Hack-tualité by G-echo - Securite - Semaine 2018/1

Securite - Semaine 2018/1

EU offers bounties to help find security flaws in open source tools
Sun, 30 Dec 2018 18:16:26 GMT
Jon Fingas
Cash awards could bolster European government security.<p>The European Union believes it has a simple way to bolster its digital security: offer lots of cold, hard cash. The European Commission is launching bug bounties in January that will offer prizes in return for spotting security flaws in 14 …
Open-Source Intelligence (OSINT) Reconnaissance
Sun, 30 Dec 2018 18:12:07 GMT
*The following is a single chapter contribution (Chapter 3) to the Peerlyst community-sourced eBook titled “The RED Team Guide”*<p>Whoa, slow your roll …
Discovering Hidden Email Gateways with OSINT Techniques
Sun, 30 Dec 2018 18:10:05 GMT
Gabor SzathmariBlockedUnblockFollowFollowing<p>Oct 9<p>In this article, we elaborate how we managed to identify hidden internal email gateways by relying …
Cyber-attack disrupts printing of major US newspapers
Sun, 30 Dec 2018 15:00:25 GMT
Reuters
A cyber-attack has caused printing and delivery disruptions to major US newspapers, including the Los Angeles Times, the Chicago Tribune and the Baltimore Sun.<p>The attack on Saturday appeared to originate outside the United States, the Los Angeles Times reported. It led to distribution delays in the …
BGPStream Event #171779
Sat, 29 Dec 2018 17:56:33 GMT
Possible BGP hijack<p>Beginning at 2018-12-28 08:33:44, we detected a possible BGP hijack.<p>Prefix 192.208.18.0/23, Normally announced by AS32982 U.S. …
The year in post-quantum crypto
Sat, 29 Dec 2018 17:55:21 GMT
CCC
The world is finally catching on to the urgency<br>of deploying post-quantum cryptography:<br>cryptography designed to survive attacks by quantum …
Quelqu’un a transformé un mème de Matrix en outil d'attaque informatique
Sat, 29 Dec 2018 03:49:12 GMT
VICE
Les chercheurs de Trend Micro ont découvert qu’un compte Twitter avait publié des images de Morpheus qui dissimulent des instructions pour inspecter le contenu d’un ordinateur.<p>Come toujours, Internet n'a peur de rien. Le 14 décembre dernier, les chercheurs en cybersécurité de Trend Micro ont révélé …
MISP taxonomies and classification as machine tags
Fri, 28 Dec 2018 11:07:53 GMT
Introduction<p>The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber …
Le ver WannaCry continue d’infecter des centaines de milliers de PC dans le monde
Fri, 28 Dec 2018 11:03:30 GMT
01net
Beaucoup de systèmes n’ont toujours pas été patchés, un an et demi après la publication d’un correctif par Microsoft. La sécurité de ces systèmes ne …
Hackers Make a Fake Hand to Beat Vein Authentication
Fri, 28 Dec 2018 09:41:36 GMT
Joseph Cox
Security researchers disclosed new work at the Chaos Communication Congress showing how hackers can bypass vein based authentication.<p>Devices and security systems are increasingly using biometric authentication to let users in and keep hackers out, be that fingerprint sensors or perhaps the iPhone’s …
Beware the Netflix scam which lets cold-hearted hackers steal all your money
Thu, 27 Dec 2018 21:25:41 GMT
Jasper Hamill
The end of Christmas is a bittersweet feeling.<p>Yes, you’re finally alone after enduring all that conviviality. But the return of cruel reality can be …
Des chercheurs découvrent une vulnérabilité d'exécution de code à distance dans SQLite, affectant les navigateurs basés sur Chromium
Thu, 27 Dec 2018 09:12:16 GMT
<b>Des chercheurs découvrent une vulnérabilité d'exécution de code à distance dans SQLite,</b> <b><br>affectant les navigateurs basés sur Chromium</b> <br>Le 14 décembre, …
The U.S Power Grid Isn’t Prepared for Cyberattacks
Wed, 26 Dec 2018 18:31:21 GMT
Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this …
The Difference Between a Penetration Test and a Red Team Engagement
Tue, 25 Dec 2018 15:56:42 GMT
Daniel Miessler
One of the most frustrating things to me as a security person is having sales and marketing types confuse the different types of security …
Idaho lab protects US infrastructure from cyber attacks
Mon, 24 Dec 2018 23:07:47 GMT
By KEITH RIDLER, Associated Press
IDAHO FALLS, Idaho (AP) — It's called the "Dark Side" because the 50 workers there prefer to keep the lights low so they can dim the brightness on their computer screens.<p>Or maybe it's because of what they do in cyber research and development.<p>Questions about exactly what goes on at the heart of one …
Top 10 IT security stories of 2018
Mon, 24 Dec 2018 14:25:18 GMT
Security Editor<p>Just as WannaCry and NotPetya were the top IT security challenges of 2017, the discovery of the Meltdown and Spectre microprocessor …
126 Arrests: The Emergence of India's Cyber Crime Detectives Fighting Call Center Scams
Sat, 22 Dec 2018 21:49:35 GMT
The Times of India reports that police have raided a call center in Noida Sector 63 where hundreds of fraud calls were placed every day to Americans …
VIDÉO. Enceinte connectée: Un perroquet passe tranquillement ses commandes avec Alexa
Sat, 22 Dec 2018 20:20:05 GMT
Rocco, un perroquet Gris du Gabon, a très vite compris comment tirer le meilleur parti de l’assistant vocal Alexa…<p>Siri, Alexa, Cortana… Depuis …
Windows Zero-Day PoC Lets You Read Any File with System Level Access
Sat, 22 Dec 2018 11:22:20 GMT
Ionut Ilascu
For a third time in four months, a security researcher announces a zero-day vulnerability in Microsoft Windows and provides exploit code that allows …
7 Business Metrics Security Pros Need to Know
Sat, 22 Dec 2018 11:20:58 GMT
Curtis Franklin Jr. Senior Editor at Dark Reading
These days, security has to speak the language of business. These KPIs will get you started.
Automated Cyber Attacks Are the Next Big Threat. Ever Hear of 'Review Bombing'?
Sat, 22 Dec 2018 09:06:13 GMT
Larry Johnson
Nonhuman, automated attacks on their own will be able to find and breach even well-protected companies. Nervous? You should be.<p>Opinions expressed by <i>Entrepreneur</i> contributors are their own.<p>If you think hacks are bad now, just wait a few more years-- because "the machines" are coming.<p>In the next few …
New email extortion scam warns "Pay $4,000 or a hitman is coming for you"
Fri, 21 Dec 2018 13:25:01 GMT
In a new extortion scam, a cybercriminal is sending threatening emails to unsuspecting users asking them to pay a whopping $4,000 in Bitcoin or wait …
FBI Seizes 15 DDoS-For-Hire Websites, 3 Operators Charged
Fri, 21 Dec 2018 09:10:11 GMT
December 20, 2018
The FBI just saved the Christmas.<p>The U.S. Justice Department announced earlier today that the FBI has seized domains of 15 "DDoS-for-hire" websites …
A review of macOS malware affecting Mac users in 2018
Fri, 21 Dec 2018 09:09:32 GMT
By Philip Stokes -
<b>As 2018 starts to wind down, we take a look at how the macOS security situation has unfolded throughout the year.</b><p>2018 has been very much the year of …
Hackers Beat Two-Factor Protection With Automated Phishing Attacks
Thu, 20 Dec 2018 18:27:43 GMT
Michael Kan
A mysterious hacking group has been defeating the SMS-based two-factor authentication systems offered by Google and Yahoo in an effort to phish …
When Best Practice Isn’t Good Enough: Large Campaigns of Phishing Attacks in Middle East and North Africa Target Privacy-Conscious Users
Thu, 20 Dec 2018 08:49:18 GMT
Summary<p>We have identified several campaigns of credentials phishing, likely operated by the same attackers, targeting hundreds of individuals spread …
New attack intercepts keystrokes via graphics libraries
Thu, 20 Dec 2018 08:42:32 GMT
Catalin Cimpanu
Attack can guess text input from both hardware and on-screen keyboards alike.<p>A team of academics says they can determine user key presses by watching …
Patched Click2Gov Flaw Still Afflicting Local Govs
Thu, 20 Dec 2018 06:22:03 GMT
A vulnerability in a popular municipality payment software, Click2Gov, has left hundreds of thousands of civilian payment cards compromised – and the …
By G-echo

Pour aller plus loin

Ressources