This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-07T10:39:14+00:00 www.secnews.physaphae.fr AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Known security vulnerabilities: hidden in plain sight While there are always going to be those exploits kicking around in the darker corners of the hackerverse and require an effective threat intelligence solution, the vast majority of vulnerabilities for both commercial and open source products end up on security advisories like the National Vulnerability Database (NVD), the popular U.S. government-backed database that analyzes reported software vulnerabilities (CVE’s). For years now, we have been seeing a moderate yet steady climb in the number of software vulnerabilities (CVEs) being reported. However, the count for 2017 more than doubled the previous year’s number, spiking from 6,447 to 14,714 CVEs in the books. Hardly a fluke - 2018 recorded 16,555 vulnerabilities. I have theorized on why we are seeing more of these vulnerabilities coming to light, due in part to bug bounties and corporate sponsorship for research into open source security efforts. Frankly, more money being thrown at the problem is helping to play a positive role in making software safer, but it only tells a part of the story. Where do software security vulnerabilities go once they are discovered? While the NVD is generally considered to be the authoritative listing for vulnerabilities and is where many security folk and developers go to search for known vulnerabilities, their details, and their fixes. Not all, but most known vulnerabilities can be found there, and that’s the good news. The bad news is that the information pertaining to these vulnerabilities is spread out across multiple sources, making the job of keeping track of them considerably more difficult. Not every vulnerability makes its way directly to the NVD through the standard CVE route. Vulnerabilities reach the CVE, another U.S.-government-backed organization run by the non-profit MITRE Corporation, through reports from security researchers, project maintainers, or companies in the case of commercial software. When a vulnerability is discovered by a researcher, the common practice is to notify the vendor or project maintainer and then reach out to the CVE to reserve an identification number. Information about what has been found to be vulnerable and how to exploit it is withheld during a grace period, (typically 60-90 days) which is meant to allow the product/project’s team time to develop a fix for the vulnerability.  Vulnerabilities reported for commercial products like Microsoft’s Win]]> 2019-04-02T13:00:00+00:00 https://feeds.feedblitz.com/~/600253258/0/alienvault-blogs~Information-on-open-source-vulnerabilities-is-as-distributed-as-the-community www.secnews.physaphae.fr/article.php?IdArticle=1087356 False None Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Patches are tested -> Patches are deployed to Production.  What could possibly go wrong? Anyone who has ever experienced the nail-biting joy of patching, and then awaiting a restart, knows exactly what could go wrong.  Does anyone remember the really good old days when patches had to be manually staged prior to deployment? For those of you who entered the tech world after Windows NT was retired, consider yourself lucky! If you think about it, most organizations that patch on a monthly basis are considered to have an aggressive patching strategy.  As evidenced by the legendary Equifax breach, some organizations take months to apply patches. This is true even when the organization has been forewarned that the patch is a cure for a vulnerability that is being actively exploited, also known as a “Zero-day” vulnerability. Patching is never a flawless operation.  There is always one server that just seems to have problems.  What is the first response when this happens?  Blame the patch, of course!  After all, what else could have changed on the server?  Plenty, actually. Sometimes, removal of the patch doesn’t fix the problem.  I have seen the patch still held responsible for whatever has gone wrong with the server.  I am not blindly defending the patch authors, as there have been too many epic blunders in patching for me to exhibit that kind of optimism and not laugh at myself.  But what can we do to avoid the patch blame game? The simple solution is to restart the servers before deploying patches.  This is definitely an unorthodox approach, but it can certainly reduce troubleshooting time and “patch blame” when something goes wrong.  If you restart a server, and it doesn’t restart properly, that indicates that an underlying problem exists prior to any patching concern. This may seems like a waste of time, however, the alternative is usually more time consuming. If you patch a server, and it fails at restart, the first amount of time you will waste is trying to find the offending patch, and then removing the patch.  Then, upon the subsequent restart, the machine still fails.  Now what? Even if we scale this practice to 1000 servers, the time is still not wasted.  If you are confident that your servers can withstand a simple restart, then restart them all.  The odds are in your favor that most will restart without any problems.   If less than 1% of them fail, then you can address the problems there before falsely chasing the failure as a patch problem. Once all the servers restart normally, then, perform your normal patching, and feel free to blame the patch if the server fails after patching. The same approach could also be applied to workstations in a corporate environment.  Since most organizations do not engage automatic workstation patching on the corporate network, a pre-patch restart can be forced on workstations. Patching has come a long way from the early days when the internet was young and no vulnerabilities existed (insert sardonic smile here).  The rate of exploits and vulnerabilities have accelerated, requiring more immediate action towards protecting your networks.  Since patches are not without flaws, one easy way to rule out patching as the source of a problem is to restart before patching. ]]> 2019-03-20T13:00:00+00:00 https://feeds.feedblitz.com/~/599828872/0/alienvault-blogs~Restart-BEFORE-patching www.secnews.physaphae.fr/article.php?IdArticle=1073278 False Vulnerability,Patching Equifax None Dark Reading - Informationweek Branch 2019-03-19T14:30:00+00:00 https://www.darkreading.com/vulnerabilities---threats/the-case-of-the-missing-data/a/d-id/1334181?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1073444 False None Equifax None SecurityWeek - Security News impacted 148 million Americans in 2017 was the result of years of poor cybersecurity practices, a new Staff Report from the United States Senate's Permanent Subcommittee on Investigations reveals.  ]]> 2019-03-11T16:31:00+00:00 https://www.securityweek.com/equifax-was-aware-cybersecurity-weaknesses-years-senate-report-says www.secnews.physaphae.fr/article.php?IdArticle=1064626 False Data Breach Equifax None InformationSecurityBuzzNews - Site de News Securite US Senators Slam Equifax, Marriott Executives For Massive Data Breaches]]> 2019-03-11T15:30:00+00:00 https://www.informationsecuritybuzz.com/expert-comments/us-senators-slam-equifax-marriott-executives-for-massive-data-breaches/ www.secnews.physaphae.fr/article.php?IdArticle=1064460 False Guideline Equifax None Krebs on Security - Chercheur Américain 2019-03-08T16:12:03+00:00 https://krebsonsecurity.com/2019/03/myequifax-com-bypasses-credit-freeze-pin/ www.secnews.physaphae.fr/article.php?IdArticle=1060674 False None Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2019-02-16T00:26:03+00:00 https://threatpost.com/equifax-data-nation-state/141929/ www.secnews.physaphae.fr/article.php?IdArticle=1028848 False None Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2019-02-15T22:30:01+00:00 https://threatpost.com/data-breach-equifax-credential-dumps/141925/ www.secnews.physaphae.fr/article.php?IdArticle=1028765 False Data Breach Equifax None InformationSecurityBuzzNews - Site de News Securite Equifax Data Breach A Sign Of Global Cyberwarfare?]]> 2019-02-15T21:30:00+00:00 https://www.informationsecuritybuzz.com/expert-comments/equifax-data-breach-a-sign-of-global-cyberwarfare/ www.secnews.physaphae.fr/article.php?IdArticle=1028646 False Data Breach Equifax None InformationSecurityBuzzNews - Site de News Securite Equifax Partner Breach]]> 2019-02-14T14:36:05+00:00 https://www.informationsecuritybuzz.com/expert-comments/equifax-partner-breach/ www.secnews.physaphae.fr/article.php?IdArticle=1026648 False None Equifax None InformationSecurityBuzzNews - Site de News Securite Most Of The Fortune 100 Still Use The Flawed Software That Led To The Equifax Breach]]> 2019-01-31T23:30:04+00:00 https://www.informationsecuritybuzz.com/expert-comments/most-of-the-fortune-100-still/ www.secnews.physaphae.fr/article.php?IdArticle=1018082 False None Equifax None The State of Security - Magazine Américain Read More ]]> 2019-01-28T04:00:01+00:00 https://www.tripwire.com/state-of-security/regulatory-compliance/regulatory-fines-prison-time-render-check-box-security-indefensible/ www.secnews.physaphae.fr/article.php?IdArticle=1011836 False Data Breach Equifax None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2019-01-15T03:51:04+00:00 https://thehackernews.com/2019/01/cyber-security-webinars.html www.secnews.physaphae.fr/article.php?IdArticle=993189 False None Equifax None CSO - CSO Daily Dashboard 2019-01-07T06:05:00+00:00 https://www.csoonline.com/article/3331598/identity-management/managing-identity-and-access-management-in-uncertain-times.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=978974 False Data Breach Equifax,Yahoo,Deloitte None Infosec Island - Security Magazine 2018-12-13T11:49:00+00:00 https://www.infosecisland.com/blogview/25149-Conflicted-External-Auditors-at-Heart-of-Equifax-Data-Breach.html www.secnews.physaphae.fr/article.php?IdArticle=944533 False Data Breach Equifax None SecurityWeek - Security News 2018-12-12T15:58:01+00:00 https://www.securityweek.com/us-house-report-blasts-equifax-over-poor-security-leading-massive-2017-breach www.secnews.physaphae.fr/article.php?IdArticle=945148 False None Equifax None Dark Reading - Informationweek Branch 2018-12-11T17:42:00+00:00 https://www.darkreading.com/perimeter/equifax-breach-underscores-need-for-accountability-simpler-architectures/d/d-id/1333465?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=943083 False None Equifax None Adam Shostack - American Security Blog Continue reading "House Oversight Committee on Equifax"]]> 2018-12-11T16:00:05+00:00 https://adam.shostack.org/blog/2018/12/house-oversight-committee-on-equifax/ www.secnews.physaphae.fr/article.php?IdArticle=942956 False None Equifax None Wired Threat Level - Security News 2018-12-07T14:00:00+00:00 https://www.wired.com/story/wired-guide-to-data-breaches www.secnews.physaphae.fr/article.php?IdArticle=939446 False None Equifax None InformationSecurityBuzzNews - Site de News Securite Senate Call For Data Security Laws In Wake Of Marriott Breach]]> 2018-12-04T11:45:05+00:00 https://www.informationsecuritybuzz.com/expert-comments/senate-call-for-data-security/ www.secnews.physaphae.fr/article.php?IdArticle=933609 False None Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-11-09T22:50:04+00:00 https://threatpost.com/lawsuits-aim-billions-in-fines-at-equifax-and-ad-targeting-companies/139001/ www.secnews.physaphae.fr/article.php?IdArticle=889322 False None Equifax None InformationSecurityBuzzNews - Site de News Securite Equifax Offers Free Credit Monitoring - Via Rival Experian]]> 2018-11-05T17:15:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/equifax-offers-free-credit/ www.secnews.physaphae.fr/article.php?IdArticle=881183 False Data Breach Equifax None Krebs on Security - Chercheur Américain 2018-11-01T16:47:01+00:00 https://krebsonsecurity.com/2018/11/equifax-has-chosen-experian-wait-what/ www.secnews.physaphae.fr/article.php?IdArticle=874857 False Data Breach Equifax None The Last Watchdog - Blog Sécurité de Byron V Acohido 2018-10-29T08:56:01+00:00 https://www.lastwatchdog.com/guest-essay-a-guide-to-implementing-best-practices-and-wise-policies-before-the-inevitable-breach/ www.secnews.physaphae.fr/article.php?IdArticle=868358 False None Equifax None Graham Cluley - Blog Security Sudhakar Reddy Bonthu wasn't told he was working on Equifax's breach notification website, but when he worked it out he used the information for his financial advantage. Read more in my article on the Hot for Security blog. ]]> 2018-10-19T14:55:01+00:00 https://hotforsecurity.bitdefender.com/blog/manager-who-worked-on-equifaxs-breach-website-sentenced-for-insider-trading-20465.