What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
MalwarebytesLabs.png 2019-03-13 16:30:02 Google\'s Nest fiasco harms user trust and invades their privacy (lien direct) Read more...)

The post Google\'s Nest fiasco harms user trust and invades their privacy appeared first on Malwarebytes Labs.

bleepingcomputer.png 2019-03-13 16:20:03 39% of All Counter-Strike 1.6 Servers Used to Infect Players (lien direct)

When playing a video game, most people do not worry about getting infected by the their game client. New research, though, shows that\'s exactly what is happening when 39% of all existing Counter-Strike 1.6 game servers were trying to infect players through vulnerabilities in the game client. [...]

bleepingcomputer.png 2019-03-13 16:20:03 39% of All CounterStrike 1.6 Servers Used to Infect Players (lien direct)

When playing a video game, most people do not worry about getting infected by the their game client. New research, though, shows that\'s exactly what is happening when 39% of all existing Counter-Strike 1.6 game servers were trying to infect players through vulnerabilities in the game client. [...]

Blog.png 2019-03-13 16:15:01 Thoughts on Cloud Security (lien direct)
Recently I\'ve been reading about cloud security and security with respect to DevOps. I\'ll say more about the excellent book I\'m reading, but I had a moment of déjà vu during one section.

The book described how cloud security is a big change from enterprise security because it relies less on IP-address-centric controls and more on users and groups. The book talked about creating security groups, and adding users to those groups in order to control their access and capabilities.

As I read that passage, it reminded me of a time long ago, in the late 1990s, when I was studying for the MCSE, then called the Microsoft Certified Systems Engineer. I read the book at left, Windows NT Security Handbook, published in 1996 by Tom Sheldon. It described the exact same security process of creating security groups and adding users. This was core to the new NT 4 role based access control (RBAC) implementation.

Now, fast forward a few years, or all the way to today, and consider the security challenges facing the majority of legacy enterprises: securing Windows assets and the data they store and access. How could this wonderful security model, based on decades of experience (from the 1960s and 1970s no less), have failed to work in operational environments?

There are many reasons one could cite, but I think the following are at least worthy of mention.

The systems enforcing the security model are exposed to intruders.

Furthermore:

Intruders are generally able to gain code execution on systems participating in the security model.

Finally:

Intruders have access to the network traffic which partially contains elements of the security model.

From these weaknesses, a large portion of the security countermeasures of the last two decades have been derived as compensating controls and visibility requirements.

The question then becomes:

Does this change with the cloud?

In brief, I believe the answer is largely "yes," thankfully. Generally, the systems upon which the security model is being enforced are not able to access the enforcement mechanism, thanks to the wonders of virtualization.

Should an intruder find a way to escape from their restricted cloud platform and gain hypervisor or management network access, then they find themselves in a situation similar to the average Windows domain network.

This realization puts a heavy burden on the cloud infrastructure operators. They major players are likely able to acquire and apply the expertise and resources to make their infrastructure far more resilient and survivable than their enterprise counterparts.

The weakness will likely be their personnel.

Once the compute and network components are sufficiently robust from externally sourced compromise, then internal threats become the next most cost-effective and return-producing vectors for dedicated intruders.

Is there anything users can do as they hand their compute and data assets to cloud operators?

I suggest four moves.

First, small- to mid-sized cloud infrastructure users will likely have to piggyback or free-ride on the initiatives and influence of the largest cloud customers, who have the clout and hopefully the expertise to hold the cloud operators responsible for the security of everyone\'s data.

Second, lawmakers may also need imp
securityintelligence.png 2019-03-13 16:10:02 With AI for Cybersecurity, We Are Raising the Bar for Smart (lien direct)

>It\'s hard to believe a computer that couldn\'t read a newspaper was once considered smart. But as recent innovations in AI for cybersecurity have shown, we are constantly raising the bar for smart.

The post With AI for Cybersecurity, We Are Raising the Bar for Smart appeared first on Security Intelligence.

Kaspersky.png 2019-03-13 15:58:01 MAGA \'Safe Space\' App Developer Threatens Security Researcher (lien direct)

The mobile app, dubbed a "Yelp for Conservatives," was found with an open API leaking reams of user data.

TechRepublic.png 2019-03-13 15:27:02 How to generate SSH keys on macOS Mojave (lien direct)

macOS is capable of working with SSH keys. Jack Wallen shows you how to generate the necessary keys and copy them to a server.

Kaspersky.png 2019-03-13 15:23:05 Three Ways DNS is Weaponized and How to Mitigate the Risk (lien direct)

Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.

WiredThreatLevel.png 2019-03-13 15:22:01 Internal Docs Show How ICE Gets Surveillance Help From Local Cops (lien direct)

Documents obtained by the ACLU show how ICE uses unofficial channels to access billions of license plate location data points-including some sanctuary cities.

WiredThreatLevel.png 2019-03-13 15:22:00 \'Captain Marvel\' Shows How Trolls Lost Their Edge (lien direct)

They\'ve been trying to sabotage the movie\'s success from the beginning. Their failure proves they\'re played out.

SecurityAffairs.png 2019-03-13 15:16:05 Modular Cryptojacking malware uses worm abilities to spread (lien direct)

Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities by leveraging known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SqlServer. The Monero cryptocurrency miner […]

The post Modular Cryptojacking malware uses worm abilities to spread appeared first on Security Affairs.

TechRepublic.png 2019-03-13 15:15:04 Despite growth, 3D printing represents only 0.1% of global manufacturing (lien direct)

Adoption of 3D printing is increasing across different industries, with annual growth estimated at 23.5% over the next five years. How can it break the 1% threshold?

no_ico.png 2019-03-13 15:15:01 Watering Hole Attack That Leverages Slack (lien direct)

A new watering hole attack is leveraging SLACK, a collaborative platform that lets users create and use their own workspaces, to send command-and-control communications without being detected. The new approach was discovered by Trend Micro.   We can’t paste this image from the Clipboard, but you can save it to your computer and insert it from there. Expert …

The ISBuzz Post: This Post Watering Hole Attack That Leverages Slack appeared first on Information Security Buzz.

TechRepublic.png 2019-03-13 15:12:03 How to prevent worker retaliation (lien direct)

Nearly 40% of tech employees reported retaliation occurring in their workplaces after an incident, according to a Blind report.

MalwarebytesLabs.png 2019-03-13 15:00:00 Explained: Payment Service Directive 2 (PSD2) (lien direct) PSD2 is coming to the EU. What is it? How will it be used? What are the implications? Many questions and some answers and recommendations.

Categories:

Privacy Security world

Tags:

(Read more...)

The post Explained: Payment Service Directive 2 (PSD2) appeared first on Malwarebytes Labs.

Blog.png 2019-03-13 14:36:04 NEW TECH: Votiro takes \'white-listing\' approach to defusing weaponized documents (lien direct)

It\'s hard to believe this month marks the 20th anniversary of the release of the devastating Melissa email virus which spread around the globe in March 1999. Related: The ‘Golden Age’ of cyber espionage is upon us Melissa was hidden in a weaponized Word document that arrived as an email attachment. When the recipient clicked […]

DarkReading.png 2019-03-13 14:30:00 IoT Anomaly Detection 101: Data Science to Predict the Unexpected (lien direct)

Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.

bleepingcomputer.png 2019-03-13 14:21:05 DMSniff Point-of-Sale Malware Silently Attacked SMBs For Years (lien direct)

A new Point-of-Sale (POS) malware which uses a domain generation algorithm to create command-and-control domains on the fly was detected in attacks against small and medium-sized businesses for the past four years according to a team of security researchers from Flashpoint. [...]

Kaspersky.png 2019-03-13 14:15:01 Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw (lien direct)

Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.

DarkReading.png 2019-03-13 14:15:00 \'SimBad\': Android Adware Hits 210 Apps with 150M Downloads (lien direct)

Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.

TechRepublic.png 2019-03-13 14:12:05 Raspberry Pi not working after Raspbian update? Here\'s how to fix it (lien direct)

The update to Raspbian on Monday caused machines to crash and to fail to boot but has since been fixed.

TechRepublic.png 2019-03-13 14:06:04 5 tech jobs with the happiest workers (lien direct)

Salary, benefits, and culture all determine worker satisfaction. Here are the tech positions with the most satisfied employees, according to Glassdoor.

TechRepublic.png 2019-03-13 14:04:02 Mozilla\'s Iodide tool helps data scientists write interactive reports (lien direct)

The experimental data science tool is meant to help professionals create interactive documents using web technologies within a familiar workflow.

TechRepublic.png 2019-03-13 14:02:01 How to install a VNC server on Linux (lien direct)

If you need to remote into a GUI-enabled Linux server, your fastest, cheapest option is VNC.

WiredThreatLevel.png 2019-03-13 14:00:00 Photos of Ordinary Objects Sliced in Half With a Water Jet (lien direct)

Inventor Mike Warren uses a 60,000-psi water Jet to reveal the cross-sections of ordinary objects.

WiredThreatLevel.png 2019-03-13 14:00:00 China Is Catching Up to the US in AI Research–Fast (lien direct)

Chinese researchers publish more papers about artificial intelligence than their US counterparts. A new study finds the quality of Chinese research is improving too.

SecurityWeek.png 2019-03-13 13:55:00 GDPR - Improving Data Privacy and Cyber Resilience? (lien direct)

GDPR\'s Policy Enforcement Will Likely be Tested on a Broad Scale in 2019

read more

no_ico.png 2019-03-13 13:54:05 Yatron Ransomware Plans To Spread Using EternalBlue NSA Exploits (lien direct)

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computers on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.  BleepingComputer was first notified about the Yatron RaaS by a security researcher who goes by the name A Shadow. Since …

The ISBuzz Post: This Post Yatron Ransomware Plans To Spread Using EternalBlue NSA Exploits appeared first on Information Security Buzz.

TechRepublic.png 2019-03-13 13:46:04 How to wipe your USB drive before throwing it away (lien direct)

Data was found on 68% of secondhand flash drives sold in the US, according to a Comparitech report. Here\'s how to secure your data for disposal.

bleepingcomputer.png 2019-03-13 13:43:00 Microsoft Releases Windows 10 Build 18855 (20H1) to Skip Ahead Users With Bug Fixes (lien direct)

Microsoft has released Windows 10 Insider Preview Build 18855 for Insiders in the Skip Ahead ring. This 20H1 build is mostly bug fixes, but does include one cool feature. It will now restore the contents of Notepad windows after a restart from installing Windows Updates [...]

SecurityWeek.png 2019-03-13 13:35:03 IoT Security Meets Healthcare: What You Need to Know (lien direct)

Much like smart devices have infiltrated and helped spaces like industrial operations and the enterprise, IoT has taken hold in healthcare. The Internet of Medical Things (IoMT) - networked medical devices and applications in healthcare IT - has forever changed the future strategies for healthcare organizations and the space as a whole. It\'s added an entirely new layer of possible benefits affecting diagnostics, treatments and general patient health management while lowering cost in the process.

read more

grahamcluley.png 2019-03-13 13:34:03 Online safety cartoons for young kids (lien direct)
Online safety cartoons for kids

A series of cartoons are aiming to educate children as young as four about how to stay safe online.

bleepingcomputer.png 2019-03-13 13:12:03 Facebook and Instagram Down in Global Outage (lien direct)

Users worldwide are reporting that they are unable to access both Facebook and Instagram. When attempting to do so, they are given errors or maintenance messages stating that the services are aware of the problem and are working on restoring access. [...]

TechRepublic.png 2019-03-13 13:03:05 Ford is expanding City One challenges to three new cities (lien direct)

The City One challenge allows Ford to work with city leaders and citizens to help with mobility pain points.

TechRepublic.png 2019-03-13 13:00:05 How to secure IoT devices: 6 factors to consider (lien direct)

While Internet of Things devices can unlock great insights and value from the data collected, cybersecurity must be built in from the start, according to a report from the Indiana IoT Lab.

Checkpoint.png 2019-03-13 13:00:04 Mobile Supply Chain Attacks Are More Than Just an Annoyance (lien direct)

By Richard Clayton, Check Point Research Marketing   Mark Twain once wrote there are few things harder to put up with than the annoyance of a good example. He would have had a hard time then putting up with the latest shining example of why it is so necessary to have an advanced security solution…

The post Mobile Supply Chain Attacks Are More Than Just an Annoyance appeared first on Check Point Software Blog.

ZDNet.png 2019-03-13 13:00:00 Almost 150 million users impacted by new SimBad Android adware (lien direct)

SimBad adware found in 210 Android apps available on the official Google Play Store.

WiredThreatLevel.png 2019-03-13 13:00:00 How to Use Twitter\'s New In-App Camera Feature (lien direct)

Starting today, users will be able to take photos straight from the native Twitter app.

WiredThreatLevel.png 2019-03-13 13:00:00 When It Comes to Disease, Why Wait for a Pandemic to Respond? (lien direct)

Simulated real-world outbreaks are key to understanding how humans respond to outbreaks-and they provide valuable STEM education to boot.

SecurityWeek.png 2019-03-13 12:41:03 Trust and Reputation in the Digital Era (lien direct)

As it\'s been said, we\'re trying to have a civilization here. 

So, what is the foundation of a society? Is it the economy? Personal relationships? Employment? Institutions like a legal system or a free press? 

read more

bleepingcomputer.png 2019-03-13 12:34:03 Windows 10 Build 18356 Bug Opting Users Out of Insider Program (lien direct)

Some Windows 10 devices are being automatically opted out of the Windows Insider Program because of a bug in the new Windows 10 Insider Preview Build 18356 (19H1) released yesterday to Insiders in the Fast ring. [...]

TechRepublic.png 2019-03-13 12:27:02 LG is focusing on 5G mobility and AI for the future of jobs and transportation (lien direct)

LG is working with airlines to offer 5G technology for passengers during flights.

securityintelligence.png 2019-03-13 12:20:02 How CISOs Can Facilitate the Advent of the Cognitive Enterprise (lien direct)

>Just as organizations get comfortable with leveraging the cloud, another wave of digital disruption is on the horizon: artificial intelligence and its ability to drive the cognitive enterprise.

The post How CISOs Can Facilitate the Advent of the Cognitive Enterprise appeared first on Security Intelligence.

Blog.png 2019-03-13 12:19:05 Pro-Brexit Camp Wages Active \'Fake News\' Twitter Campaign (lien direct)

Suspicious activity on Twitter is trying to sway public opinion in favor of Brexit as the United Kingdom continues its struggle to reach a deal to withdraw from the European Union, according to a new report.

The post Pro-Brexit Camp Wages Active ‘Fake News’ Twitter Campaign appeared first on The Security Ledger.

-->
Blog.png 2019-03-13 12:19:04 MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things (lien direct)

There are certain things we as consumers have come to do intuitively: brushing our teeth in the morning; looking both ways before crossing a city street; buckling up when we get into a car. Related: What needs to happen to enable driverless transportation — safely In the not too distant future, each one of us […]

bleepingcomputer.png 2019-03-13 12:16:04 Chinese IT Services Giant Harvests Contacts, Tracks Users (lien direct)

Servers controlled by Chinese IT and services giant Hangzhou Shunwang Technology collect phone contact lists, geolocation, and QQ messenger login info through a data-stealing component present in up to a dozen Android apps available from major third-party stores in the country. [...]

TechRepublic.png 2019-03-13 12:10:01 The best new features in the Java programming language: Reasons to upgrade from Java 8 (lien direct)

The most useful new language features in Java 9, 10,11 and 12.

itsecurityguru.png 2019-03-13 12:06:01 March edition of Microsoft Patch Tuesday lists fixes for 64 vulnerabilities. (lien direct)

The March edition of Patch Tuesday includes fixes for 64 CVE-listed vulnerabilities, while Adobe addressed a pair of bugs in Photoshop and Digital Editions. Even SAP has got in on the game. DHCP flaws headline Patch Tuesday priorities. Of the 64 bugs squashed in Redmond’s March update, researchers are pointing to five particular bugs as […]

The post March edition of Microsoft Patch Tuesday lists fixes for 64 vulnerabilities. appeared first on IT Security Guru.

TechRepublic.png 2019-03-13 12:06:01 How to use the new Gmail App interface (lien direct)

Fear not, the Gmail app is still the same after its redesign--only better.

itsecurityguru.png 2019-03-13 12:05:00 New variant of Ursnif banking Trojan discovered by Cybereason. (lien direct)

A new variant of an infamous banking Trojan malware with a history going back over ten years has emerged with new tactics to ensure it’s harder to detect. The malware aims to hunt out financial information, usernames, passwords and other sensitive data. The Ursnif banking Trojan is one of the most popular forms of information-stealing malwaretargeting […]

The post New variant of Ursnif banking Trojan discovered by Cybereason. appeared first on IT Security Guru.

7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

Information mise à jours le: 2019-03-26 04:01:32
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter