Sécurité


Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Hackers | Fabricants | Magazines | Virus / Malware

Schneier

IT Security
Erreur: Il y a un erreur avec ce flux.

TAO Security

    • 10 août 2022The Humble Hub
       Over the weekend I organized some old computing equipment. I found this beauty in one of my boxes. It’s a Netgear EN104TP hub. I’ve mentioned this device before, in this blog and my books. This sort of device was the last of the true hubs. In an age where cables seem reserved for data centers or industrial facilities, and wireless rules the home and office, this hub is a relic of days gone p …

    • 29 juillet 2021Zeek in Action Videos
      This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project. Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on. I am especially pleased with Video 6 on monitoring wireless netw …

    • 13 avril 2021New Book! The Best of TaoSecurity Blog, Volume 4
       I’ve completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It’s available now for Kindle, and I’m working on the print edition. I’m running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I described the new tit …

    • 1 avril 2021The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO
       What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI’ve been reading Nicole Perlroth’s new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were up …

    • 18 février 2021Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
      PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of …

Information Security Buzz
Erreur: Il y a un erreur avec ce flux.

gHacks
Erreur: Il y a un erreur avec ce flux.

SecurityWeek

    • 16 septembre 2020Box Showcases New Offerings for Remote Working Environment
      The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. read more …

    • 16 septembre 2020U.S. House Passes IoT Cybersecurity Bill
      The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. read more …

    • 16 septembre 2020Nozomi Networks Becomes CVE Numbering Authority
      Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). read more …

    • 16 septembre 2020NSA Publishes Guidance on UEFI Secure Boot Customization
      The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization’s needs. read more …

Help Net Security

    • 26 septembre 2022To encrypt or to destroy? Ransomware affiliates plan to try the latter
      Ransomware gangs are planning on trying out a new tactic, and it involves the destruction of the victims’ data. Targeting the data Researchers from Symantec, Cyderes and Stairwell have recently analyzed a new version of the Exmatter data exfiltration tool and have spotted a new capability: data corruption. Used in conjunction with multi-platform ALPHV (aka BlackCat, aka Noberus) ransomware, …

    • 26 septembre 2022RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
      Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled. If this news triggers a feeling of déjà vu, there’s a good reason: earlier this year, another zero-day (CVE-2022-1040) in the same component was leveraged by attackers against “a …

    • 26 septembre 20223 ways to gauge your company’s preparedness to recover from data loss
      Use these three questions to assess your company’s preparedness to retrieve lost data. 1. Do you have backups of your data? This fundamental question is the basis of your reaction and remediation strategy. Without a backup, data loss is inevitable. Where you store your data backup is nearly as important as creating copies in the first place. Storing your data in the cloud does not mean it is …

    • 26 septembre 2022How the CIO’s relationship to IT security is changing
      In this Help Net Security video, Joe Leonard, CTO at GuidePoint Security, illustrates how the role of the CIO is changing as cybersecurity priorities and responsibilities are creeping into the job description. Globally, CIOs find it most difficult to solve challenges related to data privacy/security (66%) and cybersecurity/ransomware (66%), according to a global research study from Lenovo. From ze …

    • 26 septembre 2022Introducing the book: Project Zero Trust
      In this Help Net Security video interview, George Finney, CSO at Southern Methodist University, talks about his latest book – “Project Zero Trust: A Story about a Strategy for Aligning Security and the Business“. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company’s new IT Security Director. Readers will …

Naked Security – Sophos

SearchSecurity

CSO | Security News

Graham Cluley

Cybersecurity Insiders

    • 26 septembre 2022How to Close the Cybersecurity Skills Gap in Your Business
      Staffing shortages in some industries have worsened since the COVID-19 pandemic began wreaking havoc in 2020, especially in cybersecurity. Cyberattacks have increased in many sectors, primarily targeting education and healthcare. What can employers do for their businesses with attacks rising alongside the widening cybersecurity skills gap? What Is the Cybersecurity Skills Gap? The cybersecurity sk …

    • 26 septembre 2022Guide to the best data privacy certifications for 2022
      This blog was written by an independent guest blogger. According to research by Statista, over 80% of internet users in the US fear that their personal information is vulnerable to hackers. Data privacy defines how organizations and other entities collect data on other individuals, how they process it, for what purposes they collect and process it, how long they keep it, and how they protect it, t …

    • 26 septembre 2022How to unite security and compliance in 5 simple ways
      This blog was written by an independent guest blogger. We have entered the era of data compliance laws, but regulations have not quite caught up to the level of risk that most organizations are exposed to. Uniting security and compliance is crucial to maintaining regulation standards and ensuring a secure environment for your business.  Digital transformation and the rollout of new digital to …

    • 26 septembre 2022Onfido Named an Identity Verification Leader on G2
      SAN FRANCISCO & LONDON–(BUSINESS WIRE)–Onfido, the global provider of automated identity verification and authentication solutions, today announced G2.com users have ranked the company as a top leader in identity verification software for G2.com’s Fall 2022 Report. In addition to its top ranking, Onfido has also been awarded the identity verification solution with the ‘Highes …

The CyberWire
Erreur: Il y a un erreur avec ce flux.

IT Security Guru

    • 26 septembre 2022Collaboration in Cyber Security is the Key to Combatting the Growing Cyber Threat. Here’s Why
      Cyber security has never been so important and in a post-pandemic world it is more important than ever. According to a recent report by Kaspersky, the number of the number of Trojan-PSW (Password Stealing Ware) detections increased by almost a quarter globally – 4,003,323 in 2022 compared to 3,029,903 in 2021. In addition, internet attacks also grew from 32,500,00 globally in 2021 to almost …

    • 26 septembre 2022Teen Hacker Arrested For Uber and GTA 6 Breaches
      Towards the end of last week, the City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. “On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking,” the agency said, adding “he remains in police custody.” A statement from the d …

    • 26 septembre 2022Ukrainian Authorities Arrests Cybercrime Group for Selling Data of 30 Million Accounts
      On Friday last week, Ukrainian law enforcement authorities disclosed that it had “neutralized” a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. Reports show that the group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million …

    • 23 septembre 2022Android Banking Users Targeted With Fake Rewards Phishing Scam
      Earlier today reports of an SMS-based phishing campaign were announced, targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. According to the Microsoft 365 Defender Research Team, the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. “The malwar …

    • 23 septembre 2022Twitter Password Reset Bug Uncovered User Accounts
      Yesterday Twitter announced that they had remediated an issue that allowed accounts to stay logged in across multiple devices even after a voluntary password reset. In an update earlier this week, the social media company explained that the bug meant users who proactively changed their passwords on one device may have still been able to access open sessions on other screens. It is important to not …

The Security Ledger

    • 14 septembre 2022Episode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPass
      Paul talks with Chris Hoff the Chief Secure Technology Officer at LastPass about the CSTO role and the security implications of “software eating the world.” The post Episode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPass appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 241: If Its Smart, Its Vulnerable a Conver …

    • 5 septembre 2022Episode 242: Hacking the Farm (and John Deere) with Sick Codes
      In our latest podcast, Paul caught up with Sick Codes (@sickcodes) to talk about his now-legendary presentation at the DEF CON Conference in Las Vegas, in which he demonstrated a hack that ran the Doom first person shooter on a John Deere 4240 touch-screen monitor. The post Episode 242: Hacking the Farm (and John Deere) with Sick Codes appeared…Read the whole entry… » Click the icon …

    • 18 août 2022Episode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen
      We speak with Mikko Hyppönen on the sidelines of the DEF CON Conference in Las Vegas to talk about his new book, “If its Smart it Vulnerable. » The post Episode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 241: If Its Smart, Its Vulnerable a Conversation wit Mik …

    • 15 août 2022UPDATE DEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, Competition
      A researcher presented the results of a year-long effort to reverse engineer John Deere hardware to run a version of the DOOM first person shooter. He also discovered a number of security flaws along the way. The post UPDATE DEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, Competition appeared first on The Security Ledger with…Read the whole entry… » Related Storie …

    • 25 juillet 2022Episode 240: As Stakes Grow, Cyber Policy Needs to “Shift Right”?
      In this episode of the podcast (#240) Lauren Zabierek, the Executive Director for the Cyber Project at the Belfer Center at Harvard’s Kennedy School joins us to talk about the need for a re-think of national cybersecurity preparedness, as major hacks like the attack on Colonial Pipeline put the focus on resilience and public safety. The post …Read the whole entry… » Click the icon b …

GovInfoSecurity.com

    • Assessing Growing Cyberthreats to Africa's Financial Sector
      Rob Dartnall of Security Alliance Shares Insights on Current and Emerging TrendsFinancial services firms in Africa are becoming bigger cyber targets as they expand into new mobile payment and financial inclusion products. Rob Dartnall of Security Alliance explains why these firms need to invest in information sharing, training and new cybersecurity practices to avoid breaches. …

    • Optus Under $1 Million Extortion Threat in Data Breach
      Also: Optus Attacker Says Unauthenticated API Endpoint Led to BreachAustralia’s Optus telco is facing a $1 million extortion demand to prevent the release of up to 11.2 million sensitive customer records. The data appears to be legitimate. The attacker tells Information Security Media Group an unauthenticated API led to the breach. …

    • Metador Threat Group Targets Telcos, ISPs and Universities
      Adversaries Provide Long-Term, Redundant Access Into NetworksResearchers uncovered a never-before-seen advanced threat actor dubbed Metador targeting telecommunications, internet service providers and universities in several countries in the Middle East and Africa for cyberespionage. They found two different Windows-based malware platforms. …

    • HHS HC3 Warns Health Sector of Monkeypox Phishing Schemes
      Hackers Seeking to Harvest Credentials, Commit Business Email Compromise ScamsScammers are taking advantage of the monkeypox virus outbreak to launch phishing campaigns targeting healthcare providers and public health organizations to harvest credentials, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center says. …

Infosec Island 
Erreur: Il y a un erreur avec ce flux.

The K-12 Cybersecurity Resource Center

    • 1 juillet 2022How to Get a Handle on Patch Management
      Patch management advice misses the mark when it assumes IT capacity that simply doesn’t exist in most school districts. Continue reading How to Get a Handle on Patch Management at The K-12 Cybersecurity Resource Center. …

    • 1 juillet 2022Deploying MFA for Staff in a K-12 Environment
      Insights into how a large large district deployed MFA (multifactor authentication) to all staff. Continue reading Deploying MFA for Staff in a K-12 Environment at The K-12 Cybersecurity Resource Center. …

    • 17 décembre 2021K12 SIX Releases K12-Specific Log4j Collaboration Resource
      The K12 Security Information Exchange (K12 SIX) is crowdsourcing the Log4j vulnerability status of commonly used K12 software. Continue reading K12 SIX Releases K12-Specific Log4j Collaboration Resource at The K-12 Cybersecurity Resource Center. …

    • 19 août 2021National Cybersecurity Standards for School Districts
      K12 SIX has released the first in a series of guidance and best practice resources designed to establish baseline cybersecurity standards for school districts. Continue reading National Cybersecurity Standards for School Districts at The K-12 Cybersecurity Resource Center. …

Iain Fraser Journalist

InfoSec News
Erreur: Il y a un erreur avec ce flux.

Internet Storm Center | SANS 
Erreur: Il y a un erreur avec ce flux.

Security Gladiators | Internet Security News
Aucun contenu.