Sécurité


Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Hackers | Fabricants | Magazines | Virus / Malware

Schneier

IT Security

    • 8 mai 2018Putting FUD Back in Information Security
      FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […]

    • 16 avril 2018Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix
      A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

    • 1 avril 2018Information Security and the Zero-Sum Game
      A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […]

    • 16 mars 2018Google’s new Gaming Venture: A New Player?
      Google in Gaming – Facts and Speculation In January 2018, game industry veteran Phil Harrison announced that he was joining Google as a Vice President and GM. With Harrison’s long history of involvement with video game companies – having previously worked with Sony and Microsoft’s Xbox division – this immediately prompted speculation and rumours about […]

    • 9 février 2018Bubble Economies and the Sustainability of Mobile Gaming
      Old Bubbles and New Bubbles Gaming is a technology-based market, and tech markets are no strangers to economic bubbles and the effects of them bursting. The market recession of the early 2000s, most commonly known as the Dotcom Crash, is probably the biggest and most influential ‘burst bubble’ of the internet era. The Dotcom Bubble […]

TAO Security

    • 29 juillet 2021Zeek in Action Videos
      This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project. Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on. I am especially pleased with Video 6 on monitoring wireless netw …

    • 13 avril 2021New Book! The Best of TaoSecurity Blog, Volume 4
       I’ve completed the TaoSecurity Blog book series.The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It’s available now for Kindle, and I’m working on the print edition. I’m running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up.I described the new tit …

    • 1 avril 2021The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO
       What are the origins of the names TaoSecurity and the unit formerly known as TAO? IntroductionI’ve been reading Nicole Perlroth’s new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were up …

    • 18 février 2021Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem
      PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of …

    • 9 novembre 2020New Book! The Best of TaoSecurity Blog, Volume 3
       Introduction I published a new book!The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It’s in the Kindle Store, and if you have an Unlimited account, it’s free. I also published a print edition, which is 485 pages. Book DescriptionThe book features the following description …

Information Security Buzz
Aucun contenu.

gHacks

    • 26 octobre 2021How to restore the Windows Photo Viewer in Windows 11
      Windows 11 brings a slew of new features, some of which have not been well received among users. If you look at the previous iteration, it also had some unwelcome changes such as the Photos app, which replaced the Windows Photo Viewer. The Photos App isn’t bad at all, in fact it comes with a built-in Video Editor, and I think it is quite useful. The main reason why people do not like the Photos ap …

    • 26 octobre 2021Ghacks Deals: The Complete 2021 Microsoft 365, Windows, & Azure Bundle
      The Complete 2021 Microsoft 365, Windows, & Azure Bundle is a huge eLearning bundle covering core Microsoft products, such as Windows 10, Windows Hello for Business, PowerShell, Windows Server, Microsoft 365 or Microsoft Azure. The following courses are included: Microsoft MD-100: Windows 10 — Get Up & Running Immediately Along the Path to Become an Expert Windows Desktop Administrator Mi …

    • 26 octobre 2021How to manage search indexing on Windows 11
      Search on Windows 11 has not changed all that much when compared to Windows 10. That’s not really a reason to rejoice, considering that Windows 11 users may run into the same search related issues as their Windows 10 counterparts. What those are? Apart from quality issues that may result in the wrong files being returned when you search, it is also quite common to run into performance related issu …

    • 26 octobre 2021Microsoft is pushing its PC Health Check App to Windows 10 systems. Here is how you uninstall it
      Microsoft started the roll out of the PC Health Check application to Windows 10 PCs running Windows 10 version 2004 or newer. The application is installed automatically on devices as part of the Windows Update KB5005463. Microsoft released an updated version of the PC Health Check application recently. The initial version was pulled by Microsoft because it did not provide essential information. PC …

    • 26 octobre 2021Surfshark VPN Review: good performance, good options
      Surfshark VPN is a commercial VPN service based in the Netherlands, initially release in 2018. Surfshark is available for MacOS, Windows, and Linux, as well as browser extensions for Chrome, Firefox, and Edge. There are also versions available for Fire TV 2 and later, and Android TV OS 5.0 and later. Surfshark at a glance Unlimited simultaneous connections with any devices supported Static Servers …

SecurityWeek

    • 16 septembre 2020Box Showcases New Offerings for Remote Working Environment
      The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. read more …

    • 16 septembre 2020U.S. House Passes IoT Cybersecurity Bill
      The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. read more …

    • 16 septembre 2020Nozomi Networks Becomes CVE Numbering Authority
      Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). read more …

    • 16 septembre 2020NSA Publishes Guidance on UEFI Secure Boot Customization
      The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization’s needs. read more …

Help Net Security

    • 27 octobre 2021Avast Secure Browser PRO protects devices and operating systems from web-based threats
      Avast launched a premium version of its free secure and private browser, Avast Secure Browser PRO. A Chromium-based browser for Windows PCs includes an integrated Virtual Private Network (VPN) and Adblock technology for people who need a lightweight but comprehensive suite of security, privacy and performance services to tackle today’s most pressing web-based threats. The built-in VPN, which …

    • 27 octobre 2021Perception Point Free Plan allows interception of advanced threats missed by other services
      Perception Point announced the availability of the Perception Point Free Plan comes with no usage limits: unlimited number of users, any scale and no time limit. The Perception Point Free Plan is a free email security plan that protects organizations from any inbound threat via email and other cloud collaboration channels. Supported applications include Google Gmail, Microsoft 365, OneDrive, Share …

    • 27 octobre 2021Socure Sigma Identity Fraud enables enterprises to reduce fraud losses and false positives
      Socure announced an identity fraud solution, Socure Sigma Identity Fraud. Sigma Identity Fraud delivers an identity fraud classification model by utilizing over 17,000 features that analyze every dimension of a consumer’s identity—name, email, phone, address, IP, device, velocity, network intelligence, and real-time consortium feedback data—all in a single product. Socure Sigma Identity Fraud enab …

    • 27 octobre 2021OpenText increases data protection against ransomware with new features in Carbonite Server
      OpenText announced new capabilities for Carbonite Server, including hourly backups, early warning, and classifications upgrades that will enhance organizations’ ability to detect, protect, and respond to increased ransomware and other data threats. “With ransomware attacks on the rise, businesses need a reliable and comprehensive backup and recovery solution as part of their layered cybersecurity …

    • 27 octobre 2021Quest On Demand Audit anomaly detection helps businesses tackle ransomware attacks
      Quest Software released On Demand Audit (ODA) anomaly detection to protect against ransomware by detecting anomalous behavior in hybrid Active Directory (AD) and Microsoft 365 environments. As ransomware remains a prominent threat to organizations, ODA anomaly detection acts as an added layer of defense by detecting significant surges in activity that could be indicative of an attack or compromise …

Naked Security – Sophos

SearchSecurity

CSO | Security News

    • 26 octobre 202110 essential skills and traits of ethical hackers
      What if you could spend your days trying to gain access to other people’s networks and computer systems—and not get in trouble for it? Of course, that’s every spy and cybercriminal’s dream, but only ethical hackers, also known as white hat hackers or penetration testers, can feel sure that they’ll get away with their break-ins. These security pros are hired to probe systems for vulnerabilities, so …

    • 26 octobre 2021Cheap and free cybersecurity training: 8 ways to build skills without breaking the bank
      Every organization wants to keep its employees’ cybersecurity skills up to date, but for many, the cost of advanced formal trainings can break the budget. At the SANS Institute, for instance, considered by many to be the gold standard for professional trainings, courses can cost more than $5,000 per person. At high profile conferences like Black Hat, even one- or two-day sessions can range to clos …

    • 25 octobre 2021Reddit’s Allison Miller builds trust through transparency
      Allison Miller’s official title—CISO and vice president of trust—says a lot about her role and responsibilities at Reddit.Like all CISOs, Miller oversees the cybersecurity strategy and operations at the 16-year-old company. She’s also in charge of privacy, ensuring that Reddit safeguards data against illicit uses and unauthorized access.But unlike many other security chiefs, Miller is specifically …

    • 25 octobre 2021How deepfakes enhance social engineering and authentication threats, and what to do about it
      Deepfake technology is an escalating cybersecurity threat to organizations. Cybercriminals are investing in AI and machine learning to create synthetic or manipulated digital content (including images, video, audio and text) for use in cyberattacks and fraud. This content can realistically replicate or alter appearance, voice, mannerisms or vocabulary with the aim of tricking targets both human an …

    • 22 octobre 2021Security Recruiter Directory
      Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop.The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among m …

Graham Cluley

Cybersecurity Insiders

    • 26 octobre 2021Every month should be Cybersecurity Awareness Month!
      While October is famous for National Cybersecurity Awareness Month, and we provide resources and recommendations for our customers, really every month should focus on this business-critical topic. Given the frequency of Ransomware attacks, all industries need to be increasingly vigilant. This includes many aspects of cybersecurity, such as user training, endpoint security, network security, vulner …

    • 26 octobre 2021Stories from the SOC – Data exfiltration
      Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers. Executive summary The impact of Data Exfiltration, which is the act of copying or transferring data from a computer or server without authorization, has increased over the years …

    • 26 octobre 2021#ISC2CONGRESS – Adam Steltzner Keynote: Perseverance and Ingenuity Will Get Us through the Pandemic
      "Perseverance” and “Ingenuity” aren’t just the names of spacecraft on Mars; they are also the human qualities we need to get us through the post-pandemic world, said Adam Steltzner, chief engineer and mission leader of NASA's Mars 2020 mission. Steltzner, who works at NASA’s Jet Propulsion Laboratory (JPL) in Pasadena, CA, was the keynote speaker on the second day of the (ISC)² Secu …

    • 26 octobre 2021CISSP: The Time is Now
      Different personality types, different approaches to life, and different styles of learning; these qualities are what make us all unique, helping us to add our perspective to make the world a better place. However, when trying to pass a rigorous exam, these distinctive qualities can seem like a hindrance, causing some to doubt their abilities to succeed. Fortunately, the people at (ISC)² recognize …

    • 26 octobre 2021Massive Cyber Attack on Iran Gas Stations
      Cyber Attack news reports are in that gas stations or fuel dispensing systems across the region of Iran have stopped pumping out the highly subsidized gasoline because of a technical glitch that could have been caused due to a digital attack from either United States, Israel or a group of hackers having anti-Iranian sentiments. And as per some media speculations published or broadcasted by Hebrew …

The CyberWire

IT Security Guru

    • 21 octobre 2021Protecting your APIs from Attacks and Data Breaches
      Many organisations are working to modernise their existing applications and integrate secure apps across their environments to keep pace with business demands.  Modern application development relies on Application Programming Interfaces (APIs), which enable services and products to communicate with each other and leverage each other’s data and functionality to support business operations.  APIs ar …

    • 15 octobre 2021SQL is the top critical risk in the web application layer in Q3, 2021
      Edgescan, the provider or fullstack vulnerability management, has released its Q3 Vulnerability Snapshot, a new, brief report showing the current vulnerability landscape based on thousands of assessments performed globally. Compiled by Eoin Keary, CEO of Edgescan, the report’s findings highlight the variability when it comes to cybercriminals’ favourite vulnerabilities to exploit. Look …

    • 15 octobre 2021Armis Appoints new Chief Advocacy Officer and General Manager
      Armis, the leading unified asset visibility and security platform provider, has announced the appointment of B2B SaaS veteran Conor Coughlan as their new Chief Advocacy Officer (CAO) and General Manager for EMEA. Coughlan will be responsible globally for the establishment and operation of their new advocacy programs and strategically accelerating their expansion across the EMEA region. Conor now j …

    • 14 octobre 2021The challenges of being a CISO during the COVID-19 pandemic
      The pre-COVID-19 CISO. The global COVID-19 pandemic has been a tumultuous time for Chief information security officers (CISOs) who on any given day have a long and complicated list of responsibilities. CISOs are no strangers to disruption and challenges, but during the pandemic they have faced many disruptions it has caused and created a wealth of new challenges. Securing a rapid transition to a r …

The Security Ledger

    • 21 octobre 2021Spotlight: Automation Beckons as DevOps, IoT Drive PKI Explosion
      Brian Trzupek of DigiCert joins Paul to talk about the findings of a recent State of PKI Automation survey and the challenges of managing fast-growing population of tens of thousands of PKI certificates. The post Spotlight: Automation Beckons as DevOps, IoT Drive PKI Explosion appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 216: Si …

    • 18 octobre 2021Episode 228: CISA’s Eric Goldstein on being Everyone’s Friend in Cyber
      Eric Goldstein, Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA), says the agency is all about helping companies and local government to keep hackers at bay. But are organizations ready to ask for help? The post Episode 228: CISA’s Eric Goldstein on being Everyone’s Friend in Cyber…Read the whole entry… » Click the icon b …

    • 13 octobre 2021Spotlight: COVID Broke Security. Can We Fix It In 2022?
      In this Spotlight Podcast, Pondurance Founder and Chief Customer Officer Ron Pelletier gives us his predictions about the security trends that will shape 2022. The post Spotlight: COVID Broke Security. Can We Fix It In 2022? appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesSpotlight: Operationalizing MDR with Pondurance CISO Dustin Hutchiso …

    • 10 octobre 2021Episode 227: What’s Fueling Cyber Attacks on Agriculture ?
      In this episode of the podcast (#227) we speak with Allan Liska, the head of the CSIRT at the firm Recorded Future. about the spate of attacks in recent months targeting food processing plants, grain cooperatives and other agriculture sector targets. Allan and I talk about the how these attacks are playing out and why, all of a sudden, the…Read the whole entry… » Click the icon belo …

    • 7 octobre 2021Spotlight: Operationalizing MDR with Pondurance CISO Dustin Hutchison
      Pondurance CISO Dustin Hutchison joins me to talk about how companies can operationalize MDR within their environment. The post Spotlight: Operationalizing MDR with Pondurance CISO Dustin Hutchison appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesSpotlight: Operationalizing MDR with Pondurance CISO Dustin HutchinsonSpotlight: COVID Broke Se …

GovInfoSecurity.com

    • US DOJ: Global Darknet Sting Nabs 150 Suspects
      ‘Operation DarkHunTOR’ Seizes Millions in Cash & Crypto, Plus Drugs, GunsInternational law enforcement officials on Tuesday announced that some 150 suspects have been arrested globally for buying or selling illegal goods, following a 10-month sting operation, code name « Operation DarkHunTOR, » targeting the dark web. …

    • The Need for Systems Thinking in Cybersecurity
      Ron Ross of NIST Discusses Moving Away From Stovepipe ThinkingIn preparation for the relaunch of ISMG’s education platform, CyberEd.io, Ron Ross of the National Institute of Standards and Technology and Brian Barnier, who is designing a course on critical thinking and design thinking, discuss the need for reorienting toward systems thinking in cybersecurity. …

    • Defending Against Open-Source Supply Chain Attacks
      Steve King of CyberTheory on Getting Serious With Our Defense StrategyFindings from CyberTheory’s 2021 Third Quarter Review indicate that criminals are exploiting the open-source supply chain, and those exploits are proving much more difficult to identify, defend and stop in terms of complexity and depth than we’ve seen before, says CyberTheory’s director, Steve King. …

    • Report: SolarWinds Hackers Targeting IT Supply Chain
      Microsoft Says Nobelium APT Is Eyeing Resellers, Tech Service ProvidersThe actor behind the cyberattack targeting SolarWinds customers – Nobelium – is continuing its campaign to target the global IT supply chain, according to a new advisory from Microsoft, which says 140 resellers and tech service providers have been notified that they have been targeted by the group. …

Infosec Island 
Erreur: Il y a un erreur avec ce flux.

The K-12 Cybersecurity Resource Center

    • 19 août 2021National Cybersecurity Standards for School Districts
      K12 SIX has released the first in a series of guidance and best practice resources designed to establish baseline cybersecurity standards for school districts. Continue reading National Cybersecurity Standards for School Districts at The K-12 Cybersecurity Resource Center. …

    • 3 mars 2021March 10: K-12 Cybersecurity Leadership Summit
      Join us at the inaugural ‘K-12 Cybersecurity Leadership Summit’ – a free half-day event on leadership issues related to K-12 cybersecurity for school and district leaders, policymakers, K-12 IT practioners, and vendors. Continue reading March 10: K-12 Cybersecurity Leadership Summit at The K-12 Cybersecurity Resource Center. …

    • 11 janvier 2021New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap
      School districts have their own distinct challenges as they strive to protect themselves against digital threats. It only makes sense that they have an ISAC of their own. Now they do. Continue reading New ISAC for K-12 School Districts Fills a Key Cyber Intelligence Gap at The K-12 Cybersecurity Resource Center. …

    • 16 décembre 2020The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected
      School districts across the US suffer from notoriously poor information security. This is at a time when school district spending on technology is at an all-time high. Why is this? Continue reading The Privacy of 100+ Million Children, Families, and Young Adults Is Unprotected at The K-12 Cybersecurity Resource Center. …

Iain Fraser Journalist

InfoSec News
Erreur: Il y a un erreur avec ce flux.

Internet Storm Center | SANS 
Erreur: Il y a un erreur avec ce flux.

Security Gladiators | Internet Security News