Année : 2018

Microsoft published technical details of 2 zero-days that have been recently discovered after someone uploaded a weaponized PDF file to VirusTotal. Security researchers from Microsoft have published technical details of two zero-day vulnerabilities that have been recently discovered after someone uploaded a weaponized PDF file to VirusTotal. The two issues […]

The maintainers of the Trezor multi-cryptocurrency wallet service reported a phishing attack against some of its users that occurred during the weekend. The attack appears more complex respect a simple phishing campaign, hackers may have powered a DNS poisoning attack or a BGP hijacking to redirect users to a rogue phishing site that mimic […]

Une vulnérabilité dans le filtrage des entrées d’utilisateurs authentifiés a été identifiée dans WordPress. Elle impacte toutes les versions de WordPress, y compris l’actuelle, 4.9.6, et son exploitation permettrait d’exécuter du code arbitraire. Le problème a été signalé il y a 7 mois à l’équipe de sécurité de WordPress mais reste […]

De nouvelles variantes d’un logiciel publicitaire (adware) basé sur Python sont distribuées sur Internet. Ces variantes infectent les machines et affichent des publicités sur les postes. De la même manière, elles installent des extensions malicieuses et des mineurs de cryptomonnaie sur les machines. Baptisé PBot ou PythonBot, ce publiciel a […]

Security expert Vinny Troia has found a huge trove of data belonging to millions of Americans that were left unsecured online.  The security researcher Vinny Troia was analyzing the level of security for Elasticsearch installs exposed online when discovered millions of records belonging to Americans that were left unsecured online. The expert […]

The sale of Zero-day exploits is a prolific business, zero-day broker Zerodium offers rewards of up to $500,000 FreeBSD, OpenBSD, NetBSD, Linux Zero-Days. The sale of Zero-day exploits is a prolific business that most people totally ignore, to better understand its evolution let’s analyze together the offer of the popular […]

FireEye reported the PROPagate code injection technique that was observed for the first time in a malware distribution campaign in the wild. Security experts from FireEye have documented the PROPagate code injection technique that was observed for the first time in a malware distribution campaign in the wild. The PROPagate code […]

For the past two days, secure email provider ProtonMail has been fighting off DDoS attacks that have visibly affected the company’s services, causing short but frequent outages at regular intervals. « The attacks went on for several hours, although the outages were far more brief, usually several minutes at a time […]

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users’ cellular […]