Hack-tualité by G-echo - Securite - Semaine 2019/1

Securite - Semaine 2019/1

How China’s Elite Spies Stole the World’s Most Valuable Secrets
Sun, 06 Jan 2019 07:59:53 GMT
Brian Barrett
Imagine you’re a burglar. You’ve decided to tackle a high-end luxury apartment, the kind of building with multiple Picassos in the penthouse. You …
Researcher Who Said He Hacked iPhone X Face ID With a Printed Image Cancels Talk After Employer Shaming
Fri, 04 Jan 2019 23:34:21 GMT
Jennings Brown
Attendees of a major hacking conference in Singapore were supposed to hear about a mysterious, new method of hacking Apple’s Face ID, but the …
This data-stealing Android malware infiltrated the Google Play Store, infecting users in 196 countries
Fri, 04 Jan 2019 23:32:41 GMT
Danny Palmer
At least 100,000 people downloaded apps distributing MobSTSPY malware, which also leverages a phishing attack to steal account credentials from …
Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass
Fri, 04 Jan 2019 08:10:11 GMT
By Shaun Nichols in San Francisco 3 Jan 2019 at 23:03
A newly disclosed vulnerability in Skype for Android could be exploited by miscreants to bypass an Android phone's passcode screen to view photos, …
Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure
Thu, 03 Jan 2019 17:03:04 GMT
January 03, 2019
Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, …
Quantum Computing and Cryptography
Thu, 03 Jan 2019 17:01:44 GMT
Bruce Schneier
Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's …
Hackers claim to have insurance data linked to 9/11 attacks
Wed, 02 Jan 2019 11:50:12 GMT
Jon Fingas
It's an extortion attempt masquerading as a public service.<p>The hackers who stole <i>Orange is the New Black</i> are back, and they've hit a new low. The group known as TheDarkOverlord claims to have stolen 18,000 documents from Hiscox Syndicates, Lloyds of London and Silverstein Properties, and threatened …
Pirater des sextoys connectés, une partie de plaisir
Wed, 02 Jan 2019 09:43:09 GMT
Pauline Croquet (Envoyée spéciale à Leipzig)
En matière de sécurité, les sextoys connectés font plus trembler de peur que vibrer de plaisir. Werner Schober, consultant en sécurité informatique …
EU offers bounties to help find security flaws in open source tools
Sun, 30 Dec 2018 18:16:26 GMT
Jon Fingas
Cash awards could bolster European government security.<p>The European Union believes it has a simple way to bolster its digital security: offer lots of cold, hard cash. The European Commission is launching bug bounties in January that will offer prizes in return for spotting security flaws in 14 …
Open-Source Intelligence (OSINT) Reconnaissance
Sun, 30 Dec 2018 18:12:07 GMT
*The following is a single chapter contribution (Chapter 3) to the Peerlyst community-sourced eBook titled “The RED Team Guide”*<p>Whoa, slow your roll …
Discovering Hidden Email Gateways with OSINT Techniques
Sun, 30 Dec 2018 18:10:05 GMT
Gabor SzathmariBlockedUnblockFollowFollowing<p>Oct 9<p>In this article, we elaborate how we managed to identify hidden internal email gateways by relying …
Cyber-attack disrupts printing of major US newspapers
Sun, 30 Dec 2018 15:00:25 GMT
Reuters
A cyber-attack has caused printing and delivery disruptions to major US newspapers, including the Los Angeles Times, the Chicago Tribune and the Baltimore Sun.<p>The attack on Saturday appeared to originate outside the United States, the Los Angeles Times reported. It led to distribution delays in the …
BGPStream Event #171779
Sat, 29 Dec 2018 17:56:33 GMT
Possible BGP hijack<p>Beginning at 2018-12-28 08:33:44, we detected a possible BGP hijack.<p>Prefix 192.208.18.0/23, Normally announced by AS32982 U.S. …
The year in post-quantum crypto
Sat, 29 Dec 2018 17:55:21 GMT
CCC
The world is finally catching on to the urgency<br>of deploying post-quantum cryptography:<br>cryptography designed to survive attacks by quantum …
Quelqu’un a transformé un mème de Matrix en outil d'attaque informatique
Sat, 29 Dec 2018 03:49:12 GMT
VICE
Les chercheurs de Trend Micro ont découvert qu’un compte Twitter avait publié des images de Morpheus qui dissimulent des instructions pour inspecter le contenu d’un ordinateur.<p>Come toujours, Internet n'a peur de rien. Le 14 décembre dernier, les chercheurs en cybersécurité de Trend Micro ont révélé …
MISP taxonomies and classification as machine tags
Fri, 28 Dec 2018 11:07:53 GMT
Introduction<p>The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber …
Le ver WannaCry continue d’infecter des centaines de milliers de PC dans le monde
Fri, 28 Dec 2018 11:03:30 GMT
01net
Beaucoup de systèmes n’ont toujours pas été patchés, un an et demi après la publication d’un correctif par Microsoft. La sécurité de ces systèmes ne …
Hackers Make a Fake Hand to Beat Vein Authentication
Fri, 28 Dec 2018 09:41:36 GMT
Joseph Cox
Security researchers disclosed new work at the Chaos Communication Congress showing how hackers can bypass vein based authentication.<p>Devices and security systems are increasingly using biometric authentication to let users in and keep hackers out, be that fingerprint sensors or perhaps the iPhone’s …
Beware the Netflix scam which lets cold-hearted hackers steal all your money
Thu, 27 Dec 2018 21:25:41 GMT
Jasper Hamill
The end of Christmas is a bittersweet feeling.<p>Yes, you’re finally alone after enduring all that conviviality. But the return of cruel reality can be …
Des chercheurs découvrent une vulnérabilité d'exécution de code à distance dans SQLite, affectant les navigateurs basés sur Chromium
Thu, 27 Dec 2018 09:12:16 GMT
<b>Des chercheurs découvrent une vulnérabilité d'exécution de code à distance dans SQLite,</b> <b><br>affectant les navigateurs basés sur Chromium</b> <br>Le 14 décembre, …
The U.S Power Grid Isn’t Prepared for Cyberattacks
Wed, 26 Dec 2018 18:31:21 GMT
Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this …
The Difference Between a Penetration Test and a Red Team Engagement
Tue, 25 Dec 2018 15:56:42 GMT
Daniel Miessler
One of the most frustrating things to me as a security person is having sales and marketing types confuse the different types of security …
Idaho lab protects US infrastructure from cyber attacks
Mon, 24 Dec 2018 23:07:47 GMT
By KEITH RIDLER, Associated Press
IDAHO FALLS, Idaho (AP) — It's called the "Dark Side" because the 50 workers there prefer to keep the lights low so they can dim the brightness on their computer screens.<p>Or maybe it's because of what they do in cyber research and development.<p>Questions about exactly what goes on at the heart of one …
Top 10 IT security stories of 2018
Mon, 24 Dec 2018 14:25:18 GMT
Security Editor<p>Just as WannaCry and NotPetya were the top IT security challenges of 2017, the discovery of the Meltdown and Spectre microprocessor …
126 Arrests: The Emergence of India's Cyber Crime Detectives Fighting Call Center Scams
Sat, 22 Dec 2018 21:49:35 GMT
The Times of India reports that police have raided a call center in Noida Sector 63 where hundreds of fraud calls were placed every day to Americans …
VIDÉO. Enceinte connectée: Un perroquet passe tranquillement ses commandes avec Alexa
Sat, 22 Dec 2018 20:20:05 GMT
Rocco, un perroquet Gris du Gabon, a très vite compris comment tirer le meilleur parti de l’assistant vocal Alexa…<p>Siri, Alexa, Cortana… Depuis …
Windows Zero-Day PoC Lets You Read Any File with System Level Access
Sat, 22 Dec 2018 11:22:20 GMT
Ionut Ilascu
For a third time in four months, a security researcher announces a zero-day vulnerability in Microsoft Windows and provides exploit code that allows …
7 Business Metrics Security Pros Need to Know
Sat, 22 Dec 2018 11:20:58 GMT
Curtis Franklin Jr. Senior Editor at Dark Reading
These days, security has to speak the language of business. These KPIs will get you started.
Automated Cyber Attacks Are the Next Big Threat. Ever Hear of 'Review Bombing'?
Sat, 22 Dec 2018 09:06:13 GMT
Larry Johnson
Nonhuman, automated attacks on their own will be able to find and breach even well-protected companies. Nervous? You should be.<p>Opinions expressed by <i>Entrepreneur</i> contributors are their own.<p>If you think hacks are bad now, just wait a few more years-- because "the machines" are coming.<p>In the next few …
By G-echo

Pour aller plus loin

Ressources