What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
TechRepublic.png 2019-09-17 13:00:08 IBM announces the finalists of Call for Code 2019 (lien direct)

Using IBM Cloud services, these finalists are helping mitigate the harmful effects of natural disasters.

ZDNet.png 2019-09-17 13:00:04 Gootkit malware crew left their database exposed online without a password (lien direct)

Even cyber-criminal gangs can\'t secure their MongoDB servers properly.

Malware
WiredThreatLevel.png 2019-09-17 13:00:00 One Very Specific Reason Rami Malek Deserved His \'Bohemian Rhapsody\' Oscar (lien direct)

It has to do with how the actor playing Freddie Mercury managed those prosthetic teeth.

AlienVault.png 2019-09-17 13:00:00 There\'s no such thing as an entry-level job in cybersecurity (lien direct)

Every week the AT&T Chief Security Office produces a series called ThreatTraq with helpful information and news commentary for InfoSec practitioners and researchers.  I really enjoy them; you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Jonathan Gonzalez, Principal Technology Security, AT&T, John Hogoboom, Lead Technology Security and Tony Tortorici, Principal Technology Security, AT&T.

Jonathan: There's no such thing as an entry-level job in cybersecurity.

Tony: Jonathan, you had a story about entry-level jobs and what skills you need for day one. Do you want to go into it?

Jonathan: Yes, definitely. You know, we usually do vulnerability stories and things that are being hacked and I thought for those watching that might be interested in the field, that might not be in it yet, this may be an interesting topic. I found this blog post by Daniel Miessler about what the expectations of a potential-hiring manager will be on day one. Right. But first of all how do I get to day one and be hired and what are the things that they might be looking for?

This ties to the “skill gap” notion in cybersecurity.

Miessler has other articles about the skill gap. In this article particularly, it seems he's indicating there is really no entry-level position in cybersecurity, because cybersecurity is not a single field.

John: Right.

Jonathan: There is this cybersecurity domain mapping that I found very interesting that breaks down every possible job that you could end up in cybersecurity and it's overwhelming. Right? So someone in this entry-level world says, "I want to do cybersecurity." The first thing they need to figure out is what area of cybersecurity?

numerous cybersecurity domains

John: This is interesting. I'm not even on this list. I don't see any incident response.

Jonathan: There is, on the bottom left, security operations and incident response, investigations...

John: Oh there it is, okay. Security operations.

Jonathan: ...forensics is my team, there's awareness, there's user education. Also, internally we have governance and risk assessment. We have career development, we have security architecture. As a person in this entry-level world, what you need to understand is you're not doing cybersecurity. You're doing something within the field of cybersecurity. And, this article particularly,   some scenarios can be built and some tasks that are expected? I'm gonna pick on auditing. I learned on the job was preparing for an audit.

John: Everyone's favorite task.

Jonathan: Right. But usually, a junior entry-level person might end up on that team. And they need to understand what it means to do that and as a person hiring, that might be the thing that you want them to understand. And if they don't even know what that is then you're immediately going to eliminate them without considering their skills. They've just never done an audit. And I think what we get to in here that is not about the skill to do the audit, it's about the skills underneath you might be able to bring them up to an audit level speed.

John: Right.

Jonathan: And this is very interesting because it's things like understanding which kind of audit it is. Right? Is it an app

Vulnerability
WiredThreatLevel.png 2019-09-17 13:00:00 Why We Need Brain Scan Data Guidelines (lien direct)

Opinion: Aided by AI, brain scans know your past and future as well as your DNA. Determining their ethical implications is vital to scientific integrity.

SecurityAffairs.png 2019-09-17 12:52:23 Backup files for Lion Air and parent airlines exposed and exchanged on forums (lien direct)

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records […]

The post Backup files for Lion Air and parent airlines exposed and exchanged on forums appeared first on Security Affairs.

grahamcluley.png 2019-09-17 12:21:21 Police raids after data on most of Ecuador\'s citizens leaks online (lien direct)

If you’re a citizen of Ecuador, chances are that you’ve had your personal and financial information exposed after an ElasticSearch server was left unsecured.

Victims even include Wikileaks founder Julian Assange…

ZDNet.png 2019-09-17 12:20:40 Skidmap malware buries into the kernel to hide illicit cryptocurrency mining (lien direct)

The Linux malware makes use of a rootkit to disguise itself on infected machines.

Malware
ANSSI.png 2019-09-17 12:07:05 Colloque SecNumeco à Besançon le 10 octobre : mieux appréhender sécurité économique et sécurité numérique en entreprise (lien direct)

La transformation numérique ouvre de nouvelles opportunités au secteur économique et à l\'ensemble des acteurs de la société. Cyber assurances, règlement général sur la protection des données (RGPD), sécurisation des véhicules connectés, enjeux du Cloud… Aujourd\'hui indispensables, ces évolutions engendrent également de nouveaux risques. Le colloque SecNumeco de Besançon abordera les fondamentaux de la sécurité […]

Trend.png 2019-09-17 12:05:14 When PSD2 Opens More Doors: The Risks of Open Banking (lien direct)

We looked into the security implications of the changing banking paradigm with PSD2 in place. Our research highlights the current and new risks that the financial industry will have to defend against, and predict how cybercriminals will abuse and attack Open Banking.

The post When PSD2 Opens More Doors: The Risks of Open Banking appeared first on .

01net.png 2019-09-17 12:00:16 iOS : les photos et vidéos que vous supprimez dans WhatsApp ne sont pas forcément effacées (lien direct)

La fonctionnalité " Suppression pour tous " ne remplit pas sa promesse sur les terminaux iOS. Et l\'éditeur n\'envisage pas de corriger le problème.

WiredThreatLevel.png 2019-09-17 12:00:00 The First Hurricane Relief Drone Was Ready to Fly-Then Dorian Hit (lien direct)

A drone company on Great Abaco, in the Bahamas, was prepared to deliver emergency supplies if the hurricane struck. Dorian had other plans.

SecurityWeek.png 2019-09-17 11:27:29 Oracle Launches New Services to Secure the Cloud (lien direct)

Oracle this week expanded its portfolio with three new services designed to help automatically protect cloud workloads and data.

read more

SecurityAffairs.png 2019-09-17 11:25:27 (Déjà vu) Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors (lien direct)

Researchers discovered many flaws in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. Security experts have discovered multiple vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. The research is part of a project dubbed SOHOpelessly Broken 2.0 conducted Independent Security Evaluators (ISE). In […]

The post Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors appeared first on Security Affairs.

Pirate.png 2019-09-17 11:20:08 Le VPN HMA 5.0 renforce sa présence mondiale et son niveau de confidentialité (lien direct)
Le VPN HMA 5.0 renforce sa présence mondiale avec un plus grand nombre d\'emplacements de connexion haute vitesse et des options de confidentialité plus étendues.
The_State_of_Security.png 2019-09-17 11:16:38 Emotet Botnet Returns After Four-Month Hiatus With New Spam Campaign (lien direct)

The actors responsible for the Emotet botnet returned after a four-month period of inactivity with a new malspam campaign. On 16 September, SpamHaus security researcher Raashid Bhat spotted a spate of new spam emails written in Polish or German that contained malicious attachments or links to malware downloads. Emotet is fully back in action and […]… Read More

The post Emotet Botnet Returns After Four-Month Hiatus With New Spam Campaign appeared first on The State of Security.

Spam,Malware
ZDNet.png 2019-09-17 11:10:24 Financial asset firm PCI ordered to pay $1.5 million for poor cybersecurity practices (lien direct)

Phillip Capital Inc. has been penalized for a data breach and failing to disclose the incident to clients quickly.

Data Breach
Pirate.png 2019-09-17 11:06:50 Publication des données personnelles de 17 millions d\'habitants d\'Equateur (lien direct)
Selon le rapport de deux experts en sécurité informatique travaillant pour la société vpnMentor, quelques 20,8 millions d\'enregistrements soit 18GB de données, ont été mis en accès libre sur un serveur non sécurisé situé à Miami (Floride) appartenant à une entreprise équatorienne.
TechRepublic.png 2019-09-17 11:00:15 How to handle anxiety as a tech professional (lien direct)

In an ever-changing, fast paced industry, stress is inevitable as a tech professional. Here\'s how to handle it.

WiredThreatLevel.png 2019-09-17 11:00:00 James Cameron, Victor Vescovo, and the Saga of the Deepest* Solo Dive Ever (lien direct)

Vescovo says he dove deeper than Cameron. Cameron says not so fast. Perhaps only Poseidon knows for sure.

WiredThreatLevel.png 2019-09-17 11:00:00 Marketers Wanted a New Generation to Target, Hence Alphas (lien direct)

Members of the latest age group to emerge are barely out of diapers, and the internet is already serving them ads.

WiredThreatLevel.png 2019-09-17 11:00:00 The Shift to Electric Vehicles Propels a Strike Against GM (lien direct)

Like other automakers, General Motors is preparing for a mostly electric future. The catch is that building those cars requires a lot fewer workers.

WiredThreatLevel.png 2019-09-17 11:00:00 The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite (lien direct)

At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory.

The_Hackers_News.png 2019-09-17 10:54:08 BREAKING - U.S Sues Edward Snowden and You\'d be Surprised to Know Why (lien direct)

The United States today filed a lawsuit against Edward Snowden, a former employee of the CIA and NSA government agencies who made headlines worldwide in 2013 after he fled the country and leaked top-secret information about NSA\'s global and domestic surveillance activities. And, you would be more surprised to know the reason for this lawsuit. No, it\'s not for leaking secrets; instead, for

SecurityWeek.png 2019-09-17 10:53:57 Australia Knows China Hacked Its Parliament: Report (lien direct)

Australia is confident that China was behind cyberattacks on its parliament and political parties, but decided not to make public accusations to avoid disrupting trade relations, according to Reuters.

read more

WiredThreatLevel.png 2019-09-17 10:00:00 Apple iPhone 11 Pro Review: It\'s All About the Camera (lien direct)

This year\'s highest-priced iPhone models use premium materials and have a brighter screen. But the real benefit is that three-lens camera.

WiredThreatLevel.png 2019-09-17 10:00:00 Apple iPhone 11 Review: The iPhone for Nearly Everybody (lien direct)

It\'s not the best iPhone you can buy, but it\'s an excellent phone for the price.

WiredThreatLevel.png 2019-09-17 10:00:00 A Brutal Murder, a Wearable Witness, and an Unlikely Suspect (lien direct)

Karen Navarra was a quiet woman in her sixties who lived alone. She was found beaten to death. The neighbors didn\'t see anything. But her Fitbit did.

bleepingcomputer.png 2019-09-17 09:23:21 Misconfigured Google Calendars Share Events With the World (lien direct)

Thousands of Google users are exposing the contents of their calendars to the public. The information is indexed by search engines and can include email addresses as well as private events from individuals and businesses. [...]

NextINpact.png 2019-09-17 08:20:39 Cloud gaming : Stadia de Google n\'arriverait pas avant 2020 sur Android TV (lien direct)

Prévu pour cette année, le service de cloud gaming du géant du Net ne devrait pas être disponible sur Android TV avant 2020. C\'est en tout cas ce qu\'affirme XDA Developpers en se basant sur l\'information d\'une source pr&eac...

grahamcluley.png 2019-09-17 08:08:04 LastPass users automatically updated to fix security vulnerability in browser extension (lien direct)

Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.

Vulnerability
01net.png 2019-09-17 07:03:18 En France, plus de 2,6 millions d\'images médicales en libre accès sur Internet (lien direct)

Une étude de vulnérabilité a détecté globalement plus de 500 serveurs médicaux, connectés sur Internet sans aucune protection. Ces systèmes donnaient accès à plus de 399 millions d\'images médicales.

Korben.png 2019-09-17 07:00:27 Nouvelle interview d\'Edward Snowden #NSA #Surveillance (lien direct)

Pour ceux que ça intéresse, sachez que Edward Snowden va très bien. Il est toujours en Russie et va sortir le 19 septembre (cette semaine), ses mémoires : Mémoires vives (ou en anglais " Permanent Record ") . J’avais lu en 2014 " Nulle part où se cacher " de Glenn Greewald que Snowden … Suite

SecurityWeek.png 2019-09-17 06:41:38 SOHOpelessly Broken 2.0: 125 Vulnerabilities Found in Routers, NAS Devices (lien direct)

Researchers have discovered many vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices as part of a project dubbed SOHOpelessly Broken 2.0.

read more

bleepingcomputer.png 2019-09-17 06:31:04 Millions of Lion Air Passenger Records Exposed and Exchanged on Forums (lien direct)

Tens of millions of records from customers of two airline companies owned by Lion Air have been circulating on data exchange forums for at least a month. The info was stored in an Amazon bucket that was open on the web. [...]

SecurityAffairs.png 2019-09-17 06:29:28 Fraudulent purchases of digitals certificates through executive impersonation (lien direct)

Experts at ReversingLabs spotted a threat actor buying digital certificates by impersonating legitimate entities and then selling them on the black market. Researchers at ReversingLabs have identified a new threat actor that is buying digital certificates by impersonating company executives, and then selling them on the black market. The experts discovered that digital certificates are then […]

The post Fraudulent purchases of digitals certificates through executive impersonation appeared first on Security Affairs.

Threat
The_Hackers_News.png 2019-09-17 05:26:19 Exclusive: Thousands of Google Calendars Leaking Private Information Online (lien direct)

"Warning - Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you\'re exposing all your events

01net.png 2019-09-17 05:16:33 Les données personnelles de la quasi-totalité de la population de l\'Équateur ont fuité sur le Web (lien direct)

Noms, adresses, états civils, enfants, crédits, immatriculations de voiture… Les données de plus de 20 millions d\'Équatoriens étaient en accès libre. Elles provenaient du serveur d\'une société marketing.

bleepingcomputer.png 2019-09-17 03:34:35 Most Cyber Attacks Focus on Just Three TCP Ports (lien direct)

Small to mid-sized businesses can keep safe from most cyberattacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents. [...]

Threat
News.png 2019-09-17 03:01:15 Para o Facebook, páginas racistas e de supremacistas brancos não promovem discurso de ódio (lien direct)

Members of the Muslim Community walk past flowers and condolences at the entrance to the Christchurch Botanic Gardens, close to Al Noor mosque, on March 22, 2019 in Christchurch, New Zealand. 50 people were killed, and dozens were injured in Christchurch on Friday, March 15 when a gunman opened fire at the Al Noor and Linwood mosques. The attack is the worst mass shooting in New Zealand\'s history.

The_Hackers_News.png 2019-09-17 01:43:33 125 New Flaws Found in Routers and NAS Devices from Popular Brands (lien direct)

The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it? As we connect everything from coffee maker to front-door locks and cars to the Internet, we\'re creating more potential-and possibly more dangerous-ways for hackers to wreak

SecurityWeek.png 2019-09-17 01:02:42 Security Firm: Data Breach Exposes Millions of Ecuadorians (lien direct)

Millions of Ecuadorians are at risk of identity theft because a security breach exposed a trove of data including names, phone numbers and birth dates, a cyber security firm said Monday.

read more

Data Breach
itsecurityguru.png 2019-09-16 22:17:42 The Trouble With Biometric Authentication. (lien direct)

By Josh Horwitz, COO Enzoic The biometric market is expected to soar to nearly $33 billion by 2022 as the technology is heralded as a bulletproof solution to thwart hackers. Consumers view biometrics favorably as it\'s an easy way to log into their accounts, which is helping accelerate its widespread adoption. However, there are inherent […]

The post The Trouble With Biometric Authentication. appeared first on IT Security Guru.

WiredThreatLevel.png 2019-09-16 21:48:14 A Buzzkill Physics Discovery, a Deadly Miracle Drug, and More News (lien direct)

Catch up on the most important news from today in two minutes or less.

ZDNet.png 2019-09-16 20:08:44 Data of 24.3 million Lumin PDF users shared on hacking forum (lien direct)

The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.

SecurityAffairs.png 2019-09-16 20:07:19 MobiHok RAT, a new Android malware based on old SpyNote RAT (lien direct)

A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Experts from threat intelligence firm SenseCy spotted a new piece of Android RAT, dubbed MobiHok RAT, that used code from the old SpyNote RAT. At the beginning of July 2019, the experts […]

The post MobiHok RAT, a new Android malware based on old SpyNote RAT appeared first on Security Affairs.

Malware,Threat
Logo_logpoint.jpg 2019-09-16 19:45:55 (Déjà vu) 2nd October – LogPoint and Universities (lien direct)

Almost all organisations have a digital transformation programme in place. Such programmes enable organisations to stay relevant, enhance member\'s experience and gain market share by making the most of the opportunity presented by the technology trends. At the heart of any digital transformation is the harness of data to continually improve customer outcomes and improve [...]

The post 2nd October – LogPoint and Universities appeared first on LogPoint.

TechRepublic.png 2019-09-16 18:31:00 How will autonomous vehicles affect your industry? (lien direct)

Take this quick, multiple choice survey and tell us about how your organization uses--or plans to use--autonomous transportation.

SecurityWeek.png 2019-09-16 17:57:56 InnfiRAT Targets Personal Data, Cryptocurrency Wallets (lien direct)

A newly discovered remote access Trojan can steal various types of data from the infected machines, including personal data and cryptocurrency wallet information, Zscaler security researchers warn.

read more

SecurityWeek.png 2019-09-16 17:42:32 Snowden Says He Would Return to US If He Can Get a Fair Trial (lien direct)

Edward Snowden, the National Security Agency contractor living in Russia after leaking information about the US government\'s mass surveillance program, has said he would like to return home if he can get a fair trial.

read more

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Information mise à jours le: 2019-09-22 08:07:45
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter