minutes. Security teams often find themselves responsible for securing assets that are ultimately managed by other departments. Ensuring protection without having control over the Internet-connected assets and services that need that protection can be a challenge.

Adding to these escalating risks is the frequency with which the extended enterprise is targeted by malicious actors. Subsidiaries, companies that have been acquired, vendors, and partners can all be targets and add to your risk. Securing your organization isn\'t about putting endpoint security tools on every company-owned device and setting up a firewall anymore; it\'s about having complete visibility into and control over your global Internet attack surface, including relevant third parties.

To read this article in full, please click here

SecurityWeek.png 2019-09-12 08:33:05 Credential Leaking Vulnerabilities Impact Comba, D-Link Routers (lien direct)

Trustwave security researchers have discovered five new credential leaking vulnerabilities, two in a D-Link DSL modem and three in multiple Comba Telecom WiFi devices.

read more

SecurityWeek.png 2019-09-12 08:20:04 Chinese Woman Guilty of Trespassing at Trump\'s Mar-a-Lago (lien direct)

A Chinese woman who stirred fears of espionage when she entered President Donald Trump\'s Mar-a-Lago resort carrying multiple mobile phones and a malware-spiked thumb drive was found guilty of trespassing and lying in a Florida court Wednesday.

read more

The_State_of_Security.png 2019-09-12 08:00:22 How to Foil the 6 Stages of a Network Intrusion (lien direct)

The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most […]… Read More

The post How to Foil the 6 Stages of a Network Intrusion appeared first on The State of Security.

Data Breach
Pirate.png 2019-09-12 07:41:04 La France dans le top 3 des pays les plus touchés par les menaces ciblant les utilisateurs de MacOS (lien direct)
La France dans le top 3 des pays les plus touchés par les menaces ciblant les utilisateurs de MacOS, avec au niveau mondial une augmentation de 9% d\'attaques.
SecureMac.png 2019-09-12 07:01:04 Four ways mediocre enterprise security can cost you money-and more (lien direct)

Cybersecurity spending worldwide is estimated to reach well over $120 billion in 2019-and most analysts predict steady growth after that. There\'s a reason why companies are investing so heavily in security...

The post Four ways mediocre enterprise security can cost you money-and more appeared first on SecureMac.

Korben.png 2019-09-12 07:00:05 Enigma – Le simulateur (lien direct)

Si vous vous intéressez au chiffrement, vous connaissez surement Enigma, cette machine mise au point par les Allemands lors de la Seconde Guerre mondiale qui permettait d’envoyer des messages chiffrés. Enigma fonctionnait à l’aide de rotors électromécaniques qui servaient à substituer les 26 lettres de l’alphabet à l’aide du type … Suite

SecurityAffairs.png 2019-09-12 05:23:04 LokiBot info stealer involved in a targeted attack on a US Company (lien direct)

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. The Lokibot malware has been active since 2015, it is an infostealer that was involved in many malspam campaigns aimed […]

The post LokiBot info stealer involved in a targeted attack on a US Company appeared first on Security Affairs.

Malware
The_Hackers_News.png 2019-09-12 04:56:01 New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS (lien direct)

Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser, a dynamic SIM toolkit that is widely being used by

Vulnerability
The_Hackers_News.png 2019-09-12 04:44:00 WebARX - A Defensive Core For Your Website (lien direct)

Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web. It built a defensive core for websites which is embedded deep inside the company\'s DNA as even ARX in their name refers to the citadel (the core fortified area of a town or

Vulnerability
01net.png 2019-09-12 04:09:15 Une énorme faille dans les puces Intel Xeon permet d\'espionner des ordinateurs à distance (lien direct)

Une faille spectaculaire dans un des caches des processeurs Intel Xeon permet de voler des informations sensibles. Un risque qui touche aussi bien les entreprises au travers de leurs datacenters que les utilisateurs de plates-formes cloud.

bleepingcomputer.png 2019-09-12 03:33:03 Iranian Hackers Hit Over 60 Universities to Get Library Access (lien direct)

Cobalt Dickens, a threat actor associated with the Iranian government, ran a phishing operation in July and August that targeted more than 60 universities in countries on four continents. [...]

Threat
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Information mise à jours le: 2019-09-22 08:07:45
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter