Hack-tualité by G-echo - Securite - Semaine 2019/2

Securite - Semaine 2019/2

Cybersécurité : le dossier qui agite assureurs et industriels
Sun, 13 Jan 2019 19:19:37 GMT
Laurent Thevenin
Mondelez poursuit en justice Zurich, qui n'a pas voulu l'indemniser pour les dommages subis après la cyberattaque NotPetya. L'issue du dossier est …
ServHelper et FlawedGrace : 2 nouveaux malwares introduits par TA505
Sun, 13 Jan 2019 10:34:20 GMT
UnderNews
Les chercheurs de Proofpoint annoncent la découverte d’emails de deux nouveaux malwares non documentés nommés : ServHelper et FlawedGrace dans …
Over 80 US government websites have become insecure or completely inaccessible because there are no workers there to update security credentials
Sat, 12 Jan 2019 07:09:11 GMT
Nick Bastone
• More than 80 US government websites have now become either insecure or inaccessible due to the sites not updating a security credential known as a TLS certificate, according to a report by Netcraft.<br>• Sites impacted include the likes of NASA, the US Department of Justice, and the US Court of …
Malware found preinstalled on some Alcatel smartphones
Thu, 10 Jan 2019 21:22:56 GMT
Catalin Cimpanu
Malware was also available inside an official Alcatel app available through the Google Play Store.<p>A weather app that comes preinstalled on Alcatel …
Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection
Thu, 10 Jan 2019 15:18:01 GMT
noreply@blogger.com (Swati Khandelwal)
Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass …
Iranian hackers suspected in worldwide DNS hijacking campaign
Thu, 10 Jan 2019 15:15:36 GMT
Catalin Cimpanu
Mysterious group hijacks DNS records to reshape and hijack a company's internal traffic to steal login credentials.<p>US cybersecurity firm FireEye has …
Take the PAM Maturity Assessment
Thu, 10 Jan 2019 01:22:25 GMT
Organizations in the Analog phase of PAM maturity have a high degree of risk. They secure their privileged accounts in a limited way, if at all. They …
WordPress users beware: These 10 plugins are most vulnerable to attacks
Thu, 10 Jan 2019 01:16:54 GMT
Alison DeNisco Rayome
WordPress vulnerabilities tripled over the past year, more than any other CMS, according to an Imperva report.<p>New web application vulnerabilities …
SIM Swapping Victims Who Lost Millions Are Pressuring Telcos to Protect Their Customers
Wed, 09 Jan 2019 08:22:23 GMT
Lorenzo Franceschi-Bicchierai
A small group of victims of SIM swapping hacks is trying to raise awareness, teach people about the scam, and put pressure on cell phone providers to step up their efforts against cybercriminals.<p>In the last year, hundreds—perhaps thousands—of people have had their phone numbers hijacked by hackers …
New tool automates phishing attacks that bypass 2FA
Wed, 09 Jan 2019 08:15:19 GMT
Catalin Cimpanu
Trust in two-factor authentication has slowly eroded in the last month after release of Amnesty International report and Modlishka tool.<p>A new …
I Gave a Bounty Hunter $300. Then He Located Our Phone
Tue, 08 Jan 2019 23:30:51 GMT
Joseph Cox
T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.<p>Nervously, I gave a bounty hunter a phone number. He had offered to …
Cyberattaque en Allemagne : le hacker vivait chez ses parents
Tue, 08 Jan 2019 15:42:26 GMT
Par latribune.fr
La police allemande a annoncé mardi l'interpellation d'un homme de 20 ans après la cyberattaque massive ciblant des centaines de responsables …
Anatomy of a Phishing Scam
Tue, 08 Jan 2019 12:18:40 GMT
How to Avoid Being Tricked By The Automated Army Of Hackers<p>David KoffBlockedUnblockFollowFollowing<p>Aug 19, 2018<p>Part I: Identifying the …
unCAPTCHA AI Cracks Google reCAPTCHAs with 90% Accuracy
Tue, 08 Jan 2019 07:58:29 GMT
Tara Seals
A proof-of-concept from the University of Maryland can defeat the audio challenges that are offered as an option for people with disabilities.
New hardware-agnostic side-channel attack works against Windows and Linux
Tue, 08 Jan 2019 07:50:13 GMT
Catalin Cimpanu
Side-channel attack almost certainly works against macOS, but researchers haven't tested it.<p>A team of five academics and security researchers has …
Revealing ChinaZ Relations with other Notable Chinese Threat Actor Groups
Mon, 07 Jan 2019 19:54:40 GMT
<b>Introduction</b><p>Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated …
Double trouble: Two-pronged cyber attack infects victims with data-stealing trojan malware and ransomware
Mon, 07 Jan 2019 19:53:24 GMT
Danny Palmer
A 'prolific' malvertising campaign has been used to distribute the Vidar information stealer and GandCrab ransomware.<p>Cyber criminals are targeting …
How China’s Elite Spies Stole the World’s Most Valuable Secrets
Sun, 06 Jan 2019 07:59:53 GMT
Brian Barrett
Imagine you’re a burglar. You’ve decided to tackle a high-end luxury apartment, the kind of building with multiple Picassos in the penthouse. You …
Researcher Who Said He Hacked iPhone X Face ID With a Printed Image Cancels Talk After Employer Shaming
Fri, 04 Jan 2019 23:34:21 GMT
Jennings Brown
Attendees of a major hacking conference in Singapore were supposed to hear about a mysterious, new method of hacking Apple’s Face ID, but the …
This data-stealing Android malware infiltrated the Google Play Store, infecting users in 196 countries
Fri, 04 Jan 2019 23:32:41 GMT
Danny Palmer
At least 100,000 people downloaded apps distributing MobSTSPY malware, which also leverages a phishing attack to steal account credentials from …
Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass
Fri, 04 Jan 2019 08:10:11 GMT
By Shaun Nichols in San Francisco 3 Jan 2019 at 23:03
A newly disclosed vulnerability in Skype for Android could be exploited by miscreants to bypass an Android phone's passcode screen to view photos, …
Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure
Thu, 03 Jan 2019 17:03:04 GMT
January 03, 2019
Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, …
Quantum Computing and Cryptography
Thu, 03 Jan 2019 17:01:44 GMT
Bruce Schneier
Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's …
Hackers claim to have insurance data linked to 9/11 attacks
Wed, 02 Jan 2019 11:50:12 GMT
Jon Fingas
It's an extortion attempt masquerading as a public service.<p>The hackers who stole <i>Orange is the New Black</i> are back, and they've hit a new low. The group known as TheDarkOverlord claims to have stolen 18,000 documents from Hiscox Syndicates, Lloyds of London and Silverstein Properties, and threatened …
Pirater des sextoys connectés, une partie de plaisir
Wed, 02 Jan 2019 09:43:09 GMT
Pauline Croquet (Envoyée spéciale à Leipzig)
En matière de sécurité, les sextoys connectés font plus trembler de peur que vibrer de plaisir. Werner Schober, consultant en sécurité informatique …
EU offers bounties to help find security flaws in open source tools
Sun, 30 Dec 2018 18:16:26 GMT
Jon Fingas
Cash awards could bolster European government security.<p>The European Union believes it has a simple way to bolster its digital security: offer lots of cold, hard cash. The European Commission is launching bug bounties in January that will offer prizes in return for spotting security flaws in 14 …
Open-Source Intelligence (OSINT) Reconnaissance
Sun, 30 Dec 2018 18:12:07 GMT
*The following is a single chapter contribution (Chapter 3) to the Peerlyst community-sourced eBook titled “The RED Team Guide”*<p>Whoa, slow your roll …
Discovering Hidden Email Gateways with OSINT Techniques
Sun, 30 Dec 2018 18:10:05 GMT
Gabor SzathmariBlockedUnblockFollowFollowing<p>Oct 9<p>In this article, we elaborate how we managed to identify hidden internal email gateways by relying …
By G-echo