What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
bleepingcomputer.png 2019-05-14 13:00:00 Microsoft Fixes Critical Remote Desktop Flaw, Blocks Worm Malware (lien direct)

Microsoft patched today a critical Remote Code Execution vulnerability found in the Remote Desktop Services platform which can allow malicious actors to create malware designed to propagate between computers running vulnerable RDS installations. [...]

WiredThreatLevel.png 2019-05-14 13:00:00 Tram Bowling Is an Actual Sport. Let\'s Look at the Physics (lien direct)

Driving a tram into a ball such that it knocks down pins-tram bowling, naturally-raises some physics questions: What does the speed of the ball depend on? What\'s its change in momentum?

Kaspersky.png 2019-05-14 12:58:02 WhatsApp Zero-Day Exploited in Targeted Spyware Attacks (lien direct)

WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims\' phones.

SecurityAffairs.png 2019-05-14 12:48:00 North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal (lien direct)

The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. North Korea-linked APT group ScarCruft (aka APT37, Reaper, and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. ScarCruft has been active since at least 2012, it made the headlines in early February […]

The post North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal appeared first on Security Affairs.

globalsecuritymag.png 2019-05-14 12:38:04 Nouvelle attaque ciblée combinant Supply Chain et Man In The Middle : le malware Plead exploite ASUS Webstorage et des routeurs ASUS (lien direct)

Les chercheurs ESET publient une recherche révélant que les attaquants derrière le malware Plead l\'ont distribué en exploitant des routeurs compromis et des attaques de type " Homme du Milieu " (MitM) contre le logiciel légitime ASUS WebStorage. Cette nouvelle activité a été détectée par ESET à Taïwan, où Plead est particulièrement actif. Le groupe d\'attaquants BlackTech l\'utilise notamment pour ses attaques ciblées, principalement dans le cadre d\'opérations de cyberespionnage à travers l\'Asie. Fin avril (...) - Malwares

SecurityWeek.png 2019-05-14 12:15:01 Hackers Add Security Software Removal to Banload Banking Malware (lien direct)

There are two primary characteristics of the Brazilian hacking scene: a focus on Brazil, and the adaptability of the hackers. Very strict money laws make trans-border money movement difficult, ensuring that most targets remain local; and the hackers tend to move on to new targets when the current one becomes too difficult.

read more

bleepingcomputer.png 2019-05-14 12:14:03 Keyloggers Injected in Web Trust Seal Supply Chain Attack (lien direct)

Hackers compromised the script used by Best of the Web to display their trust seal on their customers\' websites and to add two key logging scripts designed to sniff keystrokes from visitors. [...]

ZDNet.png 2019-05-14 12:05:01 Alexa Guard now turns your smart speaker into a home security device (lien direct)

The system can detect breaking glass as well as the sound of smoke alarms.

Kaspersky.png 2019-05-14 12:00:05 Cynet: An Autonomous Security Platform for Any Size Organization (lien direct)

Cynet  protects the entire internal environment – including hosts, files, users and the network.

WiredThreatLevel.png 2019-05-14 12:00:00 Daimler Plans to Make Its Cars Carbon Neutral by 2039 (lien direct)

The carmaker\'s new climate plan is bold-for a company. But it falls short of recommended emissions cuts and shows the limits of corporate self-policing.

CSO.png 2019-05-14 11:57:00 The second Meltdown: New Intel CPU attacks leak secrets (lien direct)

Researchers have found new flaws in Intel processors that could allow hackers to defeat the security boundaries enforced by virtual machine hypervisors, operating system kernels and Intel SGX enclaves, putting data on both servers and endpoint systems at risk. The new attack techniques can be used to leak sensitive secrets like passwords or encryption keys from protected memory regions and are not blocked by mitigations for past CPU attacks.

Over a year ago, the Meltdown and Spectre attacks took the computer industry by storm and showed that the memory isolation between the operating system kernel and unprivileged applications or between different virtual machines running on the same server were not as impervious as previously thought. Those attacks took advantage of a performance enhancing feature of modern CPUs called speculative execution to steal secrets by analyzing how data was being accessed inside CPU caches.

To read this article in full, please click here

The_Hackers_News.png 2019-05-14 11:31:05 Microsoft Releases Patches For A Critical \'Wormable Flaw\' and 78 Other Issues (lien direct)

It\'s Patch Tuesday-the day when Microsoft releases monthly security updates for its software. Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users\' interaction. Out of 79 vulnerabilities, 18 issues

WiredThreatLevel.png 2019-05-14 11:00:00 The Curious History of Crap-Human, Animal, and Chemical (lien direct)

We don\'t think much about where our waste goes, but the history of what we do with poop is also the history of how we grow food.

WiredThreatLevel.png 2019-05-14 11:00:00 Microsoft Wants to Protect Your Identity With Bitcoin (lien direct)

Microsoft announced plans to use the bitcoin blockchain to create a "digital identity" that could be used to access sites and apps across the internet.

The_State_of_Security.png 2019-05-14 10:54:04 Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor (lien direct)

Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both created and executed the Plead backdoor using “AsusWSPanel.exe,” a legitimate process which belongs to the Windows client for the cloud-based storage service ASUS […]… Read More

The post Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor appeared first on The State of Security.

ZDNet.png 2019-05-14 10:33:03 Over 25,00 smart Linksys routers are leaking sensitive data (lien direct)

A security flaw grants remote access to router information.

globalsecuritymag.png 2019-05-14 10:08:05 CheckPoint Software donne son point de vue de sur une vulnérabilité de WhatsApp (lien direct)

- Quels sont les risques associés à cet incident ? Le problème affecte WhatsApp sur Android et iOS, la vulnérabilité, identifié comme CVE-2019-3568, peut être exploitée avec succès pour installer le logiciel espion et voler les données d\'un téléphone Android ou un iPhone ciblé en passant simplement un appel WhatsApp, même lorsque l\'on ne répond pas à l\'appel. La victime ne serait pas capable de découvrir l\'intrusion par la suite puisque le logiciel espion efface les informations de l\'appel entrant des (...) - Points de Vue

SecurityAffairs.png 2019-05-14 10:06:00 Malware Training Sets: FollowUP (lien direct)

The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning). One of the first difficulties I met was on finding […]

The post Malware Training Sets: FollowUP appeared first on Security Affairs.

WiredThreatLevel.png 2019-05-14 10:00:00 I Tweeted Out My Phone Number-and Rediscovered Humanity (lien direct)

After I was digitally shamed on Twitter, I posted my phone number. What I got in return was the kindness of strangers.

WiredThreatLevel.png 2019-05-14 10:00:00 Why I (Still) Love Tech: In Defense of a Difficult Industry (lien direct)

Technology is just another human creation-like religion or government or sports or money. It\'s not perfect, and it never will be. But it\'s still a miracle.

WiredThreatLevel.png 2019-05-14 10:00:00 How Twitter Became My Sacred Space (lien direct)

I came for the hostility, then the social network offered me something I never expected.

WiredThreatLevel.png 2019-05-14 10:00:00 \'Heartbeat\' Bills Get the Science of Fetal Heartbeats All Wrong (lien direct)

Anti-abortion laws lean on the heartbeat as a defining moment of aliveness. But at six weeks, it indicates little more than cells and electrical activity.

WiredThreatLevel.png 2019-05-14 10:00:00 Tech That Makes Us Better Humans: JavaScript, Shudder, Chat Apps, Concordia, Signia (lien direct)

We reached out to a bunch of experts to ask them about the tools they love. Here\'s what we heard back.

ESET.png 2019-05-14 09:30:05 Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage (lien direct)

>ESET researchers have discovered that the attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software

The post Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage appeared first on WeLiveSecurity

bleepingcomputer.png 2019-05-14 09:12:04 Hackers Access Over 461,000 Accounts in Uniqlo Data Breach (lien direct)

Fast Retailing, the company behind multiple Japanese retail brands, announced that the UNIQLO Japan and GU Japan online stores have been hacked and third parties accessed 461,091 customer accounts following a credential stuffing attack. [...]

Pirate.png 2019-05-14 09:10:05 GlobalSign et Big Good annoncent la sortie de la nouvelle solution de sécurité IoT " G-Shield " (lien direct)
Propulsé par la plateforme d\'identités IoT de GlobalSign, G-Shield améliore la sécurité des équipements IoT grâce à l\'intégration directe des certificats dans les circuits intégrés.
TechRepublic.png 2019-05-14 08:56:05 Feniks: Microsoft\'s cloud-scale FPGA operating system (lien direct)

A Microsoft research project shows how FPGAs can turn into flexible data centre resources as they\'re more widely deployed for hardware acceleration.

Pirate.png 2019-05-14 08:50:01 Avast lance sa solution Omni et renforce la sécurité digitale pour les foyers connectés (lien direct)
Avast Omni assure un haut niveau de protection des appareils connectés aux réseaux domestiques, et une sécurité multi-plateformes en mobilité.
Pirate.png 2019-05-14 08:47:04 Vulnérabilité dans WhatsApp, que risquez-vous ? (lien direct)
Une vulnérabilité a été découverte début mai dans l\'application mobile WhatsApp. Cette vulnérabilité permettait d\'exécuter du code malveillant à distance sur plus d\'1,5 milliards de téléphone, elle aurait été exploitée par une société éditant le logiciel de surveillance mobile Pegasus. Cette vulnérabilité a finalement été corrigée par WhatsApp il y a 2 jours.
The_Hackers_News.png 2019-05-14 08:44:03 Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder (lien direct)

Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e.,

grahamcluley.png 2019-05-14 08:44:02 Urgent! Update WhatsApp NOW… to add new sticker support (lien direct)

Yes, you should update WhatsApp.

But not for the reasons they’re telling you.

ANSSI.png 2019-05-14 08:30:02 Paroles d\'agents – Les métiers de la cybersécurité racontés par l\'ANSSI (lien direct)

UNE VALORISATION DE L’ENSEMBLE DES MÉTIERS DE LA CYBERSÉCURITÉ À travers les témoignages de cinq agents de l’ANSSI, Paroles d\'agents a l’ambition de rendre davantage visible la diversité des métiers de la cybersécurité. Au-delà des nombreux spécialistes formés en sécurité des systèmes d\'information, les nouveaux enjeux sociétaux de la sécurité du numérique nécessitent aussi des […]

SecurityWeek.png 2019-05-14 08:16:00 Report Links Vast Online Disinformation Campaign to Iran (lien direct)

When an attractive young Middle Eastern woman contacted Saudi dissident Ali AlAhmed over Twitter last November, he was immediately suspicious.

read more

SecurityAffairs.png 2019-05-14 08:02:01 WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware (lien direct)

Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device. Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device. WhatsApp did not name the threat […]

The post WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware appeared first on Security Affairs.

SecurityAffairs.png 2019-05-14 06:57:03 Unprotected DB exposed PII belonging to nearly 90% of Panama citizens (lien direct)

Personally identifiable information belonging to roughly 90% of Panama citizens were exposed on a poorly configured Elasticsearch server. Security researcher Bob Diachenko discovered an unprotected Elasticsearch server exposing personally identifiable information belonging to nearly 90% of Panama citizens. Exposed data includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data. […]

The post Unprotected DB exposed PII belonging to nearly 90% of Panama citizens appeared first on Security Affairs.

SecurityWeek.png 2019-05-14 05:45:04 Facebook Patches WhatsApp Flaw Exploited to Spy on Users (lien direct)

Facebook patches WhatsApp zero-day

read more

ANSSI.png 2019-05-14 04:00:05 Paroles d\'agents : l\'ANSSI racontée par ceux qui la font vivre au quotidien (lien direct)

C’est aujourd\'hui l’ensemble du secteur de la cybersécurité français qui doit faire face à une pénurie de talents, au moment où les besoins d\'experts en cybersécurité dans le public et le privé sont de plus en plus importants. Pourtant, l\'emploi dans le domaine reste extrêmement porteur, en proposant des métiers d\'avenir, variés, de très nombreuses […]

bleepingcomputer.png 2019-05-14 03:45:01 Google Chrome Offers a Glimpse of it\'s Upcoming Settings Screen (lien direct)

In the latest Chrome Nightly build, Google is finally giving in and putting a fixed left-hand navigation bar in the browser\'s Settings page. [...]

CSO.png 2019-05-14 03:00:00 200 million-record breach: Why collecting too much data raises risk (lien direct)

If you don\'t collect it, no one can steal it.

Sometimes the best way to secure customer data is not to collect it in the first place. While it can be tempting to "collect it all" just in case, most enterprises need far less data on their users to market to them effectively. Reducing the amount of data collected means that in the inevitable event of a breach, the repercussions will be far less severe.

The_Hackers_News.png 2019-05-14 01:54:04 Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor (lien direct)

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects

The_Hackers_News.png 2019-05-14 01:46:01 Cryptocurrency Hacks Still Growing - What Does That Mean for the Industry? (lien direct)

Though once synonymous with underground networks and black hat hackers, bitcoin and other cryptocurrencies have gone mainstream over the past two years. In 2017, we saw the skyrocket of bitcoin to an all-time high of close to $20,000 followed by a significant decline the following year. But beyond the ups and downs in the market for the world\'s largest cryptocurrency is a much more sinister

WiredThreatLevel.png 2019-05-14 00:02:01 Millions of Hacked Routers, Apple\'s Court Troubles, and More News (lien direct)

Catch up on the most important news today in 2 minutes or less.

no_ico.png 2019-05-13 23:52:02 Hackers Are Collecting Payment Details, User Passwords From 4,600 Sites (lien direct)

It has been reported that hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites,  Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to …

The ISBuzz Post: This Post Hackers Are Collecting Payment Details, User Passwords From 4,600 Sites appeared first on Information Security Buzz.

no_ico.png 2019-05-13 23:30:04 Unsecured SMS Spam Operation Discovered (lien direct)

It has been reported that a massive SMS spamming operation kicked out tens of millions of text messages, pestering unsuspecting recipients with links to fake sites flogging loans and free money. The operation was simple but smart. The system processed vast batches of phone numbers and curated custom messages on the fly with links to the fake sites. These …

The ISBuzz Post: This Post Unsecured SMS Spam Operation Discovered appeared first on Information Security Buzz.

The_Hackers_News.png 2019-05-13 23:10:02 Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones (lien direct)

Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs

WiredThreatLevel.png 2019-05-13 22:30:00 Lenovo Makes the Leap Into Foldable-Display Laptops (lien direct)

The still-to-be-named product will be a part of Lenovo\'s ThinkPad X1 line of laptops.

Kaspersky.png 2019-05-13 22:17:05 Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices (lien direct)

The two high-severity bugs impact a wide array of enterprise, military and government networks.

WiredThreatLevel.png 2019-05-13 21:59:04 How Tech Helped the NSC Change the US Way of War (lien direct)

The National Security Council has gained enormous influence over the last few decades-thanks in no small part to better tech.

ZDNet.png 2019-05-13 21:18:04 Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear (lien direct)

Most Cisco gear is believed to be impacted. No attacks detected, as of yet.

Kaspersky.png 2019-05-13 21:02:01 Twitter Leaks Apple iOS Users\' Location Data to Ad Partner (lien direct)

A Twitter glitch "inadvertently" leaked iOS users\' location data to an unnamed partner.

10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

Information mise à jours le: 2019-05-27 08:01:36
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter