What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
TechRepublic.png 2019-09-16 17:40:58 McKinsey: Digital transformation in healthcare must preserve paper - for now (lien direct)

Insurers should fit paper forms into an overall digital strategy instead of trying to lead an industry-wide revolution.

ANSSI.png 2019-09-16 17:22:03 Cybermoi/s – La campagne d\'octobre pour prendre soin de son " moi " numérique (lien direct)

Nous sommes tous de plus en plus actifs dans nos vies numériques, et donc de plus en plus exposés. Au quotidien, nous partageons sur les réseaux sociaux, gérons nos démarches en ligne et échangeons par mail avec des collègues, clients et amis. Et pourtant prenons-nous suffisamment soin de notre " moi " numérique ? Pour […]

MalwarebytesLabs.png 2019-09-16 17:04:53 Emotet is back: botnet springs back to life with new spam campaign (lien direct) After months of laying dormant, the notorious Emotet is back, with its botnet spewing spam globally.

Categories:

Botnets

Tags:

(Read more...)

The post Emotet is back: botnet springs back to life with new spam campaign appeared first on Malwarebytes Labs.

Spam
TechRepublic.png 2019-09-16 16:46:08 Indeed debuts new tech hiring platform for jobs in technology (lien direct)

Hard-to-fill tech jobs are the focus of the new Seen by Indeed site.

bleepingcomputer.png 2019-09-16 16:27:14 Emotet Revived with Large Spam Campaigns Around the World (lien direct)

Less than a month after reactivating its command and control (C2) servers, the Emotet botnet has come to like by spewing spam messages to countries around the globe. [...]

Spam
SecurityWeek.png 2019-09-16 16:24:46 Saudi Attacks Expose Threat to Critical Infrastructure (lien direct)

The strike on Saudi oil infrastructure highlights the easy vulnerability of such facilities even as the kingdom has splurged billions on sophisticated defense hardware.

read more

Vulnerability,Threat
itsecurityguru.png 2019-09-16 16:23:08 To Pay Or Not To Pay – Security Pros Have Their Say. (lien direct)

The debate as to whether ransomware should be paid or not has been a bone of contention for many years. We all know that rewarding criminal behaviour is a bad idea, but when stakes are high, it can be difficult to take the high road. And cybercriminals seem to be capitalising on these grey areas. […]

The post To Pay Or Not To Pay – Security Pros Have Their Say. appeared first on IT Security Guru.

Ransomware
ANSSI.png 2019-09-16 16:11:10 La France lance le Cybermoi/s 2019 (lien direct)

En octobre 2019 commencera le Cybermoi/s, un mois pour prendre conscience des enjeux du numérique et adopter les premiers bons réflexes. Les acteurs français de la cybersécurité appellent les citoyennes et les citoyens à sécuriser activement et efficacement leur vie numérique, dans la sphère personnelle, comme professionnelle.

WiredThreatLevel.png 2019-09-16 15:51:20 James Gunn Tweeted \'The Suicide Squad\' Cast and It\'s Insane (lien direct)

Also: J.J. Abrams just signed a multimillion-dollar deal, and RIP, MoviePass.

bleepingcomputer.png 2019-09-16 15:41:09 Windows 10 1903 is Now Having Problems with Network Adapters (lien direct)

Microsoft has acknowledged another problem in Windows 10 version 1903 where user\'s are reporting that their network adapters suddenly stop working after installing a cumulative update. [...]

MalwarebytesLabs.png 2019-09-16 15:35:21 A week in security (September 9 – 15) (lien direct) A roundup of the security news from September 9–15, including locking down AWS, mobile malware, phishing threats, and more.

Categories:

A week in security

Tags:

(Read more...)

The post A week in security (September 9 – 15) appeared first on Malwarebytes Labs.

TechRepublic.png 2019-09-16 15:32:57 How Internet Object aims to be the minimalist post-JSON data serialization format (lien direct)

Internet Object is built around supporting and validating data schema, and produces files roughly 40% smaller than JSON.

