What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
The_State_of_Security.png 2019-01-17 12:58:04 Magecart hits hundreds of websites via ad supply chain hijack (lien direct)

A criminal Magecart gang successfully compromised hundreds of ecommerce websites via a malicious script that silently harvested personal data and payment card information as customers bought goods and services online.

The post Magecart hits hundreds of websites via ad supply chain hijack appeared first on The State of Security.

ESET.png 2019-01-17 12:58:02 New Year\'s resolutions: Routing done right (lien direct)

>As another thing to improve this year, you may want to route your focus on a device that is the nerve center of your network and, if poorly secured, the epicenter of much potential trouble

The post New Year\'s resolutions: Routing done right appeared first on WeLiveSecurity

no_ico.png 2019-01-17 12:49:02 Congress\' Stalemate Means The U.S. Will Remain Cybercriminals\' Prime Target (lien direct)

Experts comments below: Francis Dinha, CEO at OpenVPN: “With the government shutdown, our country’s cybersecurity is at risk — both in the short term and the long term. The immediate risk is, of course, a higher vulnerability to attack. Without a full support staff, those essential employees still working hard to maintain cybersecurity simply don’t have …

The ISBuzz Post: This Post Congress\' Stalemate Means The U.S. Will Remain Cybercriminals’ Prime Target appeared first on Information Security Buzz.

SecurityAffairs.png 2019-01-17 12:39:02 Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6 (lien direct)

Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is related to the way […]

The post Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6 appeared first on Security Affairs.

no_ico.png 2019-01-17 12:34:01 US Gov Shutdown & Cybersecurity (lien direct)

Security experts from Juniper Networks issued comments this afternoon about the impact of the US government shutdown, specifically citing how it may affect government IT recruiting and hiring: Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks: “The biggest impact of the shutdown, in my opinion, is that furloughing cybersecurity analysts creates a vulnerability for government networks. As we …

The ISBuzz Post: This Post US Gov Shutdown & Cybersecurity appeared first on Information Security Buzz.

TechRepublic.png 2019-01-17 12:30:04 Windows 10\'s troubled 1809 update is headed your way after months of fixing showstopping bugs (lien direct)

Windows 10 computers started receiving the new version of the OS via Windows Update yesterday, marking the beginning of a phased rollout to the bulk of PCs used in homes and by small businesses.

The_State_of_Security.png 2019-01-17 12:17:05 Nearly 800 Million Email Addresses Exposed in “Collection #1” Data Breach (lien direct)

A data breach known as “Collection #1” exposed approximately 800 million email addresses as well as tens of millions of passwords. In the beginning of January, multiple people reached out to Australian web security expert Troy Hunt about a sizable collection of files hosted on cloud service MEGA. This collection, which is no longer available […]… Read More

The post Nearly 800 Million Email Addresses Exposed in “Collection #1” Data Breach appeared first on The State of Security.

SecurityWeek.png 2019-01-17 12:17:02 Security in an IoT World: Your Big Data Problem is Getting Bigger (lien direct)

It\'s that time of year for prediction articles and the number has become almost overwhelming. This year, one of the trending topics I\'ve noticed is the growth in Internet of Things (IoT) and connected devices and an expected surge in cyber risks. Technology vendors, industry analysts and government experts are all pointing to the need for IoT security. But is this really a prediction, or simply a case of history repeating itself?

read more

bleepingcomputer.png 2019-01-17 12:00:00 Android Apps Steal Banking Info, Use Motion Sensor to Evade Detection (lien direct)

Two Android apps infected with a banking malware dropper were found on the Google Play Store, already having been installed on thousands of Android devices and sporting dozens of fake five-star ratings. [...]

WiredThreatLevel.png 2019-01-17 12:00:00 Huawei\'s Many Troubles: Bans, Alleged Spies, and Backdoors (lien direct)

Its execs have been arrested. Its gear is banned in places. And countries are reconsidering relationships with the company. How much trouble is Huawei really in?

ZDNet.png 2019-01-17 11:57:03 Facebook removes propaganda network linked to Russian media group Sputnik (lien direct)

Facebook says Sputnik employees ran hundreds of Facebook pages and accounts, some posing as politicians in other countries.

SecurityWeek.png 2019-01-17 11:46:02 Battle Lines Forming Ahead of a Looming U.S. Privacy Law Fight (lien direct)

Consumer advocates and the data-hungry technology industry are drawing early battle lines in advance of an expected fight this year over what kind of federal privacy law the U.S. should have.

read more

TechRepublic.png 2019-01-17 11:30:00 Open source Spectrum library enables edge processing of images for faster performance (lien direct)

Spectrum can be used to perform image processing on smartphones before uploading data to servers, providing higher quality images than native APIs.

bleepingcomputer.png 2019-01-17 11:26:05 Fake GPS Apps with 50M Installs Just Show Ads and Run Google Maps (lien direct)

19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps. [...]

bleepingcomputer.png 2019-01-17 11:00:00 Rocke\'s Cryptominers Kills Competition, Uninstall Cloud Security Products (lien direct)

Analysis of new malware samples used by the Rocke group for cryptojacking reveals code that uninstalls from Linux servers multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud [...]

