What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
WiredThreatLevel.png 2019-01-07 18:03:05 Netflix and Amazon Binged Wins at the Golden Globes (lien direct)

And \'Aquaman\' continues to rule the box office.

no_ico.png 2019-01-07 18:00:03 The Security Edge Of Digital Transformation (lien direct)

2018 was the year in which we encountered thenewishterm \'Digital Transformation\' take a grip in computing vocabulary, which on occasions has even crossed the conversational lines onto the lips of some involved in the Cyber Security Industry – and this I must admit concerns me deeply for multiple reasons. As we have observed in the …

The ISBuzz Post: This Post The Security Edge Of Digital Transformation appeared first on Information Security Buzz.

MalwarebytesLabs.png 2019-01-07 17:59:00 Australia\'s Early Warning Network compromised (lien direct) Read more...)

The post Australia’s Early Warning Network compromised appeared first on Malwarebytes Labs.

TechRepublic.png 2019-01-07 17:55:01 CES 2019: AMD introduces second-gen mobile CPUs based on Zen microarchitecture (lien direct)

AMD\'s second-generation Zen mobile CPUs paired with Vega GPUs offer faster graphics performance than Intel\'s competing CPUs, which are in short supply.

Blog.png 2019-01-07 17:47:00 More Questions as Expert Recreates Chinese Super Micro Hardware Hack (lien direct)

Though the companies named in a blockbuster Bloomberg story have denied that China hacked into Supermicro hardware that shipped to Amazon, Apple and nearly 30 other firms, a recent demonstration at hacking conference in Germany proves the plausibility of the alleged hack.  

The post More Questions as Expert Recreates Chinese Super Micro Hardware...

Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/590964640/0/thesecurityledger -->»

MalwarebytesLabs.png 2019-01-07 17:33:00 A week in security (December 31, 2018 – January 6, 2019) (lien direct) A roundup of last week\'s security news from December 31, 2018 to January 6, 2019, including fresh breaches in the New Year, mobile malware, GandCrab, and how we remembered 2018.

Categories:

Security world Week in security

Tags:

(Read more...)

The post A week in security (December 31, 2018 – January 6, 2019) appeared first on Malwarebytes Labs.

securityintelligence.png 2019-01-07 17:20:02 The System Development Life Cycle: A Phased Approach to Application Security (lien direct)

>By completing the phases of the system development life cycle (SDLC), security teams can integrate processes and technologies into the development process and improve application security.

The post The System Development Life Cycle: A Phased Approach to Application Security appeared first on Security Intelligence.

Kaspersky.png 2019-01-07 17:12:03 Snowden\'s Attorney Urges Canada to Take in Whistleblower Helpers (Part Two) (lien direct)

Robert Tibbo discusses being pushed to leave Hong Kong under pressure and efforts made to the Canadian government to grant refugee status to the “Snowden refugees.”

TechRepublic.png 2019-01-07 16:55:04 CES 2019: 80% of users don\'t trust IoT security, so BlackBerry created a stamp of approval (lien direct)

Amid consumer demand, the smartphone manufacturer released three products to keep Internet of Things data more secure.

TechRepublic.png 2019-01-07 16:42:05 How to add remote nodes to Rundeck (lien direct)

If you already have Rundeck running but can\'t add a remote node, Jack Wallen offers the solution.

bleepingcomputer.png 2019-01-07 16:27:03 NCSC Starts Campaign to Help Industry Fight Foreign State Threats (lien direct)

The U.S. National Counterintelligence and Security Center (NCSC) started distributing informative materials ranging from brochures to videos to privately held companies around the country advertising increased awareness of rising cybersecurity threats from nation-state actors. [...]

TechRepublic.png 2019-01-07 16:25:04 How to add data into MySQL tables from the command line (lien direct)

Jack Wallen explains how to add data into a MySQL table from the command line.

grahamcluley.png 2019-01-07 16:24:01 Earn $2,000,000 by remotely jailbreaking an iPhone (lien direct)
Earn $2,000,000 by remotely jailbreaking an iPhone

Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction?

The sad truth is that we may never know for sure… but intelligence agencies might.

TechRepublic.png 2019-01-07 16:05:00 Huawei unveils Kunpeng 920 CPU and TaiShan servers for Arm datacenter use at CES 2019 (lien direct)

Arm\'s future in the datacenter is being solidified with Huawei introducing Arm powered server-class products, competing with Cavium, Qualcomm, and Amazon.

TechRepublic.png 2019-01-07 15:54:00 CES 2019: China\'s e-commerce giant JD launches smart delivery stations for drones and robots (lien direct)

JD.com operates the world\'s first fully-automated fulfillment center, and is expanding its use of autonomous vehicles for delivery.

TechRepublic.png 2019-01-07 15:40:02 CES 2019: HumanEyes Technologies powers Vuze, world\'s first 5K VR camera (lien direct)

HumanEyes Technologies improves VR photography and videography with the Vuze XR camera.

Kaspersky.png 2019-01-07 15:28:01 unCAPTCHA AI Cracks Google reCAPTCHAs with 90% Accuracy (lien direct)

A proof-of-concept from the University of Maryland can defeat the audio challenges that are offered as an option for people with disabilities.

bleepingcomputer.png 2019-01-07 15:19:00 OXO Discloses MageCart Attack That Targeted Customer Data on Oxo.com (lien direct)

United States based kitchen utensil manufacturer OXO International disclosed a data breach that spans numerous periods over two years. This breach notification states that customer and payment information may have been exposed and further research by BleepingComputer indicates this was most likely a MageCart attack. [...]

ESET.png 2019-01-07 15:16:02 EU offers bug bounties on popular open source software (lien direct)

>The program with a prize pool of almost US$1 million aims to leverage the \'power of the crowd\' in order to prevent another Heartbleed

The post EU offers bug bounties on popular open source software appeared first on WeLiveSecurity

Kaspersky.png 2019-01-07 15:13:02 Skype Glitch Allowed Android Authentication Bypass (lien direct)

A glitch allowed hackers to access contacts, photos and more on Android devices - simply by answering a Skype call.

ZDNet.png 2019-01-07 15:12:00 Real-time location data for over 11,000 Indian buses left exposed online (lien direct)

Researcher finds real-time GPS and bus route information from 27 Indian transportation agencies left exposed online via an ElasticSearch server.

WiredThreatLevel.png 2019-01-07 15:00:00 CES 2019 Liveblog Day 1: News and Photos From CES in Las Vegas (lien direct)

This year\'s CES, one of the biggest consumer tech showcases in the world, starts Monday morning. Join us for live updates from the show in Las Vegas, Nevada.

itsecurityguru.png 2019-01-07 14:52:02 BlackBerry Empowers The Electronics Industry To Build IoT Devices Consumers Can Trust. (lien direct)

BlackBerry Limited (NYSE: BB; TSX: BB) today announced it is scaling its BlackBerry Secure technology and licensing strategy to empower the electronics industry to rapidly bring-to-market safe and secure IoT devices. According to a recent survey commissioned by the company, approximately 80% of consumers in the U.S., U.K. and Canada do not trust their current […]

The post BlackBerry Empowers The Electronics Industry To Build IoT Devices Consumers Can Trust. appeared first on IT Security Guru.

itsecurityguru.png 2019-01-07 14:52:02 Akamai To Add Customer Identity Access Management Capability To Enhance Digital Trust By Acquiring Janrain Inc. (lien direct)

Akamai Technologies (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital experiences, today announces the company has entered into an agreement to acquire Janrain, the company that pioneered the customer identity access management (CIAM) category. Janrain enables enterprises to enhance digital trust by offloading login and registration workloads, and its integration with Akamai\'s […]

The post Akamai To Add Customer Identity Access Management Capability To Enhance Digital Trust By Acquiring Janrain Inc. appeared first on IT Security Guru.

itsecurityguru.png 2019-01-07 14:52:02 Easy-to-Use Actions On The Google Assistant Enable Seamless Security Controls Of McAfee Secure Home Platform. (lien direct)

Today McAfee announced the planned launch of the new McAfee Secure Home Platform voice commands for the Google Assistant. The McAfee Secure Home Platform is available today for device manufacturers worldwide to integrate into routers and gateways. With this forthcoming Google Assistant integration, customers with a McAfee Secure Home Platform-enabled router and compatible Assistant devices […]

The post Easy-to-Use Actions On The Google Assistant Enable Seamless Security Controls Of McAfee Secure Home Platform. appeared first on IT Security Guru.

TechRepublic.png 2019-01-07 14:32:00 CES 2019: Blue launches Ember mic for content creators (lien direct)

Blue\'s Ember condenser microphone aims at content creators who want to take their audio recording to the next level.

bleepingcomputer.png 2019-01-07 14:23:00 Microsoft Announces Unlimited Private Repos for GitHub Free (lien direct)

GitHub Free users can now create private repositories which can have up to three collaborators per repo [...]

Checkpoint.png 2019-01-07 14:00:01 Check Point Research: A Year in Exploration (lien direct)

Part of being a great storyteller is to venture into the unknown. To step out of our comfort zone and explore worlds that are often hard to reach, overcoming challenges and obstacles along the way. The goal: to reach a final destination, though often that destination itself may be unknown.   In 2018, Check Point…

The post Check Point Research: A Year in Exploration appeared first on Check Point Software Blog.

AlienVault.png 2019-01-07 14:00:00 Data Exfiltration in AWS: Part 2 of Series (lien direct)

In the previous blog in this four-part blog series, we discussed AWS IAM and how it can be compromised to allow for data exfiltration. In this blog we will drill into data exfiltration.

One of the more common issues reported on lately involves EC2 instances running data storage services like Elasticsearch and MongoDB, which by default don't have any credential requirements to interact with the data store. And if you don't get your security groups set up properly you can inadvertently expose, for example, the Elasticsearch port (9200) out to the Internet. If that happens, you can bet that somebody is going to find it and dump its entire data set.

Here’s a common scenario we’ve seen in AWS: A web application is capturing user details and analytics.  The developers want to capture that data in a metrics-friendly repository (in addition to the database that the application uses) so they spin an EC2 instance, install Elasticsearch and start dropping data in it that is useful for analytics tracking.  It’s probably not sensitive data so they’re not too worried about locking it down and for convenience, the backend Elasticsearch port is exposed to the Internet. As the analytics requirements evolve along with the application, more and more data ends up in the completely exposed data store.  Then a bad guy does a port scan and finds it sitting there, ripe for the picking. It's become so common that adversaries have gone through the trouble of creating ransomware that fully hijacks the data store and encrypts the data within it.

Here are some examples:

Data Exfiltration: Risks

Ransomware

With a public vulnerability search tool such as Shodan, you can do a search for publicly exposed Elasticsearch databases and it’ll give you a big list. It's not difficult to find systems that have been exposed this way and attackers are finding them pretty quickly.

Application Abuse

The other way that data exfiltration takes place is through an application vulnerability, but this isn't AWS-specific. There are common application vulnerabilities that some attackers are very adept at discovering. A crafty attacker will bang on a web application long enough to find a vulnerability that they can use to exfiltrate data from the system.  This technique is very effective because most web applications need access to some degree of sensitive data in order to be of any use.

WiredThreatLevel.png 2019-01-07 14:00:00 How to Calculate the Physics in Super Smash Bros. Ultimate (lien direct)

Using the videogame\'s training mode, you can figure out the rules governing how the various characters jump and move.

TechRepublic.png 2019-01-07 13:57:05 CES 2019: Revamped Acer Swift 7 is one of the thinnest, lightest business laptops ever (lien direct)

The Windows 10 device has a compact design with a 92% screen-to-body ratio.

SecurityAffairs.png 2019-01-07 13:56:00 Australian Early Warning Network hacked and used to send fake alerts (lien direct)

A hacker obtained an unauthorized access to the Australian Early Warning Network over the weekend and abused it to send out an alert via SMS A hacker breached the Australian Early Warning Network over the weekend and abused it to send out an alert via SMS, landline, and email to the subscribers of the Aeeris firm […]

The post Australian Early Warning Network hacked and used to send fake alerts appeared first on Security Affairs.

TechRepublic.png 2019-01-07 13:37:04 Forced Windows 10 upgrade leads Finnish watchdog to demand Microsoft payout (lien direct)

Finnish national broadcaster YLE reports that the country\'s consumer-protection watchdog has recommended Microsoft pay a Finnish man €1,100 for the unwanted upgrade from Windows 8.1.

securityintelligence.png 2019-01-07 12:55:02 Is It Time for Enterprises to Bid Farewell to BYOD? (lien direct)

>As BYOD practices blur the boundary of the enterprise perimeter, how can security leaders ensure corporate data is safe?

The post Is It Time for Enterprises to Bid Farewell to BYOD? appeared first on Security Intelligence.

Kaspersky.png 2019-01-07 12:31:01 Podcast: Beware These Top Security Threats in 2019 (lien direct)

In this week\'s podcast, we weigh in on the top threats to watch out for in 2019 - from fraud to IoT.

The_State_of_Security.png 2019-01-07 12:06:01 Alert Service Compromised to Send Out Spam Message (lien direct)

An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service’s customers. The Queenland Early Warning Network (EWN) alert service disclosed first in a Facebook post and later on its website that the compromise took place near the beginning of the year: At around […]… Read More

The post Alert Service Compromised to Send Out Spam Message appeared first on The State of Security.

itsecurityguru.png 2019-01-07 12:00:02 BlackBerry Survey Finds Consumers Don\'t Trust Connected Devices To Keep Data Safe And Secure. (lien direct)

BlackBerry Limited (NYSE: BB; TSX: BB) today announced new survey findings on consumer attitudes and behaviours toward security, trust and privacy, particularly when it comes to purchasing and using smart, connected \'things\' which includes cars, drones, health monitors, TVs, security cameras, smart speakers and more. Conducted in the past 30 days, the survey commissioned by […]

The post BlackBerry Survey Finds Consumers Don\'t Trust Connected Devices To Keep Data Safe And Secure. appeared first on IT Security Guru.

bleepingcomputer.png 2019-01-07 12:00:00 Microsoft Pulls Office 2010 January 2019 Updates After Excel Blunder (lien direct)

After releasing the first Microsoft Office updates of 2019 designed to fix non-security issues in Office 2010, Office 2013, and Office 2016 on January 2, Microsoft pulled the Office 2010 updates from the server following multiple reports of Excel not being able to start. [...]

WiredThreatLevel.png 2019-01-07 12:00:00 The Star Wars Franchise Will Return in Full Force in 2019 (lien direct)

Is your New Year\'s resolution to consume more \'Star Wars\' content? The universe has delivered.

WiredThreatLevel.png 2019-01-07 12:00:00 Bitcoin Exposed Silicon Valley\'s Ultimate Aim: Making Money (lien direct)

Bitcoin is a prime example of how Silicon Valley touts "democratization" and "decentralization" as righteous motives when wealth is the ultimate goal.

securityintelligence.png 2019-01-07 11:50:00 Close the Gap on Advanced Threats With Integrated Security (lien direct)

>Advanced threats are evolving faster than enterprise security, despite record spend. Organizations need an integrated ecosystem of solutions that provide visibility into anomalies and potential risks.

The post Close the Gap on Advanced Threats With Integrated Security appeared first on Security Intelligence.

bleepingcomputer.png 2019-01-07 11:12:00 Google Emails Users About Private Data Exposed by Google+ API Bug (lien direct)

Google has started sending out notifications to those who were affected by their Google+ API bug that was disclosed in December 2018. This notification provides details regarding what profile data was exposed and the apps that had access to it. [...]

itsecurityguru.png 2019-01-07 11:11:02 Looking Over The Horizon: What Does Cybersecurity Have In Store For 2019? (lien direct)

by Tom Kellermann, Chief Cybersecurity Officer, Carbon Black In every intelligence industry there\'s often a central aim: predicting the future. We collect and analyse, dissect and interpret, looking for that essential nugget that will give us the edge over our adversaries by indicating what they\'ll do next. While this activity goes on 24/7/365, the end […]

The post Looking Over The Horizon: What Does Cybersecurity Have In Store For 2019? appeared first on IT Security Guru.

SecurityAffairs.png 2019-01-07 11:04:02 ReiKey app for macOS can detect Mac Keyloggers using event taps (lien direct)

ReiKey is a free tool that allows to scan and detect keylogger that install persistent keyboard “event taps” to intercept your keystrokes. Good news for macOS users, a new open source tool dubbed ReiKey allows them to detect Mac Keyloggers. The ReiKey app monitor systems for applications that analyzed keyboard ‘event taps‘ to monitor and […]

The post ReiKey app for macOS can detect Mac Keyloggers using event taps appeared first on Security Affairs.

Pirate.png 2019-01-07 10:39:03 Town of Salem : Une violation de données touche 7,6 millions de joueurs (lien direct)
Une brèche massive dans le jeu de rôle en ligne "Town of Salem" aurait exposé les données personnelles de plus de 7,6 millions de joueur. L\'information a été annoncée par l\'exploitant du jeu, BlankMediaGames (BMG).
bleepingcomputer.png 2019-01-07 10:17:01 GandCrab Operators Use Vidar Infostealer as a Forerunner (lien direct)

Cybercriminals behind GandCrab have mixed the infostealer Vidar in the distribution process of the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files. [...]

bleepingcomputer.png 2019-01-07 10:14:01 Apple iOS Games Found Talking to Golduck Malware C&C Servers (lien direct)

Researchers found 14 retro games in Apple\'s App Store that communicated with command-and-control servers previously used by the Android Golduck Loader [...]

bleepingcomputer.png 2019-01-07 10:14:01 App Store Games Found Communicating with Golduck Malware C&C servers (lien direct)

Researchers found 14 retro games in Apple\'s App Store that communicated with command-and-control servers previously used by the Android Golduck Loader [...]

bleepingcomputer.png 2019-01-07 09:01:05 Apple Taunts Competitors on Lack of Privacy With CES 2019 Ad (lien direct)

This year Apple came to CES in the form of a giant ad near the CES 2019 conference center that takes a swing at its competitors, such as Google and Amazon, by taunting them about their privacy concerns. [...]

bleepingcomputer.png 2019-01-07 09:01:05 Apples Taunts Competitors on Lack of Privacy With CES 2019 Ad (lien direct)

This year Apple came to CES in the form of a giant ad near the CES 2019 conference center that takes a swing at its competitors, namely Google and Amazon, by taunting them about their privacy concerns. [...]

10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

Information mise à jours le: 2019-01-19 06:03:28
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter