What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
ESET.png 2019-03-21 14:22:02 Most second-hand thumb drives contain data from past owners (lien direct)

Our penchant for plugging in random memory sticks isn\'t the only trouble with our USB hygiene, a study shows

bleepingcomputer.png 2019-03-21 14:21:03 Safari, Virtualbox, VMware Get Hacked During First Day of Pwn2Own 2019 (lien direct)

During the first day of Pwn2Own Vancouver 2019, contestants were able to successfully hack into the Apple Safari web browser, Oracle\'s VirtualBox, and VMware Workstation, earning a total of $240,000 in cash awards. [...]

no_ico.png 2019-03-21 14:02:05 New Carbanak Malware Attacks (lien direct)

ZDNet is reporting that the notoriously well-known threat group Fin7, also known as Carbanak, is back with a new set of administrator tools and never-before-seen forms of malware.  Fin7 has been active since at least 2015 and since the group’s inception has been connected to attacks against hundreds of companies worldwide.    Byron Rashed, Vice President of …

The ISBuzz Post: This Post New Carbanak Malware Attacks appeared first on Information Security Buzz.

Blog.png 2019-03-21 14:01:01 Command & Control: Silenttrinity Post-Exploitation Agent (lien direct)

In this article, we will learn to use Silent Trinity tool to exploit windows. Table of content: Introduction Installation Windows exploitation Windows post exploitation Silent trinity to meterpreter Introduction Silent trinity is a command and control tool dedicated to windows. It is developed by byt3bl33d3r in python, iron python, C# and .net. as it is... Continue reading

The post Command & Control: Silenttrinity Post-Exploitation Agent appeared first on Hacking Articles.

WiredThreatLevel.png 2019-03-21 14:00:00 Knock Around a Goat Carcass With These Buzkashi Players (lien direct)

Photographer Anna Huix traveled to Tajikistan to document the centuries-old sporting tradition.

TechRepublic.png 2019-03-21 13:55:00 Vulnerability in Android Instant Apps can be used to steal history, authentication tokens (lien direct)

Google\'s Instant Apps feature allows you to try apps before installing them, though a vulnerability allows attackers to abuse the feature to steal data.

ZDNet.png 2019-03-21 13:46:00 Zero-day in WordPress SMTP plugin abused by two hacker groups (lien direct)

Hacker groups are creating backdoor admin accounts on vulnerable sites and redirecting users to tech support scams.

bleepingcomputer.png 2019-03-21 13:36:04 Cisco Fixes High-Severity Vulnerabilities in IP Phone 77800, 8800 (lien direct)

Cisco released on Wednesday security patches for vulnerabilities present in its IP Phone 7800 and 8800 series. An attacker could exploit most of the flaws remotely without being authenticated [...]

grahamcluley.png 2019-03-21 13:30:00 Google and Facebook scammed out of $123 million by man posing as hardware vendor (lien direct)
Google and Facebook scammed out of $123 million by man posing as hardware vendor

Even the most tech savvy companies in the world can fall for business email compromise.

A Lithuanian man has this week pleaded guilty to tricking Google and Facebook into transferring over $100 million into a bank account under his control after posing as a company that provided the internet giants with hardware for their data centers.

Read more in my article on the Tripwire State of Security blog.

ANSSI.png 2019-03-21 13:12:03 L\'ANSSI accompagne les éditeurs de solutions logicielles avec le premier forum du Label Ebios Risk Manager (lien direct)

Disposer d\'outils logiciels pour réaliser des analyses de risques de bout en bout et les gérer dans le temps est un complément indispensable de la méthode EBIOS Risk Manager. Afin d\'outiller cette nouvelle méthode, l\'ANSSI offre aux utilisateurs une identification claire des solutions logicielles disponibles sur le marché et conformes à la méthode publiée, avec […]

DarkReading.png 2019-03-21 13:10:00 Police Federation of England and Wales Suffers Apparent Ransomware Attack (lien direct)

National Cyber Security Centre and National Crime Agency investigate random attack that locked down the association\'s data and deleted backups.

datasecuritybreach.png 2019-03-21 13:08:02 Comment sécuriser l\'information stratégique d\'une entreprise ? (lien direct)

Prises de décisions importantes et nouveaux axes de travail d’une entreprise reposent parfois sur un choix de stratégie approximatif. Afin que votre entreprise puisse avancer sereinement dans une évolution dynamique, il est important de mettre en place une bonne gouvernance d’entreprise et de sécuriser l’information stratégique. Il faut également proposer une véritable visibilité sur les […]

L\'article Comment sécuriser l’information stratégique d’une entreprise ? est apparu en premier sur Data Security Breach.

WiredThreatLevel.png 2019-03-21 13:00:00 A New Wave of Brainy Bikes Do Everything but Ride Themselves (lien direct)

Automated gear changes, app-controlled suspensions, overtaking vehicle alerts, and more smart tech are here for the human-powered two-wheeler.

TechRepublic.png 2019-03-21 12:58:03 Why digital transformation could open you up to a DDoS attack (lien direct)

One hour of downtime from a DDoS attack costs an average of $221,837 globally, according to Netscout.

SecurityWeek.png 2019-03-21 12:58:02 Schneider Electric Working on Patch for Flaw in Triconex TriStation Emulator (lien direct)

A serious denial-of-service (DoS) vulnerability has been found in Schneider Electric\'s Triconex TriStation Emulator software. The vendor has yet to release a patch, but assured customers that the flaw does not pose a risk to operating safety controllers.

read more

Blog.png 2019-03-21 12:40:04 Report: with most exploited vuln of 2018, it\'s really Really REALLY time to ditch IE! (lien direct)

Microsoft\'s products are still a leading source of exploitable security vulnerabilities used by hackers, according to a report by the firm Recorded Future.

The post Report: with most exploited vuln of 2018, it’s really Really REALLY time to ditch IE! appeared first on The Security Ledger.

-->
bleepingcomputer.png 2019-03-21 12:38:02 Facebook Employees Could Access Unencrypted Passwords for Millions of Users (lien direct)

As part of a seemingly never-ending stream of security blunders, Facebook disclosed today that the passwords of hundreds of millions of Facebook and Instagram users were stored in plain text for years on internal data storage systems. [...]

Kaspersky.png 2019-03-21 12:31:02 Cisco Patches High-Severity Flaws in IP Phones (lien direct)

The most serious vulnerabilities in Cisco\'s 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.

no_ico.png 2019-03-21 12:30:05 Open Source Intelligence [OSINT] And Insecurity (lien direct)

Through robust research, and commercial engagements covering a 10 year period, it may be attested that the element of Open Source Intelligence is not only a major source of exposure, and potential exploitation point for Cyber Attackers; but that it can be the very key to exploitation in the majority of successful Cyber Attacks against …

The ISBuzz Post: This Post Open Source Intelligence [OSINT] And Insecurity appeared first on Information Security Buzz.

securityintelligence.png 2019-03-21 12:30:03 Hunting for the True Meaning of Threat Hunting at RSAC 2019 (lien direct)

>Many vendors at RSAC 2019 boasted of their advanced and even automated threat hunting capabilities, but it\'s important to understand the difference between true threat hunting and marketing jargon.

The post Hunting for the True Meaning of Threat Hunting at RSAC 2019 appeared first on Security Intelligence.

ZDNet.png 2019-03-21 12:17:02 OceanLotus adopts public exploit code to abuse Microsoft Office software (lien direct)

APT32 is using a public exploit to abuse Office and compromise targeted systems.

ESET.png 2019-03-21 12:07:05 I Still Didn\'t See What You Did (lien direct)

More tips for detecting and avoiding sextortion scams

ESET.png 2019-03-21 12:07:05 Rogue\'s Gallery (lien direct)

More tips for detecting and avoiding sextortion scams

The post Rogue’s Gallery appeared first on WeLiveSecurity

grahamcluley.png 2019-03-21 12:05:04 Smashing Security #120: Silk Road with Deliveroo (lien direct)
Smashing Security #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

BBC.png 2019-03-21 12:05:00 Christchurch shootings: \'Bad actors\' helped attack videos spread online (lien direct)

Edited clips were continually uploaded to help defeat automatic detection systems, says Facebook

TechRepublic.png 2019-03-21 12:03:03 Want to learn the fastest-growing programming languages of 2019? Check out these two unstoppable newcomers (lien direct)

JavaScript spin-off TypeScript and Java sibling Kotlin once again race up the RedMonk Programming Language Rankings.

securityintelligence.png 2019-03-21 12:00:02 What Security Threats of the Past Can Tell Us About the Future of Cybersecurity (lien direct)

>If we look close enough, many new security threats are something we\'ve seen in another form or an attack style we\'ve had to previously defend against.

The post What Security Threats of the Past Can Tell Us About the Future of Cybersecurity appeared first on Security Intelligence.

WiredThreatLevel.png 2019-03-21 12:00:00 The Haunting of Hacker House (lien direct)

How tales of Edward Snowden and Albert Gonzalez possess an old Victorian in the Catskills.

The_Hackers_News.png 2019-03-21 11:49:04 Facebook Mistakenly Stored Millions of Users\' Passwords in Plaintext (lien direct)

Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for "hundreds of millions" users in plaintext. What\'s more? Not just Facebook, Instagram users are also affected by the latest security incident. So, if you are one of the affected users, your Facebook or Instagram password was readable to some of

no_ico.png 2019-03-21 11:48:02 MyPillow And Amerisleep Hit By Magecart (lien direct)

Cybersecurity researchers at RiskIQ discovered the two newly identified Magecart attacks targeting the bedding retailers MyPillow and Amerisleep. Magecart is a term used to describe different hacking groups specialised in implanting malicious code on the e-commerce websites. The Magecart injected the digital card skimmer on their websites to steal payment information at the checkout page.  It\'s a bed breach and beyond.https://t.co/UykuBmPYwq — CNET News (@CNETNews) March 20, 2019 …

The ISBuzz Post: This Post MyPillow And Amerisleep Hit By Magecart appeared first on Information Security Buzz.

securityintelligence.png 2019-03-21 11:30:02 Securing the Microservices Architecture: Decomposing the Monolith Without Compromising Information Security (lien direct)

>Ditching monolith for microservices may be right for your organization, but it\'s critical to address the relevant security considerations early in the process.

The post Securing the Microservices Architecture: Decomposing the Monolith Without Compromising Information Security appeared first on Security Intelligence.

bleepingcomputer.png 2019-03-21 11:24:01 Microsoft Defender ATP Brings Enterprise Protection to Macs (lien direct)

Microsoft announced that the Windows Defender Advanced Threat Protection (ATP) enterprise platform is now available for macOS as part of a limited preview starting today and rebranded as Microsoft Defender ATP to reflect its new cross-platform support. [...]

WiredThreatLevel.png 2019-03-21 11:00:00 iPad Mini (2019) Review: Hello, Old Friend (lien direct)

Apple\'s littlest iPad gets an update.

WiredThreatLevel.png 2019-03-21 11:00:00 In the Face of Danger, We\'re Turning to Surveillance (lien direct)

From the Rose Bowl to upstate New York, people are turning to surveillance systems in the face America\'s inability to meaningfully address of gun violence.

WiredThreatLevel.png 2019-03-21 11:00:00 Researchers Built an "Online Lie Detector." Honestly, That Could Be a Problem (lien direct)

Critics point out serious flaws in a study promising an "online polygraph," with potential to create deep biases.

no_ico.png 2019-03-21 10:55:00 Google Photos Bug Exposed The Location & Time Of Users\' Pictures (lien direct)

It has been reported that a vulnerability in the web version of Google Photos allowed websites to learn a user’s location history based on the images they stored in the account. The flaw affected the Google Photos search endpoint that allows users to quickly find pictures based on aggregated metadata, such as geo-location and date of creation, …

The ISBuzz Post: This Post Google Photos Bug Exposed The Location & Time Of Users’ Pictures appeared first on Information Security Buzz.

ZDNet.png 2019-03-21 10:49:00 MyPillow and Amerisleep wake up to Magecart card theft nightmare (lien direct)

The US firms may have a few sleepless nights over the security breaches.

The_State_of_Security.png 2019-03-21 10:30:02 When Is a Data Breach a Data Breach? (lien direct)

A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate. But what exactly classifies an event as a data breach? The world wide web is […]… Read More

The post When Is a Data Breach a Data Breach? appeared first on The State of Security.

SecurityAffairs.png 2019-03-21 10:04:01 Pwn2Own 2019 Day 1 – participants hacked Apple, Oracle, VMware products (lien direct)

Pwn2Own 2019 hacking competition is started and participants hacked Apple Safari browser, Oracle VirtualBox and VMware Workstation on the first day. As you know I always cover results obtained by white hat hackers at hacking competitions, for this reason, today I’ll share with you the results of the first day of the Pwn2Own 2019. Pwn2Own […]

The post Pwn2Own 2019 Day 1 – participants hacked Apple, Oracle, VMware products appeared first on Security Affairs.

WiredThreatLevel.png 2019-03-21 10:00:00 The Punishing Ecstasy of Being a Reddit Moderator (lien direct)

Banishing zombies and tracking down Russia propaganda-on the front lines with the social site\'s volunteer army.

WiredThreatLevel.png 2019-03-21 10:00:00 Scientists Reveal Ancient Social Networks Using AI-and X-Rays (lien direct)

Historians are using data science to unearth overlooked female power brokers, imperial influencers, and other figures hidden in ancient texts.

SecurityWeek.png 2019-03-21 09:48:01 The \'Katz\' Out of the Bag: Catching Mimikatz With Anomaly Detection (lien direct)

Mimikatz Has Become a Lethal Weapon for Attackers Seeking to Move Laterally Inside Corporate and Government Networks

read more

SecurityAffairs.png 2019-03-21 08:33:03 Experts found a critical vulnerability in the NSA Ghidra tool (lien direct)

A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is […]

The post Experts found a critical vulnerability in the NSA Ghidra tool appeared first on Security Affairs.

Korben.png 2019-03-21 08:00:03 Commento – Un clone libre de Disqus qui s\'intègre sur n\'importe quel site en quelques secondes (lien direct)

Vous le savez, pour les commentaires sur ce site, j’ai utilisé différents outils. Tout d’abord, je me reposais sur le système de commentaires natif de WordPress. Mais au-delà d’un certain nombre de commentaires et d’un certain flux journalier de visites, c’est devenu une usine à gaz. Ça faisait ramer à … Suite

SecurityAffairs.png 2019-03-21 07:36:02 [SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies (lien direct)

LockerGoga is the most active ransomware, experts warns it focuses on targeting companies and bypass AV signature-based detection. LockerGoga ransomware is a crypto-malware that loads the malicious file on the system from an infected email attachment. This threat is very critical these days, and it is the most active ransomware that focuses on targeting companies. Altran and Norsk Hydro are two companies severely […]

The post [SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies appeared first on Security Affairs.

Blog.png 2019-03-21 07:05:01 GUEST ESSAY: Why there\'s no such thing as anonymity it this digital age (lien direct)

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can\'t — and won\'t — stop generating data, which sooner or later can be traced back to you. Related: The Facebook factor A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave […]

SecurityWeek.png 2019-03-21 06:57:03 Apple, Oracle, VMware Software Hacked at Pwn2Own 2019 (lien direct)

Apple\'s Safari web browser and the Oracle VirtualBox and VMware Workstation virtualization products were hacked on the first day of the Pwn2Own 2019 hacking competition, earning researchers a total of $240,000 in cash.

read more

bleepingcomputer.png 2019-03-21 06:01:00 Fake CDC Emails Warning of Flu Pandemic Push Ransomware (lien direct)

A new malspam campaign is being conducted that is pretending to be from the Centers for Disease Control and Prevention (CDC) about a new Flu pandemic. Attached to the emails are a malicious attachment that when opened will install the GandCrab v5.2 Ransomware on the target\'s computer. [...]

ZDNet.png 2019-03-21 05:30:00 PewDiePie fans keep making junk ransomware (lien direct)

Please, YouTube! Just hide PewDiePie and T-Series\' followers count and put this competition to bed.

Blog.png 2019-03-21 05:12:05 OSX Exploitation with Powershell Empire (lien direct)

This article is another post in the empire series. In this article, we will learn OSX Penetration testing using empire. Table of Content Exploiting MAC Post Exploitation Phishing Privilege Escalation Sniffing Exploiting MAC Here I\'m considering you know PowerShell Empire’s basics, therefore, we will create the listener first using the following commands: [crayon-5c93287313408059622813/] Executing the... Continue reading

The post OSX Exploitation with Powershell Empire appeared first on Hacking Articles.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Information mise à jours le: 2019-03-26 04:01:32
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter