What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
bleepingcomputer.png 2019-03-20 13:58:01 1,600 Hotel Guests Secretly Live Streamed to 4,000+ Subscribers (lien direct)

Four individuals from South Korea were detained for secretly recording, live streaming, and selling spycam videos of 1600 motel guests between November 24 and March 2, with two of them being arrested and facing a maximum of five years in jail. [...]

bleepingcomputer.png 2019-03-20 13:38:02 Microsoft Releases Windows 10 Build 18860 (20H1) With Swiftkey Enhancements (lien direct)

Microsoft has released Windows 10 Insider Preview Build 18860 for Insiders in the Skip Ahead ring. This 20H1 build is mostly bug fixes, but does add support for 39 languages in Switfkey.  [...]

TechRepublic.png 2019-03-20 13:36:01 5G will impact these 10 industries the most (lien direct)

Major 5G network deployments are expected by 2020, and the technology will create opportunities across many industries, according to CB Insights.

Korben.png 2019-03-20 13:33:00 Stranger Things 3 – la bande-annonce (lien direct)

Vous avez aimé Stranger Things et Stranger Things 2 ? Et bien il y a de grandes chances pour que vous aimiez cette saison 3 qui sortira sur Netflix ce 4 juillet. D’après ce qu’on peut voir dans la bande-annonce, les acteurs prennent forcement des pilules pour ralentir leur croissance … Suite

no_ico.png 2019-03-20 13:30:04 SSH Client PuTTY Security Patches (lien direct)

It has been reported that SSH client PuTTY has received numerous security patches. The fixes implemented on PuTTY over the weekend include new features plugging a plethora of vulns in the Telnet and SSH client, most of which were uncovered as part of an EU-sponsored HackerOne bug bounty.  PuTTY SSH client received security updates fixing several dangerous vulnerabilities at …

The ISBuzz Post: This Post SSH Client PuTTY Security Patches appeared first on Information Security Buzz.

TechRepublic.png 2019-03-20 13:07:00 Autonomy documentary at SXSW digs into questions about self-driving cars (lien direct)

SXSW was the site of the world premiere of Autonomy, a documentary exploring self-driving cars and what this technology means to society.

SecurityWeek.png 2019-03-20 13:06:01 EU Fines Google for Anti-trust Breach (lien direct)

The EU\'s powerful anti-trust regulator slapped tech giant Google with a new fine on Wednesday over unfair competition, in Europe\'s latest salvo against Silicon Valley.

read more

securityintelligence.png 2019-03-20 13:00:02 Creating Meaningful Diversity of Thought in the Cybersecurity Workforce (lien direct)

>Let\'s add the diversity of approach, diversity of values and advocacy for deep customer empathy to the cybersecurity workforce diversity we are building.

The post Creating Meaningful Diversity of Thought in the Cybersecurity Workforce appeared first on Security Intelligence.

TechRepublic.png 2019-03-20 13:00:01 Why 91% of IT and security pros fear insider threats (lien direct)

Insider threats are a larger concern for most organizations than cybercriminals or hacktivists, according to a BetterCloud report.

WiredThreatLevel.png 2019-03-20 13:00:00 Zodiac Ascending: Astrology Startups Reach for the Stars (lien direct)

Startups like Sanctuary aim to do for astrology what Headspace did for meditation: reinvent it for an anxious, wide-eyed, phone-clutching generation.

WiredThreatLevel.png 2019-03-20 13:00:00 The Best Kindle Readers You Can Buy (2019) (lien direct)

Amazon just debuted a new ebook reader, and it\'s already the best Kindle you can buy.

WiredThreatLevel.png 2019-03-20 13:00:00 Cannabis: The Complete WIRED Guide (lien direct)

Everything you need to know about THC, CBD, terpenes, and the entourage effect.

ZDNet.png 2019-03-20 13:00:00 Google Photos vulnerability could have let hackers retrieve image metadata (lien direct)

Browser side-channel leaks are emerging as the next big threat for per-target stalking ops.

AlienVault.png 2019-03-20 13:00:00 Restart BEFORE patching (lien direct)

Most folks who work with servers know the monthly drill:

Patches are released by manufacturers -> Patches are tested -> Patches are deployed to Production.  What could possibly go wrong?

Anyone who has ever experienced the nail-biting joy of patching, and then awaiting a restart, knows exactly what could go wrong.  Does anyone remember the really good old days when patches had to be manually staged prior to deployment? For those of you who entered the tech world after Windows NT was retired, consider yourself lucky!

If you think about it, most organizations that patch on a monthly basis are considered to have an aggressive patching strategy.  As evidenced by the legendary Equifax breach, some organizations take months to apply patches. This is true even when the organization has been forewarned that the patch is a cure for a vulnerability that is being actively exploited, also known as a “Zero-day” vulnerability.

Patching is never a flawless operation.  There is always one server that just seems to have problems.  What is the first response when this happens?  Blame the patch, of course!  After all, what else could have changed on the server?  Plenty, actually.

Sometimes, removal of the patch doesn’t fix the problem.  I have seen the patch still held responsible for whatever has gone wrong with the server.  I am not blindly defending the patch authors, as there have been too many epic blunders in patching for me to exhibit that kind of optimism and not laugh at myself.  But what can we do to avoid the patch blame game?

The simple solution is to restart the servers before deploying patches.  This is definitely an unorthodox approach, but it can certainly reduce troubleshooting time and “patch blame” when something goes wrong.  If you restart a server, and it doesn’t restart properly, that indicates that an underlying problem exists prior to any patching concern.

This may seems like a waste of time, however, the alternative is usually more time consuming.

If you patch a server, and it fails at restart, the first amount of time you will waste is trying to find the offending patch, and then removing the patch.  Then, upon the subsequent restart, the machine still fails.  Now what?

Even if we scale this practice to 1000 servers, the time is still not wasted.  If you are confident that your servers can withstand a simple restart, then restart them all.  The odds are in your favor that most will restart without any problems.   If less than 1% of them fail, then you can address the problems there before falsely chasing the failure as a patch problem.

Once all the servers restart normally, then, perform your normal patching, and feel free to blame the patch if the server fails after patching.

The same approach could also be applied to workstations in a corporate environment.  Since most organizations do not engage automatic workstation patching on the corporate network, a pre-patch restart can be forced on workstations.

Patching has come a long way from the early days when the internet was young and no vulnerabilities existed (insert sardonic smile here).  The rate of exploits and vulnerabilities have accelerated, requiring more immediate action towards protecting your networks.  Since patches are not without flaws, one easy way to rule out patching as the source of a problem is to restart before patching.

TechRepublic.png 2019-03-20 12:58:00 Java 12: What\'s new in the latest version of the programming language? (lien direct)

The latest release of the language promises a few notable improvements and is available to download from Oracle.

SecurityAffairs.png 2019-03-20 12:48:03 SimBad malware infected million Android users through Play Store (lien direct)

Security experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store. According to experts, more than 150 million users were already impacted. SimBad disguises itself […]

The post SimBad malware infected million Android users through Play Store appeared first on Security Affairs.

TechRepublic.png 2019-03-20 12:39:00 How autonomous vehicles could co-exist with traditional cars in the near future (lien direct)

Car & Driver Editor-in-Chief Eddie Alterman talks about the role he sees for autonomous cars in the future, and what he thinks will happen to human-driven vehicles.

no_ico.png 2019-03-20 12:30:04 Gnosticplayers Drops 4th Round Of Stolen Records On DreamMarket (lien direct)

In response to the news that the hacking group Gnosticplayers has just dropped a 4th round of stolen records on the dark web market DreamMarket, experts with OneSpan, Centripetal Networks and CyberSaint offer perspective. Byron Rashed, VP of Marketing at Centripetal Networks: “This is a classic example of a highly skilled and motivated threat actor that has successfully infiltrated networks and …

The ISBuzz Post: This Post Gnosticplayers Drops 4th Round Of Stolen Records On DreamMarket appeared first on Information Security Buzz.

ZDNet.png 2019-03-20 12:15:00 CUJO Smart Firewall vulnerabilities exposed home networks to critical attacks (lien direct)

Remote code execution bugs were among those found.

WiredThreatLevel.png 2019-03-20 12:00:00 Why Tech Platforms Don\'t Treat All Terrorism the Same (lien direct)

Critics say Facebook, YouTube, and Twitter are quicker to block content from ISIS than from white nationalists.

bleepingcomputer.png 2019-03-20 11:30:00 Google Fined $1.7 Billion for Anti-Competitive Practices in Online Advertising (lien direct)

Google was fined €1.494.459.000 ($1.698.064.094) or 1.29% of Google\'s 2018 turnover for abusing its market dominance to block rival advertising companies from displaying search ads on publisher search results pages says a European Commission statement published today. [...]

itsecurityguru.png 2019-03-20 11:29:05 Microsoft remains threat actors favourite. (lien direct)

It should come as no surprise that cybercriminals favored Microsoft Office vulnerabilities in their cyberattacks last year, given the rise in phishing attacks that included rigged Word and Excel Office file attachments. Source: ZDNet

The post Microsoft remains threat actors favourite. appeared first on IT Security Guru.

itsecurityguru.png 2019-03-20 11:29:00 Leave campaign in hot water over spam texts. (lien direct)

The Information Commissioner’s Office (ICO) has fined Brexit Campaign group Vote Leave £40,000 ($53,000) for sending out nearly 200,000 unsolicited text messages. Source: BBC News

The post Leave campaign in hot water over spam texts. appeared first on IT Security Guru.

itsecurityguru.png 2019-03-20 11:28:01 Government needs to do better at email security says NCSC. (lien direct)

Email security in UK government organisations is lagging far behind that of central government, analysis reveals, with less than a third implementing standard protection Source: Computer Weekly

The post Government needs to do better at email security says NCSC. appeared first on IT Security Guru.

itsecurityguru.png 2019-03-20 11:27:01 Google aiding tech support scams via fake eBay Ads. (lien direct)

A fake advertisement in the Google search results has been running for the past week that looked just like a legitimate ad for eBay. When you clicked on it, though, instead of being brought to the auction site you would be shown an incredibly annoying tech support scam that would try to lock up your […]

The post Google aiding tech support scams via fake eBay Ads. appeared first on IT Security Guru.

itsecurityguru.png 2019-03-20 11:26:01 DDoS falls out of fashion. (lien direct)

The average distributed denial-of-service (DDoS) attack size shrunk 85% in the fourth quarter of 2018 following an FBI takedown of “booter,” or DDoS-for-hire, websites, in December 2018, researchers report. Source: Dark Reading

The post DDoS falls out of fashion. appeared first on IT Security Guru.

grahamcluley.png 2019-03-20 11:21:03 Hydro working hard to recover following ransomware attack (lien direct)
Norsk thumb

You can\'t help but get the feeling that this was a highly-organised extortion attempt against Norsk Hydro.

no_ico.png 2019-03-20 11:15:03 On Norsk Hydro Cyber Attack (lien direct)

One of the world’s biggest aluminium producers has switched to manual operations at its Norwegian smelting facilities following a cyber-attack. Hydro, which employs more than 35,000 people in 40 countries, says the attack began on Monday night and is ongoing. A spokesman told the BBC that he could not yet confirm what type of cyber-attack the Norwegian firm was …

The ISBuzz Post: This Post On Norsk Hydro Cyber Attack appeared first on Information Security Buzz.

bleepingcomputer.png 2019-03-20 11:07:03 Payment Card Thieves Slip into MyPillow and AmeriSleep Bedding Sites (lien direct)

One of the biggest threats facing online retailers are malicious scripts that attackers add to checkout pages in order to steal customer payment information. A new report released today details how the bedding sites MyPillow.com and Amerisleep.com were targeted with these types of of attacks. [...]

Korben.png 2019-03-20 11:00:04 WinterTime – Pour suspendre les applications macOS gourmandes en batterie (lien direct)

Si vous êtes utilisateur de Macbook, et que vous passez votre temps à pester contre la batterie de celui-ci, voici une application nommée WinterTime qui va vous aider. WinterTime permet de lister les applications les plus énergivores tournant sur votre Mac et de les geler quand bon vous semble. Ainsi, … Suite

TechRepublic.png 2019-03-20 11:00:01 How to lead a smart enterprise: 7 tips for CIOs (lien direct)

Businesses must scale emerging technologies including AI, machine learning, and IoT to better engage customers.

WiredThreatLevel.png 2019-03-20 11:00:00 Inside Airbnb\'s \'Guerrilla War\' Against Local Governments (lien direct)

Airbnb, the nation\'s second-most-valuable startup, is battling cities from Boston to San Diego over collecting taxes and enforcing zoning rules.

WiredThreatLevel.png 2019-03-20 11:00:00 In Pakistan, People Are Jailed for Blasphemous Facebook Posts (lien direct)

Authorities in Pakistan use stringent laws to prosecute blasphemy-even “crimes” as innocuous as liking a post on Facebook. Vigilantes have been known to murder the accused.

WiredThreatLevel.png 2019-03-20 11:00:00 The First Gene-Edited Food Is Now Being Served (lien direct)

Calyxt is the first with its gene-edited oil, but several other companies also have edited foods in the works.

WiredThreatLevel.png 2019-03-20 11:00:00 A Timeline of MoviePass\' Many Ridiculous Business Plans (lien direct)

When it comes to figuring out a membership model, MoviePass is more \'Groundhog Day\' than \'Social Network.\'

no_ico.png 2019-03-20 10:30:03 Kathmandu Clothing Retailer Probes Possible Card Skimming Data Breach (lien direct)

Outdoor clothing retailer Kathmandu announced that it is investigating a potential breach of customer card data harvested from its websites. In a statement posted to the New Zealand Exchange (NZE), the firm said it was notifying potentially affected customers directly, advising them to contact their banks and card providers: “Kathmandu has recently become aware that between January …

The ISBuzz Post: This Post Kathmandu Clothing Retailer Probes Possible Card Skimming Data Breach appeared first on Information Security Buzz.

ESET.png 2019-03-20 10:28:00 Fake or Fake: Keeping up with OceanLotus decoys (lien direct)

>ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar

The post Fake or Fake: Keeping up with OceanLotus decoys appeared first on WeLiveSecurity

ZDNet.png 2019-03-20 10:06:00 Bank hackers team up to spread financial Trojans worldwide (lien direct)

The gang agreements focus on theft, malware capabilities, and territory grabs.

securityintelligence.png 2019-03-20 10:00:02 The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018 (lien direct)

>In 2018, IBM X-Force researchers observed organized cybercrime groups collaborating, rather than competing over turf or even attacking each other, for the first time.

The post The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018 appeared first on Security Intelligence.

bleepingcomputer.png 2019-03-20 09:43:00 Google Photos Bug Exposed the Location & Time of Your Pictures (lien direct)

A vulnerability in the web version of Google Photos allowed websites to learn a user\'s location history based on the images they stored in the account. [...]

Blog.png 2019-03-20 09:41:02 Hack the Box Carrier: Walkthrough (lien direct)

Today we are going to solve another CTF challenge “Carrier”. It is a retired vulnerable lab presented by Hack the Box for helping pentester\'s to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Expert Task: To find user.txt and... Continue reading

The post Hack the Box Carrier: Walkthrough appeared first on Hacking Articles.

no_ico.png 2019-03-20 09:13:03 UK Cybersecurity Efforts In Protecting Critical Infrastructure Criticised By Audit Office (lien direct)

The BBC has reported today that the government has been told there are “failings” in the way it is planning to protect the UK’s critical infrastructure from cyber-attacks. The warning came in a National Audit Office (NAO) assessment of the UK’s national cyber-defence plan. The government is increasingly worried that these essential sectors will be targeted by foreign states seeking …

The ISBuzz Post: This Post UK Cybersecurity Efforts In Protecting Critical Infrastructure Criticised By Audit Office appeared first on Information Security Buzz.

SecurityAffairs.png 2019-03-20 09:09:05 Google white hat hacker found new bug class in Windows (lien direct)

James Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers. Google Project Zero hacker James Forshaw discovered a new class of flaws that reside in some of the kernel mode drivers in Windows that could allow attackers to escalate privileges. […]

The post Google white hat hacker found new bug class in Windows appeared first on Security Affairs.

no_ico.png 2019-03-20 08:54:03 MySpace\'s Data Migration Data Loss (lien direct)

MySpace has lost over 50 million songs that were uploaded to the site between the years of 2003-15, due to a server migration error.    Report: Myspace has lost all the photos, videos, and music its users uploaded between 2003 and 2015 due to data corruption during a server migration project (@doctorow / Boing Boing)https://t.co/zuHKi8ikxbhttps://t.co/bL4lB6mVBs — Techmeme …

The ISBuzz Post: This Post MySpace\'s Data Migration Data Loss appeared first on Information Security Buzz.

Blog.png 2019-03-20 08:31:02 MY TAKE: Get ready to future-proof cybersecurity; the race is on to deliver \'post-quantum crypto\' (lien direct)

Y2Q. Years-to-quantum. We\'re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve. PQC. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation […]

CSO.png 2019-03-20 08:03:00 Best Android antivirus? The top 11 tools (lien direct)

The following are the 11 best antivirus tools for Android, according to AV-TEST\'s November 2018 evaluations of 18 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.)

AV-TEST rates each tool for three areas: protection (six point max), usability (six points max) and features (one point max). Ten of the 11 Android antivirus software apps listed below received perfect protection and usability scores of 6.0. The other, F-Secure Mobile Security, lost a half point on the usability score. The apps are in alphabetical order.

To read this article in full, please click here

Korben.png 2019-03-20 08:00:03 Deadpool, ce troll (lien direct)

Depuis un bon moment déjà, je sature des films de super héros tout lisses, en particulier les Avengers… Je trouve ça chiant et très répétitif. Et je n’y comprends plus rien. Trop de personnages, trop d’action sans fond, trop de mini drames d’école primaire, trop de bons sentiments patriotiques et … Suite

SecurityAffairs.png 2019-03-20 07:50:02 The Document that Microsoft Eluded AppLocker and AMSI (lien direct)

Experts analyzed an Office document containing a payload that is able to bypass Microsoft AppLocker and Anti-Malware Scan Interface (AMSI), Introduction Few days ago, during intel sources monitoring operation, the Cybaze-Yoroi ZLAB team encountered an interesting Office document containing some peculiarities required a deeper analysis: its payload includes techniques suitable to bypass modern Microsoft security mechanisms […]

The post The Document that Microsoft Eluded AppLocker and AMSI appeared first on Security Affairs.

SecurityWeek.png 2019-03-20 07:04:01 Kaspersky Files Complaint Against Apple Over App Store Policy (lien direct)

Kaspersky Lab on Tuesday filed a complaint against Apple with the Russian Federal Antimonopoly Service after the tech giant introduced a new App Store policy requiring it to remove some important features from its Safe Kids app.

read more

The_Hackers_News.png 2019-03-20 06:31:05 New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep (lien direct)

Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code on e-commerce websites with an intent to steal payment card details of their customers silently.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Information mise à jours le: 2019-03-26 04:01:32
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter