What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
MalwarebytesLabs.png 2019-03-18 14:57:01 A week in security (March 11 – 17) (lien direct) A roundup of security news from March 11–17 covering our most recent blogs and other news, including Lazarus Group, Emotet, PSD2, reputation management, Google\'s Nest, and Firefox Send.

Categories:

Security world Week in security

Tags:

(Read more...)

The post A week in security (March 11 – 17) appeared first on Malwarebytes Labs.

AlienVault.png 2019-03-18 13:00:00 All about security analytics (lien direct)

With or without a security operations center, and whether your network is on premises, in the cloud, or a hybrid, you need to determine which events and indicators correlate with cyber attacks. Organizations these days face a wider range and greater frequency of cyber threats than ever before. These threats can be from APTs (advanced persistent threats), cyberwarfare, promiscuous attacks through bots and botnets, script kiddies, malware-as-a-service via the Dark Web, or even internal attacks from entities within your organization. Everything from distributed denial of service attacks (DDoS) to cryptojacking, from man-in-the-middle attacks to spear phishing, from ransomware to data breaches hit businesses of all sizes and in all industries constantly and every single day. It’s perfectly normal to find it all to be overwhelming!

But implementing the right tools and practices can help you make sense of all of the cacophony. That’s where cybersecurity analytics can be useful. Several years ago, security analytics became something of a buzzword, but it’s as relevant now as ever.

Cybersecurity data analytics explained

So what is it exactly? It’s actually quite simple.

Security analytics isn’t one particular type of tool or system. It is a way of thinking about cybersecurity proactively. It involves analyzing your network’s data from a multitude of sources in order to produce and maintain security measures. It’s all about aggregating data from every possible source and finding the “forests” that all of those “trees” of logs and other recorded details are a part of. Of course, being able to identify the “forests” can make it easier to not only put out “forest fires” of cyber attacks, but also prevent “forest fires” in the future.

Security analytics sources and tools

Here are some of the different types of data sources which can be used in your cybersecurity analytics practices:

  • Cloud resources
  • User data acquired from endpoints
  • Logs from network security appliances, such as firewalls, IPS, and IDS
  • Network traffic and its patterns
  • Identity and access management logs
  • Threat intelligence
  • Geolocation data
  • Mobile devices and storage mediums connected via WiFi, Ethernet, and USB
  • Antivirus applications
  • Business specific applications

There are some types of tools which your network can deploy which pertain to cybersecurity analytics. They include:

  • Code analysis applications to find vulnerabilities in software and scripting
  • File analysis tools to explore files in ways which may go beyond malware detection
  • Log analysis applications for firewalls, IDS, IPS, networked print devices, servers, and endpoints
  • SOC (security operations center) specific applications to organize data in a way which is useful for their functions
  • DLP (data loss prevention) tools

Security analytics use cases

Properly implemented cybersecurity analytics can not only improve your network’s security posture, but also help your organization with regulatory compliance needs. There are many industry-specific regulations which require log data collection and activity monitoring. HIPAA and PCI-DSS are just a couple of them.

It can even help show your organization’s stakeholders and management which security measures and policies are useful and worthy of investment.

Using an analytics approach and the right tools have the benefit of being able to

securityintelligence.png 2019-03-18 12:45:01 The Biggest Stories From RSAC 2019: What Scares the Cybersecurity Experts? (lien direct)

>When the perspectives of CISOs and experts at RSAC 2019 are viewed as a continuum, you can begin to see a story emerging about the state of cybersecurity in 2019.

The post The Biggest Stories From RSAC 2019: What Scares the Cybersecurity Experts? appeared first on Security Intelligence.

ZDNet.png 2019-03-18 11:23:00 Is it still a good idea to publish proof-of-concept code for zero-days? (lien direct)

Time and time again, the publication of PoC code for zero-days and recently patched security bugs often helps hackers more than end-users.

grahamcluley.png 2019-03-18 11:21:05 53% of Britain\'s most frequent porn watchers aren\'t aware that they\'re about to be blocked (lien direct)
53% of Britain's most frequent porn watchers aren't aware that they're about to be blocked

A new survey has revealed that the majority of Brits are blissfully unaware that next month the UK Government will be requiring porn websites to verify that their users have obtained a “porn passport.”

The_State_of_Security.png 2019-03-18 10:58:04 Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware (lien direct)

A spam campaign is using two recent crashes involving Boeing 737 Max aircraft to distribute malware to unsuspecting users. Discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, the campaign sends out attack emails that come from “info@isgec.com” with the subject line “Fwd: Airlines plane crash Boeing 737 Max 8.” […]… Read More

The post Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware appeared first on The State of Security.

ZDNet.png 2019-03-18 10:44:02 UK code breakers release Enigma war machine simulator (lien direct)

You can also try out Bombe and Typex code-cracking for yourself.

grahamcluley.png 2019-03-18 10:21:03 Myspace has lost all the music users uploaded between 2003 and 2015 (lien direct)
MySpace has lost all the music users uploaded between 2003 to 2015

You cannot trust the likes of Myspace to look after your data securely. Use internet services to archive your content if you wish, but you\'d be wise to have your own backup too.

Blog.png 2019-03-18 09:19:00 NEW TECH: SyncDog vanquishes BYOD risk by isolating company assets on a secure mobile app (lien direct)

The conundrum companies face with the Bring Your Own Device phenomenon really has not changed much since iPhones and Androids first captured our hearts, minds and souls a decade ago. Related: Malvertising threat lurks in all browsers People demand the latest, greatest mobile devices, both to be productive and to stay connected to their personal […]

globalsecuritymag.png 2019-03-18 09:01:01 Vigil@nce - Linux kernel : memory corruption via sk_clone_lock (lien direct)

This bulletin was written by Vigil@nce : https://vigilance.fr/offer/Computer... SYNTHESIS OF THE VULNERABILITY Impacted products : Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu. Severity : 2/4. Consequences : administrator access/rights, denial of service on server, denial of service on service. Provenance : user shell. Confidence : confirmed by the editor (5/5). Creation date : 18/01/2019. DESCRIPTION OF THE (...) - Vulnérabilités

globalsecuritymag.png 2019-03-18 09:00:02 Vigil@nce - Noyau Linux : corruption de mémoire via sk_clone_lock (lien direct)

Ce bulletin a été rédigé par Vigil@nce : https://vigilance.fr/offre/Vulnerab... SYNTHÈSE DE LA VULNÉRABILITÉ Produits concernés : Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu. Gravité : 2/4. Conséquences : accès/droits administrateur, déni de service du serveur, déni de service du service. Provenance : shell utilisateur. Confiance : confirmé par l\'éditeur (5/5). Date création : 18/01/2019. DESCRIPTION DE LA VULNÉRABILITÉ Un (...) - Vulnérabilités

TechWorm.png 2019-03-18 04:59:05 Most Of Android Antivirus Apps Are Fake And Ineffective (lien direct)

Two-thirds of Android antivirus apps are frauds and fail to provide protection A recent report published by an Austrian antivirus-testing lab revealed that almost two-thirds of all Android antivirus apps are fake, unsafe or ineffective. The antivirus-testing lab, AV-Comparatives conducted research on 250 Android antivirus apps in Google Play Store against 2,000 malware samples. The […]

The post Most Of Android Antivirus Apps Are Fake And Ineffective appeared first on TechWorm.

CSO.png 2019-03-18 03:31:00 Ransomware attack drives city to seek greater network visibility (lien direct)

Local governments have been under siege from ransomware attacks in recent years. Colorado announced a state of emergency and called in the National Guard\'s cyber team to help after its Department of Transportation was hit with SamSam ransomware in February 2018. March 2018 saw the City of Atlanta crippled by SamSam in an attack that cost an estimated $2.6 million to fix (against an original ransom of $52,000). In January 2019, the website for Dublin\'s Luas tram system also fell victim to an extortion attack.

To read this article in full, please click here

Chercheur.png 2019-03-17 23:25:00 Why Phone Numbers Stink As Identity Proof (lien direct)

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they\'ve become de facto identities. At the same time, when you lose control over a phone number -- maybe it\'s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments -- whoever inherits that number can then be you in a lot of places online.

The_Hackers_News.png 2019-03-17 23:17:00 Round 4 - Hacker Puts 26 Million New Accounts Up For Sale On Dark Web (lien direct)

A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web. The Hacker News today received a new email from the Pakistani hacker, who goes by online alias Gnosticplayers and previously claimed to have hacked dozens of

zataz.png 2019-03-17 21:31:01 Data leak : 2,2 millions de mails et mots de passe de Français diffusés sur le web (lien direct)

Data leak ! Un espace numérique pirate diffuse un fichier comprenant plus de 2 millions d’identifiants de connexion appartenant à des Français. Dans le petit monde des pirates informatiques, une fois qu’une données a été pressée comme un citron, elle est diffusée, lâchée en pâture a qui ...

Cet article Data leak : 2,2 millions de mails et mots de passe de Français diffusés sur le web est apparu en premier sur ZATAZ.

ZDNet.png 2019-03-17 18:15:00 Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web (lien direct)

Gnosticplayers returns with new user records, most of which he obtained by hacking companies last month.

ZDNet.png 2019-03-17 16:43:04 Microsoft releases Application Guard extension for Chrome and Firefox (lien direct)

Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live.

ZDNet.png 2019-03-17 02:59:02 Dutch hacker who DDoSed the BBC and Yahoo News gets no jail time (lien direct)

Hacker used a Mirai botnet to DDoS companies and ask for ransoms to stop attacks.

ZDNet.png 2019-03-16 16:44:02 Android Q to get a ton of new privacy features (lien direct)

Coming to Android Q: MAC address randomization, new location data permission popup, no more clipboard sniffing.

WiredThreatLevel.png 2019-03-16 14:00:00 Space Photos of the Week: One Last Piece of the Moon Rock (lien direct)

NASA is releasing some of its last samples from the lunar surface to scientists.

SecurityAffairs.png 2019-03-16 13:46:02 Israeli Candidate for PM Benny Gantz hacked by Iranian cyberspies (lien direct)

Israeli media reported this week that the Shin Bet internal security service warned Benny Gantz that Iranian cyber spies hacked his cellphone exposing his personal data. Iranian hackers targeted the campaign of the former Israeli military chief Benny Gantz who is a leading challenger to Prime Minister Netanyahu in next elections. According to the Israeli […]

The post Israeli Candidate for PM Benny Gantz hacked by Iranian cyberspies appeared first on Security Affairs.

WiredThreatLevel.png 2019-03-16 13:00:00 Beto O\'Rourke Belonged to an Infamous \'90s Hacker Group (lien direct)

Facial recognition, DuckDuckGo on Chrome, and more security news this week.

WiredThreatLevel.png 2019-03-16 13:00:00 Here\'s An Idea: Replace Trials with Virtual Reality Duels (lien direct)

Sci-fi author Ben Bova thinks it\'s a viable alternative to prolonged, expensive lawsuits.

WiredThreatLevel.png 2019-03-16 12:00:00 How Does Music Affect Your Brain? Every Way Imaginable (lien direct)

In the latest episode of \'Tech Effects,\' we investigated how music gets into our brains-and our bodies.

WiredThreatLevel.png 2019-03-16 12:00:00 19 Best Tech Deals on Cheap Earbuds, Apple Watches, and More (lien direct)

Whether your weekend plans include relaxing in a beach chair or vacuuming your floor, we have a deal for you.

WiredThreatLevel.png 2019-03-16 12:00:00 Corporations Are Co-Opting Right-to-Repair (lien direct)

Opinion: Manufacturers are offering more repair options than ever before. But they still aren\'t giving people the true freedom to fix what they want when they want.

WiredThreatLevel.png 2019-03-16 11:00:00 Why You Should (Still) Be Playing Halo in 2019 (lien direct)

Now that the series is coming to PC, you can play them all over again-and take a unique lesson from two of the installments in particular.

WiredThreatLevel.png 2019-03-16 11:00:00 Most Android Antivirus Apps Are Garbage (lien direct)

Fraudulent and ineffective antivirus apps persist on the Google Play Store, and it\'s unclear whether they\'ll ever totally go away.

WiredThreatLevel.png 2019-03-16 11:00:00 Samsung Galaxy Watch Active Review: A Great Wearable for Exercise Tracking (lien direct)

A sleek, lightweight way to track your activity, especially if you carry a Samsung phone.

SecurityAffairs.png 2019-03-16 10:11:01 German legislative body wants to tighten penalties against black marketplace operators (lien direct)

Germany’s states have decided to criminalize black marketplace operators with the introduction of specific federal legislation. Germany’s states have voted to punish operators of dark web platforms with the introduction of federal legislation. The legislation aims at criminalizing every operator behind darkweb marketplaces where illegal activities take place. This Friday, therefore, the German Federal Council […]

The post German legislative body wants to tighten penalties against black marketplace operators appeared first on Security Affairs.

SecurityAffairs.png 2019-03-16 06:43:04 Secur Solutions Group data leak exposes 800,000 Singapore blood donors (lien direct)

Secur Solutions Group data leak – Another clamorous data leak made the headlines, personal information of 808,201 blood donors in Singapore was exposed online. The news was first reported by The Straits Times, the huge trove of data was contained in a database operated by the Secur Solutions Group Pte Ltd (SSG). People who registered […]

The post Secur Solutions Group data leak exposes 800,000 Singapore blood donors appeared first on Security Affairs.

BBC.png 2019-03-16 04:46:01 Christchurch shootings: Sajid Javid warns tech giants over footage (lien direct)

The home secretary says firms "must do more" after the New Zealand attack was shown live on Facebook.

TechRepublic.png 2019-03-16 02:51:00 AWS contributes to Elasticsearch, and critics say it\'s kneecapping competitors? (lien direct)

First, AWS wasn\'t contributing enough code. Now that it is, only cash seems to matter.

ZDNet.png 2019-03-15 23:53:03 Fujitsu wireless keyboard model vulnerable to keystroke injection attacks (lien direct)

There are slim chances that Fujitsu will release a patch.

no_ico.png 2019-03-15 23:04:01 National Cyber Security Programme Faces Criticism (lien direct)

Following the news that the National Cyber Security Programme is facing criticism over the way it was set up in 2016, and therefore is unlikely to meet its targets, Jake Moore, Cyber Security Specialist at ESET commented below.  Jake Moore, Cyber Security Specialist at ESET: “In 2016, £1.9billion may have sounded like a huge financial injection but cyber security …

The ISBuzz Post: This Post National Cyber Security Programme Faces Criticism appeared first on Information Security Buzz.

WiredThreatLevel.png 2019-03-15 23:02:01 How Tesla\'s Model Y Compares to Other Electric SUVs (Charts) (lien direct)

Elon Musk\'s latest creation is entering a crowded market. Here\'s how its specs match those of Audi, Jaguar, Mercedes, and more.

bleepingcomputer.png 2019-03-15 22:19:02 Windows 10 Insider Preview Build 18358 Fixes Poor Game Performance (lien direct)

Microsoft has released Windows 10 Insider Preview Build 18358 (19H1) to Insiders in the Fast ring. This release is mostly bug fixes as the build gets ready for release, which includes a fix for low streaming and recording quality in Game Mode. [...]

WiredThreatLevel.png 2019-03-15 21:28:04 Gadget Lab Podcast: Flickr Cofounder Caterina Fake Weighs In On Big Tech (lien direct)

Caterina Fake says it\'s time to ask whether tech should exist, rather than asking if it can exist or if funds are available for it.

TechRepublic.png 2019-03-15 21:21:00 Facebook-Cambridge Analytica privacy scandal: Your data still isn\'t secure (lien direct)

On the one-year anniversary of the Facebook-Cambridge Analytica data privacy scandal, Dan Patterson advises companies to stay vigilant and keep data locked down and secure.

WiredThreatLevel.png 2019-03-15 21:19:03 Kids and Teens Strike Against Adults\' Climate Screw-Ups (lien direct)

Across the planet, children skipped school to protest inaction on climate change: "Just \'cause we\'re kids doesn\'t mean we have childish opinions."

WiredThreatLevel.png 2019-03-15 21:15:00 How Investigators Pull Data off a Boeing 737\'s Black Boxes (lien direct)

Figuring out what happened to Ethiopian Flight 302 may involve baking the black box recorders in an oven, but the information investigators recover can be crucial to preventing future crashes.

WiredThreatLevel.png 2019-03-15 20:58:05 The Mosque Shooter Laid Bare the Post-Shooting Internet Cycle (lien direct)

The gunman who killed at least 49 people at mosques in New Zealand live-streamed the massacres, and left unusually detailed writings.

securityintelligence.png 2019-03-15 20:45:02 How Patch Posture Reporting Improves Security Landscapes (lien direct)

>If your vulnerability management tools do not report on your company\'s patch posture, you may be missing crucial holes in your software that are ripe for exploitation.

The post How Patch Posture Reporting Improves Security Landscapes appeared first on Security Intelligence.

ZDNet.png 2019-03-15 20:15:00 Database leaks 250K legal documents, some marked \'not designated for publication\' (lien direct)

Database taken down two weeks later. Owner never identified.

TechRepublic.png 2019-03-15 19:45:03 Top 5 data recovery tips (lien direct)

Losing data can be a scary experience. Tom Merritt offers five helpful tips for creating a data recovery plan.

no_ico.png 2019-03-15 19:00:01 Cambridge Analytica Scandal – One Year On (lien direct)

In light of the one-year anniversary of the Cambridge Analytica scandal on Sunday 17th March, please see below for a comment from Jasmit Sagoo, senior director at Veritas. Jasmit explains how in the last year, the way consumers create and share data has changed, as have their expectations of how businesses should use their data.   Jasmit Sagoo, Senior Director at Northern …

The ISBuzz Post: This Post Cambridge Analytica Scandal – One Year On appeared first on Information Security Buzz.

SecurityWeek.png 2019-03-15 18:55:02 Google Took Down 2.3 Billion Bad Ads in 2018 (lien direct)

Google this week revealed that it took down 2.3 billion bad ads last year, including 58.8 million phishing ads.

The ads were taken down for violations of both new and existing policies, and the Internet company said it faced challenges in areas where online advertising was used to scam or defraud users offline.

read more

grahamcluley.png 2019-03-15 18:53:00 Zillow sued for $60 million after mansion listing hijacked (lien direct)
Zillow sued for $60 million after mansion listing hijacked

A hacker knocked millions off the listed price of an incredibly expensive home, and its owners aren\'t at all happy…

SecurityWeek.png 2019-03-15 18:42:04 E-Commerce Company Gearbest Leaked User Information (lien direct)

Chinese e-commerce company Gearbest has failed to properly secure some of its databases, thus leaking users\' personally identifiable information (PII), VPNMentor\'s researchers have discovered. Gearbest has downplayed the impact of the incident, which it has blamed on an error made by a member of its security team.

read more

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

Information mise à jours le: 2019-03-26 04:01:32
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter