Sécurité


Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Hackers | Fabricants | Magazines | Virus / Malware

Schneier

IT Security

    • 8 mai 2018Putting FUD Back in Information Security
      FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […]

    • 16 avril 2018Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix
      A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

    • 1 avril 2018Information Security and the Zero-Sum Game
      A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […]

    • 16 mars 2018Google’s new Gaming Venture: A New Player?
      Google in Gaming – Facts and Speculation In January 2018, game industry veteran Phil Harrison announced that he was joining Google as a Vice President and GM. With Harrison’s long history of involvement with video game companies – having previously worked with Sony and Microsoft’s Xbox division – this immediately prompted speculation and rumours about […]

    • 9 février 2018Bubble Economies and the Sustainability of Mobile Gaming
      Old Bubbles and New Bubbles Gaming is a technology-based market, and tech markets are no strangers to economic bubbles and the effects of them bursting. The market recession of the early 2000s, most commonly known as the Dotcom Crash, is probably the biggest and most influential ‘burst bubble’ of the internet era. The Dotcom Bubble […]

TAO Security

    • 29 juillet 2021Zeek in Action Videos
      This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project. Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on. I am especially pleased with Video 6 on monitoring wireless netw …

    • 13 avril 2021New Book! The Best of TaoSecurity Blog, Volume 4
       I’ve completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It’s available now for Kindle, and I’m working on the print edition. I’m running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I described the new tit …

    • 1 avril 2021The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO
       What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI’ve been reading Nicole Perlroth’s new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were up …

    • 18 février 2021Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
      PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of …

    • 9 novembre 2020New Book! The Best of TaoSecurity Blog, Volume 3
       Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It’s in the Kindle Store, and if you have an Unlimited account, it’s free. I also published a print edition, which is 485 pages. Book DescriptionThe book features the following description …

Information Security Buzz
Aucun contenu.

gHacks

    • 5 août 2021IMDb TV finally gets a dedicated Android App
      When you think of Amazon’s streaming service, the first thing that comes to mind is Prime Video. However, this is not the only streaming service that Amazon has available. IMDb TV, which was previously called Freedive, is also an option. And it’s a free option to boot. Launched in 2019, the IMDb and Prime Video libraries have been available since then, with their own apps and online streaming opti …

    • 5 août 2021Ghacks Deals: Pay What You Want: Adobe CC A-Z Lifetime Course Bundle
      The Adobe CC A-Z Lifetime Course Bundle is a Pay What You Want deal. Pay at least $1 to unlock one of the courses, or beat the average price, currently $17.93 to gain lifetime access to all 12 courses of the bundle. Wonder which courses are included? Here is the list: The Complete Adobe After Effects Course — Improve Your Videos with Professional Motion Graphics & Visual Effects The Complete …

    • 5 août 2021Facebook scatters privacy settings all over the place on mobile
      Every other year, Facebook announces that it has changed the settings of its web version and/or applications. This month’s change is rolling out to all users of Facebook’s mobile application, and its main purpose is to streamline the layout, make things easier to find, but without removing any of the previous settings. Facebook’s privacy settings were changed in 2018 the last time. Back then, the …

    • 5 août 2021WhatsApp’s View Once message feature has arrived
      View Once is a new feature that’s finally available on WhatsApp. The beta version was released in July 2021, and after successful testing, is now being rolled out to all WhatsApp users. The new feature allows recipients to only open the message once before disappearing. While the View Once feature aims to give senders more control over the media they send, therefore adding more privacy to the chat …

    • 5 août 2021WhatsApp encryption – does Facebook want to overcome it?
      Facebook has confirmed that they have hired a team of researchers to figure out a way to get past end-to-end encryption. One of the privacy features that we appreciate about the WhatsApp chatting app is the end-to-end encryption. The encryption means that only people that you’ve given permission to may read your messages. This end-to-end encryption even excludes the app itself from viewing your me …

SecurityWeek

    • 16 septembre 2020Box Showcases New Offerings for Remote Working Environment
      The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. read more …

    • 16 septembre 2020U.S. House Passes IoT Cybersecurity Bill
      The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. read more …

    • 16 septembre 2020Nozomi Networks Becomes CVE Numbering Authority
      Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). read more …

    • 16 septembre 2020NSA Publishes Guidance on UEFI Secure Boot Customization
      The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization’s needs. read more …

Help Net Security

    • 5 août 2021ReliaQuest expands its executive team with new appointments
      ReliaQuest announced the appointments of Brian Foster as Vice President of Product, Paul Kraus as Vice President of Engineering and Dan Wire as Vice President of Brand and Communications. Foster and Kraus bring deep security product experience and are focused on expanding the ReliaQuest GreyMatter Open XDR platform and Wire brings more than 15 years of security marketing and communications experie …

    • 5 août 2021SentinelOne Storyline Active Response enables SOC teams to be proactive and efficient
      SentinelOne Storyline Active Response (STAR) is a cloud-based automated hunting, detection, and response engine. Integrated with SentinelOne’s ActiveEDR, STAR empowers security teams to create custom detection and response rules and deploy them in real time to the entire network or desired subset, to proactively detect and respond to threats. STAR also enables security teams to turn these queries …

    • 5 août 2021Satori Data Security Policy Engine streamlines data security for enterprises
      Satori announced the Satori Data Security Policy Engine to streamline and revolutionize data security for large enterprises. This new extension of Satori’s DataSecOps platform enables companies to democratize data access and modernize operations for dynamic enterprise data environments using scalable, universal and holistic data security policies. “Implementing data security controls for specific …

    • 5 août 2021The destructive power of supply chain attacks and how to secure your code
      In this Help Net Security podcast, Tomislav Peričin, Chief Software Architect at ReversingLabs, explains the latest and most destructive supply chain attacks, their techniques and how to build more secure apps. Here’s a transcript of the podcast for your convenience. Jasmine: I’m here today with Tomislav Peričin, Chief Software Architect with ReversingLabs, talking about the hot topic of sup …

    • 5 août 2021RIP guest access, long live shared channels!
      While many yearn to return to pre-pandemic days, some aspects of our new normal are welcome. Most notable is the flexibility of hybrid working, with a great majority of employers reporting they will embrace greater flexibility post-pandemic, by deploying a hybrid onsite / remote work model. As organizations work to solidify plans for how communication and collaboration will work for their hybrid w …

Naked Security – Sophos

SearchSecurity

CSO | Security News

    • 5 août 2021NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline, other attacks
      Earlier this week, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA)  issued a joint document entitled Kubernetes Hardening Guidance. Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling and management of applications, usually in a cloud environment. According to the most recent State of …

    • 5 août 20214 things you should know about cybersecurity pros
      The 5th annual Life and Times of Cybersecurity Professionals report from ESG and the Information Systems Security Association (ISSA) provides valuable insight into the challenges cybersecurity pros  face, how they see themselves relative to the rest of the organization, and what brings them job satisfaction, among many other data points.CISOs and other cybersecurity leaders concerned with recruitm …

    • 5 août 2021CISOs: Do you know what's in your company’s products?
      In the guidance issued by the Cybersecurity and Infrastructure Security Agency (CISA) in April 2021 on securing one’s supply chain, a portion of the guidance was dedicated to the threat vector posed to entities during their design phase.The question COOs should be asking their CISO’s is: “How can I make my product and processes the most secure and operate within acceptable risk parameters for the …

    • 4 août 2021How to prepare your Windows network for a ransomware attack
      Recently I spoke with Ryan Chapman of the SANS Institute, author of the upcoming SANS course FOR528: Ransomware for Incident Responders, on how to better prepare for ransomware. That preparation comes in two forms: planning how you would respond to a successful ransomware attack and overcoming barriers to hardening your network against them. [ Learn how to harden Windows 10 for maximum security. | …

    • 4 août 2021What is physical security? How to keep your facilities and devices safe from on-site attackers
      Physical security definition Physical security is the protection of people, property, and physical assets from actions and events that could cause damage or loss. Though often overlooked in favor of cybersecurity, physical security is equally important. And, indeed, it has grown into a $30 billion industry. All the firewalls in the world can’t help you if an attacker removes your storage media fro …

Graham Cluley

Cybersecurity Insiders

    • 5 août 2021SentinelOne Unveils Storyline Active Response (STAR) To Transform XDR
      MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today unveiled SentinelOne Storyline Active Response (STAR)TM, its cloud-based automated hunting, detection, and response engine. Integrated with SentinelOne’s ActiveEDR®, STAR empowers security teams to create custom detection and response rules and deploy them in real time to th …

    • 5 août 2021United States to use Amazon, Google and Microsoft to bolster security against Ransomware Attacks
      As more and more companies are becoming soft targets for ransomware spreading gangs, United States is all set to knock the doors of big technology companies like Amazon, Google, and Microsoft to offer protecting collaboratively. Named as Joint Cyber Defense Collaboration, the initiative will allow the Department of Homeland Security to officially seek help from tech companies against sophisticated …

    • 5 août 2021Israel to discuss the use of Offensive Cyber Arms
      Israel’s defense committee is all set to discuss the use of Offensive Cyber Arms after it received a lot of backlash from international nations. However, the discussions will be held by the top ministers behind the doors and the talking points might not be disclosed to the public, says a report published in Israeli news daily Haaretz. After the disclosure of NSO Group’s plugged spyware Pegasus, a …

    • 5 août 2021Ransomware attack disrupts Island Education Federation Servers
      A file encrypting malware attack has reportedly disrupted the servers of over six schools operating in the Isle of Wight, thus delaying the much awaited opening of the autumn term. As per the sources reporting to Cybersecurity Insiders, the attack took place on the computer network of Island Education Federation, locking down access to important documents that might take weeks or months to be rest …

The CyberWire

IT Security Guru

    • 5 août 2021Vulnerabilities allow for takeover of capsule hotel rooms
      Kya Supa, security consultant at LEXFO, inadvertently found a series of security bugs in IoT devices within connected hotel rooms. These vulnerabilities allowed him to take control of the amenities in multiple capsule hotel rooms (tiny rooms stacked side-by-side). Supa presented his findings on Wednesday at the Black Hat Conference 2021. The rooms are controlled using an iPod touch, which visitors …

    • 5 août 2021Ransomware hits Isle of Wight schools
      The Isle of Wight Education Federation disclosed that its IT systems were shut down last week as a result of a ransomware attack. The attackers encrypted the school data of Carisbrooke College, Island 6th Form, Medina College, Barton Prymary, Hunnyhill Primary and Lanesend Primary. The police have been informed and are working with the schools to track down the hackers. A spokesman for the federat …

    • 5 août 2021Round Table: Confident Cyber Security
      The Eskenzi Cyber Book and Film Club take a look at Jessica Barker’s book ‘Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career,’ an easy-to-read, jargon-busting guide on the world of cybersecurity. Javvad Malik – Security Awareness Advocate at KnowBe4, hosts the roundtable and is joined by Jessica Barker, Stephen Khan – Head of Tech and Cyber Security Risk at …

    • 4 août 2021Feedzai acquires behavioural biometrics specialist Revelock to secure cashless commerce
      Feedzai, the cloud-based financial risk management platform company, has announced the acquisition of an advanced behavioural biometric platform, Revelock, following a significant $200m investment round earlier this year. Feedzai’s acquisition of Revelock will create “the world’s largest AI-powered financial risk management platform with native, integrated behavioural biometrics”, the …

    • 4 août 2021Critical flaws affecting embedded TCP/IP Stack used in OT devices
      On Wednesday, cybersecurity researchers disclosed 14 vulnerabilities that affect a common TCP/IP stack, which is used in a large amount of OT devices. These devices are manufactured by less than 200 vendors and utilised in manufacturing plants, power generation, water treatment and critical infrastructure sectors. The vulnerabilities have been labelled “INFRA:HALT” and target NicheStac …

The Security Ledger

    • 5 août 2021Spotlight: Securing the Great Resignation with Code 42
      Mark Wojtasiak, the Vice President of Security Industry research at Code42 joins us to talk about how companies can handle the security risks that accompany the COVID-inspired “great resignation” in corporate America. The post Spotlight: Securing the Great Resignation with Code 42 appeared first on The Security Ledger with Paul F. Roberts. Related StoriesEpisode 221: Biden Unmasked APT 40. But Doe …

    • 30 juillet 2021Encore Podcast: Chris Valasek on Hacking The Jeep Cherokee
      With Black Hat and DEFCON upon us, we revisit a 2015 interview with Chris Valasek about his wireless, software based hack of a Chrysler Jeep Cherokee. The post Encore Podcast: Chris Valasek on Hacking The Jeep Cherokee appeared first on The Security Ledger with Paul F. Roberts. Related StoriesEncore Podcast: Is Autonomous Driving Heading for a Crash?Episode 215-1: Jeremy O’Sullivan of Kytch …

    • 29 juillet 2021As Mobile Fraud Rises, The Password Persists
      A new study released by Incognia that measures user friction in mobile financial apps yields important results about the fate of the password. The post As Mobile Fraud Rises, The Password Persists appeared first on The Security Ledger with Paul F. Roberts. Related StoriesWhat’s Good IAM? The Answer may depend on your IndustrySpotting Hackers at the Pace of XDR – From Alerts to Inciden …

    • 27 juillet 2021Spotting Hackers at the Pace of XDR – From Alerts to Incidents
      Extended Detection and Response (XDR) technology is gaining traction within enterprises. But how can organizations handle the increased volume of alerts XDR systems produce? Samuel Jones, of cyber AI firm Stellar Cyber, discusses how embracing incident-based systems can reduce the analyst burden of XDR technology, enabling companies to spot and…Read the whole entry… » Related Storie …

    • 23 juillet 2021Episode 221: Biden Unmasked APT 40. But Does It Matter?
      Andrew Sellers, the Chief Technology Officer at QOMPLX joins us to unpack the revelations this week about APT 40, the Chinese group that the US has accused of a string of attacks aimed at stealing sensitive trade secrets. Also: is Salesforce the next SolarWinds The post Episode 221: Biden Unmasked APT 40. But Does It Matter? appeared first on The…Read the whole entry… » Related Stor …

GovInfoSecurity.com

    • CISA's Easterly Unveils Joint Cyber Defense Collaborative
      Newly Appointed Director Describes Effort to Build National Cybersecurity Defense StrategyThe U.S. Cybersecurity and Infrastructure Security Agency is creating the Joint Cyber Defense Collaborative to build a national cybersecurity defense strategy based on collaboration between the public and private sectors, CISA Director Jen Easterly said at the Black Hat 2021 conference Thursday. …

    • Chinese Cyberthreats: The Impact on National Security
      Senate Hearing Reviews Cyber Activity and How to Counter ItThe U.S. needs to devise ways to counter Chinese cyber activity – including the theft of intellectual property and cyberattacks on government networks and critical infrastructure – that poses a direct threat to national security, according to those who testified at a Senate hearing this week. …

    • Cybersecurity M&A Update: Five Firms Make Moves
      Ivanti, Sophos, Deloitte, Cerberus Sentinel and Feedzai Announce DealsCybersecurity acquisitions continue at an intense pace, with Ivanti, Sophos, Deloitte Risk & Financial Advisory, Cerberus Sentinel and Feedzai all making moves to bolster their security portfolios. …

Infosec Island 

    • 26 mai 2021Five Practical Steps to Implementing a Zero-Trust Network
      While the concept of Zero Trust was created 10 years ago, the events of 2020 thrust it to the top of enterprise security agendas. The COVID-19 pandemic has driven mass remote working, which means that organizations’ traditional perimeter-based security models were broken up, in many cases literally overnight. For the foreseeable future, an organization's network is no longer a single thi …

    • 21 avril 2021Facebook Shuts Down Two Hacking Groups in Palestine
      Social media giant Facebook today announced that it took action against two groups of hackers originating from Palestine that abused its infrastructure for malware distribution and account compromise across the Internet.  One of the dismantled networks was linked to the Preventive Security Service (PSS), one of the several intelligence services of Palestine, while the other was associated wit …

    • 13 avril 2021Cloud Security Alliance Shares Security Guidance for Crypto-Assets Exchange
      The Cloud Security Alliance (CSA) has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security.   Drafted by CSA’s Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersec …

    • 9 mars 2021Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit
      Join Intel on Wednesday, March 10, at SecurityWeek’s Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel’s experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.   Into the Spotlight: Is Supply Chain Ready for the Magnifying Glass?   Listen in on a …

    • 24 février 2021GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer
      Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO).   Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer (CISO). He arrived at Cisco via its $2.35 billion acquisition of Duo Security in 2018.   “As the largest global network of developers, GitHub is also crucial to supp …

The K-12 Cybersecurity Resource Center

    • 3 mars 2021March 10: K-12 Cybersecurity Leadership Summit
      Join us at the inaugural ‘K-12 Cybersecurity Leadership Summit’ – a free half-day event on leadership issues related to K-12 cybersecurity for school and district leaders, policymakers, K-12 IT practioners, and vendors. Continue reading March 10: K-12 Cybersecurity Leadership Summit at The K-12 Cybersecurity Resource Center. …

    • 11 janvier 2021New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap
      School districts have their own distinct challenges as they strive to protect themselves against digital threats. It only makes sense that they have an ISAC of their own. Now they do. Continue reading New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap at The K-12 Cybersecurity Resource Center. …

    • 16 décembre 2020The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected
      School districts across the US suffer from notoriously poor information security. This is at a time when school district spending on technology is at an all-time high. Why is this? Continue reading The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected at The K-12 Cybersecurity Resource Center. …

    • 10 décembre 2020FBI/CISA/MS-ISAC Warn Schools on Cyber Threats
      A new joint advisory – warning of cyber threats to K-12 schools – was released by the FBI, CISA, and MS-ISAC. Please share widely. Continue reading FBI/CISA/MS-ISAC Warn Schools on Cyber Threats at The K-12 Cybersecurity Resource Center. …

Iain Fraser Journalist

InfoSec News
Erreur: Il y a un erreur avec ce flux.

Internet Storm Center | SANS 
Erreur: Il y a un erreur avec ce flux.

Security Gladiators | Internet Security News