What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
NakedSecurity.webp 2023-08-22 17:56:44 Les ampoules intelligentes pourraient donner vos secrets de mot de passe
Smart light bulbs could give away your password secrets
(lien direct)
La cryptographie n'est pas à peu près le secret.Vous devez prendre soin de l'authenticité (pas d'imposteurs!) Et de l'intégrité (pas de falsification!).
Cryptography isn\'t just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well.
★★★
NakedSecurity.webp 2023-08-10 13:34:14 S3 EP147: Et si vous tapez votre mot de passe lors d'une réunion?
S3 Ep147: What if you type in your password during a meeting?
(lien direct)
Dernier épisode - Écoutez maintenant!(Transcription complète à l'intérieur.)
Latest episode - listen now! (Full transcript inside.)
★★
NakedSecurity.webp 2023-08-02 23:36:23 Les performances et la sécurité s'affrontent encore une fois dans l'attaque «collide + puissance»
Performance and security clash yet again in “Collide+Power” attack
(lien direct)
C'est une véritable vulnérabilité, mais le taux de fuite des données peut être aussi faible que ... que \\ dise simplement qu'une copie de qualité IMAX du nouveau film "Oppenheimer" pourrait vous prendre 4 milliards d'années pour exfiltration.
It\'s a real vulnerability, but the data leakage rate can be as low as... let\'s just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.
★★★
NakedSecurity.webp 2023-07-31 16:57:27 La SEC exige la limite de divulgation de quatre jours pour les violations de la cybersécurité
SEC demands four-day disclosure limit for cybersecurity breaches
(lien direct)
Quand une attaque de ransomware est-elle une question à signaler?Et depuis combien de temps devez-vous décider?
When is a ransomware attack a reportable matter? And how long have you got to decide?
Ransomware ★★
NakedSecurity.webp 2023-07-24 23:18:20 Apple expédie que le récent correctif de logiciel de logiciels «à réponse rapide» à tout le monde, corrige un deuxième jour zéro
Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day
(lien direct)
Un autre mois, un autre correctif pour les logiciels malveillants iPhone dans le monde (et bien plus encore).
Another month, another patch for in-the-wild iPhone malware (and a whole lot more).
Malware ★★
NakedSecurity.webp 2023-06-26 15:35:42 Hacker britannique cassé en Espagne obtient 5 ans sur Twitter Hack et plus
UK hacker busted in Spain gets 5 years over Twitter hack and more
(lien direct)
Pas seulement ce tristement célèbre piratage de Twitter, mais aussi l'échange de sim
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...
Hack ★★
NakedSecurity.webp 2023-06-15 16:43:49 S3 EP139: Les règles de mot de passe sont-elles comme courir sous la pluie?
S3 Ep139: Are password rules like running through rain?
(lien direct)
Dernier épisode - Écoutez maintenant!(Transcription complète à l'intérieur.)
Latest episode - listen now! (Full transcript inside.)
★★
NakedSecurity.webp 2023-06-13 16:43:22 Le malware bancaire de Gozi «It Chief» a finalement emprisonné après plus de 10 ans
Gozi banking malware “IT chief” finally jailed after more than 10 years
(lien direct)
Le trio de Gozi depuis la fin des années 2000 et le début des années 2010, tous inculpés, condamnés et condamnés.Le DOJ est arrivé à la fin ...
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...
Malware ★★
NakedSecurity.webp 2023-06-09 16:58:50 Réflexions sur les changements de mot de passe planifiés (ne les appelez pas les rotations!)
Thoughts on scheduled password changes (don\\'t call them rotations!)
(lien direct)
L'échange de votre mot de passe en fait-il un meilleur mot de passe?
Does swapping your password regularly make it a better password?
★★
NakedSecurity.webp 2023-06-05 17:59:29 Exploit Moveit Zero-Day utilisé par les gangs de violation de données: comment, le pourquoi et ce qu'il faut faire…
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…
(lien direct)
Little Bobby Tables est de retour!
Little Bobby Tables is back!
Data Breach ★★
NakedSecurity.webp 2023-05-31 17:39:00 Sécurité sérieuse: que Keepass «Master Password Crack» et ce que nous pouvons en apprendre
Serious Security: That KeePass “master password crack”, and what we can learn from it
(lien direct)
Ici, dans un bref certes discursif, l'histoire fascinante du CVE-2023-32784.(Version courte: Don \\ 't Panic.)
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don\'t panic.)
★★
NakedSecurity.webp 2023-05-25 16:50:03 S3 EP136: Navigation d'un Maelstrom de logiciel malveillant Manic
S3 Ep136: Navigating a manic malware maelstrom
(lien direct)
Dernier épisode - Écoutez maintenant.Transcription complète à l'intérieur ...
Latest episode - listen now. Full transcript inside...
Malware ★★
NakedSecurity.webp 2023-05-24 17:59:23 Contes de ransomware: l'attaque MITM qui avait vraiment un homme au milieu
Ransomware tales: The MitM attack that really had a Man in the Middle
(lien direct)
Un autre initié traître, éclaté par des journaux système qui ont donné son jeu.
Another traitorous insider, busted by system logs that gave his game away.
Ransomware ★★★★
NakedSecurity.webp 2023-05-23 16:45:32 Le référentiel de code open-source PYPI traite de Manic malware Maelstrom
PyPI open-source code repository deals with manic malware maelstrom
(lien direct)
Outage contrôlé utilisé pour empêcher les maraudeurs de logiciels malveillants de gommer les travaux.Apprenez ce que vous pouvez faire pour aider à l'avenir ...
Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...
Malware ★★
NakedSecurity.webp 2023-05-17 16:40:11 Les États-Unis offrent une prime de 10 millions de dollars pour le suspect radiso-rançon
US offers $10m bounty for Russian ransomware suspect outed in indictment
(lien direct)
"Jusqu'à 10 millions de dollars pour des informations qui mènent à l'arrestation et / ou à la condamnation de cet accusé."
"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."
Ransomware ★★
NakedSecurity.webp 2023-05-04 13:12:17 Journée mondiale des mots de passe: 2 + 2 = 4
World Password Day: 2 + 2 = 4
(lien direct)
Nous l'avons gardé court et simple, sans sermons, sans jugement, sans tubumping ... et sans boutons d'achat maintenant.Passe une bonne journée!
We\'ve kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!
★★
NakedSecurity.webp 2023-04-30 01:23:38 MAC malware-for-hire vole des mots de passe et des cryptocoques, envoie des «journaux de criminalité» via le télégramme
Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram
(lien direct)
Ces colporteurs de logiciels malveillants vont spécifiquement après les utilisateurs de Mac.L'indice \\ est dans le nom: "ATOMIC MACOS Stealer", ou Amos pour faire court.
These malware peddlers are specifically going after Mac users. The hint\'s in the name: "Atomic macOS Stealer", or AMOS for short.
Malware ★★
NakedSecurity.webp 2023-04-27 16:55:18 S3 EP132: La preuve de concept permet à toute personne pirater à volonté
S3 Ep132: Proof-of-concept lets anyone hack at will
(lien direct)
Quand Doug dit: "Happy Remote Code Execution Day, Duck" ... c'est l'ironie.Pour éviter tout doute :-)
When Doug says, "Happy Remote Code Execution Day, Duck"... it\'s irony. For the avoidance of all doubt :-)
Hack ★★★
NakedSecurity.webp 2023-04-25 17:53:39 Papercut Security Vulnérabilités sous attaque active & # 8211;Le vendeur exhorte les clients à patcher
PaperCut security vulnerabilities under active attack – vendor urges customers to patch
(lien direct)
Si vous avez le produit, mais que vous n'avez pas corrigé - eh bien, les escrocs ont maintenant atterri, alors veuillez ne pas tarder.Fais-le aujourd'hui...
If you have the product, but you haven\'t patched - well, the crooks have now landed, so please don\'t delay. Do it today...
★★
NakedSecurity.webp 2023-04-10 20:20:44 Les correctifs de logiciels spyware d'Apple Zero-Day étendus pour couvrir les Mac, iPhones et iPads plus anciens
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
(lien direct)
Ce combo de bugs spyware de navigateur Apple Double-Whammy Apple que nous avons rédigé la semaine dernière?Il s'avère qu'il s'applique à tous les Mac et IDEvices pris en charge - Patch maintenant!
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
★★
NakedSecurity.webp 2023-04-08 01:20:44 Apple émet des correctifs d'urgence pour les exploits de style spyware 0-jour & # 8211;Mettez à jour maintenant!
Apple issues emergency patches for spyware-style 0-day exploits – update now!
(lien direct)
Un bug pour pirater votre navigateur, puis un bug pour PWN le noyau ... signalé dans le Wild by Amnesty International.
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.
Hack ★★★
NakedSecurity.webp 2023-04-06 14:57:50 S3 EP129: Lorsque les logiciels espions proviennent de quelqu'un en qui vous avez confiance
S3 Ep129: When spyware arrives from someone you trust
(lien direct)
Outils de numérisation, logiciels malveillants de la chaîne d'approvisionnement, piratage Wi-Fi et pourquoi il devrait y avoir deux jours de sauvegarde du monde ... écoutez maintenant!
Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!
★★
NakedSecurity.webp 2023-04-05 18:49:18 Hack et entrez!Les portes de garage «sécurisées» que n'importe qui peut ouvrir de n'importe où & # 8211;Que souhaitez-vous savoir
Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know
(lien direct)
Prenez un message / lecture / vous êtes juste joué / un grand hack phat ...
Grab a message/Play it back/You\'ve just performed/A big phat hack...
Hack ★★
NakedSecurity.webp 2023-03-17 17:56:10 Dangerous Android phone 0-day bugs revealed – patch or work around them now! (lien direct) Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation. ★★★
NakedSecurity.webp 2023-02-28 02:23:16 LastPass: The crooks used a keylogger to crack a corporatre password vault (lien direct) Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer. LastPass ★★
NakedSecurity.webp 2023-02-16 17:46:04 S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text] (lien direct) Latest episode - listen now! (Full transcript inside.) ★★★
NakedSecurity.webp 2023-02-14 13:08:32 Apple fixes zero-day spyware implant bug – patch now! (lien direct) Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet! ★★
NakedSecurity.webp 2023-02-13 17:59:24 Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug (lien direct) Conditional code considered cryptographically counterproductive. ★★★
NakedSecurity.webp 2023-02-03 17:59:21 OpenSSH fixes double-free memory bug that\'s pokable over the network (lien direct) It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code... ★★★
NakedSecurity.webp 2023-01-03 17:03:41 Inside a scammers\' lair: Ukraine busts 40 in fake bank call-centre raid (lien direct) When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you! ★★
NakedSecurity.webp 2022-12-23 17:58:52 LastPass finally admits: They did steal your password vaults after all (lien direct) The crooks now know who you are, where you live, which computers are yours... and they got those password vaults, too. LastPass
NakedSecurity.webp 2022-12-14 01:13:40 Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware (lien direct) Tales of derring-do in the cyberunderground! (And some zero-days.) Malware ★★
NakedSecurity.webp 2022-12-13 17:58:30 COVID-bit: the wireless spyware trick with an unfortunate name (lien direct) It's not the switching that's the problem, it's the switching of the switching! ★★
NakedSecurity.webp 2022-12-02 01:10:59 LastPass admits to customer data breach caused by previous breach (lien direct) Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round. Data Breach LastPass ★★★
NakedSecurity.webp 2022-11-29 17:58:21 TikTok “Invisible Challenge” porn malware puts us all at risk (lien direct) An injury to one is an injury to all. Especially if the other people are part of your social network. Malware ★★★
NakedSecurity.webp 2022-11-22 17:54:04 How to hack an unpatched Exchange server with rogue PowerShell code (lien direct) Review your servers, your patches and your authentication policies - there's a proof-of-concept out Hack ★★★★
NakedSecurity.webp 2022-11-17 17:52:27 S3 Ep109: How one leaked email password could drain your business (lien direct) Latest episode - listen now! Cybersecurity news plus loads of great advice...
NakedSecurity.webp 2022-11-11 17:59:12 Dangerous SIM-swap lockscreen bypass – update Android now! (lien direct) A bit like leaving the front door keys under the doormat...
NakedSecurity.webp 2022-10-21 16:25:57 When cops hack back: Dutch police fleece DEADBOLT criminals (legally!) (lien direct) Crooks: Show us the money! Cops: How about you show us the decryption keys first? Hack
NakedSecurity.webp 2022-10-17 16:50:56 Fashion brand SHEIN fined $1.9m for lying about data breach (lien direct) Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth? Data Breach
NakedSecurity.webp 2022-10-07 16:14:07 WhatsApp goes after Chinese password scammers via US court (lien direct) If you can't beat 'em, sue 'em!
NakedSecurity.webp 2022-09-29 18:45:29 S3 Ep102: How to avoid a data breach [Audio + Transcript] (lien direct) Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news... Data Breach
NakedSecurity.webp 2022-09-28 13:55:20 Optus breach – Aussie telco told it will have to pay to replace IDs (lien direct) Licence compromised? Passport number burned? Need a new one? Who's going to pay?
NakedSecurity.webp 2022-09-27 16:51:17 WhatsApp “zero-day exploit” news scare – what you need to know (lien direct) Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?
NakedSecurity.webp 2022-09-19 16:59:05 LastPass source code breach – incident response report released (lien direct) Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example. Data Breach LastPass
NakedSecurity.webp 2022-09-17 20:57:38 S3 Ep100.5: Uber breach – an expert speaks [Audio + Text] (lien direct) Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't." Uber Uber
NakedSecurity.webp 2022-09-15 18:50:37 S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text] (lien direct) Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...
NakedSecurity.webp 2022-09-01 16:55:43 S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text] (lien direct) Latest episode - listen now! LastPass
NakedSecurity.webp 2022-08-29 16:59:25 LastPass source code breach – do we still recommend password managers? (lien direct) What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely? LastPass
NakedSecurity.webp 2022-08-23 15:35:37 Bitcoin ATMs leeched by attackers who created fake admin accounts (lien direct) The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes.
Last update at: 2024-03-29 14:09:29
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter