Sécurité


Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Hackers | Fabricants | Magazines | Virus / Malware

Schneier

IT Security

    • 8 mai 2018Putting FUD Back in Information Security
      FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […]

    • 16 avril 2018Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix
      A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

    • 1 avril 2018Information Security and the Zero-Sum Game
      A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […]

    • 16 mars 2018Google’s new Gaming Venture: A New Player?
      Google in Gaming – Facts and Speculation In January 2018, game industry veteran Phil Harrison announced that he was joining Google as a Vice President and GM. With Harrison’s long history of involvement with video game companies – having previously worked with Sony and Microsoft’s Xbox division – this immediately prompted speculation and rumours about […]

    • 9 février 2018Bubble Economies and the Sustainability of Mobile Gaming
      Old Bubbles and New Bubbles Gaming is a technology-based market, and tech markets are no strangers to economic bubbles and the effects of them bursting. The market recession of the early 2000s, most commonly known as the Dotcom Crash, is probably the biggest and most influential ‘burst bubble’ of the internet era. The Dotcom Bubble […]

TAO Security

    • 13 avril 2021New Book! The Best of TaoSecurity Blog, Volume 4
       I’ve completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It’s available now for Kindle, and I’m working on the print edition. I’m running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I described the new tit …

    • 1 avril 2021The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO
       What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI’ve been reading Nicole Perlroth’s new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were up …

    • 18 février 2021Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
      PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of …

    • 9 novembre 2020New Book! The Best of TaoSecurity Blog, Volume 3
       Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It’s in the Kindle Store, and if you have an Unlimited account, it’s free. I also published a print edition, which is 485 pages. Book DescriptionThe book features the following description …

    • 31 octobre 2020Security and the One Percent: A Thought Exercise in Estimation and Consequences
      There’s a good chance that if you’re reading this post, you’re the member of an exclusive club. I call it the security one percent, or the security 1% or #securityonepercent on Twitter. This is shorthand for the assortment of people and organizations who have the personnel, processes, technology, and support to implement somewhat robust digital security programs, especially those with the detectio …

Information Security Buzz

    • 14 avril 2021Apple Quietly Updated Some Of Its Top Hardware Due To Security Risks
      As reported in techradar, Apple has apparently deleted the details about the change and created more confusion. “According to reports, Apple made changes to the firmware of some of its… The ISBuzz Post: This Post Apple Quietly Updated Some Of Its Top Hardware Due To Security Risks appeared first on Information Security Buzz. …

    • 14 avril 2021Security Researcher “Chrome 0day” Tweet – Expert Insight
      Security researcher Rajvardhan Agarwal tweeted that he dropped a “chrome 0day,” sharing a proof-of-concept (PoC) in a GitHub repository. Security researcher Rajvardhan Agarwal tweeted that he dropped a “chrome 0day,” sharing a proof-of-concept (PoC)… The ISBuzz Post: This Post Security Researcher “Chrome 0day” Tweet – Expert Insight appeared first on Information Security Bu …

    • 13 avril 2021Iran Nuclear Facility Potential Cyber Attack – What Expert Says
      It’s been reported that Iran’s Natanz nuclear facility was attacked, causing a power failure at the site yesterday. According to Israeli media, the attack is rumored to have been due… The ISBuzz Post: This Post Iran Nuclear Facility Potential Cyber Attack – What Expert Says appeared first on Information Security Buzz. …

    • 13 avril 2021Industry Leaders On Android.Joker Malware
      Following the recent news about the half-million Huawei users downloading applications infected with Joker malware, industry leaders commented below. Following the recent news about the half-million Huawei users downloading applications… The ISBuzz Post: This Post Industry Leaders On Android.Joker Malware appeared first on Information Security Buzz. …

    • 13 avril 2021Expert Reaction On Pulse Secure VPN Users Can’t Login Due To Certificate Related Outage
      Remote workers around the world have been unable to connect to Pulse Secure VPN devices after a code signing certificate used to digitally sign software components expired. Remote workers around… The ISBuzz Post: This Post Expert Reaction On Pulse Secure VPN Users Can’t Login Due To Certificate Related Outage appeared first on Information Security Buzz. …

gHacks

    • 15 avril 2021Firefox Stable gets option to show modified preferences on about:config only
      Mozilla added an option to the about:config page of Firefox Stable that allows users to list only modified preferences. The organization launched the option in Firefox Nightly in February 2021 initially. Firefox’s about:config page can best be described as a treasure trove for users who want to modified browser preferences that are, for the most part, not displayed in the user interface options. T …

    • 14 avril 2021Windows 10's upcoming Device Usage feature is unfortunately not very spectacular
      Microsoft is working on a new feature called Device Usage that it plans to integrate in future versions of the operating system. Device Usage is available in the latest Insider builds for testing. When it was discovered initially by Twitter user Albacore, its scope was not clear immediately. The description revealed some information, that Windows would use the information to create personalized ex …

    • 14 avril 2021Ghacks Deals: The 2021 Complete Microsoft Azure Certification Prep Bundle (just $34.99)
      The 2021 Complete Microsoft Azure Certification Prep Bundle includes six Azure certification courses for just $34.99. Courses are designed for users of all experience levels, and you may access them for lifetime. Here is the full list of courses and certifications that it covers: AZ-104 Azure Administrator Exam Certification 2021 Prove Your AZ-104 Microsoft Azure Administrator Skills to the World …

    • 14 avril 2021Manage your tasks efficiently with Todour, an open source, cross-platform client for Todo.Txt
      While I use SimpleNote for storing long notes, flash cards, etc, I’ve always been a fan of Todo.Txt. It was about the time when Wunderlist was shut down, that I opted for an offline to-do format, this way I don’t have to worry about a service shuttering and I also get more control over the data. The beauty of Todo.Txt is that you can use nearly any text editor to manage the list, and you can sync …

    • 14 avril 2021Vivaldi says no to Google's FLoC as well
      More and more Chromium-based browser makers confirm that they won’t include Google’s FLoC technology in their browsers. DuckDuckGo added FLoC blocking capabilities to its extension recently.  Brave revealed earlier this week that it won’t include FLoC in the browser. Vivaldi Technologies published a new blog post on the official company blog in which it confirmed that the Vivaldi browser won’t sup …

SecurityWeek

    • 16 septembre 2020Box Showcases New Offerings for Remote Working Environment
      The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. read more …

    • 16 septembre 2020U.S. House Passes IoT Cybersecurity Bill
      The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. read more …

    • 16 septembre 2020Nozomi Networks Becomes CVE Numbering Authority
      Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). read more …

    • 16 septembre 2020NSA Publishes Guidance on UEFI Secure Boot Customization
      The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization’s needs. read more …

Help Net Security

    • 15 avril 2021Open source security, license compliance, and maintenance issues are pervasive in every industry
      Synopsys released a report that examines the results of more than 1,500 audits of commercial codebases. The report highlights trends in open source usage within commercial applications and provides insights to help commercial and open source developers better understand the interconnected software ecosystem they are part of. It also details the pervasive risks posed by unmanaged open source, inclu …

    • 15 avril 2021Machine learning-powered cybersecurity depends on good data and experience
      According to IDG’s 2020 Cloud Computing Study, 92% of organizations have at least some sort of cloud footprint in regard to their IT environment. Therefore, traditional cloud security approaches must evolve to keep up with the dynamic infrastructure and challenges that cloud environments present – most notably, the inundation of data insights generated within the cloud. Machine learning-powe …

    • 15 avril 2021The future of touchless visitor management lies with biometrics
      With so many people making their way into an office building on any given day – whether as a prospective job candidate, a vendor with a delivery, or for a client meeting – it is vital that today’s visitor and employee management systems are prepared to keep the grounds safe from unwanted visitors, including COVID-19. When the coronavirus pandemic abruptly made its way into our lives, v …

    • 15 avril 2021Advice for aspiring threat hunters, investigators, and researchers from the old town folk
      There’s a big cohort of security geeks who joined the industry around the turn of the millennium by either landing “infosec” jobs or, quite frequently, just by making infosec their job despite having some other formal job title. I count myself in this group, and we are becoming the old town folk. Many of my closest friends and colleagues have moved from fingers-on-the-keyboard investigators or res …

    • 15 avril 2021The impact of the pandemic on AML compliance and fraud strategies
      New research from FICO highlights the key challenges North American fraud and financial crime teams faced amidst the COVID-19 pandemic. 68 percent of senior executives said that remote working had a major impact on maintaining effective fraud and financial crime prevention functions within their organizations, during the past 12 months. The survey, conducted by independent research firm OMDIA, fou …

Naked Security – Sophos

SearchSecurity

CSO | Security News

    • 14 avril 2021Tips to improve domain password security in Active Directory
      The concept of zero trust is that nothing should be trusted by default. Most of us are trying to work our way to zero trust but are not there yet. Until then, you can take steps to protect your networks better, starting with handling passwords better in your domain. Here are some tips: [ What is two-factor authentication (2FA)? Learn how to enable it and why you should. | Get the latest from CSO b …

    • 13 avril 20216 tips for receiving and responding to third-party security disclosures
      Organizations—especially large companies—often don’t learn about an intrusion or breach of their systems until an external party like a security researcher, law enforcement agency or business partner alerts them to it. The expanding range of attack methods, the growing use of open-source components, and the adoption of cloud services have significantly expanded the attack surface at many organizat …

    • 13 avril 20217 new social engineering tactics threat actors are using now
      It’s been a boom time for social engineering. Pandemic panic, desperation as income concerns grew, and worry over health and wellness made it easier for criminals to tap into fear.Social engineering, of course, means attacking the user rather than the computing system itself, trying to extract information or incite an action that will lead to compromise. It’s as old as lying, with a new name for t …

    • 12 avril 20215 perspectives on modern data analytics
      You can’t navigate business challenges without the right instruments. Done right, analytics initiatives deliver the essential insights you need, as these five articles explore.

    • 12 avril 2021How data poisoning attacks corrupt machine learning models
      Machine learning adoption exploded over the past decade, driven in part by the rise of cloud computing, which has made high performance computing and storage more accessible to all businesses. As vendors integrate machine learning into products across industries, and users rely on the output of its algorithms in their decision making, security experts warn of adversarial attacks designed to abuse …

Graham Cluley

Cybersecurity Insiders

    • 15 avril 2021Under the Hood: Inside (ISC)² Exam Development Cycle
      Clar Rosso, (ISC)² CEO and Casey Marks, Chief Product Officer and VP, (ISC)² recently hosted the latest in our new Inside (ISC)² webinar series, a quarterly series designed to give members a glimpse of the latest developments from inside the association, as well as an opportunity to ask questions. The March 23 session included milestones from the first quarter, as well as a deep dive into (ISC)² …

    • 15 avril 2021Hush – This Data Is Secret
      Is There Ever Too Much Data? As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase “Big Data” was a new, innovative way to gain a business advantage. Now, big data is the norm. When we think of all the data that has been gathered, we must stop and wonder about what is contained in that data. Many important, and often private details …

    • 14 avril 2021What educational institutions need to do to protect themselves from cyber threats
      This blog was written by an independent guest blogger. Educational institutions are reaping the many benefits and new possibilities offered by online learning, but these new methods of educational instruction come with serious cyber security concerns. These institutions are also a prime focus for hackers because they often host a lot of sensitive data about teachers and students.  Furthermore …

    • 14 avril 2021Phishing towards failed trust
      This blog was written by an independent guest blogger. Phishing exercises are an important tool towards promoting security awareness in an organization.  Phishing is effective, simply because it works.  However, any social engineer can devise a marvelously deceptive message with an irresistible link that only the most tech-savvy person would spot as a phishing test.  Sometimes, the …

The CyberWire

IT Security Guru

    • 14 avril 2021Capcom release final update on ransomware attack
      Capcom has released the final update on their investigation into the major ransomware attack they suffered last year. The investigation has found that the attackers accessed the company through an outdated VPN device. Through this avenue, the attackers were able to access the companies network, as well as any compromised devices in the network. The attack took place in November 2020, when Capcom w …

    • 14 avril 2021FBI removed web shells from Exchange Servers without consent
      The FBI has been removing web shells from compromised Microsoft Exchange serves following court authorisation. However, owners of the Microsoft Exchange servers were never informed or able to approve of the FBI’s actions. In February, the hacking group HAFIUM exploited several vulnerabilities in Microsoft Exchange’s servers. The group installed web shells in compromised Exchange server …

    • 13 avril 2021Promising news: users are becoming more savvy to COVID-19 based phishing attacks finds KnowBe4
      KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has revealed the results of its latest 2021 top-clicked phishing report. It found that, despite still seeing a few phishing email attacks related to COVID-19, users are becoming more savvy and alert to these types of scams. Real phishing emails that were reported to IT departments related to s …

    • 13 avril 2021Tim Mackie takes lead channel role for Armis
      Armis®, the agentless device security platform, today announced the appointment of Tim Mackie as the new Worldwide Vice President of Channel. As part of Armis’ commitment to its global channel partner programme and the accelerating demand for businesses to collaborate with it, Mackie has been appointed to lead this high growth function.  Mackie is a well-respected leader within the cybersecurity a …

The Security Ledger

    • 2 avril 2021Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges
      The information security industry needs both better tools to fight adversaries, and more people to do the fighting, says Fortinet Deputy CISO Renee Tarun in this interview with The Security Ledger Podcast’s Paul Roberts. The post Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges appeared first on The…Read the whole entry… » Related StoriesEpisode 2 …

    • 30 mars 2021Critical Flaw Found In Widely Used Netmask Open Source Module
      An IP address parsing flaw in the netmask NPM module affects hundreds of thousands of applications that rely on it. But that may be just the tip of the iceberg, researchers warn. The post Critical Flaw Found In Widely Used Netmask Open Source Module appeared first on The Security Ledger. Related StoriesEpisode 201: Bug Hunting with Sick CodesEpisode 210: Moving The Goal Posts On Vendor Transparenc …

    • 26 mars 2021Episode 208: Getting Serious about Hardware Supply Chains with Goldman Sachs’ Michael Mattioli
      In this week’s Security Ledger Podcast, sponsored by Trusted Computing Group, we’re talking about securing the hardware supply chain. We’re joined by Michael Mattioli, a Vice President at Goldman Sachs who heads up that organization’s hardware supply chain security program. The post Episode 208: Getting Serious about Hardware Supply…Read the whole entry… » Related StoriesEpisode 210 …

    • 19 mars 2021Episode 207: Sarah Tatsis of BlackBerry on finding and Keeping Women in Cyber
      In this week’s episode of the podcast (#207) we speak with Sara Tatsis of the firm Blackberry about her 20 year career at the legendary mobile device maker and the myriad challenges attracting women to- and keeping them in the information security field. The post Episode 207: Sarah Tatsis of BlackBerry on finding and Keeping Women in Cyber…Read the whole entry… » Related StoriesEnco …

GovInfoSecurity.com

    • Senators Push for Changes in Wake of SolarWinds Attack
      Intelligence Hearing Focuses on Need for Federal Breach Notification Law, Fixing ‘Blind Spots’The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requiring prompt breach notification, several senators said at a Wednesday hearing. …

    • Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands
      Updated Report From IBM Provides New DetailsCybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine « cold chain » in an attempt to steal credentials so they can gain « privileged insight » into sensitive information, the IBM Security X-Force says in an updated report. …

    • Sweden: Russians Behind Sports Confederation Hack
      But Nation Won’t Pursue Legal Action in the CaseThe Russian state-sponsored group Fancy Bear was responsible for breaches at the Swedish Sports Confederation that resulted in hackers accessing sensitive athlete information, including doping test results, according to the Swedish Prosecution Authority. But Sweden will not pursue legal action in the case. …

    • Defining Synthetic ID Fraud: How It Helps With Mitigation
      Fed Releases a Definition That Could Make It Easier to Identify Red FlagsNow that the Federal Reserve has issued a definition for synthetic ID fraud, fraud-fighting efforts likely will improve because it will be easier to identify red flags, some security experts say. …

Infosec Island 

    • 13 avril 2021Cloud Security Alliance Shares Security Guidance for Crypto-Assets Exchange
      The Cloud Security Alliance (CSA) has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security.   Drafted by CSA’s Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersec …

    • 9 mars 2021Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit
      Join Intel on Wednesday, March 10, at SecurityWeek’s Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel’s experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.   Into the Spotlight: Is Supply Chain Ready for the Magnifying Glass?   Listen in on a …

    • 24 février 2021GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer
      Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO).   Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer (CISO). He arrived at Cisco via its $2.35 billion acquisition of Duo Security in 2018.   “As the largest global network of developers, GitHub is also crucial to supp …

    • 23 février 2021Reddit Names Allison Miller as Chief Information Security Officer (CISO)
      Social news community site Reddit announced on Monday that it has hired Allison Miller as Chief Information Security Officer (CISO) and VP of Trust.  Miller joins Reddit from Bank of America where she most recently served as SVP Technology Strategy & Design, and had been overseeing technology design and engineering delivery for the bank’s information security organization. She previ …

    • 19 janvier 2021SecurityWeek Names Ryan Naraine as Editor-at-Large
      SecurityWeek has named Ryan Naraine as Editor-at-Large, adding a veteran cybersecurity journalist and podcaster to its editorial team. Naraine joins SecurityWeek from Intel Corp., where he most recently served as Director of Security Strategy and leader of the chipmaker’s security community engagement initiatives. Prior to Intel, he managed Kaspersky’s Global Research and Analysis Team …

The K-12 Cybersecurity Resource Center

    • 3 mars 2021March 10: K-12 Cybersecurity Leadership Summit
      Join us at the inaugural ‘K-12 Cybersecurity Leadership Summit’ – a free half-day event on leadership issues related to K-12 cybersecurity for school and district leaders, policymakers, K-12 IT practioners, and vendors. Continue reading March 10: K-12 Cybersecurity Leadership Summit at The K-12 Cybersecurity Resource Center. …

    • 11 janvier 2021New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap
      School districts have their own distinct challenges as they strive to protect themselves against digital threats. It only makes sense that they have an ISAC of their own. Now they do. Continue reading New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap at The K-12 Cybersecurity Resource Center. …

    • 16 décembre 2020The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected
      School districts across the US suffer from notoriously poor information security. This is at a time when school district spending on technology is at an all-time high. Why is this? Continue reading The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected at The K-12 Cybersecurity Resource Center. …

    • 10 décembre 2020FBI/CISA/MS-ISAC Warn Schools on Cyber Threats
      A new joint advisory – warning of cyber threats to K-12 schools – was released by the FBI, CISA, and MS-ISAC. Please share widely. Continue reading FBI/CISA/MS-ISAC Warn Schools on Cyber Threats at The K-12 Cybersecurity Resource Center. …

    • 8 décembre 2020K12 SIX Launches 🚀
      K12 SIX is the first and only national, non-profit organization dedicated solely to protecting schools from emerging cybersecurity threats. Continue reading K12 SIX Launches 🚀 at The K-12 Cybersecurity Resource Center. …

Iain Fraser Journalist

InfoSec News
Erreur: Il y a un erreur avec ce flux.

Internet Storm Center | SANS 

Security Gladiators | Internet Security News