Blog.png 2019-09-16 15:30:18 SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains (lien direct)

Blockchain gave rise to Bitcoin. But blockchain is much more than just the mechanism behind the cryptocurrency speculation mania. Related: The case for ‘zero trust’ There\'s no disputing that blockchain technology holds the potential to massively disrupt business, politics and culture over the next couple of decades, much the way the Internet dramatically altered the […]

Checkpoint.png 2019-09-16 15:15:42 Celebrating the Best of Check Point CheckMates – 2019 (lien direct)

Check Point CheckMates is our online community for all Check Point customers, partners, and security experts. The community platform provides a user-friendly space for members to benefit from all of the activities and insightful content that CheckMates has to offer. In a short time frame, 100,000 security professionals from over 150 countries gathered on CheckMates…

The post Celebrating the Best of Check Point CheckMates – 2019 appeared first on Check Point Software.

no_ico.png 2019-09-16 15:04:08 Experts Commentary On 1 Billion Mobile Users Vulnerable To Ongoing \'SimJacker\' Surveillance Attack (lien direct)

Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM card-based vulnerability, dubbed “SimJacker.” The glitch has been exploited for the past two years by “a specific private company that works with governments to monitor individuals,” and impacts several mobile operators – with the potential to impact over a billion …

The ISBuzz Post: This Post Experts Commentary On 1 Billion Mobile Users Vulnerable To Ongoing \'SimJacker\' Surveillance Attack appeared first on Information Security Buzz.

TechRepublic.png 2019-09-16 15:00:22 How to connect the Buttercup password manager to a cloud account (lien direct)

There\'s a new password manager in town. Find out how to connect Buttercup to a cloud account for easy password management.

TechRepublic.png 2019-09-16 14:55:31 Companies still unprepared for GDPR rule changes and potential EU data breaches (lien direct)

A new survey finds many companies are still in the dark about GDPR compliance.

no_ico.png 2019-09-16 14:54:30 North Korean Spear-Phishing Campaign Attacks U.S. Firms – Expert Commentary (lien direct)

Prevailion researchers discovered an ongoing, spear-phishing campaign coined “Autumn Aperture” that targets U.S.-based firms . The campaign is possibly linked to the North Korean Kimusky threat actors and involves sending victims trojanized documents over email. Additionally, the hackers utilize obscure file formats, making them difficult to detect by antivirus products.

The ISBuzz Post: This Post North Korean Spear-Phishing Campaign Attacks U.S. Firms – Expert Commentary appeared first on Information Security Buzz.

Threat
no_ico.png 2019-09-16 14:44:01 Security Is Making Remote Working Too Difficult (lien direct)

According to recent research by Capita, Organisations are failing to adequately support secure remote working practices. Despite the undoubted productivity benefits stemming from more flexible working practices, only half (52%) of the 2000 UK knowledge workers Capita surveyed said BYOD was an option for them. Even fewer, just 14%, said they were encouraged to use their …

The ISBuzz Post: This Post Security Is Making Remote Working Too Difficult appeared first on Information Security Buzz.

SecurityWeek.png 2019-09-16 14:40:28 LastPass Patches Bug Leaking Last-Used Credentials (lien direct)

A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass.

A freemium password manager, LastPass stores encrypted passwords online and provides users with a web interface to access them, as well as with plugins for web browsers and apps for smartphones.

read more

Vulnerability
bleepingcomputer.png 2019-09-16 14:40:00 Microsoft Exchange Server 2010 Support Gets a Life Extension (lien direct)

After analyzing the deployment state of existing Microsoft Exchange customers, Microsoft has decided to move the end of support date for Exchange Server 2010 to October 13th, 2020. [...]

no_ico.png 2019-09-16 14:37:17 (Déjà vu) Garmin SA Shopping Portal Breach Leads To Payment Data Theft (lien direct)

According to this link, https://www.bleepingcomputer.com/news/security/garmin-sa-shopping-portal-breach-leads-to-theft-of-payment-data/, Garmin Southern Africa (Garmin SA) has disclosed in a series of notifications sent to its customers that payment and sensitive personal information were stolen from orders placed on the shop.garmin.co.za shopping portal. “We recently discovered theft of customer data from orders placed through shop.garmin.co.za (operated by Garmin South Africa) that compromised your personal data related …

The ISBuzz Post: This Post Garmin SA Shopping Portal Breach Leads To Payment Data Theft appeared first on Information Security Buzz.

SecurityWeek.png 2019-09-16 14:19:49 Serious Flaws in CODESYS Products Expose Industrial Systems to Remote Attacks (lien direct)

Several critical and high-severity vulnerabilities have been found recently in widely used CODESYS industrial products made by Germany-based 3S-Smart Software Solutions.

read more

no_ico.png 2019-09-16 14:17:00 Experts Comments: Personal Records Of Most Of Ecuador\'s Population Leaked (lien direct)

It has been reported that the personal records of most of Ecuador’s population, including children, has been left exposed online due to a misconfigured database. The database, an Elasticsearch searver, was discovered two weeks ago and contained a total of approximately 20.8 million user records, a number larger than the country’s total population count. The …

The ISBuzz Post: This Post Experts Comments: Personal Records Of Most Of Ecuador’s Population Leaked appeared first on Information Security Buzz.

SecurityAffairs.png 2019-09-16 14:06:45 Data leak exposes sensitive data of all Ecuador \'citizens (lien direct)

Experts discovered a huge data leak affecting Ecuador, maybe the largest full-country leak, that exposed data belonging to 20 million Ecuadorian Citizens. Security experts at vpnMentor have discovered a huge data leak affecting Ecuador that exposed data belonging to 20 million Ecuadorian Citizens. Data were left unsecured online on a misconfigured Elasticsearch server, exposed data […]

The post Data leak exposes sensitive data of all Ecuador ‘citizens appeared first on Security Affairs.

SecurityWeek.png 2019-09-16 13:52:37 Securing the 2020 Elections From Multifarious Threats (lien direct)

Securing 2020 Presidential Election

That foreign nations will attempt to interfere with the U.S. 2020 elections is a given.

read more

DarkReading.png 2019-09-16 13:40:00 Data Leak Affects Most of Ecuador\'s Population (lien direct)

An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.

Pirate.png 2019-09-16 13:37:40 Défense du royaume virtuel (lien direct)
Michael Techer, Country Manager France chez Check Point, décrit comment les États peuvent et doivent stopper les cyberattaques contre leurs actifs critiques et leurs citoyens.
SecurityWeek.png 2019-09-16 13:20:43 Recycled Source Code Used to Create New MobiHok Android RAT (lien direct)

MobiHok is a new Android RAT marketed by the actor known as mobeebom. It is a recycled version of the older, established SpyNote RAT.

read more

bleepingcomputer.png 2019-09-16 13:12:14 Phishing Attack Targets The Guardian\'s Whistleblowing Site (lien direct)

The Guardian\'s SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique "codenames" used to identify sources who used the service. In addition, this phishing page promoted an Android app that allowed attackers to perform a variety of malicious activity on a victim\'s device. [...]

AlienVault.png 2019-09-16 13:00:00 Hacker prevention: tips to reduce your attack surface (lien direct)

just a guy looking at a computer

These days it seems that every time you open your favorite news source there is another data breach related headline.  Victimized companies of all sizes, cities, counties, and even government agencies have all been the subject of the “headline of shame” over the past several months or years.  With all this publicity and the increasing awareness of the general public about how data breaches can impact their personal privacy and financial wellbeing, it is no surprise that there is a lot of interest in preventing hacking.  The trouble is that there is no way to prevent others from attempting to hack into any target they chose.  Since there is a practically limitless number of targets to choose from, the attacker need only be lucky or skilled enough to succeed once. In addition, the risk of successful prosecution of perpetrators remains low.  However, while you can’t prevent hacking, you can help to  reduce your attack surface to make your organization less likely to be the subject of attacks.    

At this point, lets differentiate between opportunistic attacks and targeted attacks.  Opportunistic attacks are largely automated, low-complexity exploits against known vulnerable conditions and configurations.  Ever wonder why a small business with a small geographic footprint and almost no online presence gets compromised?  Chances are good they just had the right combination of issues that an automated attack bot was looking to exploit.  These kinds of events can potentially end a small to medium business as a going concern while costing the attacker practically nothing. 

Targeted attacks are a different story all together.  These attacks are generally low, slow and persistent; targeting your organizations technical footprint as well as your employees, partners and supply chain.  While targeted attacks may utilize  some of the same exploitable conditions that opportunistic attacks use, they tend to be less automated in nature so as to avoid possible detection for as long as possible.  In addition, they may involve a more frequent use of previously unknown exploit vectors (“zero day’s”) to reach their goals or abuse trusted connections with third parties to gain access to your organization.  Ultimately it doesn’t matter which of these kinds of attacks results in a breach event, but it is important to think of both when aligning your people, processes and technology for maximum effect to mitigate that risk. 

There have been many articles written regarding best practices for minimizing the risk of a cyber-security incident.  Rather than recount a list of commonly cited controls, I would like to approach the topic from a slightly different perspective and focus on the top six technical controls that I feel are likely to help  mitigate the most risk, provided that all the “table stakes” items are in place (i.e. you have a firewall, etc.).

  1. Patch and Update Constantly:  Ultimately the most hacker-resistant environment is the one that is best administered.  Organizations are short cutting system and network administration activities through budget / staff reductions and lack of training.  This practice often forces prioritization and choice about what tasks get done sooner, later or at all.  Over time this creates a large, persistent baseline of low to medium risk issues in the environment that can contribute to a wildfire event under the right conditions.  Lack
Data Breach,Malware,Hack
WiredThreatLevel.png 2019-09-16 13:00:00 The 11 Best New TV Shows Coming This Fall-From \'Watchmen\' to \'Mandalorian\' (lien direct)

In the streaming age, there are always new shows. But this fall in particular has some unique treats. (Hello, Disney+!)

SecurityWeek.png 2019-09-16 12:36:13 Tor Raises $86K to Smash Bugs (lien direct)

Members of The Onion Router (Tor) community have raised $86,081 as part of an initiative aimed at securing funds to find and squash issues in the popular browser.

Called the Bug Smash Fund, the initiative was launched at the beginning of August 2019, with the purpose of creating a reserve for the Tor Project to use for maintenance and bug patching.

read more

TechRepublic.png 2019-09-16 12:33:02 Chuwi AeroBook review: Testing 5 Linux distributions (lien direct)

The Chuwi AeroBook is a snappy, Ultrabook-style system at under half the price of the MacBook Air, from which it draws clear design inspirations. TechRepublic tests how it fares running Linux.

Trend.png 2019-09-16 12:10:39 Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload (lien direct)

Skidmap, a Linux malware that we recently stumbled upon, demonstrates the increasing complexity of recent cryptocurrency-mining threats. This malware is notable because of the way it loads malicious kernel modules to keep its cryptocurrency mining operations under the radar.

These kernel-mode rootkits are not only more difficult to detect compared to its user-mode counterparts - attackers can also use them to gain unfettered access to the affected system. A case in point: the way Skidmap can also set up a secret master password that gives it access to any user account in the system. Conversely, given that many of Skidmap\'s routines require root access, the attack vector that Skidmap uses - whether through exploits, misconfigurations, or exposure to the internet - are most likely the same ones that provide the attacker root or administrative access to the system.

The post Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload appeared first on .

Malware
WiredThreatLevel.png 2019-09-16 12:00:00 6 Best Smartphones That Still Have a Headphone Jack (2019) (lien direct)

3.5-mm audio jacks are endangered, but they\'re not extinct yet. Some of our favorite smartphones still have them.

SecurityAffairs.png 2019-09-16 11:57:15 A flaw in LastPass password manager leaks credentials from previous site (lien direct)

A flaw in LastPass password manager leaks credentials from previous site An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes […]

The post A flaw in LastPass password manager leaks credentials from previous site appeared first on Security Affairs.

Vulnerability
ZDNet.png 2019-09-16 11:51:00 Emotet, today\'s most dangerous botnet, comes back to life (lien direct)

Emotet botnet resumes malspam operations after going silent for nearly four months.

TechRepublic.png 2019-09-16 11:30:17 Software development tops list of most in-demand tech skills (lien direct)

In the past year, an astounding 588,504 technology job descriptions included "knowledge of software development principles" according to RS Components.

itsecurityguru.png 2019-09-16 11:20:19 (Déjà vu) New Spam Malware Campaign Targeting Germany. (lien direct)

A new spam campaign is underway that pretends to be a job application from “Eva Richter” who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim’s files by installing the Ordinypt Wiper. Ordinypt is a destructive malware commonly targeted at German people that […]

The post New Spam Malware Campaign Targeting Germany. appeared first on IT Security Guru.

Spam,Malware
itsecurityguru.png 2019-09-16 11:19:21 Database Exposes 198M records on Auto Buyers. (lien direct)

Dealer Leads, LLC, a digital marketing company for car dealerships, was discovered last month to have exposed an Elastic database that contained 198 million records on prospective automotive buyers. Publicly accessible information included the plain-text names, email addresses, phone numbers, home addresses and IP addresses of visitors to numerous websites affiliated with Dealer Leads, cybersecurity […]

The post Database Exposes 198M records on Auto Buyers. appeared first on IT Security Guru.

itsecurityguru.png 2019-09-16 11:18:20 Phishing Scam Aimed at Getting Private Details on New Online Security Checks. (lien direct)

Fraudsters are exploiting new online security checks to obtain sensitive information from victims. It comes just days after Action Fraud warned of more ‘sextortion scams’ doing the rounds in the UK, with over 600 reports last week alone. These scams involve criminals claiming to have gained access to a victim’s device following the viewing of pornographic material, […]

The post Phishing Scam Aimed at Getting Private Details on New Online Security Checks. appeared first on IT Security Guru.

itsecurityguru.png 2019-09-16 11:17:35 iOS 13 exploit bypasses the lockscreen for access to contacts. (lien direct)

Apple’s very latest version of iOS appears to have the same sort of lock-screen bypass that plagued previous versions of the iThing firmware. Researcher Jose Rodriguez told The Register that back in July he discovered how the then-beta-now-gold version of iOS 13 could be fooled into showing an iPhone’s address book without ever having to unlock the […]

The post iOS 13 exploit bypasses the lockscreen for access to contacts. appeared first on IT Security Guru.

itsecurityguru.png 2019-09-16 11:04:03 Teenage Hacker Arrested for Selling Unreleased Songs From Top Artists. (lien direct)

UK police have arrested a suspected hacker for stealing unreleased music from recording artists and trying to sell the looted files for cryptocurrency. The 19-year-old suspect allegedly targeted “award-winning international superstars” by breaking into their websites and cloud-based accounts to access recorded music, the City of London Police said in a Friday statement. Source: PCMAG

The post Teenage Hacker Arrested for Selling Unreleased Songs From Top Artists. appeared first on IT Security Guru.

TechRepublic.png 2019-09-16 11:00:10 The top 5 most in-demand developer skills (lien direct)

As one of the most in-demand jobs in the tech world, developers must remain up to date on their skills. Here\'s where to start.

ZDNet.png 2019-09-16 11:00:06 Popular consumer and enterprise routers, IoT devices contain remote access vulnerabilities (lien direct)

A new study reveals vulnerability rates are not decreasing in our connected devices -- far from it.

Vulnerability
WiredThreatLevel.png 2019-09-16 11:00:00 Flirty or Friendzone? New AI Scans Your Texts for True Love (lien direct)

A new class of apps can use machine intelligence to determine if your text conversations are imbued with hidden romantic sparks.

WiredThreatLevel.png 2019-09-16 11:00:00 Artificial Intelligence Confronts a \'Reproducibility\' Crisis (lien direct)

Machine-learning systems are black boxes even to the researchers that build them. That makes it hard for others to assess the results.

WiredThreatLevel.png 2019-09-16 11:00:00 Today\'s Cartoon: Helicopter Parenting (lien direct)

Helicopter parenting? There\'s 100 apps for that.

WiredThreatLevel.png 2019-09-16 11:00:00 After Six Years in Exile, Edward Snowden Explains Himself (lien direct)

In a new memoir and interview, the world\'s most famous whistle-blower elucidates as never before why he stood up to mass surveillance-and his love for an internet that no longer exists.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Information mise à jours le: 2019-09-22 08:07:45
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter