Sécurité


Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Hackers | Fabricants | Magazines | Virus / Malware

Schneier

IT Security

    • 8 mai 2018Putting FUD Back in Information Security
      FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […]

    • 16 avril 2018Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix
      A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

    • 1 avril 2018Information Security and the Zero-Sum Game
      A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […]

    • 16 mars 2018Google’s new Gaming Venture: A New Player?
      Google in Gaming – Facts and Speculation In January 2018, game industry veteran Phil Harrison announced that he was joining Google as a Vice President and GM. With Harrison’s long history of involvement with video game companies – having previously worked with Sony and Microsoft’s Xbox division – this immediately prompted speculation and rumours about […]

    • 9 février 2018Bubble Economies and the Sustainability of Mobile Gaming
      Old Bubbles and New Bubbles Gaming is a technology-based market, and tech markets are no strangers to economic bubbles and the effects of them bursting. The market recession of the early 2000s, most commonly known as the Dotcom Crash, is probably the biggest and most influential ‘burst bubble’ of the internet era. The Dotcom Bubble […]

TAO Security

    • 13 avril 2021New Book! The Best of TaoSecurity Blog, Volume 4
       I’ve completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It’s available now for Kindle, and I’m working on the print edition. I’m running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I described the new tit …

    • 1 avril 2021The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO
       What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI’ve been reading Nicole Perlroth’s new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were up …

    • 18 février 2021Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
      PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of …

    • 9 novembre 2020New Book! The Best of TaoSecurity Blog, Volume 3
       Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It’s in the Kindle Store, and if you have an Unlimited account, it’s free. I also published a print edition, which is 485 pages. Book DescriptionThe book features the following description …

    • 31 octobre 2020Security and the One Percent: A Thought Exercise in Estimation and Consequences
      There’s a good chance that if you’re reading this post, you’re the member of an exclusive club. I call it the security one percent, or the security 1% or #securityonepercent on Twitter. This is shorthand for the assortment of people and organizations who have the personnel, processes, technology, and support to implement somewhat robust digital security programs, especially those with the detectio …

Information Security Buzz

    • 15 juin 2021Expert Reacted On Research That Third Of Workers Have Picked Up Bad Security Behaviours
      Tessian have released a major new report revealing that over one-third of workers have picked up bad cybersecurity behaviours since working from home. The report, which analyses ‘Back to Work’… The ISBuzz Post: This Post Expert Reacted On Research That Third Of Workers Have Picked Up Bad Security Behaviours appeared first on Information Security Buzz. …

    • 15 juin 2021So Just What Is Cloud-based Access Management?
      The increasingly distributed nature of corporate IT networks poses problems for legacy on-premises access management and authentication. With users accessing cloud-based applications and other corporate resources from multiple device types… The ISBuzz Post: This Post So Just What Is Cloud-based Access Management? appeared first on Information Security Buzz. …

    • 15 juin 2021Should Police To Be Given Powers Over Passwords, Expert Weighs In
      BACKGROUND: In recent news, Irish police will have the power to compel people to provide passwords for electronic devices when carrying out a search warrant under new legislation. Should police… The ISBuzz Post: This Post Should Police To Be Given Powers Over Passwords, Expert Weighs In appeared first on Information Security Buzz. …

    • 15 juin 2021Expert Commentary – GCHQ Cybersecurity Boss Sounds Alarm Over Extortion By Hackers
      This morning a news story broke on the topic of how ransomware is now representing the biggest threat to online security for most people and businesses in the UK. Lindy Cameron,… The ISBuzz Post: This Post Expert Commentary – GCHQ Cybersecurity Boss Sounds Alarm Over Extortion By Hackers appeared first on Information Security Buzz. …

gHacks

    • 15 juin 2021Ghacks Deals: PureVPN for 70% off
      HongKong-based VPN provider PureVPN has been in the business since 2007, a very long time for a VPN service. It operates more than 6500 servers in over 140 countries and supports a wide range of features and support for all major desktop and mobile operating systems. The providers no-logging claims have been validated in a third-party audit. PureVPN supports a large range of interesting features, …

    • 15 juin 2021New Windows 10 bug: News and Interests button may have blurry text
      Microsoft confirmed that the News and Interests button may be blurry on some devices on the Windows taskbar. The company added a new known issue to the health dashboard of the recently released Windows 10 version 21H1 operating system version. News and Interest is a controversial feature that was introduced recently, and appears to be rolled out still to all users of Windows 10 versions 2004, 20H2 …

    • 15 juin 2021Google launches the "New Gmail" for everyone: here is how you enable or disable it
      Last year, Google revealed plans to turn Gmail, the company’s popular email service, into a communication and work powerhouse by introducing chat, video calls and Google Docs functionality. Today’s announcement on the official The Keyword website marks the launch of the new Gmail. Google made the decision to keep it disabled for the majority of users in the beginning. If you have not been selected …

    • 15 juin 2021DeadHash is an open-source file hashing utility for Windows and Linux
      Do you use a file hashing program? It can be useful to check the integrity of files that you’ve downloaded from the internet, or to verify the integrity of backed up files. I use it whenever possible to avoid broken or corrupted downloads, though this isn’t always possible, as it depends on the availability of the file hash. Not every developer provides one. DeadHash comes in an optional portable …

    • 14 juin 2021WinRAR 6.02 update includes security improvements
      WinRAR is a popular commercial archive creation and extraction program, best known for supporting the RAR archive format. WinRAR 6.02 was released earlier today and is available for download on the official website already. The update introduces important security improvements as well as other non-security related improvements and bug fixes. A click on Help > About WinRAR displays the installed …

SecurityWeek

    • 16 septembre 2020Box Showcases New Offerings for Remote Working Environment
      The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. read more …

    • 16 septembre 2020U.S. House Passes IoT Cybersecurity Bill
      The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. read more …

    • 16 septembre 2020Nozomi Networks Becomes CVE Numbering Authority
      Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). read more …

    • 16 septembre 2020NSA Publishes Guidance on UEFI Secure Boot Customization
      The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization’s needs. read more …

Help Net Security

    • 15 juin 2021Cyber criminals are targeting digital artists
      Cyber criminals looking for a quick payout and valuables are targeting digital artists using NFTs (non-fungible tokens), warns security researcher Bart Blaze. The attackers are taking advantage of the artists’ desire to work and earn money to trick them into downloading information-stealing malware that will help them raid their crypto wallets and break into their various online accounts (em …

    • 15 juin 2021How do I select an ITSM solution for my business?
      An IT service management (ITSM) solution guarantees that IT processes and services are combined with the business goals of an organization, thus helping it thrive. To select a suitable ITSM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic. Simon Geddes, Senior Director of Product Management, I …

    • 15 juin 2021To identify cybersecurity vendor sustainability, start with the fundamentals
      With $3.7 billion raised in cybersecurity funding so far this year, 2021 is on track to overcome last year’s record $7.8 billion total. Many of these companies have very high valuations – and to some experts that sounds like a bubble. As damage from hacking to businesses and individuals gets worse each year and as new threats emerge, new technologies are being developed to protect organizati …

    • 15 juin 2021Why XSS is still an XXL issue in 2021
      Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a significant infosec problem, XSS attacks have remained a constant of the OWASP Top 10 Web Application Security Risks year after year and still make headlines. In fact, earlier this year researchers uncovered a severe XSS vul …

    • 15 juin 2021VPN attacks up nearly 2000% as companies embrace a hybrid workplace
      Nuspire released a report which outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from Recorded Future. “As companies return to a hybrid workplace, it’s crucial that they are aware of the evolving threat landscape,” said Craig Robinson, Program Director, Security Services at IDC. “The data highlighted in this threat report by Nuspire and Reco …

Naked Security – Sophos

SearchSecurity

CSO | Security News

    • 15 juin 2021Thousands of publicly accessible VMware vCenter Servers vulnerable to critical flaws
      Three weeks after releasing patches for a critical vulnerability in VMware vCenter, thousands of servers that are reachable from the internet remain vulnerable to attacks. VMware vCenter is used by enterprises to manage virtual machines, the VMware vSphere cloud virtualization solution, ESXi hypervisors, and other virtualized infrastructure components.[ Learn 12 tips for effectively presenting cyb …

    • 15 juin 2021Unique TTPs link Hades ransomware to new threat group
      Researchers claim to have discovered the identity of the operators of Hades ransomware, exposing the distinctive tactics, techniques, and procedures (TTPs) they employ in their attacks. Hades ransomware first appeared in December 2020 following attacks on a number of organizations, but to date there has been limited information regarding the perpetrators. [ Learn how recent ransomware attacks defi …

    • 15 juin 2021Security firm COO indicted for allegedly aiding hospital's attackers: What CSOs should know
      No one expects trust to be broken when they engage trusted individuals and companies to safeguard that which requires security, such as protected health information (PHI) and personally identifiable information (PII). Yet that is what happened to Gwinnett Medical Center (GMC) and its Lawrenceville and Duluth, Georgia, hospitals when Vikas Singla, chief operating officer of Securolytics, allegedly …

    • 15 juin 2021Best new Windows 10 security features: Improvements to Intune, Windows Defender Application Guard
      With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features.[ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by s …

    • 14 juin 2021The great cloud computing surge
      Driven in part by the pandemic, cloud computing adoption has reached new heights. These five articles take a close look at the implications.

Graham Cluley

    • 14 juin 2021Ransomware is the biggest threat, says GCHQ cybersecurity chief
      The head of the UK’s National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. And says ransomware gangs « are often enabled and facilitated by states acting with impunity. » Read more in my article on the Tripwire State of Security blog.

    • 11 juin 2021Smashing Security podcast #231: Sexy snaps and encrypted chat traps
      Criminals are caught in a encrypted chat trap, should you trust Apple’s repair team with your sexy snaps, and do you think the FBI should be able to tell who has been reading the USA Today website? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by … Continue reading « Smashing Security podcast #231: Sexy snaps and e …

Cybersecurity Insiders

    • 15 juin 2021Palo Alto Networks teams with AT&T to deliver managed SASE
      Remote workforces accessing applications and data that are located anywhere is the “new normal.” Across the globe, organizations of all sizes are struggling to modernize their infrastructures to accommodate this new reality while accelerating their digital transformation initiatives. As a result, today’s overly fragmented environments and markets make this transformation complica …

    • 15 juin 2021An Inside Look at Cloud Security from Industry Experts
      Today’s cybersecurity skills shortage is threatening safe cloud adoption – and cloud security is the No. 1 area most impacted by the shortfall. To help fill the gaps, more professionals are expanding their cloud expertise. Join two cybersecurity specialists as they share their journeys to a mastery of cloud security and how it benefited their careers. READ THEIR STORIES IN THE ARTICLE The post An …

    • 15 juin 2021What’s Your Fail-Safe Posture? Before You Learn How to Fly, Learn How to Fall
      Way back in 1975, two members of the Institute of Electrical and Electronics Engineers (IEEE) authored a report about how to protect computer systems. One of the recommendations in the report by Saltzer and Schroeder, “The Protection of Information in Computer Systems”, was to include “Fail-safe defaults”. If you work in any area of information security, it is time to consider what failing safely …

    • 15 juin 2021Serious vulnerability discovered on Microsoft Teams
      A research carried out by Tenable has discovered a serious vulnerability on Microsoft Teams app that could help hackers take control of user accounts, thus giving them access to their chat history, files on One-drive Business Storage and can offer them the privilege of sending emails on behalf of the victimized account holder.   As most of the administrative activities are taking place on a virtua …

The CyberWire

IT Security Guru

    • 15 juin 2021AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks
      AT&T Cybersecurity has today announced that its new Secure Access Service Edge (SASE) offering now includes Palo Alto Networks. AT&T SASE is an integrated solution that combines Palo Alto Networks software-defined wide area networking (SD-WAN) technology, security capabilities and fiber-based network connectivity in a completely managed solution.    The comprehensive solution, with experti …

    • 15 juin 2021CyberSmart Disrupts SME Cybersecurity with $10 million Series A Funding
      CyberSmart has today announced the completion of a successful over-subscribed Series A funding round, bringing the total raised to over $10 million. Alongside deeptech fund IQ Capital and with the additional support of InsurTech specialist, Eos Venture Partners, and data science focused Winton Ventures, CyberSmart is set to further disrupt the cybersecurity market. The funding will be used to enha …

    • 11 juin 2021One Identity Strengthens Executive Team
      One Identity, the identity-centric security company, today announced the appointment of four executives that bring a wealth of software-as-a-service (SaaS) expertise to the organisation. The appointment of Rima Pawar as Vice President of Product Management, Joe Garber as Vice President of Marketing, Teri Robb as Vice President of North American Sales and Chris Wood as Vice President of Sales for O …

    • 10 juin 2021European Cybersecurity Blogger Awards 2021– Winners Announced!
      Yet another year has passed, and so too has another evening celebrating the industry’s best bloggers, podcasters, and social media personalities! Unfortunately, we’ve had to skip the pub again and opt for a virtual awards ceremony but as usual, we remain consistent with the alcohol supply. Thanks to our sponsors Qualys and KnowBe4, cocktail kits were delivered for free to all attendees based in th …

The Security Ledger

    • 10 juin 2021Episode 216: Signed, Sealed and Delivered: The Future of Supply Chain Security
      In this episode of the podcast (#216) we talk with Brian Trzupek, Digicert’s Vice President of Product, about the growing urgency of securing software supply chains, and how digital code signing can help prevent compromises like the recent hack of the firm SolarWinds. The post Episode 216: Signed, Sealed and Delivered: The Future of Supply Chain…Read the whole entry… » Related Stori …

    • 7 juin 2021What SolarWinds Tells Us About Securing the Software Development Supply Chain
      The recent SolarWinds attack highlights an Achilles heel for enterprises: software updates for critical enterprise applications. Digital signing of code is one solution, but organizations need to modernize their code signing processes to prioritize security and integrity and align with DevOps best practices, writes Brian Trzupek the Senior Vice…Read the whole entry… » Related Storie …

    • 1 juin 2021Episode 215-2: Leave the Gun, Take the McFlurry
      In part II of our interview with Jeremy O’Sullivan of the IoT startup Kytch. We hear about how what Kytch revealed about Taylor’s soft ice cream hardware put him at odds with the company and its long-time partner: McDonald’s. The post Episode 215-2: Leave the Gun, Take the McFlurry appeared first on The Security Ledger with Paul F. Roberts. Related StoriesEpisode 215-1: Jeremy O’Sullivan of …

    • 27 mai 2021The SOC Hop Needs to be a Relic of the Past
      Overworked, understaffed teams constantly jumping from one fire to the next – exhausted and reactive to events and alerts. The “SOC hop” is not sustainable. The post The SOC Hop Needs to be a Relic of the Past appeared first on The Security Ledger with Paul F. Roberts. Related StoriesWhat SolarWinds Tells Us About Securing the Software Development Supply ChainFutility or Fruition?Rethinking Common …

    • 25 mai 2021Episode 215-1: Jeremy O’Sullivan of Kytch On The Tech Serving McDonald’s Ice Cream Monopoly
      Jeremy O’Sullivan, co-founder of the IoT analytics company, Kytch brings us the cautionary tale of his company’s travails with the commercial ice cream machine manufacturer, Taylor, whose equipment is used by the likes of Burger King and McDonalds. The post Episode 215-1: Jeremy O’Sullivan of Kytch On The Tech Serving McDonald’s Ice Cream…Read the whole entry… » Related StoriesEpiso …

GovInfoSecurity.com

    • CISA: Defibrillator Dashboard Security Flaws Pose Risk
      Agency Warns That Attackers Could Exploit Vulnerabilities, Gain Device Management ControlA half-dozen security vulnerabilities recently identified in older versions of the Zoll Defibrillator Dashboard could allow an attacker to take remote control of device management, including executing arbitrary commands, as well as gain access to sensitive information and credentials, CISA warns. …

    • NATO Endorses Cybersecurity Defense Policy
      Agreement Comes in Advance of Biden Meeting With Putin on WednesdayThe U.S. and its NATO allies endorsed a new cybersecurity defense policy during President Biden’s visit this week with member states in Brussels. The policy agreement comes as Biden prepares to meet Russian President Vladimir Putin on Wednesday to discuss cybersecurity and other issues. …

    • The Best of Virtual RSA Conference 2021
      A Guide to ISMG’s Video Interviews With Thought LeadersWith the RSA Conference virtual this year, ISMG replaced its two live on-site studios with a suite of home studios and produced a diverse group of interviews on timely topics with thought leaders who will be solving cybersecurity’s most urgent problems. …

    • Volkswagen, Audi Notify 3.3 Million of Data Breach
      Data Was Left Unsecured by Unidentified Marketing Services CompanyVolkswagen and its Audi subsidiary are notifying 3.3 million people in the U.S and Canada of a breach of personal information by a marketing services supplier. Volkswagen says 90,000 of those affected may have also had their driver’s license number, loan data and other personal information exposed. …

Infosec Island 

    • 26 mai 2021Five Practical Steps to Implementing a Zero-Trust Network
      While the concept of Zero Trust was created 10 years ago, the events of 2020 thrust it to the top of enterprise security agendas. The COVID-19 pandemic has driven mass remote working, which means that organizations’ traditional perimeter-based security models were broken up, in many cases literally overnight. For the foreseeable future, an organization's network is no longer a single thi …

    • 21 avril 2021Facebook Shuts Down Two Hacking Groups in Palestine
      Social media giant Facebook today announced that it took action against two groups of hackers originating from Palestine that abused its infrastructure for malware distribution and account compromise across the Internet.  One of the dismantled networks was linked to the Preventive Security Service (PSS), one of the several intelligence services of Palestine, while the other was associated wit …

    • 13 avril 2021Cloud Security Alliance Shares Security Guidance for Crypto-Assets Exchange
      The Cloud Security Alliance (CSA) has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security.   Drafted by CSA’s Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersec …

    • 9 mars 2021Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit
      Join Intel on Wednesday, March 10, at SecurityWeek’s Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel’s experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.   Into the Spotlight: Is Supply Chain Ready for the Magnifying Glass?   Listen in on a …

    • 24 février 2021GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer
      Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO).   Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer (CISO). He arrived at Cisco via its $2.35 billion acquisition of Duo Security in 2018.   “As the largest global network of developers, GitHub is also crucial to supp …

The K-12 Cybersecurity Resource Center

    • 3 mars 2021March 10: K-12 Cybersecurity Leadership Summit
      Join us at the inaugural ‘K-12 Cybersecurity Leadership Summit’ – a free half-day event on leadership issues related to K-12 cybersecurity for school and district leaders, policymakers, K-12 IT practioners, and vendors. Continue reading March 10: K-12 Cybersecurity Leadership Summit at The K-12 Cybersecurity Resource Center. …

    • 11 janvier 2021New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap
      School districts have their own distinct challenges as they strive to protect themselves against digital threats. It only makes sense that they have an ISAC of their own. Now they do. Continue reading New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap at The K-12 Cybersecurity Resource Center. …

    • 16 décembre 2020The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected
      School districts across the US suffer from notoriously poor information security. This is at a time when school district spending on technology is at an all-time high. Why is this? Continue reading The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected at The K-12 Cybersecurity Resource Center. …

    • 10 décembre 2020FBI/CISA/MS-ISAC Warn Schools on Cyber Threats
      A new joint advisory – warning of cyber threats to K-12 schools – was released by the FBI, CISA, and MS-ISAC. Please share widely. Continue reading FBI/CISA/MS-ISAC Warn Schools on Cyber Threats at The K-12 Cybersecurity Resource Center. …

Iain Fraser Journalist

InfoSec News
Erreur: Il y a un erreur avec ce flux.

Internet Storm Center | SANS 

Security Gladiators | Internet Security News