Sécurité


Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Hackers | Fabricants | Magazines | Virus / Malware

Schneier

IT Security

    • 8 mai 2018Putting FUD Back in Information Security
      FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […]

    • 16 avril 2018Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix
      A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

    • 1 avril 2018Information Security and the Zero-Sum Game
      A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […]

    • 16 mars 2018Google’s new Gaming Venture: A New Player?
      Google in Gaming – Facts and Speculation In January 2018, game industry veteran Phil Harrison announced that he was joining Google as a Vice President and GM. With Harrison’s long history of involvement with video game companies – having previously worked with Sony and Microsoft’s Xbox division – this immediately prompted speculation and rumours about […]

    • 9 février 2018Bubble Economies and the Sustainability of Mobile Gaming
      Old Bubbles and New Bubbles Gaming is a technology-based market, and tech markets are no strangers to economic bubbles and the effects of them bursting. The market recession of the early 2000s, most commonly known as the Dotcom Crash, is probably the biggest and most influential ‘burst bubble’ of the internet era. The Dotcom Bubble […]

TAO Security

    • 13 avril 2021New Book! The Best of TaoSecurity Blog, Volume 4
       I’ve completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It’s available now for Kindle, and I’m working on the print edition. I’m running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I described the new tit …

    • 1 avril 2021The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO
       What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI’ve been reading Nicole Perlroth’s new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were up …

    • 18 février 2021Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
      PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of …

    • 9 novembre 2020New Book! The Best of TaoSecurity Blog, Volume 3
       Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It’s in the Kindle Store, and if you have an Unlimited account, it’s free. I also published a print edition, which is 485 pages. Book DescriptionThe book features the following description …

    • 31 octobre 2020Security and the One Percent: A Thought Exercise in Estimation and Consequences
      There’s a good chance that if you’re reading this post, you’re the member of an exclusive club. I call it the security one percent, or the security 1% or #securityonepercent on Twitter. This is shorthand for the assortment of people and organizations who have the personnel, processes, technology, and support to implement somewhat robust digital security programs, especially those with the detectio …

Information Security Buzz

    • 18 mai 2021DCMS to Focus on Supply Chain Security – Expert Reaction
      DCMS has announced new plans to enhance the security of the UK’s critical supply chains. The proposal could require Managed Service Providers to meet the current Cyber Assessment Framework – a set of… The ISBuzz Post: This Post DCMS to Focus on Supply Chain Security – Expert Reaction appeared first on Information Security Buzz. …

    • 18 mai 2021Experts Reaction on guard.me Data Breach
      The student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders’ personal information. The website is one of the largest insurance providers… The ISBuzz Post: This Post Experts Reaction on guard.me Data Breach appeared first on Information Security Buzz. …

    • 18 mai 2021Cyber Security: Data ‘Re’-Assurance
      How do organisations know their data is secure? And how can companies ensure that a network breach won’t result in a loss of sensitive data? The consequences of a data… The ISBuzz Post: This Post Cyber Security: Data ‘Re’-Assurance appeared first on Information Security Buzz. …

    • 18 mai 2021Eufy Breach May Have Shown Footage Of Your Home To Strangers
      As reported by Digital Trends, IoT company Eufy showed users the wrong video footage on Monday. Users from around the world reported they could see other peoples’ feeds and even… The ISBuzz Post: This Post Eufy Breach May Have Shown Footage Of Your Home To Strangers appeared first on Information Security Buzz. …

gHacks

    • 18 mai 2021Ghacks Deals: Get a NordVPN subscription for just €4.13 per month
      NordVPN is a popular premium VPN service that ticks all the right boxes. It has a strict no-logs policy that has been verified through independent audits, operates more than 5500 servers in 59 countries, allows six devices to be connected at the same time,  supports P2p, does not limit bandwidth or speed, includes useful security features on top, such as an Internet kill switch, DNS leak protectio …

    • 18 mai 2021Don't download this Microsoft Authenticator extension for Chrome: it is fake
      Software and extension stores that rely on automatic store submission reviews are more prone to fake and malicious extensions being offered.  The latest addition to the growing number of Chrome Store extensions that fall into the category is called Microsoft Authenticator. The name suggests that it is an official product by Microsoft, but it is not. One hint that something is off is that the compa …

    • 18 mai 2021Thunderbird 78.10.2 is out with security fixes and usability improvements
      MZLA Technologies Corporation released a new version of its Thunderbird email client on May 17, 2021. Thunderbird 78.10.2 is a security update but it also includes usability improvements and a number of bug fixes. The new version is already available and users who have not turned off automatic updates in the email client should see it pop up on their screens automatically. A quick check of Help …

    • 18 mai 2021How to share your Xbox Game Pass PC subscription with your family
      Xbox Game Pass PC has been a game changer in recent years. Why pay the full price for the latest games, when you can pay a monthly fee for hundreds of games to choose from? Did you know that a single Xbox Game Pass subscription can be shared among family members? Let’s say you have 2 or 3 computers (or Xbox consoles) at home, and you want to play the games from the Game Pass library on all devices …

    • 17 mai 2021Simple Gallery Pro for Android is a local Google Photos alternative
      Simply Gallery Pro is a free photo management application for Google Android devices that works well as a replacement for Google Photos, provided that sync functionality is not required. I’m in the process of replacing Google’s default applications on Android with alternatives that are better for privacy. While there is not always an app available that matches all functionality, a good application …

SecurityWeek

    • 16 septembre 2020Box Showcases New Offerings for Remote Working Environment
      The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. read more …

    • 16 septembre 2020U.S. House Passes IoT Cybersecurity Bill
      The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. read more …

    • 16 septembre 2020Nozomi Networks Becomes CVE Numbering Authority
      Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). read more …

    • 16 septembre 2020NSA Publishes Guidance on UEFI Secure Boot Customization
      The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization’s needs. read more …

Help Net Security

    • 18 mai 20211Password releases full-featured desktop app for Linux
      1Password has launched a full-featured desktop app for Linux, providing users with the ability to secure credentials across devices from the same 1Password app. Linux joins a roster of operating systems that are integrated with 1Password, and also allows seamless management of infrastructure secrets through the recently released Secrets Automation product – a new way to easily secure, manage …

    • 18 mai 2021Detecting attackers obfuscating their IP address inside AWS
      Security researchers have documented an attack technique that may allow attackers to leverage a legitimate Amazon VPC feature to mask their use of stolen API credentials inside AWS. The feature and its exploitation potential “Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define,” AWS explains. …

    • 18 mai 2021Identifying and addressing critical OT asset vulnerabilities in 24/7 industrial operations
      Cybersecurity is a race. A race that has for over a decade been extended to include systems that run the world’s industrial facilities, where a breach can compromise more than data. A cyber breach at an industrial facility may enable a bad actor to move actuators that can trip a switch at a power plant to deny electricity to an entire city, manipulate valves to move highly combustible molecules in …

    • 18 mai 2021Hackers are leveling up and catching healthcare off-guard
      Remember when ransomware operators promised last year not to attack hospitals under siege from COVID-19? Unfortunately, that didn’t happen: hospitality, entertainment, and retail locations were all shut down as COVID-19 spread, leaving ne’er-do-wells to look at industries that were still open for business. When attacking the healthcare industry, hackers are going beyond focusing on data exfi …

    • 18 mai 2021RaaS gangs go “private” after stirring a hornet’s nest
      After a decade or so of ransomware attacks against sometimes very prominent targets, the recent Colonial Pipeline ransomware attack by the Darkside gang has been the proverbial straw that broke the camel’s back, as the attack was followed by a temporary shut down of the pipeline, which then led to widespread fuel shortages in the Southeast United States and the government issuing a state of …

Naked Security – Sophos

SearchSecurity

CSO | Security News

    • 18 mai 2021UK government considers strengthening security rules for MSPs to address supply chain risks
      The UK government’s Department for Digital, Culture, Media and Sport (DCMS) is considering new measures to enhance the security of digital supply chains and third-party IT services. As a result, managed service providers (MSPs) could be required to adhere to strengthened security rules or guidance going forward.[ Learn the 7 keys to better risk assessment. | Get the latest from CSO by signing up f …

    • 18 mai 2021DDoS attacks: Stronger than ever and increasingly used for extortion
      Ransomware has taken center stage in the cybercrime ecosystem, causing over $1 billion in losses last year around the world and earning criminals hundreds of millions of dollars in profits. At the same time, distributed denial-of-service (DDoS) attacks, which have also traditionally been used to extort businesses, returned in force. Ransomware groups are even using them to put additional pressure …

    • 18 mai 20215 ways hackers hide their tracks
      CISOs have an array of ever-improving tools to help spot and stop malicious activity: network monitoring tools, virus scanners, software composition analysis (SCA) tools, digital forensics and incident response (DFIR) solutions, and more.But of course, cybersecurity is an ongoing battle between attack and defense, and the attackers continue to pose novel challenges.[ Keep up with 8 hot cyber secur …

    • 17 mai 2021Tech Resume Library: 27 downloadable templates for IT pros
      A well-crafted resume will attract recruiters, HR pros and hiring managers, but getting it just right is a daunting task. To jump start the process, Insider Pro has assembled this collection of real resumes revamped by professional resume writers. (Watch this space for new templates.)

    • 17 mai 2021Colonial Pipeline take-away for CISOs: Embrace the mandates
      Many in mainstream media have characterized the DarkSide attack on Colonial Pipeline, which operates a significant portion of the nation’s critical energy infrastructure, as a wake-up call for CIOs and CISOs. If that is the case, then they are hard of hearing as this klaxon has been sounding for many years, as company after company fends off ransomware attacks.[ Learn what you need to know about d …

Graham Cluley

Cybersecurity Insiders

    • 18 mai 2021What Docker runtime deprecation means for your Kubernetes
      This blog was written by an independent guest blogger. On December 8, 2020, Kubernetes released version 1.20—the third and final release of the popular container orchestration platform in 2020. Kubernetes noted in a blog post that the version contained 42 enhancements. Of those enhancements, 16 entered into alpha, while the remainder moved to beta or graduated to stable at 15 and 11, respect …

    • 18 mai 2021What is data loss prevention?
      This article was written by an independent guest author. DLP security strategies, benefits explained The threat landscape is a constantly evolving challenge for enterprise security professionals – the number of cyberattacks is continuing to rise, data exfiltration is now included in 70% of ransomware attacks, and insiders are responsible for 30% of all data breaches. As a result, enterprises …

    • 18 mai 2021Stories from the SOC -SSH brute force authentication attempt tactic
      Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers. Executive Summary An SSH Brute Force attack is a form of cybersecurity attack in which an attacker uses trial and error to guess credentials to access a server. Unlike a lot of o …

    • 18 mai 2021Unlimited Access to Free Industry Leading Cybersecurity Webinars
      (ISC)² Webinars are an opportunity to take part in active, educational and engaging sessions delivering up-to-date knowledge from cybersecurity experts. Experienced and vetted professionals lead discussions on industry-relevant topics with four to five live global webcasts per week in addition to recorded content. All webinar subjects are designed with your continuing education in mind, ensur …

    • 18 mai 2021Cloud (Mis)Configuration: What Do You Need to Consider?
      Should you adopt the default security configuration from your Cloud Service Provider to avoid a misconfiguration incident? If you do, proceed with caution. Some default settings may not be required in your environment and would serve the organization better if they were disabled. As part of a complete cloud security strategy, all settings must be checked against an established hardening standard. …

The CyberWire

IT Security Guru

    • 18 mai 2021Ireland’s HSE refuses to pay ransom
      Following the cyber attack on the Ireland’s Health Service Executive (HSE), the attackers have sought a ransom. HSE has, however, stated they will not be paying the hackers, even while the country’s healthcare and social services continue dealing with the disruption of the ransomware, which has been described as potentially the ‘most significant’ case of cybercrime experien …

    • 18 mai 2021Strange – but effective – cyber defence trick
      Recently, KrebsOnSecurity discovered that close to all ransomware strains have a particular built-in failsafe: they will not install on a device that uses specific virtual keyboards, specifically Russian or Ukrainian. Several Russian-language affiliate moneymaking programmes, including Darkside, prevent their criminal associates to install any malicious software on devices in several Eastern Europ …

    • 17 mai 2021Irish healthcare system suffers two cyber-attacks
      It has been confirmed that Ireland’s healthcare system fell victim to two cyber-attacks on Thursday and Friday last week. The Department of Health reported that its IT systems were shut down after the first ransomware attack on Thursday. On Friday a similar attack was launched against the Health Service Executive (HSE) causing “substantial” cancellations to services. Both inciden …

    • 17 mai 2021Insurance giant hit by ransomware
      Over the weekend AXA, an insurance giant based in Thailand, Malaysia, Hong Kong and the Philippines, reported falling victim to a ransomware attack. The attack is claimed to have been perpetrated by the Avaddon ransomware group, which has said it stole 3 TB of sensitive data from AXA’s Asian operations. The attack was not limited to ransomware, as a Distributed Denial of Service (DDoS) was a …

    • 14 mai 2021Are your remote or furloughed employees a security threat?
      The evolution of the workplace has accelerated over the past year for reasons too painfully obvious to mention. In light of the office exodus, employers have been set the enormous task of adapting and accommodating a remote workforce and managing morale in the face of furloughs. Among the many practical challenges is shoring up your cybersecurity defences. The several risks posed by furloughed and …

The Security Ledger

    • 15 mai 2021Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware
      Intel 471 CISO Brandon Hoffman joins us to to discuss Darkside, the ransomware group that attacked the Colonial Pipeline, why the crew may have bitten off more than it can chew and what the attack says about the state of America’s Critical Infrastructure. The post Episode 214: Darkside Down: What The Colonial Attack Means For The Future of…Read the whole entry… » Related StoriesDeer …

    • 14 mai 2021Want To Prevent Another SolarWinds? Start With Developers
      An all-star roundtable of security experts tackles the question of how to prevent another SolarWinds. The post Want To Prevent Another SolarWinds? Start With Developers appeared first on The Security Ledger with Paul F. Roberts. Related StoriesResearchers Test UN’s Cybersecurity, Find Data on 100kDispute Over Data Leak Highlights Legal Risks for UK ResearchersCritical Flaws Found In Widely …

    • 13 mai 2021Dispute Over Data Leak Highlights Legal Risks for UK Researchers
      An expensive, months-long legal tussle between a UK engineer and a healthcare non-profit is spurring calls for reform to the country’s 30 year-old Computer Misuse Act, which Dyke and others contend criminalizes the work of ‘Good Samaritan’ security researchers acting in the public interest. The post Dispute Over Data Leak Highlights Legal…Read the whole entry… » Related StoriesExclu …

    • 4 mai 2021Seeds of Destruction: Cyber Risk Is Growing in Agriculture
      In this episode of the podcast (#213): Molly Jahn of DARPA and University of Wisconsin joins us to talk about the growing cyber risk to the Food and Agriculture sector, as industry consolidation and precision agriculture combine to increase the chances of cyber disruption of food production. The post Seeds of Destruction: Cyber Risk Is Growing in…Read the whole entry… » Related Stor …

    • 27 avril 2021Episode 212: China’s Stolen Data Economy (And Why We Should Care)
      In this episode of the podcast (#212), Brandon Hoffman, the CISO of Intel 471 joins us to discuss that company’s latest report that looks at China’s diversified marketplace for stolen data and stolen identities. The post Episode 212: China’s Stolen Data Economy (And Why We Should Care) appeared first on The Security Ledger with Paul F….Read the whole entry… » Related StoriesEpisode …

GovInfoSecurity.com

    • RSA Cryptographers' Panel: SolarWinds, NFTs and More
      Machine Leading and Quantum Computing Challenges Also Among the Topics AnalyzedWhat do the world’s leading encryption and security experts think about non-fungible tokens, supply chain attacks, coordinated vulnerability disclosure and the state of quantum computing? The cryptographers’ panel at RSA Conference 2021 addressed all these issues. …

    • FDA: Strong Smartphone Magnets Can Affect Cardiac Devices
      But Do Powerful Consumer Device Magnets Also Pose Security Risks?The FDA is warning that strong magnets in some cellphones and smartwatches can interfere with the performance and safety of certain pacemakers and other implantable devices. But do they also pose security risks? …

    • Driving Healthcare Innovation With a Security Mindset
      ChristianaCare CISO Anahi Santiago on Securing Hospitals Without BordersTelehealth, a remote workforce, cloud migration – these were dreams, but not reality for many healthcare CISOs pre-pandemic. Today’s a new world, and ChristianaCare CISO Anahi Santiago is happy to be helping to secure it. She discusses security’s role in this new innovation. …

    • Introducing MITRE ATT&CK Defender
      Rick Gordon of MITRE Engenuity Details New Training, CertificationA recent study showed that even though 82% of cybersecurity professionals are familiar with the MITRE ATT&CK framework, only 8% said they used it regularly. This led to development of the new MITRE ATT&CK Defender training and certification. Rick Gordon of MITRE Engenuity explains. …

Infosec Island 

    • 21 avril 2021Facebook Shuts Down Two Hacking Groups in Palestine
      Social media giant Facebook today announced that it took action against two groups of hackers originating from Palestine that abused its infrastructure for malware distribution and account compromise across the Internet.  One of the dismantled networks was linked to the Preventive Security Service (PSS), one of the several intelligence services of Palestine, while the other was associated wit …

    • 13 avril 2021Cloud Security Alliance Shares Security Guidance for Crypto-Assets Exchange
      The Cloud Security Alliance (CSA) has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security.   Drafted by CSA’s Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersec …

    • 9 mars 2021Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit
      Join Intel on Wednesday, March 10, at SecurityWeek’s Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel’s experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.   Into the Spotlight: Is Supply Chain Ready for the Magnifying Glass?   Listen in on a …

    • 24 février 2021GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer
      Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO).   Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer (CISO). He arrived at Cisco via its $2.35 billion acquisition of Duo Security in 2018.   “As the largest global network of developers, GitHub is also crucial to supp …

    • 23 février 2021Reddit Names Allison Miller as Chief Information Security Officer (CISO)
      Social news community site Reddit announced on Monday that it has hired Allison Miller as Chief Information Security Officer (CISO) and VP of Trust.  Miller joins Reddit from Bank of America where she most recently served as SVP Technology Strategy & Design, and had been overseeing technology design and engineering delivery for the bank’s information security organization. She previ …

The K-12 Cybersecurity Resource Center

    • 3 mars 2021March 10: K-12 Cybersecurity Leadership Summit
      Join us at the inaugural ‘K-12 Cybersecurity Leadership Summit’ – a free half-day event on leadership issues related to K-12 cybersecurity for school and district leaders, policymakers, K-12 IT practioners, and vendors. Continue reading March 10: K-12 Cybersecurity Leadership Summit at The K-12 Cybersecurity Resource Center. …

    • 11 janvier 2021New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap
      School districts have their own distinct challenges as they strive to protect themselves against digital threats. It only makes sense that they have an ISAC of their own. Now they do. Continue reading New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap at The K-12 Cybersecurity Resource Center. …

    • 16 décembre 2020The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected
      School districts across the US suffer from notoriously poor information security. This is at a time when school district spending on technology is at an all-time high. Why is this? Continue reading The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected at The K-12 Cybersecurity Resource Center. …

    • 10 décembre 2020FBI/CISA/MS-ISAC Warn Schools on Cyber Threats
      A new joint advisory – warning of cyber threats to K-12 schools – was released by the FBI, CISA, and MS-ISAC. Please share widely. Continue reading FBI/CISA/MS-ISAC Warn Schools on Cyber Threats at The K-12 Cybersecurity Resource Center. …

    • 8 décembre 2020K12 SIX Launches 🚀
      K12 SIX is the first and only national, non-profit organization dedicated solely to protecting schools from emerging cybersecurity threats. Continue reading K12 SIX Launches 🚀 at The K-12 Cybersecurity Resource Center. …

Iain Fraser Journalist

InfoSec News
Erreur: Il y a un erreur avec ce flux.

Internet Storm Center | SANS 

Security Gladiators | Internet Security News