WiredThreatLevel.png 2019-01-17 11:00:00 How Trump Could Wind up Making Globalism Great Again (lien direct)

OK, so it was never great in the first place. But the rise of rank nationalists could finally-perversely-spark an era of progress and cooperation for all humanity.

WiredThreatLevel.png 2019-01-17 11:00:00 To Prevent Wildfires, Treat Utilities Like Railroad Barons (lien direct)

PG&E\'s electrical equipment likely caused California\'s massive Camp Fire. That\'s particularly maddening because science knows full well how to stop that.

WiredThreatLevel.png 2019-01-17 11:00:00 Tidying Up When We Have No Control over Our Digital Lives (lien direct)

Never-ending notifications. Pull-to-refresh rewards. There\'s no escape from surveillance capitalism.

SecurityAffairs.png 2019-01-17 10:17:01 South Korea: hackers compromised Defense Acquisition Program Administration PCs (lien direct)

South Korea – Allegedstate-sponsored hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration. Unknown hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration which is the office that manages the military procurement. The news was confirmed by the South Korea Ministry of National Defense. “It has been turned out that 30 computers installed […]

The post South Korea: hackers compromised Defense Acquisition Program Administration PCs appeared first on Security Affairs.

InfosecIsland.png 2019-01-17 09:21:05 Four Technologies that will Increase Cybersecurity Risk in 2019 (lien direct)

While advances in technology provide many benefits, they also open new threat vectors and the potential for attacks that can spread quickly over connected ecosystems.

InfosecIsland.png 2019-01-17 09:10:04 Strategies for Winning the Application Security Vulnerability Arms Race (lien direct)

Security and development teams need to collaborate closely to ensure that enterprise web and mobile applications are free of vulnerabilities that can lead to costly data breaches.

ZDNet.png 2019-01-17 09:02:05 Zix acquires AppRiver in $275 million deal (lien direct)

It seems like 2019 is the year to purchase cloud security companies.

SecurityAffairs.png 2019-01-17 08:47:04 Unprotected server of Oklahoma Department of Securities exposes millions of government files (lien direct)

A huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. Another data leak made the headlines, a huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. It […]

The post Unprotected server of Oklahoma Department of Securities exposes millions of government files appeared first on Security Affairs.

bleepingcomputer.png 2019-01-17 08:37:00 Flaw in Telegram Reveals Awful OpSec from Malware Author (lien direct)

A weakness in the protection of messages delivered using the Telegram Bot API gave researchers access to the communication flow between a piece of malware and its operator. [...]

bleepingcomputer.png 2019-01-17 06:00:05 Banks in West Africa Hit with Off-The-Shelf Malware, Free Tools (lien direct)

Attacks hitting financial organizations in West Africa since at least mid-2017 rely on off-the-shelf malware, free hacking tools, and utilities already available on the target systems to steal credentials, install backdoors, and run commands. [...]

bleepingcomputer.png 2019-01-17 03:31:03 Emsisoft Browser Security Protects You from Malicious Sites (lien direct)

For those looking for extra protection while browsing the web, Emsisoft has a released a browser extension that will block you from interacting with known phishing, malware, or scam sites. [...]

The_Hackers_News.png 2019-01-17 01:37:02 Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks (lien direct)

Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week, all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian

WiredThreatLevel.png 2019-01-17 01:12:05 An Astonishing 773 Million Records Exposed in Monster Breach (lien direct)

Collection #1 appears to be the biggest public breach yet, with millions of unique passwords sitting out in the open.

ZDNet.png 2019-01-17 00:27:00 Google Chrome extension that steals card numbers still available on Web Store (lien direct)

Fake "Flash Player" extension has been available since February 2018, was installed by roughly 400 users.

grahamcluley.png 2019-01-17 00:02:05 Smashing Security #111: When rivals hack, and \'extreme\' baby monitors (lien direct)
Smashing Security #111: When rivals hack, and 'extreme' baby monitors

Why a business spat resulted in Liberia falling off the internet, how the US Government shutdown is impacting website security, and the perplexing world of extreme IoT devices.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Zoë Rose.

The_Hackers_News.png 2019-01-16 23:45:03 Unprotected Government Server Exposes Years of FBI Investigations (lien direct)

A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the

TechRepublic.png 2019-01-16 23:06:00 How to choose the right G Suite edition for your enterprise (lien direct)

Google offers several editions of G Suite ranging from Basic to Teams. Figure out which edition fits your company\'s needs.

WiredThreatLevel.png 2019-01-16 22:53:02 Gillette\'s Ad Proves the Definition of a Good Man Has Changed (lien direct)

Despite the backlash, the fact that the Gillette ad exists at all is an undeniable sign of progress.

WiredThreatLevel.png 2019-01-16 22:35:00 Yandex\'s Self-Driving CES Demo Comes Without a Human Backup (lien direct)

The "Google of Russia" showed up in Vegas with a bold and daring demonstration of what a Moscow-trained robot Moscow can do.

SecurityAffairs.png 2019-01-16 22:22:05 Critical bug in Amadeus flight booking system affects 141 airlines (lien direct)

A critical flaw in online flight ticket booking system developed by Amadeus could impact almost half of the fight travelers of 141 airlines around the world A critical flaw in online flight ticket booking system developed by Amadeus could be exploited by a remote attacker to access and modify travel details and claim his frequent […]

The post Critical bug in Amadeus flight booking system affects 141 airlines appeared first on Security Affairs.

Kaspersky.png 2019-01-16 22:09:02 Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS (lien direct)

Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain.

TechRepublic.png 2019-01-16 21:59:03 CES 2019: Delos targets smart buildings with its monitoring system DARWIN for indoor air and water quality (lien direct)

Delos has a new home wellness intelligence network. Air quality, water quality, lighting and overall comfort are monitored through DARWIN.

TroyHunt.png 2019-01-16 21:54:01 The 773 Million Record "Collection #1" Data Breach (lien direct)

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Many people will land on this page after learning that their email address has appeared in a data breach I\'ve called "Collection #1". Most of them won\'t have a tech background or be familiar with the concept of credential stuffing so I\'m going to write this post for the masses

WiredThreatLevel.png 2019-01-16 21:30:00 Antibiotics Are Failing Us. Crispr Is Our Glimmer of Hope (lien direct)

Antibiotics are still massively overprescribed, a new study shows. With no new drugs in sight, some scientists are turning to Crispr for a reboot.

DarkReading.png 2019-01-16 21:00:00 Malware Built to Hack Building Automation Systems (lien direct)

Researchers dig into vulnerabilities in popular building automation systems, devices.

Blog.png 2019-01-16 20:41:01 Report: Iranian APT Actors Regroup After Main Security Forum Shuts Down (lien direct)

Iranian state-sponsored hackers are regrouping after the shutdown last year of their main security forum, migrating to other forums and making new connections for potential cyber-response against mounting political pressures from the United States and Europe, according to a new report.

The post Report: Iranian APT Actors Regroup After Main...

Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/592439062/0/thesecurityledger -->»

Kaspersky.png 2019-01-16 20:25:04 Millions of Oklahoma Gov Files Exposed by Wide-Open Server (lien direct)

The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.

WiredThreatLevel.png 2019-01-16 20:05:00 Trump Must Be a Russian Agent; the Alternative Is Too Awful (lien direct)

We know a lot about the “what” of the Mueller probe\'s findings. The crucial questions now focus on the “why.”

ZDNet.png 2019-01-16 19:54:03 Hackers breach and steal data from South Korea\'s Defense Ministry (lien direct)

Government says hackers breached 30 computers and stole data from 10.

SecurityAffairs.png 2019-01-16 18:45:00 GreyEnergy: Welcome to 2019 (lien direct)

Early January, an interesting malware sample has been disclosed through the InfoSec community: a potential GreyEnergy implant still under investigation. This kind of threat, previously analyzed by third party firms, contains similarities with the infamous BlackEnergy malware, used in the attacks against the Ukrainian energy industry back in 2015. The Cybaze-Yoroi ZLAB researchers dissected this […]

The post GreyEnergy: Welcome to 2019 appeared first on Security Affairs.

no_ico.png 2019-01-16 18:31:01 Lessons From Some Of The World\'s Largest Data Breaches, And The Way Forward (lien direct)

“What I did 50 years ago is 4,000 times easier to do today because of technology,” says Frank Abagnale, 70-year-old FBI security consultant and former con man. His exploits as a check forger and impostor in the 1960s were showcased in the 2002 film Catch Me If You Can. Back then, it took a lot …

The ISBuzz Post: This Post Lessons From Some Of The World\'s Largest Data Breaches, And The Way Forward appeared first on Information Security Buzz.

TechRepublic.png 2019-01-16 18:07:04 VirtualBox 6.0 brings a much needed upgrade to the UI (lien direct)

VirtualBox 6.0 is out and includes a number of improvements including a new file manager, more support, and modern interface.

WiredThreatLevel.png 2019-01-16 18:03:02 Anti-Trump Activists Defend Fake-*Washington Post* Stunt (lien direct)

Protesters have created satirical newspapers before, but the tactic comes with more baggage in the era of fake news.

WiredThreatLevel.png 2019-01-16 18:00:00 A Crocodile-Like Robot Helps Solve a 300-Million-Year Mystery (lien direct)

Researchers use a fossil, fancy computer work, and a complex robot to tease apart how an early land-walking animal moved.

MalwarebytesLabs.png 2019-01-16 17:00:00 The Advanced Persistent Threat files: APT10 (lien direct) While security companies are getting good at analyzing the tactics of nation-state threat actors, they still struggle with placing these actions in context and making solid risk assessments. So in this series, we\'re going to take a look at a few APT groups, and see how they fit into the larger threat landscape-starting with APT10.

Categories:

Cybercrime Hacking

Tags:

(Read more...)

The post The Advanced Persistent Threat files: APT10 appeared first on Malwarebytes Labs.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Information mise à jours le: 2019-01-19 06:03:28
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter