Sécurité

Hackers | Fabricants | Magazines | Virus / Malware

Schneier

IT Security

    • 8 mai 2018Putting FUD Back in Information Security
      FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […]

    • 16 avril 2018Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix
      A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

    • 1 avril 2018Information Security and the Zero-Sum Game
      A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […]

    • 16 mars 2018Google’s new Gaming Venture: A New Player?
      Google in Gaming – Facts and Speculation In January 2018, game industry veteran Phil Harrison announced that he was joining Google as a Vice President and GM. With Harrison’s long history of involvement with video game companies – having previously worked with Sony and Microsoft’s Xbox division – this immediately prompted speculation and rumours about […]

    • 9 février 2018Bubble Economies and the Sustainability of Mobile Gaming
      Old Bubbles and New Bubbles Gaming is a technology-based market, and tech markets are no strangers to economic bubbles and the effects of them bursting. The market recession of the early 2000s, most commonly known as the Dotcom Crash, is probably the biggest and most influential ‘burst bubble’ of the internet era. The Dotcom Bubble […]

TAO Security

    • 23 octobre 2020MITRE ATT&CK Tactics Are Not Tactics
      Just what are « tactics »?IntroductionMITRE ATT&CK is a great resource, but something about it has bothered me since I first heard about it several years ago. It’s a minor point, but I wanted to document it in case it confuses anyone else.The MITRE ATT&CK Design and Philosophy document from March 2020 says the following:At a high-level, ATT&CK is a behavioral model that consists of …

    • 10 octobre 2020Greg Rattray Invented the Term Advanced Persistent Threat
       I was so pleased to read this Tweet yesterday from Greg Rattray: »Back in 2007, I coined the term “Advanced Persistent Threat” to characterize emerging adversaries that we needed to work with the defense industrial base to deal with… Since then both the APT term and the nature of our adversaries have evolved. What hasn’t changed is that in cyberspace, advanced attackers will persistent …

    • 3 septembre 2020The FBI Intrusion Notification Program
      The FBI intrusion notification program is one of the most important developments in cyber security during the last 15 years. This program achieved mainstream recognition on 24 March 2014 when Ellen Nakashima reported on it for the Washington Post in her story U.S. notified 3,000 companies in 2013 about cyberattacks. The story noted the following: »Federal agents notified more than 3, …

    • 1 septembre 2020New Book! The Best of TaoSecurity Blog, Volume 2
       I published a new book!The Best of TaoSecurity Blog, Volume 2: Network Security Monitoring, Technical Notes, Research, and China and the Advanced Persistent ThreatIt’s in the Kindle Store, and if you’re Unlimited it’s free. Print edition to follow.The book lists as having 413 pages (for the Kindle edition at least) at it’s almost 95,000 words. I started working on it in June after finishing …

    • 19 août 2020One Weird Trick for Reviewing Zeek Logs on the Command Line!
      Are you a network security monitoring dinosaur like me? Do you prefer to inspect your Zeek logs using the command line instead of a Web-based SIEM?If yes, try this one weird trick!I store my Zeek logs in JSON format. Sometimes I like to view the output using jq.If I need to search directories of logs for a string, like a UID, I might* use something like zgrep with the following syntax:$ zgrep « CLk …

Information Security Buzz

    • 30 octobre 2020Comment: Wisconsin Republican Party Hacked For $2.3 Million
      Hackers stole $2.3 million from the Wisconsin Republican Party’s account that was being used to help reelect President Donald Trump in the key battleground state, the party’s chairman told The Associated Press on Thursday. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday, said Republican Party Chairman Andrew Hitt. … The ISBuzz Post: This Post Comment: Wis …

    • 30 octobre 2020Election Security – Cybersecurity Experts Commentary
      As we know, in the United States election security has been a top point of concern with so many aspects of the process vulnerable to attacks that can be exploited for personal or political gain. With experts citing security breaches as a top concern for the 2020 election, it’s more important than ever that strategies are implemented … The ISBuzz Post: This Post Election Security – Cybe …

    • 30 octobre 2020Three Ways To Hack An Election: Election Security Is About Cybersecurity
      In 2020, securing elections is chiefly a matter of cybersecurity. Since I founded Data Connectors in 1999, we have been fueling the collaboration of government agencies with cybersecurity professionals and solution providers. As a voter, I set out to see what they know that could help us understand more about the security of our electoral … The ISBuzz Post: This Post Three Ways To Hack An El …

    • 30 octobre 2020FBI Alert: Imminent Threat Of Ransomware Attacks On U.S. Healthcare – Experts Comments
      The FBI and other government agencies last night issued an emergency alert warning U.S. healthcare providers of an imminent threat of ransomware attacks targeting these organizations to disrupt patient services. The CISA/FBI alert is here: https://us-cert.cisa.gov/ncas/alerts/aa20-302a The ISBuzz Post: This Post FBI Alert: Imminent Threat Of Ransomware Attacks On U.S. Healthcare – Experts Comments …

    • 30 octobre 202036 Billion Personal Records Exposed By Hacks In 2020 So Far
      The number of records exposed in data breaches and leaks has surged to 36 billion so far this year, representing almost 3,000 separate incidents, further extending 2020s status as the worst year on record, according to IT Pro. While organisations sustained an onslaught throughout the first half of 2020, the last 3 months to date extra … The ISBuzz Post: This Post 36 Billion Personal Records …

gHacks

    • 30 octobre 2020Microsoft makes it easier to install Windows Subsystem for Linux (WSL) on Windows 10
      Microsoft has improved the installation process for the Windows Subsystem for Linux (WSL) in the recent Insider Preview build 20246. Starting in this build and going forward, all it takes to install all necessary components and a supported Linux distribution is a single command. The new feature makes the installation of WSL on Windows 10 devices a lot easier. If you check out the current installat …

    • 30 octobre 2020How to bypass Windows 10 Upgrade Blocks (Safeguard holds)
      Windows 10 administrators may enable policies on devices to bypass upgrade blocks that prevent the device from being offered feature updates. Upgrade blocks, or Safeguard holds as Microsoft calls them, are designed to prevent devices from being upgraded to a new version of Windows 10 because of known compatibility issues in that new version. While it is usually a good idea to keep a device on a pr …

    • 30 octobre 2020WebAutoType is a KeePass plugin that adds support for AutoType URL matching
      Are you a KeePass user? Do you use AutoType? If so, you may have come across a website or two, where the command didn’t work. WebAuToType is a plugin that improves the built-in AutoType functionality of the password manager. Before we get started, please be aware this is not an autofill plugin like Kee, KeeForm, and others. This plugin enhances the AutoType hotkey’s behavior. How to install WebAut …

    • 29 octobre 2020New Windows 10 Manual Driver Updates process starts on November 5, 2020
      Microsoft has changed driver distribution and installation processes on the company’s Windows 10 operating system in recent time. The company moved the functionality to search for optional drivers from the Device Manager to the optional updates section of the Settings application, saying that it would improve the visibility of these updates to the user. In August 2020, Microsoft revealed that « vie …

SecurityWeek

    • 16 septembre 2020Box Showcases New Offerings for Remote Working Environment
      The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. read more …

    • 16 septembre 2020U.S. House Passes IoT Cybersecurity Bill
      The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. read more …

    • 16 septembre 2020Nozomi Networks Becomes CVE Numbering Authority
      Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). read more …

    • 16 septembre 2020NSA Publishes Guidance on UEFI Secure Boot Customization
      The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization’s needs. read more …

Help Net Security

    • 30 octobre 2020Pktvisor: Open source tool for network visibility
      NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub. The importance of applications and digital services has skyrocketed in 2020. Connectivity and resilience are imperative to keeping people connected and business moving forward. Visibility into network traffic, especially in distributed edge environments and with malicious attacks …

    • 30 octobre 2020Red Hat Enterprise Linux 8.3 delivers new security profiles and enhanced performance
      Red Hat announced Red Hat Enterprise Linux 8.3, the latest version of its enterprise Linux platform. Generally available in the coming weeks, Red Hat Enterprise Linux 8.3 fuses the stability required by IT operations teams with cloud-native innovation, providing a more stable platform for next-generation enterprise applications. Already an established backbone for mission-critical computing, the l …

    • 30 octobre 2020What’s next for cloud backup?
      Cloud adoption was already strong heading into 2020. According to a study by O’Reilly, 88% of businesses were using the cloud in some form in January 2020. The global pandemic just accelerated the move to SaaS tools. This seismic shift where businesses live day-to-day means a massive amount of business data is making its way into the cloud. All this data is absolutely critical for core business fu …

    • 30 octobre 2020New infosec products of the week: October 30, 2020
      Confluera 2.0: Enhanced autonomous detection and response capabilities to protect cloud infrastructure Confluera XDR delivers a purpose-built cloud workload detection and response solution with the unique ability to deterministically track threats progressing through the environment. Confluera holistically integrates security signals from the environment to provide a complete attack narrative of a …

    • 30 octobre 2020Breaches down 51%, exposed records set new record with 36 billion so far
      The number of records exposed has increased to a staggering 36 billion. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record,” Risk Based Security reveals. “The quagmire that formed in the breach landscape this Spring has continued through the third quarter …

Naked Security – Sophos

SearchSecurity

CSO | Security News

    • 30 octobre 2020Is Cybersecurity Awareness Month worth it?
      It’s almost the end of October, which means another national cybersecurity awareness month (NCSAM) is about to end.  What?  You didn’t know it was national cybersecurity awareness month?  You’re not alone and that’s the problem I have with this annual October “celebration.”Now I wasn’t always this much of a Debbie Downer about NCSAM.  In 2008, I attended the NCSAM kickoff event at the Ronald Reaga …

    • 30 octobre 2020The CSO guide to top security conferences, 2020
      There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and w …

    • 29 octobre 202014 controls for securing SAP systems in the cloud
      On-premises SAP deployments are notoriously complex with extensive customer customizations to the point where even making configuration changes for security reasons might require months-long planning and testing to make sure they break nothing in the environment. As more companies move their ERP deployments to the cloud, they have an opportunity to ensure the systems are configured securely. [ Fol …

    • 29 octobre 2020What is a supply chain attack? Why you should be wary of third-party providers
      A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changes the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before. [ How much does a data br …

    • 28 octobre 2020Take part in the 2021 IT Salary Survey
      Whether you’re scouting out a new job or looking to fill a key IT role, access to salary data is an important tool. Help us help you by taking our 10-minute IT Salary Survey.

Graham Cluley

    • 30 octobre 2020Marriott data breach fine slashed to £18.4 million by UK regulator
      Marriott International has been fined £18.4 million (US $23.8 million) for its failure to adequately protect the personal records 339 million guests. The fine, imposed by UK data regulator, the Information Commissioner’s Office (ICO), is a massive 81% less than the £99.2 million fine originally imposed upon the hotel group last year. Read more in my article on the Hot for Security blog.

    • 29 octobre 2020US hospitals warned of threat of imminent ransomware attack
      US hospitals and healthcare providers have been warned that there is evidence of a credible and imminent threat that they will be targeted by ransomware. In an alert jointly released by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS), the agencies reveal that it has « credible information of an increased and imminent cyberc …

    • 29 octobre 2020Become a security intelligence expert, with these free tools from Recorded Future
      Many thanks to the great folks at Recorded Future, who have sponsored my writing for the past week. If 2020 taught the security industry anything, it is this: There has never been a better time to be a cybercriminal. From extortion ransomware to cyberespionage campaigns, adversaries are capitalizing on uncertainty, causing chaos, and cashing in. … Continue reading « Become a security intellig …

    • 29 octobre 2020Smashing Security podcast #202: The Wu-Tang Clan are Among Us
      Voting machines are under the microscope, scammers are posing as rap stars, and American politician AOC isn’t the only one who’s been getting into the Among Us game. All this and much more is discussed in the latest edition of the award-winning « Smashing Security » podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson. Plus don’t miss the first …

Cybersecurity Insiders

    • 30 octobre 2020Duped, deluded, deceived: How disinformation defrauds you
      This blog was written by an independent guest blogger. The rise of social media has no doubt been one of the major revolutions of the 21st century. It’s brought about a whole new way for people to connect and share information with others, regardless of their geographical locations. But along with these more noble intentions of social media, there will always be abuse of these platforms …

    • 30 octobre 2020Cloud firewall explained: what is firewall as a service?
      This blog was written by a third party author As organizations continue moving away from hosting services and applications with onsite servers, the use of virtual machines and cloud-based security solutions like Firewall-as-a-service (FWaaS) is trending upward. With this shift away from traditional network security solutions, cloud firewall deployments have become the norm for many businesses. …

    • 30 octobre 2020Internet of Things toys are fun but raise privacy and socio-political concerns
      This blog was written by an independent guest blogger. An estimated 38 billion devices are connected to the internet this year, highlighting the fact that the Internet of Things (IoT) is not a farfetched futuristic concept, but the reality for most of the modern world. Many of these connected devices are toys that children enjoy, but no matter how fun they may be, challenges have come to the surfa …

    • 30 octobre 2020Mobile device security explained
      This blog was written by a third party author. With recent global health events resulting in a surprise shift to an either completely remote or hybrid remote workforce for many organizations, the need to leverage mobile devices as work endpoints has grown significantly. This has created challenges for IT in maintaining both the ability to manage a wide range of devices, as well as securing them in …

    • 30 octobre 2020What is Smishing? SMS phishing explained
      This blog was written by a third party author. What is SMS phishing? SMS phishing, or “Smishing,” is a mobile phishing attack that targets victims via the SMS messaging channel rather than through email. A natural evolution of the phishing phenomenon, smishing attacks attempt to dupe mobile users with phony text messages containing links to legitimate looking, but fraudulent, sites. Th …

The CyberWire

IT Security Guru

    • 30 octobre 2020Georgia county residence have had their voter information leaked by ransomware gang
      Earlier this month the ransomware gang DoppelPaymer released unencrypted data that they have stolen from Hall County, Georgia during a cyberattack. The attack affected Hall County’s networks and phone system. At the time of the attack, there were no signs that the unencrypted data had been stolen by the hackers.  A spokesperson for Hall County said that “at this time, there is no evide …

    • 30 octobre 2020Universities are suffering email hijacking attacks
      A large number of universities, including Standford University and the University of Oxford, are suffering from cyber attacks in which their email accounts are hijacked. Once hijacked the emails accounts are then used to trick the victims into exposing their email credentials and even installing malware. CEO and co-founder of INKY, Dave Bagget, said that there are no signs of how the emails accoun …

    • 30 octobre 2020US reveals information on Russian malware attacks
      The US Cyber Command has recently revealed information about the malware implants used by Russian hackers to target national parliaments, ministries of foreign affairs, and embassies. The malware was identified by the US Cyber Command’s Cyber National Mission Force (CNMF) unit, alongside the Cybersecurity and Infrastructure Security Agency (CISA). The information was uploaded yesterday to th …

    • 29 octobre 2020Iranian attackers hack conference attendees’ emails according to Microsoft
      Microsoft has recently revealed that they discovered that Iranian state-sponsored attackers hacked into the emails accounts of a number of high-profile individuals and attendees at the 2020 Munich Security Conference and the Think 20 summit. It is thought that the attackers successfully targetted more than 100 individuals and Microsoft’s Threat Intelligence Center (MSTIC) have linked them to …

The Security Ledger

    • 28 octobre 2020Episode 192: It’s Showtime! Are Local Governments Ready To Turn Back Election Hacks?
      Election day is almost here. After years of warnings, are state and local governments ready for what Russia, Iran or any number of ransomware gangs have in store for them? The post Episode 192: It’s Showtime! Are Local Governments Ready To Turn Back Election Hacks? appeared first on The Security Ledger. Related StoriesSpotlight Podcast: Taking a Risk-Based Approach to Election SecurityPublic …

    • 22 octobre 2020Episode 191: Shifting Compliance Left with Galen Emery of Chef
      Galen Emery of Chef comes into the Security Ledger studios to talk about how security and compliance are « shifting left » with DEVSECOPS. The post Episode 191: Shifting Compliance Left with Galen Emery of Chef appeared first on The Security Ledger. Related StoriesPodcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan HuntSpotlight Podcast: CTO Zulfikar Ramza …

    • 11 octobre 2020Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security Lessons
      In this episode of the podcast (#190), sponsored by LastPass, Larry Cashdollar of Akamai joins us to talk about how finding his first CVE vulnerability, more than 20 years ago, nearly got him fired. Also: Katie Petrillo of LastPass joins us to talk about how some of the security adjustments we’ve made for COVID might not go away any time soon. …Read the whole entry… » Related Storie …

    • 8 octobre 2020Opinion: Staying Secure Through 5G Migration
      To achieve their 5G transformation, telecommunications providers require security solutions and platforms built from the ground up for modern, dynamic business models. The post Opinion: Staying Secure Through 5G Migration appeared first on The Security Ledger. Related StoriesPKI Points the Way for Identity and Authentication in IoTChina Attacks Surge as Cyber Criminals Capitalize on COVID-19Report …

    • 7 octobre 2020Report: Critical Infrastructure Cyber Attacks A Global Crisis
      The systems we rely on to keep the lights on, heat our homes, make our medicines and move our goods are increasingly connecting to the Internet, and increasingly vulnerable to devastating cyber attacks in what a new report calls a looming « global crisis. » The post Report: Critical Infrastructure Cyber Attacks A Global Crisis appeared first on The…Read the whole entry… » Related Stor …

GovInfoSecurity.com

    • Updated Malware Tied to Russian Hackers
      2 Hacking Groups Target Government AgenciesU.S Cyber Command and the Cybersecurity and Infrastructure Security Agency have issued warnings about two Russian hacking groups that are using updated malware to target government agencies around the world. …

    • Georgia Election Data Leak: Sizing Up the Impact
      Data Dump Could Raise Concerns About Election Integrity, Security Experts SayThe data dump of citizens’ election information following a ransomware attack against a county in Georgia is likely to raise concerns about the integrity of this year’s vote, some security experts say. …

    • Agencies Urged to Patch Netlogon Flaw Before Election
      Microsoft and CISA: Unpatched Flaw Could Make Government Systems Vulnerable to HackersMicrosoft and the U.S. Cybersecurity and Infrastructure Security Agency are urging local government agencies to patch the Netlogon vulnerability known as Zerologon ahead of next Tuesday’s presidential election to improve security. A « small number » of attacks exploiting the flaw are continuing, Microsoft says. …

Infosec Island 

    • 21 octobre 2020How Extreme Weather Will Create Chaos on Infrastructure
      Extreme weather events will soon become more frequent and widespread, devastating areas of the world that typically don’t experience them and amplifying the destruction in areas that do. We have already seen devastating wildfires and an increase in hurricane activity this year in the United States. Uncovering shortcomings in technical and physical infrastructure, these events will cause sign …

    • 21 octobre 2020BSIMM11 Observes the Cutting Edge of Software Security Initiatives
      If you want to improve the security of your software—and you should—then you need the Building Security In Maturity Model (BSIMM), an annual report on the evolution of software security initiatives (SSIs). The latest iteration, BSIMM11, is based on observations of 130 participating companies, primarily in nine industry verticals and spanning multiple geographies. The BSIMM examines sof …

    • 21 octobre 2020Sustaining Video Collaboration Through End-to-End Encryption
      The last several months have been the ultimate case study in workplace flexibility and adaptability. With the onset of the COVID-19 pandemic and widespread emergency activation plans through March and April, businesses large and small have all but abandoned their beautiful campuses and co-working environments. These communal, collaborative and in-person working experiences have been replaced by di …

    • 8 septembre 2020Will Robo-Helpers Help Themselves to Your Data?
      Over the coming years, organizations will experience growing disruption as threats from the digital world have an impact on the physical. Invasive technologies will be adopted across both industrial and consumer markets, creating an increasingly turbulent and unpredictable security environment. The requirement for a flexible approach to security and resilience will be crucial as a hybrid threat en …

    • 2 septembre 2020Securing the Hybrid Workforce Begins with Three Crucial Steps
      The global shift to a remote workforce has redefined the way organizations structure their business models. As executives reestablish work policies to accommodate remote employees well beyond the initially anticipated duration, a new era of work will emerge: the hybrid workforce, one more largely split between office and remote environments. While this transition brings a wave of opportunity for o …

The K-12 Cybersecurity Resource Center

    • 30 octobre 2020CYBR: Public schools are being targeted by Cybercriminals
      Listen in as the CYBR podcast speaks with Eric Lankford and Doug Levin about the launch of a new cyber threat intelligence and best practices community for schools, K12 SIX. Continue reading CYBR: Public schools are being targeted by Cybercriminals at The K-12 Cybersecurity Resource Center. …

    • 1 octobre 2020Talk Out of School: Student Privacy, Data Breaches, and More
      Listen in as WBAI’s ‘Talk Out of School’ radio show turns its attention to school cybersecurity and privacy issues in NY and beyond. Continue reading Talk Out of School: Student Privacy, Data Breaches, and More at The K-12 Cybersecurity Resource Center. …

    • 29 septembre 2020The Public Disclosure Conundrum
      School districts may not have to disclose cybersecurity incidents to families or employees. Yet, opting for secrecy comes with even bigger problems. Continue reading The Public Disclosure Conundrum at The K-12 Cybersecurity Resource Center. …

    • 16 août 2020Introducing the K-12 Cybersecurity Self-Assessment
      The K-12 Cybersecurity Self-Assessment is free 20-minute, 50-question assessment intended to help IT leaders to identify and prioritize school district cybersecurity controls. Continue reading Introducing the K-12 Cybersecurity Self-Assessment at The K-12 Cybersecurity Resource Center. …

Iain Fraser Journalist

InfoSec News

    • 13 juillet 2020MGySgt Scott Stalker’s 2020 Reading List
      MGySgt Scott H. Stalker’s 2020 Reading List By William Knowles @c4i Senior Editor InfoSec News July 8, 2020 One of the interesting parts of the COVID-19 pandemic with the number of experts on television and online video conferences have been what books are on their bookshelves. I’ve found myself on more than a few occasions taking screenshots to look and decipher them later.  One longstandin …

    • 8 juillet 2020Citrix patches 11 critical bugs
      Citrix patches 11 critical bugs By William Knowles @c4i Senior Editor InfoSec News July 8, 2020 In a breath of fresh air for this week, software vendor Citrix released patches for 11 vulnerabilities, quickly applying the lesson learned six months ago and not wanting a repeat with malicious hackers looking for ways to exploit the vulnerability. Citrix Chief Information Security Officer, Fermin J. S …

    • 6 juillet 2020USCYBERCOM urgently recommends F5 customers to patch CVE-2020-5902 and 5903 NOW
      By William Knowles @c4i Senior Editor InfoSec News July 6, 2020 Just in case you accidentally had your work phone and duty pager in a Faraday bag all July 4th holiday weekend long, you have one heckuva surprise waiting for you! As F5 reminds everyone that 48 of Fortune 50 companies are F5 customers, F5 has published a security advisory warning to their customers to patch a critical flaw in their B …

    • 3 juillet 2020National Security Agency releases Securing IPsec Virtual Private Networks
      By William Knowles @c4iSenior EditorInfoSec NewsJuly 3, 2020 On the heels of the tweet from USCYBERCOM earlier in the week advising users of Palo Alto Networks to patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. On Thursday, the National Security Agency released Securing IPsec Virtual Private Networks. Many organizations currently utilize IP Security (IPsec) V …

    • 19 juin 2020New Zealand CERT issues advisory on ransomware campaign
      New Zealand CERT issues advisory on ransomware campaign By William Knowles Senior Editor InfoSec News June 18, 2020 The New Zealand Computer Emergency Response Team (CERT NZ) has released an advisory on a ransomware campaign leveraging remote access technologies. Unknown malicious cyber bad actors are targeting organizations’ networks through remote access tools, such as Remote Desktop Proto …

Internet Storm Center | SANS 

Security Gladiators | Internet Security News