What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
WiredThreatLevel.png 2019-09-14 13:00:00 \'Simjacker\' Attack Can Track Phones Just by Sending a Text (lien direct)

White house spying, North Korea sanctions, and more of the week\'s top security news.

WiredThreatLevel.png 2019-09-14 13:00:00 Old Sci-Fi Movies Probably Aren\'t as Good as You Remember (lien direct)

Watching \'Buck Rogers in the 25th Century\' can be quite a shock in the 21st.

SecurityAffairs.png 2019-09-14 12:50:58 Hackers stole payment data from Garmin South Africa shopping portal (lien direct)

Garmin, the multinational company focused on GPS technology for automotive, aviation, marine, outdoor, and sport activities is victim of a data breach. Garmin is the victim of a data breach, it is warning customers in South Africa that shopped on the shop.garmin.co.za portal that their personal info and payment data were exposed. The stolen data, included […]

The post Hackers stole payment data from Garmin South Africa shopping portal appeared first on Security Affairs.

ArsTechnica.png 2019-09-14 12:15:13 (Déjà vu) New clues show how Russia\'s grid hackers aimed for physical destruction (lien direct)

2016 Russian cyberattack on Ukraine intended to cause far more damage than it did.

WiredThreatLevel.png 2019-09-14 12:00:00 8 Best Zink Instant Cameras & Printers (Zero Ink, Inkless) (lien direct)

We\'ve been testing inkless "Zero Ink" printers and instant cameras for months. These are our favorites.

bleepingcomputer.png 2019-09-14 11:32:31 iOS 13 Passcode Bypass Lets You View Contacts on Locked Devices (lien direct)

Just eight days before Apple plans to release iOS 13, a security researcher has disclosed a passcode bypass that allows you to view the contacts on a locked device. [...]

WiredThreatLevel.png 2019-09-14 11:00:00 What Are Zero-Knowledge Proofs? (lien direct)

How do you make blockchain and other transactions truly private? With mathematical models known as zero-knowledge proofs.

WiredThreatLevel.png 2019-09-14 11:00:00 You Too Can Make These Fun Games (No Experience Necessary) (lien direct)

Games built with the open source tool Bitsy are often more like stories. Our writer created one in two hours.

Tool
WiredThreatLevel.png 2019-09-14 11:00:00 6 Reasons to Ditch Google\'s Chrome Browser for Vivaldi on Android (lien direct)

An innovative browser has launched on Android for the first time. Here\'s why you might want to give it a shot.

WiredThreatLevel.png 2019-09-14 11:00:00 14 Great Tech Deals on Phones, Tablets, TVs, and Dongles (lien direct)

Have an iPhone 11 hangover? These tech discounts may perk you up.

bleepingcomputer.png 2019-09-14 10:30:12 InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information (lien direct)

A remote access Trojan (RAT) dubbed InnfiRAT by the Zscaler ThreatLabZ team which took a closer look at its inner-workings comes with extensive sensitive information collection capabilities, including cryptocurrency wallet data. [...]

Malware
The_Hackers_News.png 2019-09-14 03:16:10 US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks (lien direct)

The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean

bleepingcomputer.png 2019-09-14 01:51:17 (Déjà vu) Destructive Ordinypt Malware Hitting Germany in New Spam Campaign (lien direct)

A new spam campaign is underway that pretends to be a job application from "Eva Richter" who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim\'s files by installing the Ordinypt Wiper. [...]

Spam,Malware
bleepingcomputer.png 2019-09-14 01:51:17 New Fake \'Eva Richter\' Resume Spam Aims to Destroy Files (lien direct)

A new spam campaign is underway that pretends to be a job application from "Eva Richter" who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim\'s files by installing the Ordinypt Wiper. [...]

Spam
ZDNet.png 2019-09-13 22:36:03 Disqus & Kickstarter hacker warns against password reuse (lien direct)

Former hacker aims for a white-hat career, apologizes to one of his victims, and gives out advice to users.

MalwarebytesLabs.png 2019-09-13 20:44:52 Hacking with AWS: incorporating leaky buckets into your OSINT workflow (lien direct) When penetration testing for an organization, what OSINT tactics can researchers employ? We discuss how hacking with AWS buckets can provide more recon data and uncover any leaks.

Categories:

Researcher\'s corner

Tags:

(Read more...)

The post Hacking with AWS: incorporating leaky buckets into your OSINT workflow appeared first on Malwarebytes Labs.

bleepingcomputer.png 2019-09-13 20:40:25 The Week in Ransomware - September 13th 2019 - Exploit Kits (lien direct)

This week was your standard mix of new variants of existing ransomware and new ransomware families being released. [...]

Ransomware
WiredThreatLevel.png 2019-09-13 20:37:30 Loot Boxes Should Be Regulated as Gambling, Parliament Says (lien direct)

Also: PewDiePie canceled his donation to the Anti-Defamation League, and \'Control\' might get a major crossover.

TechRepublic.png 2019-09-13 20:33:33 How to use "Peeking In" app navigation on Android 10 (lien direct)

Android 10 brings an even more refined gesture system with the advent of "Peeking In" navigation.

SecurityAffairs.png 2019-09-13 20:21:12 The US Treasury placed sanctions on North Korea linked APT Groups (lien direct)

The US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The US Treasury sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The groups are behind several hacking operations that resulted in the theft of hundreds of millions of dollars from financial institutions and cryptocurrency exchanges […]

The post The US Treasury placed sanctions on North Korea linked APT Groups appeared first on Security Affairs.

TechRepublic.png 2019-09-13 20:18:18 How to install OpenShift Origin on Ubuntu 18.04 (lien direct)

Install a powerhouse tool that can help you develop, deploy, and manage container-based applications.

Tool
AlienVault.png 2019-09-13 20:18:00 Defining the “R” in Managed Detection and Response (MDR) (lien direct)

This spring, as the product and security operations teams at AT&T Cybersecurity prepared for the launch of our Managed Threat Detection and Response service, it became obvious to us that the market has many different understandings of what “response” could (and should) mean when evaluating an MDR solution. Customers typically want to know: What incident response capabilities does the underlying technology platform enable? How does the provider’s Security Operations Center team (SOC) use these capabilities to perform incident response, and, more importantly, how and when does the SOC team involve the customer's in-house security resources appropriately? Finally, how do these activities affect the return on investment expected from purchasing the service? However, in our review of the marketing literature of other MDR services, we saw a gap. All too often, providers do not provide sufficient detail and depth within their materials to help customers understand and contextualize this crucial component of their offering.

Now that we’ve introduced our own MDR solution, we wanted to take a step back and provide our definition of “response” for AT&T Managed Threat Detection and Response.

Luckily, Gartner provides an excellent framework to help us organize our walk-through. When evaluating an MDR service, a potential customer should be able to quickly understand how SOC analysts, in well-defined collaboration with a customer’s security teams, will:

  1. Validate potential incidents
  2. Assemble the appropriate context
  3. Investigate as much as is feasible about the scope and severity given the information and tools available
  4. Provide actionable advice and context about the threat
  5. Initiate actions to remotely disrupt and contain threats

*Source: Gartner Market Guide for Managed Detection and Response Services, Gartner. June 2018.

Validation, context building, and Investigation (Steps 1-3)

 It’s worth noting that “response” starts as soon as an analyst detects a potential threat in a customer’s environment. It stands to reason then that the quality of threat intelligence used by a security team directly impacts the effectiveness of incident response operations. The less time analysts spend  verifying defenses are up to date, chasing false positives, researching a specific threat, looking for additional details within a customer's environment(s), etc., the quicker they can move onto the next stage of the incident response lifecycle. AT&T Managed Threat Detection and Response is fueled with continuously updated threat intelligence from AT&T Alien Labs, the threat intelligence unit of AT&T Cybersecurity. AT&T Alien Labs includes a global team of threat researchers and data scientists who, combined with proprietary technology in analytics and machine learning, analyze one of the largest and most diverse collections of threat data in the world. This team has unrivaled visibility into the AT&T IP backbone, global USM sensor network, Open Threat Exchange (OTX), and other sources, allowing them to have a deep understanding of the latest tactics, techniques and procedures of our adversaries.

Every day, they produce timely threat intelligence that is integrated directly into the USM platform in the form of correlation rules and behavioral detections to automate threat detection. These updates enable  our customers’ to detect emergent and evolving threats by raising alarms for analyzed activity within public cloud environments, on-premises networks, and endpoints. Every alarm is aut

Tool,Vulnerability,Threat
bleepingcomputer.png 2019-09-13 20:16:20 North Korean Hackers Behind WannaCry and Sony Hack Sanctioned by USA (lien direct)

The U.S. Treasury signed sanctions against three hacking groups actively engaged in cyber operations meant to bring financial assets to the government of North Korea.. [...]

Hack
WiredThreatLevel.png 2019-09-13 19:57:59 The Fight Over Fuel-Economy Rules Is Getting Messy (lien direct)

The US Justice Department is investigating automakers who struck a deal with California. Some in Congress want to investigate the investigators.

TechRepublic.png 2019-09-13 19:55:50 The DoD\'s apparent U-turn on open source is common sense (lien direct)

The US Department of Defense isn\'t turning its back on open source--it\'s just getting smarter about it.

TechRepublic.png 2019-09-13 19:48:58 Artificial intelligence: The future IT help desk (lien direct)

Artificial intelligence can provide timely and efficient IT support, freeing up tech pros\' workloads.

TechRepublic.png 2019-09-13 19:07:51 Cybercriminals shop for admin access to healthcare portals (lien direct)

Administrator access to backend systems is becoming the holy grail for attackers.

TechRepublic.png 2019-09-13 19:03:17 What is the difference between Dockerfile and docker-compose.yml files? (lien direct)

What is the difference between these two types of configuration files and how are they used together? We explain it here.

TechRepublic.png 2019-09-13 18:51:02 Learn Python: Online training courses for beginning developers and coding experts (lien direct)

TechRepublic has partnered with top training providers to offer online courses, bootcamps, and master classes for Python, one of the most in-demand programming languages.

TechRepublic.png 2019-09-13 18:29:17 Vivaldi for Android is as good as its desktop counterpart (lien direct)

Vivaldi mobile is coming to Android, and it\'s worth the wait.

bleepingcomputer.png 2019-09-13 18:27:34 Suspected Hacker Arrested for Stealing and Selling Unreleased Music (lien direct)

A 19-year-old suspected hacker was arrested for allegedly accessing the cloud and website accounts of award-winning recording artists without authorizations, purportedly stealing unreleased songs and selling the stolen tracks in exchange for cryptocurrency. [...]

TechRepublic.png 2019-09-13 18:26:13 How holding off on 5G can save money and help the environment (lien direct)

TechRepublic\'s Karen Roby interviews a telecommunications equipment expert about the potential benefits of sticking with 4G-or even 3G-in areas that aren\'t ready to move to 5G.

SecurityWeek.png 2019-09-13 18:23:25 Car Dealer Marketing Firm Exposed 198 Million Data Records (lien direct)

A publicly accessible, unprotected database belonging to car dealership marketing firm Dealer Leads was found to expose 198 million records, including personally identifiable information, Security Discovery reports.

read more

WiredThreatLevel.png 2019-09-13 18:21:15 National Security Is in Trump\'s Hands (lien direct)

With the departure of John Bolton from the White House this week, even the former national security advisor\'s biggest critics are worried.

TechRepublic.png 2019-09-13 18:13:00 Want a Tesla Model 3? Find 5 engineers for Envoy (lien direct)

Founder Larry Gadea has lots of open positions at his company that digitizes office processes including visitor check-in and package delivery.

TechRepublic.png 2019-09-13 18:07:00 How to get the best deals on Apple iPhone Xs, Xs Max, and XR now that the iPhone 11 is out (lien direct)

The iPhone 11, 11 Pro, and 11 Pro Max were just announced at the annual Apple event on Sept. 10. The new phone means users can get some great deals on the iPhone X series. Here\'s where to look.

SecurityAffairs.png 2019-09-13 18:04:53 WatchBog cryptomining botnet now uses Pastebin for C2 (lien direct)

A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control. The WatchBog bot is a Linux-based malware that is active since last year, it targets […]

The post WatchBog cryptomining botnet now uses Pastebin for C2 appeared first on Security Affairs.

Malware
zataz.png 2019-09-13 17:54:37 (Déjà vu) Des pentesters arrêtés par la police après une intrusion physique (lien direct)

Des pentesters arrêtés pour s’être infiltrés dans un palais de justice. Il était en mission pour tester les vulnérabilités du bâtiment. Leur contrat de travail ne stipulait pas les actions physiques possibles dans ce genre de métier. Pentesters… en prison ! Deux hommes viennent d’ê...

Cet article Des pentesters arrêtés par la police après une intrusion physique est apparu en premier sur ZATAZ.

zataz.png 2019-09-13 17:54:37 Des pentesteurs arrêté par la police après une intrusion physique (lien direct)

Des pentesters arrêtés pour avoir pénétré un palais de justice. Il était en mission pour tester les vulnérabilités du bâtiment. Le contrat avait oublié de stipuler les actions physiques possibles dans ce genre de métier. Deux hommes viennent d’être arrêtés pour avoir pénétré dans le palais de ...

Cet article Des pentesteurs arrêté par la police après une intrusion physique est apparu en premier sur ZATAZ.

TechRepublic.png 2019-09-13 17:45:43 IDC: Why hearables are the new wearables (lien direct)

Wireless earbuds, known as hearables, are fast replacing wearables as the most popular accessory for consumers.

TechRepublic.png 2019-09-13 17:37:00 What\'s powering the unlikely rise of the millionaire hacker? (lien direct)

Six hackers made over $1 million this year for squashing security bugs, yet just five years ago this possibility seemed remote at best.

SecurityWeek.png 2019-09-13 17:32:23 US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts (lien direct)

The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure.

read more

zataz.png 2019-09-13 17:22:21 Piratage de webcam : un escroc français arrêté par les autorités (lien direct)

Dans l’ombre des Internet, la police enquêtait sur l’escroc annonçant le piratage de webcam. Un franco-ukrainien arrêté. Il aurait piégé une cinquantaine de personnes. Depuis avril 2018, ZATAZ vous alerte de ces courriels vous annonçant le piratage de votre ordinateur et de votre webcam....

Cet article Piratage de webcam : un escroc français arrêté par les autorités est apparu en premier sur ZATAZ.

WiredThreatLevel.png 2019-09-13 17:12:59 How Tech Firms Like Uber Hide Behind the \'Platform Defense\' (lien direct)

If you insist that drivers aren\'t key to your business, apparently you end up making some bizarre U-turns.

WiredThreatLevel.png 2019-09-13 17:00:00 Super Planetary-Motion Smackdown: Kepler v. Newton (lien direct)

In science, progress is all about building a better model-explaining more with less.

ZDNet.png 2019-09-13 16:47:00 US Treasury sanctions three North Korean hacking groups (lien direct)

US wants to seize financial assets associated with the Lazarus Group, Bluenoroff, and Andarial.

TechRepublic.png 2019-09-13 16:40:32 How AI can save the retail industry (lien direct)

Brick and mortar stores are closing left and right, but artificial intelligence may be able to keep them alive.

TechRepublic.png 2019-09-13 16:23:33 USB4 standards brings the number of different USB-C to USB-C cables to 8 (lien direct)

USB Type C was envisioned as the universal connector, though USB-C cables are far from universal. USB4 cables are limited to a maximum length of 80 cm.

DarkReading.png 2019-09-13 16:15:00 Malware Linked to Ryuk Targets Financial & Military Data (lien direct)

A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.

Malware
SecurityWeek.png 2019-09-13 15:45:15 Arizona Schools Provide Model for Managing Ransomware (lien direct)

On Wednesday, September 4, 2019, ransomware was discovered at Flagstaff Unified School District, Arizona. Schools were closed on Thursday and Friday of that week, but re-opened after the weekend. No ransom was paid, and only two days schooling was lost.

read more

Ransomware
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

Information mise à jours le: 2019-09-22 08:07:45
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter