Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-08-22 17:56:44 |
Les ampoules intelligentes pourraient donner vos secrets de mot de passe Smart light bulbs could give away your password secrets (lien direct) |
La cryptographie n'est pas à peu près le secret.Vous devez prendre soin de l'authenticité (pas d'imposteurs!) Et de l'intégrité (pas de falsification!).
Cryptography isn\'t just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well. |
|
|
★★★
|
|
2023-08-10 13:34:14 |
S3 EP147: Et si vous tapez votre mot de passe lors d'une réunion? S3 Ep147: What if you type in your password during a meeting? (lien direct) |
Dernier épisode - Écoutez maintenant!(Transcription complète à l'intérieur.)
Latest episode - listen now! (Full transcript inside.) |
|
|
★★
|
|
2023-08-02 23:36:23 |
Les performances et la sécurité s'affrontent encore une fois dans l'attaque «collide + puissance» Performance and security clash yet again in “Collide+Power” attack (lien direct) |
C'est une véritable vulnérabilité, mais le taux de fuite des données peut être aussi faible que ... que \\ dise simplement qu'une copie de qualité IMAX du nouveau film "Oppenheimer" pourrait vous prendre 4 milliards d'années pour exfiltration.
It\'s a real vulnerability, but the data leakage rate can be as low as... let\'s just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate. |
|
|
★★★
|
|
2023-07-31 16:57:27 |
La SEC exige la limite de divulgation de quatre jours pour les violations de la cybersécurité SEC demands four-day disclosure limit for cybersecurity breaches (lien direct) |
Quand une attaque de ransomware est-elle une question à signaler?Et depuis combien de temps devez-vous décider?
When is a ransomware attack a reportable matter? And how long have you got to decide? |
Ransomware
|
|
★★
|
|
2023-07-24 23:18:20 |
Apple expédie que le récent correctif de logiciel de logiciels «à réponse rapide» à tout le monde, corrige un deuxième jour zéro Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day (lien direct) |
Un autre mois, un autre correctif pour les logiciels malveillants iPhone dans le monde (et bien plus encore).
Another month, another patch for in-the-wild iPhone malware (and a whole lot more). |
Malware
|
|
★★
|
|
2023-06-26 15:35:42 |
Hacker britannique cassé en Espagne obtient 5 ans sur Twitter Hack et plus UK hacker busted in Spain gets 5 years over Twitter hack and more (lien direct) |
Pas seulement ce tristement célèbre piratage de Twitter, mais aussi l'échange de sim
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too... |
Hack
|
|
★★
|
|
2023-06-15 16:43:49 |
S3 EP139: Les règles de mot de passe sont-elles comme courir sous la pluie? S3 Ep139: Are password rules like running through rain? (lien direct) |
Dernier épisode - Écoutez maintenant!(Transcription complète à l'intérieur.)
Latest episode - listen now! (Full transcript inside.) |
|
|
★★
|
|
2023-06-13 16:43:22 |
Le malware bancaire de Gozi «It Chief» a finalement emprisonné après plus de 10 ans Gozi banking malware “IT chief” finally jailed after more than 10 years (lien direct) |
Le trio de Gozi depuis la fin des années 2000 et le début des années 2010, tous inculpés, condamnés et condamnés.Le DOJ est arrivé à la fin ...
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end... |
Malware
|
|
★★
|
|
2023-06-09 16:58:50 |
Réflexions sur les changements de mot de passe planifiés (ne les appelez pas les rotations!) Thoughts on scheduled password changes (don\\'t call them rotations!) (lien direct) |
L'échange de votre mot de passe en fait-il un meilleur mot de passe?
Does swapping your password regularly make it a better password? |
|
|
★★
|
|
2023-06-05 17:59:29 |
Exploit Moveit Zero-Day utilisé par les gangs de violation de données: comment, le pourquoi et ce qu'il faut faire… MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do… (lien direct) |
Little Bobby Tables est de retour!
Little Bobby Tables is back! |
Data Breach
|
|
★★
|
|
2023-05-31 17:39:00 |
Sécurité sérieuse: que Keepass «Master Password Crack» et ce que nous pouvons en apprendre Serious Security: That KeePass “master password crack”, and what we can learn from it (lien direct) |
Ici, dans un bref certes discursif, l'histoire fascinante du CVE-2023-32784.(Version courte: Don \\ 't Panic.)
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don\'t panic.) |
|
|
★★
|
|
2023-05-25 16:50:03 |
S3 EP136: Navigation d'un Maelstrom de logiciel malveillant Manic S3 Ep136: Navigating a manic malware maelstrom (lien direct) |
Dernier épisode - Écoutez maintenant.Transcription complète à l'intérieur ...
Latest episode - listen now. Full transcript inside... |
Malware
|
|
★★
|
|
2023-05-24 17:59:23 |
Contes de ransomware: l'attaque MITM qui avait vraiment un homme au milieu Ransomware tales: The MitM attack that really had a Man in the Middle (lien direct) |
Un autre initié traître, éclaté par des journaux système qui ont donné son jeu.
Another traitorous insider, busted by system logs that gave his game away. |
Ransomware
|
|
★★★★
|
|
2023-05-23 16:45:32 |
Le référentiel de code open-source PYPI traite de Manic malware Maelstrom PyPI open-source code repository deals with manic malware maelstrom (lien direct) |
Outage contrôlé utilisé pour empêcher les maraudeurs de logiciels malveillants de gommer les travaux.Apprenez ce que vous pouvez faire pour aider à l'avenir ...
Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future... |
Malware
|
|
★★
|
|
2023-05-17 16:40:11 |
Les États-Unis offrent une prime de 10 millions de dollars pour le suspect radiso-rançon US offers $10m bounty for Russian ransomware suspect outed in indictment (lien direct) |
"Jusqu'à 10 millions de dollars pour des informations qui mènent à l'arrestation et / ou à la condamnation de cet accusé."
"Up to $10 million for information that leads to the arrest and/or conviction of this defendant." |
Ransomware
|
|
★★
|
|
2023-05-04 13:12:17 |
Journée mondiale des mots de passe: 2 + 2 = 4 World Password Day: 2 + 2 = 4 (lien direct) |
Nous l'avons gardé court et simple, sans sermons, sans jugement, sans tubumping ... et sans boutons d'achat maintenant.Passe une bonne journée!
We\'ve kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day! |
|
|
★★
|
|
2023-04-30 01:23:38 |
MAC malware-for-hire vole des mots de passe et des cryptocoques, envoie des «journaux de criminalité» via le télégramme Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram (lien direct) |
Ces colporteurs de logiciels malveillants vont spécifiquement après les utilisateurs de Mac.L'indice \\ est dans le nom: "ATOMIC MACOS Stealer", ou Amos pour faire court.
These malware peddlers are specifically going after Mac users. The hint\'s in the name: "Atomic macOS Stealer", or AMOS for short. |
Malware
|
|
★★
|
|
2023-04-27 16:55:18 |
S3 EP132: La preuve de concept permet à toute personne pirater à volonté S3 Ep132: Proof-of-concept lets anyone hack at will (lien direct) |
Quand Doug dit: "Happy Remote Code Execution Day, Duck" ... c'est l'ironie.Pour éviter tout doute :-)
When Doug says, "Happy Remote Code Execution Day, Duck"... it\'s irony. For the avoidance of all doubt :-) |
Hack
|
|
★★★
|
|
2023-04-25 17:53:39 |
Papercut Security Vulnérabilités sous attaque active & # 8211;Le vendeur exhorte les clients à patcher PaperCut security vulnerabilities under active attack – vendor urges customers to patch (lien direct) |
Si vous avez le produit, mais que vous n'avez pas corrigé - eh bien, les escrocs ont maintenant atterri, alors veuillez ne pas tarder.Fais-le aujourd'hui...
If you have the product, but you haven\'t patched - well, the crooks have now landed, so please don\'t delay. Do it today... |
|
|
★★
|
|
2023-04-10 20:20:44 |
Les correctifs de logiciels spyware d'Apple Zero-Day étendus pour couvrir les Mac, iPhones et iPads plus anciens Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads (lien direct) |
Ce combo de bugs spyware de navigateur Apple Double-Whammy Apple que nous avons rédigé la semaine dernière?Il s'avère qu'il s'applique à tous les Mac et IDEvices pris en charge - Patch maintenant!
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now! |
|
|
★★
|
|
2023-04-08 01:20:44 |
Apple émet des correctifs d'urgence pour les exploits de style spyware 0-jour & # 8211;Mettez à jour maintenant! Apple issues emergency patches for spyware-style 0-day exploits – update now! (lien direct) |
Un bug pour pirater votre navigateur, puis un bug pour PWN le noyau ... signalé dans le Wild by Amnesty International.
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International. |
Hack
|
|
★★★
|
|
2023-04-06 14:57:50 |
S3 EP129: Lorsque les logiciels espions proviennent de quelqu'un en qui vous avez confiance S3 Ep129: When spyware arrives from someone you trust (lien direct) |
Outils de numérisation, logiciels malveillants de la chaîne d'approvisionnement, piratage Wi-Fi et pourquoi il devrait y avoir deux jours de sauvegarde du monde ... écoutez maintenant!
Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now! |
|
|
★★
|
|
2023-04-05 18:49:18 |
Hack et entrez!Les portes de garage «sécurisées» que n'importe qui peut ouvrir de n'importe où & # 8211;Que souhaitez-vous savoir Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know (lien direct) |
Prenez un message / lecture / vous êtes juste joué / un grand hack phat ...
Grab a message/Play it back/You\'ve just performed/A big phat hack... |
Hack
|
|
★★
|
|
2023-03-17 17:56:10 |
Dangerous Android phone 0-day bugs revealed – patch or work around them now! (lien direct) |
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation. |
|
|
★★★
|
|
2023-02-28 02:23:16 |
LastPass: The crooks used a keylogger to crack a corporatre password vault (lien direct) |
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer. |
|
LastPass
|
★★
|
|
2023-02-16 17:46:04 |
S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text] (lien direct) |
Latest episode - listen now! (Full transcript inside.) |
|
|
★★★
|
|
2023-02-14 13:08:32 |
Apple fixes zero-day spyware implant bug – patch now! (lien direct) |
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet! |
|
|
★★
|
|
2023-02-13 17:59:24 |
Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug (lien direct) |
Conditional code considered cryptographically counterproductive. |
|
|
★★★
|
|
2023-02-03 17:59:21 |
OpenSSH fixes double-free memory bug that\'s pokable over the network (lien direct) |
It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code... |
|
|
★★★
|
|
2023-01-03 17:03:41 |
Inside a scammers\' lair: Ukraine busts 40 in fake bank call-centre raid (lien direct) |
When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you! |
|
|
★★
|
|
2022-12-23 17:58:52 |
LastPass finally admits: They did steal your password vaults after all (lien direct) |
The crooks now know who you are, where you live, which computers are yours... and they got those password vaults, too. |
|
LastPass
|
★
|
|
2022-12-14 01:13:40 |
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware (lien direct) |
Tales of derring-do in the cyberunderground! (And some zero-days.) |
Malware
|
|
★★
|
|
2022-12-13 17:58:30 |
COVID-bit: the wireless spyware trick with an unfortunate name (lien direct) |
It's not the switching that's the problem, it's the switching of the switching! |
|
|
★★
|
|
2022-12-02 01:10:59 |
LastPass admits to customer data breach caused by previous breach (lien direct) |
Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round. |
Data Breach
|
LastPass
|
★★★
|
|
2022-11-29 17:58:21 |
TikTok “Invisible Challenge” porn malware puts us all at risk (lien direct) |
An injury to one is an injury to all. Especially if the other people are part of your social network. |
Malware
|
|
★★★
|
|
2022-11-22 17:54:04 |
How to hack an unpatched Exchange server with rogue PowerShell code (lien direct) |
Review your servers, your patches and your authentication policies - there's a proof-of-concept out |
Hack
|
|
★★★★
|
|
2022-11-17 17:52:27 |
S3 Ep109: How one leaked email password could drain your business (lien direct) |
Latest episode - listen now! Cybersecurity news plus loads of great advice... |
|
|
|
|
2022-11-11 17:59:12 |
Dangerous SIM-swap lockscreen bypass – update Android now! (lien direct) |
A bit like leaving the front door keys under the doormat... |
|
|
|
|
2022-10-21 16:25:57 |
When cops hack back: Dutch police fleece DEADBOLT criminals (legally!) (lien direct) |
Crooks: Show us the money! Cops: How about you show us the decryption keys first? |
Hack
|
|
|
|
2022-10-17 16:50:56 |
Fashion brand SHEIN fined $1.9m for lying about data breach (lien direct) |
Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth? |
Data Breach
|
|
|
|
2022-10-07 16:14:07 |
WhatsApp goes after Chinese password scammers via US court (lien direct) |
If you can't beat 'em, sue 'em! |
|
|
|
|
2022-09-29 18:45:29 |
S3 Ep102: How to avoid a data breach [Audio + Transcript] (lien direct) |
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news... |
Data Breach
|
|
|
|
2022-09-28 13:55:20 |
Optus breach – Aussie telco told it will have to pay to replace IDs (lien direct) |
Licence compromised? Passport number burned? Need a new one? Who's going to pay? |
|
|
|
|
2022-09-27 16:51:17 |
WhatsApp “zero-day exploit” news scare – what you need to know (lien direct) |
Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be? |
|
|
|
|
2022-09-19 16:59:05 |
LastPass source code breach – incident response report released (lien direct) |
Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example. |
Data Breach
|
LastPass
|
|
|
2022-09-17 20:57:38 |
S3 Ep100.5: Uber breach – an expert speaks [Audio + Text] (lien direct) |
Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't." |
|
Uber
Uber
|
|
|
2022-09-15 18:50:37 |
S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text] (lien direct) |
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT... |
|
|
|
|
2022-09-01 16:55:43 |
S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text] (lien direct) |
Latest episode - listen now! |
|
LastPass
|
|
|
2022-08-29 16:59:25 |
LastPass source code breach – do we still recommend password managers? (lien direct) |
What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely? |
|
LastPass
|
|
|
2022-08-23 15:35:37 |
Bitcoin ATMs leeched by attackers who created fake admin accounts (lien direct) |
The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes. |
|
|
|