Sécurité


Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Hackers | Fabricants | Magazines | Virus / Malware

Schneier

IT Security
Erreur: Il y a un erreur avec ce flux.

TAO Security

    • 29 juillet 2021Zeek in Action Videos
      This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project. Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on. I am especially pleased with Video 6 on monitoring wireless netw …

    • 13 avril 2021New Book! The Best of TaoSecurity Blog, Volume 4
       I’ve completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It’s available now for Kindle, and I’m working on the print edition. I’m running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I described the new tit …

    • 1 avril 2021The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO
       What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI’ve been reading Nicole Perlroth’s new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were up …

    • 18 février 2021Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
      PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of …

    • 9 novembre 2020New Book! The Best of TaoSecurity Blog, Volume 3
       Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It’s in the Kindle Store, and if you have an Unlimited account, it’s free. I also published a print edition, which is 485 pages. Book DescriptionThe book features the following description …

Information Security Buzz

    • 9 août 2022Why Data Security Is No Longer Optional (And How To Start)
      Security breaches cost more than just money. Investing in data security today prevents long-term negative consequences that cost your business time, money, and reputation. Acquiring threat intelligence data is a primary step in preventing cyberattacks, and web scraping is the method of choice for modern data-driven businesses. Your business thrives on data, and it must […]

    • 9 août 2022Email Is The Single Biggest Threat To Businesses, And Here’s What You Can Do About It
      Email remains one of the most popular methods of communication, particularly for business communications. There were 316.9 billion emails sent and received every day in 2021, and this is set to increase to 376.4 billion by 2025. But despite the scale of its use and how much people exchange confidential information over email, it is […]

    • 9 août 2022Targeted Attacks On Industrial Enterprises And Public Institutions
      Kaspersky researchers detail a wave of targeted attacks, first observed in January of 2022, on military industrial complex enterprises and public institutions in several countries, identifying multiple attacks. The attackers breached the networks of dozens of enterprises, taking control and evading security solutions. They determined that cyberespionage was the goal of these attacks. Excerpts: …

    • 9 août 2022Twilio Suffers Phishing Attack, Compromising Customer Data – Expert Commentary
      It has been reported that communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The San Francisco-based company, which allows users to build voice and SMS capabilities — such as two-factor authentication (2FA) — into applications, said in a blog post published Monday that it became aware t …

    • 9 août 2022Zuckerberg Unveils New WhatsApp Privacy Features, Experts Weigh In
      As reported by BBC News, Meta has announced new privacy features for WhatsApp users. Users will be able to leave group chats silently, control who can see their online status and block screenshots on View Once messages. Meta chief executive Mark Zuckerberg said this would help keep WhatsApp messaging “as private and secure as face-to-face […]

gHacks

    • 9 août 2022WhatsApp now lets you delete messages after 2 days, leave groups silently, and adds screenshot blocking
      WhatsApp Messenger now allows users to delete messages even after 2 days. The VOIP service announced the news via its social media channels. Prior to this update, WhatsApp had a pretty strict time limit for deleting messages. You could only do so under 1 hour, 8 minutes and 16 seconds. That’s a weird limit, isn’t it? WhatsApp now lets you delete messages after 2 days So, compared to the previous l …

    • 9 août 2022How to upgrade to Linux Mint 21 using the Upgrade Tool
      Last week, the Linux Mint team released Linux Mint 21, a new base version of the popular Linux distribution. Today, instructions have been published on updating existing installations of Linux Mint to the new release. One of the main differences to previous upgrades to new base versions is that the new Upgrade Tool is now available. Released earlier this year, the Upgrade Tool improves the upgradi …

    • 8 août 2022The differences between Windows account PINs and passwords
      Microsoft’s Windows 10 and 11 operating systems support several different account authentication options. There is the classic local user account and password option, the Microsoft account and password option, and options provided by Windows Hello. Use of a PIN is the most common one, as Microsoft is pushing it specifically. Some Windows users might wonder which option is the most secure or most c …

    • 8 août 2022Rescuezilla: open source backup, restore and recovery environment
      Rescuezilla is a free open source disk imaging solution that supports data backups, restores and recovery actions. The application is operating system agnostic, as it needs to be put on an optical disc or an USB drive; one of the benefits that comes out of that, is that may access the application at any time, even if the PC does not boot anymore. Rescuezilla is fully compatible with Clonezilla, a …

    • 8 août 2022Twitter confirms that a data breach leaked email addresses and phone numbers of users
      Twitter has confirmed that it suffered a data breach which leaked the email addresses and phone numbers of users. The issue came to light after a hacker leaked a sample of the data. How did the Twitter data breach happen? In a statement published on its blog, Twitter explains how the issue occurred. It says that the developers had updated the site’s code in June 2021, as part of its regular operat …

SecurityWeek

    • 16 septembre 2020Box Showcases New Offerings for Remote Working Environment
      The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. read more …

    • 16 septembre 2020U.S. House Passes IoT Cybersecurity Bill
      The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. read more …

    • 16 septembre 2020Nozomi Networks Becomes CVE Numbering Authority
      Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). read more …

    • 16 septembre 2020NSA Publishes Guidance on UEFI Secure Boot Customization
      The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization’s needs. read more …

Help Net Security

    • 9 août 2022Sophos announces eight presentations at Black Hat USA 2022, BSides Las Vegas and DEF CON 30
      Sophos announced that SophosAI and Sophos Managed Detection and Response (MDR) will lead eight presentations at Black Hat USA 2022, BSides Las Vegas and DEF CON 30, taking place this week in Las Vegas. Sophos data scientists and threat hunters will be at the events to discuss innovative research findings and to share unique insights into building security machine learning systems, running one of t …

    • 9 août 2022LogoKit update: The phishing kit leveraging open redirect vulnerabilities
      Resecurity identified threat actors leveraging open redirect vulnerabilities in online services and apps to bypass spam filters to ultimately deliver phishing content. Using highly trusted service domains like Snapchat and other online-services, they create special URLs which lead to malicious resources with phishing kits. The kit identified is named LogoKit, which was previously used in attacks a …

    • 9 août 2022Three ransomware gangs consecutively attacked the same network
      Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacked the same network, according to Sophos. The first two attacks took place within two hours, and the third attack took place two weeks later. Each ransomware gang left its own ransom demand, and some of the files were triple encrypted. “It’s bad enough to get one ransomware note, let alone three,” said John Shier, se …

    • 9 août 2022Twilio confirms data breach after its employees got phished
      Cloud communications company Twilio has announced that some of it employees have been phished and that the attackers used the stolen credentials to gain access to some internal company systems and customer data. What happened? The attackers impersonated Twilio’s IT department and sent text messages to current and former Twilio employees, asking them to click on a link to update their passwor …

    • 9 août 2022Cyber syndicates are working with amateur attackers to target businesses
      Cybercrime is being supercharged through “plug and play” malware kits that make it easier than ever to launch attacks. Cyber syndicates are collaborating with amateur attackers to target businesses, putting our online world at risk. This Help Net Security video shows how cybercrime has evolved and what businesses can do to better protect themselves. The post Cyber syndicates are working with amate …

Naked Security – Sophos

SearchSecurity

CSO | Security News

    • 9 août 20227 best reasons to be a CISO
      The job of the CISO can be tough with its share of challenges, difficulties and complications. A CISO’s trials and tribulations include responsibility for protecting a business’s most valuable asset (its data) from an evolving cyberthreat landscape, traversing complex and strict regulatory requirements, balancing security with critical business needs, and juggling a security skills and talent shor …

    • 9 août 2022How OKRs keep security programs on track
      When Michael Gregg joined the State of North Dakota as a security leader, he brought with him a concept he liked to use for keeping his security program on track: identifying objectives and key results (OKRs) and tracking progress against them.He says they had worked for him in the past, and he believed that introducing their use to the state’s security program could be equally useful.“It was a go …

    • 8 août 2022Ransomware, email compromise are top security threats, but deepfakes increase
      While ransomware and business email compromise (BEC) are leading causes of security incidents for businesses, geopolitics and deepfakes are playing an increasing role, according to reports from two leading cybersecurity companies.VMware’s 2022 Global Incident Threat Response Report shows a steady rise in  extortionary ransomware attacks and BEC, alongside fresh jumps in deepfakes and zero-day expl …

    • 8 août 2022SBOM formats SPDX and CycloneDX compared
      Software bills of materials (SBOMs) are becoming a critical component of vulnerability management. Many organizations, however, are still wrestling with understanding fundamental topics in the SBOM discussion, such as the differences among the SBOM formats.What are SBOM formats? SBOM formats are standards for defining a unified structure for generating SBOMs and sharing them with end users or cust …

    • 8 août 2022AWS, Google Cloud, and Azure: How their security features compare
      CISOs trying to determine which of the three major cloud service providers (CSPs) offers the best security need to break that question down into two parts: Which one does the best job securing its own infrastructure, and which one does the best job helping you to secure your data and applications?Security in the public cloud is based on the shared responsibility model, the notion that it’s possibl …

Graham Cluley

Cybersecurity Insiders

    • 9 août 2022deBridge Finance confirms Lazarus hacking group behind Cyber Attack
      DeBridge Finance, that acts as a cross chain protocol, issued an affirmation that North Korea funded ‘Lazarus’ Group of hackers were behind the infiltration of servers early this year. The confirmation was carried out after a detailed investigation carried out by the company’s IT staff in coordination with a forensic provider. Getting deep into the details, a notorious hacking group launched a phi …

    • 9 août 2022Critical Vulnerability in Emergency Alert Systems of United States
      A vulnerability discovered by a security researcher in the emergency alert systems of the United States could allow hackers to infiltrate the servers to send out fake alerts across the country. The security researcher in the above stated reference is Ken Pyle, who is about to present his analysis at the Las Vegas conference between August 11-14th this year and will represent formally CYBIR.com. US …

    • 9 août 2022The future of email threat detection
      This blog was written by an independent guest blogger. As businesses continue to adopt cloud integration and remote work increases, security teams are facing more visibility challenges as well as an influx of security event data. There is more need to understand the threats than ever before, as the threat surface area increases, and tactics increase. Cyber threats are becoming more sophisticated a …

    • 9 août 2022APAC Security Leaders Come Together at SECURE Singapore
      We held our first-ever (ISC)² SECURE Singapore event earlier this month. The in-person event saw leading cybersecurity experts from around the region engaging in discussions around cybersecurity amid profound changes and disruption around the world, and a global workforce gap.  David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency of Singapore (CSA), starte …

The CyberWire
Erreur: Il y a un erreur avec ce flux.

IT Security Guru

    • 9 août 20227-Eleven Stores in Denmark Close After Cyberattack
      7-Eleven stores in Denmark closed their doors yesterday after a cyberattack disrupted store payment and checkout systems throughout the country. The attack occurred early on the 8th August, with the company posting on Facebook that they were likely “exposed to a hacker attack”. The translated statement says that the company has closed all the stores in the country while investigating t …

    • 9 août 2022Twilio Suffers Phishing Based Data Breach
      Twilio, the communications giant, has confirmed that hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The company, based in San Francisco, allows users to build voice and SMS capabilities, such as two-factor authentication (2FA), into applications, said that it became aware that someone gained “unauthorised access …

    • 8 août 2022Attack on Supplier Leaves NHS Recovering Services
      A cyberattack, first identified last Thursday, has caused a “major” computer system outage affecting companies within the NHS, including the 111 call line. Reportedly, a number of health and care systems delivered by business software and services provider Advanced are currently experiencing major outages. Advanced has 26 NHS clients, according to Digital Health Intelligence, and they …

    • 8 août 2022How You Can Hack Your Senses to Work Better
      Cybersecurity has never been a low-stress field. The industry attracts dedicated, highly-skilled perfectionists who are all too willing to shoulder the burden of a company’s cybersecurity without complaint. Yet, increased threats of ransomware and cyberattacks are creating an anxiety filled workplace. The current technological skills gap means there is frequently too much work for too few people. …

    • 8 août 2022Multiple Health and Care Systems Provided by Advanced Hit by Outages
      Reportedly, a number of health and care systems delivered by business software and services provider Advanced are currently experiencing major outages. Advanced has 26 NHS clients, according to Digital Health Intelligence. The company supply services to thousands of healthcare professionals. The company’s Adastra software works with 85% of NHS 111 services. The following systems are currentl …

The Security Ledger

    • 25 juillet 2022Episode 240: As Stakes Of Attacks Grow, Can Cyber Policy “Shift Right”?
      In this episode of the podcast (#240) Lauren Zabierek, the Executive Director for the Cyber Project at the Belfer Center at Harvard’s Kennedy School joins us to talk about the need for a re-think of national cybersecurity preparedness, as major hacks like the attack on Colonial Pipeline put the focus on resilience and public safety. The post …Read the whole entry… » Click the icon b …

    • 19 juillet 2022Hybrid Work Is Here: Is Your Security Strategy Ready for It?
      An “everywhere,” hybrid workforce is no longer concept, but reality. But securing hybrid workplaces requires big changes to how IT security gets done, argues Jason Lee, the CISO of Zoom in this Expert Insight. The post Hybrid Work Is Here: Is Your Security Strategy Ready for It? appeared first on The Security Ledger with Paul F. Roberts. Related StoriesTapping into the Power of the Security Commun …

    • 6 juillet 2022The Future of Attack Surface Management: How to Prepare
      Upwards of 70% of organizations have been compromised because of an unknown, unmanaged, or mismanaged visible asset. Improving your Attack Surface Management capabilities is critical, says David Monnier, a Fellow at Team Cymru. The post The Future of Attack Surface Management: How to Prepare appeared first on The Security Ledger with Paul F….Read the whole entry… » Related StoriesHo …

    • 29 juin 2022How Vulnerability Management Has Evolved And Where It’s Headed Next
      The blocking and tackling work of scan management is becoming a commodity, writes Lisa Xu, the CEO of NopSec in this Expert Insight. What organizations need now is complete visibility of their IT infrastructure and business applications. The post How Vulnerability Management Has Evolved And Where It’s Headed Next appeared first on The Security…Read the whole entry… » Related Stories …

    • 24 juin 2022The Concerning Statistics About Mental Health in Cybersecurity
      Are cyber professionals as good at protecting their mental health as their IT environments? Thomas Kinsella, COO of Tines, talks about the worrying mental health statistics in cyber and how to protect your team. The post The Concerning Statistics About Mental Health in Cybersecurity appeared first on The Security Ledger with Paul F. Roberts. Related StoriesHybrid Work Is Here: Is Your Security Str …

GovInfoSecurity.com

    • Fresh Guilty Plea Follows Crackdown on BitMEX Exchange
      Feds Say Bitcoin Mercantile Exchange Functioned as a Money Laundering PlatformA high-ranking employee at Bitcoin Mercantile Exchange, or BitMEX, has pleaded guilty to violating the Bank Secrecy Act, which requires financial institutions to help prevent money laundering. The plea by Gregory Dwyer follows BitMEX’s three founders all pleading guilty to the same charge. …

    • Ransomware Leak Sites Attract More Attacks
      Victims Often Attacked Simultaneously by Multiple Ransomware GroupsCybercriminals monitor leak sites for newly listed ransomware victims in a bid to try their own hand at dropping encryption malware, says Sophos. The cybersecurity firm says it’s seen an uptick in incidents involving multiple criminal gangs demanding a ransom for unencrypted victims’ files. …

    • Cyberattack on NHS Vendor Already Offering Critical Lessons
      Incident Spotlights Vendor Risk and Criticality of Business Continuity PlansAs the U.K.’s National Health Service continues to deal with the impact of a cyberattack on one of its critical IT suppliers, the situation underscores the risks posed by vendors – and the need to have business continuity plans ready to deploy. …

    • John Watters on Why Google and Mandiant Are Better Together
      Watters Can’t Wait to Combine Google Analytics With Mandiant Intelligence EngineCombining the data analytics of Google Chronicle with Mandiant’s ability to identify signals of abnormal behavior is an unbeatable combination, says Mandiant President and COO John Watters. Google agreed in March to purchase threat intelligence and incident response titan Mandiant for $5.4 billion. …

Infosec Island 
Erreur: Il y a un erreur avec ce flux.

The K-12 Cybersecurity Resource Center

    • 1 juillet 2022How to Get a Handle on Patch Management
      Patch management advice misses the mark when it assumes IT capacity that simply doesn’t exist in most school districts. Continue reading How to Get a Handle on Patch Management at The K-12 Cybersecurity Resource Center. …

    • 1 juillet 2022Deploying MFA for Staff in a K-12 Environment
      Insights into how a large large district deployed MFA (multifactor authentication) to all staff. Continue reading Deploying MFA for Staff in a K-12 Environment at The K-12 Cybersecurity Resource Center. …

    • 17 décembre 2021K12 SIX Releases K12-Specific Log4j Collaboration Resource
      The K12 Security Information Exchange (K12 SIX) is crowdsourcing the Log4j vulnerability status of commonly used K12 software. Continue reading K12 SIX Releases K12-Specific Log4j Collaboration Resource at The K-12 Cybersecurity Resource Center. …

    • 19 août 2021National Cybersecurity Standards for School Districts
      K12 SIX has released the first in a series of guidance and best practice resources designed to establish baseline cybersecurity standards for school districts. Continue reading National Cybersecurity Standards for School Districts at The K-12 Cybersecurity Resource Center. …

Iain Fraser Journalist

InfoSec News
Erreur: Il y a un erreur avec ce flux.

Internet Storm Center | SANS 
Erreur: Il y a un erreur avec ce flux.

Security Gladiators | Internet Security News