This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-10T03:12:15+00:00 www.secnews.physaphae.fr Graham Cluley - Blog Security Make sure that all your Apple devices are patched before online criminals attempt to take advantage of this flaw.Read more in my article on the We Live Security blog.]]> 2016-07-20T23:29:52+00:00 http://www.welivesecurity.com/2016/07/21/users-iphones-macs-must-update-avoid-stagefright-like-bug/ www.secnews.physaphae.fr/article.php?IdArticle=4473 False None None None Graham Cluley - Blog Security "interesting commonalities" in website registration records, revealing strange links between a Russian security firm called Infocube (also known as Infokube) and the notorious Carbanak cybercrime gang.Carbanak, of course, has been blamed for stealing hundreds of millions of dollars, after targeting e-payment systems and installing malware on ATM infrastructure that resulted in theft from cash machines.Infokube, meanwhile, claims to work with some of the best known firms in computer security.Krebs reached out to Artem Tveritinov, Infokube's apparent CEO, to ask if he had any explanation for the website registration details showing such similarities:"Our company never did anything illegal, and conducts all activities according to the laws of Russian Federation," Tveritinov said in an email. "Also, it's quite stupid to use our own personal data to register domains to be used for crimes, as [we are] specialists in the information security field."Krebs reports that as he sent Tveritinov questions by email, the Russian deleted his social media presence:"I noticed that the Vkontakte social networking profile that Tveritinov had maintained regularly since April 2012 was being permanently deleted before my eyes. Tveritinov's profile page and photos actually disappeared from the screen I had up on one monitor as I was in the process of composing an email to him in the other."Read the whole fascinating story on Krebs on Security.]]> 2016-07-20T09:20:52+00:00 https://www.grahamcluley.com/2016/07/russian-security-firm-linked-cybercrime-gang/ www.secnews.physaphae.fr/article.php?IdArticle=4406 False None None None Graham Cluley - Blog Security Steemit recently experienced both a hack that resulted in the theft of users' funds and a DDoS attack.David Bisson reports.]]> 2016-07-19T16:55:44+00:00 https://www.grahamcluley.com/2016/07/steemit-experienced-hack-theft-user-funds-ddos-attack/ www.secnews.physaphae.fr/article.php?IdArticle=4354 False None None None Graham Cluley - Blog Security Although it's good that Apple has apparently fixed this FaceTime snooping vulnerability, it's alarming to hear that there may be other as-yet-unpatched vulnerabilities still to be addressedRead more in my article on the Hot for Security blog.]]> 2016-07-19T13:53:17+00:00 https://www.hotforsecurity.com/blog/apple-fixes-facetime-eavesdropping-bug-other-other-flaws-may-remain-16048.html www.secnews.physaphae.fr/article.php?IdArticle=4343 False None None None Graham Cluley - Blog Security The MacKeeper utility suite, which claims to help Mac users stop security threats, find duplicate files, and help you uninstall unwanted apps, doesn't have the best reputation.And now they're making legal threats against a teenage video maker.]]> 2016-07-19T09:39:44+00:00 https://www.grahamcluley.com/2016/07/mackeeper-threatens-sue-14-year-old-youtuber/ www.secnews.physaphae.fr/article.php?IdArticle=4321 False None Uber None Graham Cluley - Blog Security The Register:Adobe says a buggy installer is the reason some people have two different versions of Flash Player on their Windows PCs.The software house told The Register it had to create an additional build of the browser plugin specifically for Microsoft's Internet Explorer after the version made for other browsers – such as Mozilla's Firefox and Microsoft's Edge – wouldn't install properly for IE.So, for example, if you have Internet Explorer and Firefox on your machine, you'll have two slightly different copies of Flash that should be functionally the same.Quality control? Testing? What's that then?I wouldn't blame you if you feel that this is the straw that broke the camel's back. Here is how to completely uninstall Adobe Flash from your computer.]]> 2016-07-18T14:36:24+00:00 https://www.grahamcluley.com/2016/07/adobe-cockup-means-different-versions-flash-installed/ www.secnews.physaphae.fr/article.php?IdArticle=4248 False None None None Graham Cluley - Blog Security Manufacturers of several different fitness wristbands continue to pay insufficient attention to security, reveals a new investigation.David Bisson reports.]]> 2016-07-18T07:55:12+00:00 https://www.grahamcluley.com/2016/07/fitness-trackers-falling-short-security-reveals-new-report/ www.secnews.physaphae.fr/article.php?IdArticle=4214 False None None None Graham Cluley - Blog Security ingenious way to make money from the likes of Google, Microsoft and Instagram - getting their two-factor authentication registration schemes to call a premium rate phone number:"They all offer services to supply users with a token via a computer-voiced phone call, but neglected to properly verify whether supplied phone numbers were legitimate, non-premium numbers. This allowed a dedicated attacker to steal thousands of EUR/USD/GBP/... Microsoft was exceptionally vulnerable to mass exploitation by supporting virtually unlimited concurrent calls to one premium number"Clever!Swinnen told the tech companies concerned about the issue. Despite the fact that it was clear that no customer data was being put at risk through the technique (the actual potential damage was for the tech companies to lose some cash), the researcher was awarded $2000 and $500 by Instagram's and Google's respective bug bounties.You can learn more in Arne Swinnen's blog post.]]> 2016-07-17T08:27:56+00:00 https://www.grahamcluley.com/2016/07/steal-money-instagram-microsoft-google-help-premium-rate-phone-number/ www.secnews.physaphae.fr/article.php?IdArticle=4196 False None None None Graham Cluley - Blog Security warned that there has been a security breach on the Ubuntu Forums site, resulting in the theft of two million members' usernames, IP addresses, and email addresses:At 20:33 UTC on 14th July 2016, Canonical's IS team were notified by a member of the Ubuntu Forums Council that someone was claiming to have a copy of the Forums database.After some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.If you think you may have heard a similar story in the past, your memory isn't deceiving you. Ubuntu Forums was previously hacked in 2013.]]> 2016-07-16T09:07:38+00:00 https://www.grahamcluley.com/2016/07/ubuntu-forums-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=4187 False None None None Graham Cluley - Blog Security In response to the disclosure of vulnerabilities in Tor's design, researchers at MIT have created Riffle, a system that allegedly provides better security and uses bandwidth more efficiently.David Bisson reports.]]> 2016-07-15T09:04:53+00:00 https://www.grahamcluley.com/2016/07/mit-researchers-unveil-new-anonymity-scheme-rival-tor/ www.secnews.physaphae.fr/article.php?IdArticle=4096 False None None None