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=855172 False None Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Joint report on publicly available hacking tools | NCSC The agency also commented on how it keeps criminals at bay by stopping on average 10 attacks on the government per week. NCSC also published its Annual Review 2018 - the story of the second year of operations at the National Cyber Security Centre. Targeting Crypto Currencies It is estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534 million in crypto was stolen. Targeted attacks on crypto exchanges resulted in a loss of $882 million | HelpNet Security Twitter Publishes Data on Iranian and Russian Troll Farms In an attempt to try and be more proactive in dealing with misinformation campaigns, Twitter has published its Elections Integrity dataset which includes attempted manipulation, including malicious automated accounts and spam. In other words it’s attempting to out - Iranian and Russian troll farms. Twitter’s focus is on a healthy public conversation | Twitter In light of this, it’s worth also revisiting this article by Mustafa Al-Bassam in which he researched UK intelligence doing the same thing targeting civilians in Iran. British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents | Motherboard Equifax Engineer Sentenced An Equifax engineer gets eight months for earning $75,000 from insider trading. He figured out he was building a web portal for a breach involving Equifax, which turned out to be the 2017 breach, and so decided to ride the stock drop. Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading | ZDNet Mind the Skills Gap (ISC)2 has released its 2018 global cyber security workforce study and it looks like the cyber security skills gap has widened to 3 million. It’s worth bearing in mind that estimating the skills gap isn’t an eas]]> 2018-10-19T13:00:00+00:00 https://feeds.feedblitz.com/~/575579772/0/alienvault-blogs~Things-I-Hearted-this-Week-th-October www.secnews.physaphae.fr/article.php?IdArticle=854987 False Guideline APT 38,Equifax None SecurityWeek - Security News 2018-10-18T04:43:01+00:00 https://www.securityweek.com/ex-equifax-manager-gets-home-confinement-insider-trading www.secnews.physaphae.fr/article.php?IdArticle=853577 False Data Breach Equifax None ZD Net - Magazine Info 2018-10-17T21:39:00+00:00 https://www.zdnet.com/article/equifax-engineer-who-designed-breach-portal-gets-8-months-of-house-arrest-for-insider-trading/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=852451 False None Equifax None Adam Shostack - American Security Blog Continue reading "GAO Report on Equifax"]]> 2018-10-12T20:43:01+00:00 https://adam.shostack.org/blog/2018/10/gao-report-on-equifax/ www.secnews.physaphae.fr/article.php?IdArticle=844658 False None Equifax None InformationSecurityBuzzNews - Site de News Securite Equifax: One Year Later]]> 2018-10-09T14:30:01+00:00 https://www.informationsecuritybuzz.com/articles/equifax-one-year-later/ www.secnews.physaphae.fr/article.php?IdArticle=838785 False None Equifax None Malwarebytes Labs - MalwarebytesLabs A roundup of the security news from September 17–23, including Android scams, massive WordPress compromises, and high fines for Equifax. Categories: Security world Week in security Tags: AndroidemotetEquifaxEquifax breachfineMagaCartmalwarephishingplayransomwareround up. ukgovsaslvulnerabilityweek in security (Read more...) ]]> 2018-09-24T17:03:02+00:00 https://blog.malwarebytes.com/security-world/2018/09/week-security-september-17-23/ www.secnews.physaphae.fr/article.php?IdArticle=822488 False None Equifax None InformationSecurityBuzzNews - Site de News Securite Lack Of Software Intelligence Led To Equifax]]> 2018-09-24T10:30:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/lack-of-software-intelligence-led-to-equifax/ www.secnews.physaphae.fr/article.php?IdArticle=821833 False None Equifax None The State of Security - Magazine Américain Read More ]]> 2018-09-20T11:09:03+00:00 https://www.tripwire.com/state-of-security/security-data-protection/ico-to-fine-equifax-500000-for-2017-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=817289 False Data Breach Equifax None ZD Net - Magazine Info 2018-09-20T07:25:00+00:00 https://www.zdnet.com/article/equifax-fined-500000-over-customer-data-breach/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=816949 False Data Breach Equifax None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-09-20T06:54:05+00:00 https://thehackernews.com/2018/09/equifax-credit-reporting-breach.html www.secnews.physaphae.fr/article.php?IdArticle=817552 False Data Breach Equifax None BBC - BBC News - Technology 2018-09-19T23:12:00+00:00 https://www.bbc.co.uk/news/uk-england-essex-45574163 www.secnews.physaphae.fr/article.php?IdArticle=816437 False Data Breach Equifax None Dark Reading - Informationweek Branch 2018-09-10T15:30:00+00:00 https://www.darkreading.com/attacks-breaches/gao-says-equifax-missed-flaws-intrusion-in-massive-breach/d/d-id/1332776?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=802022 False None Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-09-10T14:23:00+00:00 https://threatpost.com/mirai-gafgyt-botnets-return-to-target-infamous-apache-struts-sonicwall-flaws/137309/ www.secnews.physaphae.fr/article.php?IdArticle=801692 False None Equifax None Security Affairs - Blog Secu 2018-09-10T14:22:02+00:00 https://securityaffairs.co/wordpress/76067/reports/equifax-hack-gao-report.html www.secnews.physaphae.fr/article.php?IdArticle=801651 False Hack Equifax None Dark Reading - Informationweek Branch 2018-09-10T12:47:00+00:00 https://www.darkreading.com/the-equifax-breach-one-year-later-6-action-items-for-security-pros-/d/d-id/1332770?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=801869 False None Equifax None SecurityWeek - Security News 2018-09-10T11:43:01+00:00 https://www.securityweek.com/attackers-made-9000-unauthorized-database-queries-equifax-hack-report www.secnews.physaphae.fr/article.php?IdArticle=802661 False None Equifax None Security Affairs - Blog Secu 2018-09-10T11:23:02+00:00 https://securityaffairs.co/wordpress/76060/malware/mirai-gafgyt-target-enterprises.html www.secnews.physaphae.fr/article.php?IdArticle=801355 False Malware,Vulnerability Equifax None IT Security Guru - Blog Sécurité 2018-09-10T11:22:00+00:00 http://www.itsecurityguru.org/2018/09/10/year-equifax-hack-exposed-145-million-americans-personal-information-trump-administration-hasnt-announced-punishments/ www.secnews.physaphae.fr/article.php?IdArticle=801378 False Hack Equifax None InformationSecurityBuzzNews - Site de News Securite The Equifax Breach – One Year Later]]> 2018-09-10T09:30:03+00:00 https://www.informationsecuritybuzz.com/expert-comments/the-equifax-breach/ www.secnews.physaphae.fr/article.php?IdArticle=801234 False None Equifax None ZD Net - Magazine Info 2018-09-07T18:17:01+00:00 https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=797813 False Hack Equifax None The Last Watchdog - Blog Sécurité de Byron V Acohido 2018-09-02T14:50:02+00:00 https://www.lastwatchdog.com/new-tech-whitesource-leverages-automation-to-mitigate-lurking-open-source-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=789624 False Hack Equifax None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/566525656/0/thesecurityledger -->» ]]> 2018-08-28T03:06:03+00:00 https://feeds.feedblitz.com/~/566525656/0/thesecurityledger~Podcast-Episode-Why-Patching-Struts-isnt-Enough-and-Hacking-Electricity-Demand-with-IoT/ www.secnews.physaphae.fr/article.php?IdArticle=783032 False Hack,Vulnerability,Patching Equifax None SecurityWeek - Security News 2018-08-27T17:07:03+00:00 https://www.securityweek.com/cyber-risk-business-risk-time-business-aligned-ciso www.secnews.physaphae.fr/article.php?IdArticle=783304 False Ransomware NotPetya,Equifax,Yahoo None Krebs on Security - Chercheur Américain 2018-08-23T20:22:03+00:00 https://krebsonsecurity.com/2018/08/experts-urge-rapid-patching-of-struts-bug/ www.secnews.physaphae.fr/article.php?IdArticle=782920 False Patching Equifax None Wired Threat Level - Security News 2018-07-25T12:00:00+00:00 https://www.wired.com/story/equifax-security-overhaul-year-after-breach www.secnews.physaphae.fr/article.php?IdArticle=752919 False None Equifax None CSO - CSO Daily Dashboard Javelin Research Center reported a record 16.7 million consumers fell victim last year, in large part due to the massive Equifax breach which left millions of consumers' data exposed to would-be hackers. Now, hackers are using exposed credit and debit card numbers to steal from bank and loyalty accounts, shifting to digital attacks without ever needing a physical card in their hands. According to Javelin, card-not-present fraud (CNP) is 81 percent more likely than point-of-sale fraud (PoS). In 2017, more consumers had their cards misused in a CNP transaction than at the cash register.]]> 2018-07-18T04:30:00+00:00 https://www.csoonline.com/article/3290937/biometrics/n-dimensional-behavioral-biometrics-a-viable-solution-for-digital-fraud.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=747612 False None Equifax None IT Security Guru - Blog Sécurité 2018-07-04T14:18:02+00:00 http://www.itsecurityguru.org/2018/07/04/cybersecurity-fund-returned-30-percent-since-equifax-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=731082 False Data Breach Equifax 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Data Aggregation Firm Leaks 340M Records — Left In Plain Sight]]> 2018-06-29T15:15:05+00:00 https://www.informationsecuritybuzz.com/expert-comments/data-aggregation-firm/ www.secnews.physaphae.fr/article.php?IdArticle=728965 False None Equifax None SecurityWeek - Security News 2018-06-29T13:18:04+00:00 https://www.securityweek.com/former-equifax-manager-charged-insider-trading www.secnews.physaphae.fr/article.php?IdArticle=728882 False None Equifax None Dark Reading - Informationweek Branch 2018-06-29T11:15:00+00:00 https://www.darkreading.com/cloud/equifax-software-manager-charged-with-insider-trading/d/d-id/1332188?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=729017 False Data Breach Equifax None Bleeping Computer - Magazine Américain 2018-06-28T12:50:01+00:00 https://www.bleepingcomputer.com/news/legal/equifax-engineer-who-designed-breach-website-charged-with-insider-trading/ www.secnews.physaphae.fr/article.php?IdArticle=727234 False None Equifax None Dark Reading - Informationweek Branch 2018-06-28T11:33:00+00:00 https://www.darkreading.com/vulnerabilities---threats/newly-revealed-exactis-data-leak-bigger-than-equifaxs/d/d-id/1332175?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=727180 False None Equifax None CSO - CSO Daily Dashboard 7 common modeling mistakes | Get the latest from CSO by signing up for our newsletters. ] When a company like Equifax commits gross negligence for failing to secure our data, and a breach pumps 147.9 million records onto the internet, the company's directors keep their jobs, their cyber insurance policy pays out, and the company posts a profit.]]> 2018-06-18T03:00:00+00:00 https://www.csoonline.com/article/3280990/security/does-cyber-insurance-make-us-more-or-less-secure.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=710122 False None APT 32,Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-06-15T21:45:00+00:00 https://threatpost.com/vermont-librarian-wins-small-claims-suit-against-equifax/132875/ www.secnews.physaphae.fr/article.php?IdArticle=707537 False None Equifax None Krebs on Security - Chercheur Américain 2018-06-13T20:14:04+00:00 https://krebsonsecurity.com/2018/06/librarian-sues-equifax-over-2017-data-breach-wins-600/ www.secnews.physaphae.fr/article.php?IdArticle=703958 False None Equifax None SecureMac - Security focused on MAC 2018-06-07T16:37:02+00:00 https://www.securemac.com/news/checklist-92-is-there-a-plumber-in-the-building www.secnews.physaphae.fr/article.php?IdArticle=704081 False None Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-06-05T21:12:03+00:00 https://threatpost.com/dna-testing-service-myheritage-leaks-user-data-of-92-million-customers/132528/ www.secnews.physaphae.fr/article.php?IdArticle=694472 False None Equifax,Heritage None We Live Security - Editeur Logiciel Antivirus ESET One-third of audited codebases that contain Apache Struts suffer from the same vulnerability that facilitated the Equifax hack a year ago ]]> 2018-05-18T12:01:01+00:00 https://www.welivesecurity.com/2018/05/18/open-source-code-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=657849 False None Equifax None ZD Net - Magazine Info 2018-05-15T13:00:00+00:00 https://www.zdnet.com/article/enterprise-codebases-plagued-by-open-source-vulnerabilities/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=651445 False None Equifax None IT Security Guru - Blog Sécurité 2018-05-11T09:58:03+00:00 http://www.itsecurityguru.org/2018/05/11/equifax-now-says-passport-info-stolen-breach/ www.secnews.physaphae.fr/article.php?IdArticle=637544 False None Equifax None InformationSecurityBuzzNews - Site de News Securite Equifax Revelation]]> 2018-05-09T10:30:05+00:00 https://www.informationsecuritybuzz.com/expert-comments/equifax-revelation/ www.secnews.physaphae.fr/article.php?IdArticle=632479 False None Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-05-08T16:45:05+00:00 https://threatpost.com/equi-facts-equifax-clarifies-the-numbers-for-its-massive-breach/131797/ www.secnews.physaphae.fr/article.php?IdArticle=632421 False None Equifax None ZD Net - Magazine Info 2018-05-08T14:43:00+00:00 https://www.zdnet.com/article/how-the-equifax-breach-breaks-down-by-the-numbers/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=632271 False None Equifax None ZD Net - Magazine Info 2018-05-07T16:43:00+00:00 https://www.zdnet.com/article/after-equifax-breach-companies-rely-on-same-flawed-software/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=632275 False None Equifax None IT Security Guru - Blog Sécurité 2018-04-26T09:49:02+00:00 http://www.itsecurityguru.org/2018/04/26/equifax-spent-242-7-million-data-breach-far/ www.secnews.physaphae.fr/article.php?IdArticle=615484 False None Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC The Roman poet Lucretius once wrote: “A fool believes that the tallest mountain in the world will be equal to the tallest one he has observed.” Translation? He’s essentially saying that our lived experiences define our perspectives. They warp our sense of scale like a bit of plastic in the microwave, moulding what we consider to be large and small. As someone with years of experience in the security industry, and the cynicism and grey hair to prove it, I’ve got a lot of appreciation for this. Remember in 2010 when the hacker group Goatse Security (please don’t google the first word in that name) penetrated the heart of AT&T’s servers and acquired the email addresses of over 100,000 iPad users? Man, 2010 was a different time. The AT&T iPad hack was a major news story, and rightfully so. I distinctly remember thinking that 100,000 victims was pretty big. Now, in light of the Ashley Madison and Equifax hacks, it almost seems quaint. What I’m saying is that, my perspective of what constitutes a major incident has shifted. I noticed that earlier this week when a jewelry retailer in the US accidentally leaked the details of 1.3 million customers. This happened because it committed one of the most basic of security schoolboy errors, and failed to secure the Amazon S3 bucket where it kept its database backups. 1.3 million? Yawn. I don’t get out of bed for less than 100 million. And while I struggle to imagine a data breach greater in size than the 2016 release of over 300 million MySpace users, or more damaging than the 2017 Equifax hack, I know this is inevitable, even if I can’t actually visualize it in my mind’s eye. But, like, what if it’s better to be fools? We live in interesting times. Security breaches are no longer measured in the millions, but in the hundreds of millions of records. It’s only a matter of time until the first billion-victim data leak happens. The smaller leaks (and apparently anything less than 10 million constitutes a “smaller leak”) barely warrant a mention. But what about the big ones? After every major incident there’s the trifecta of outrage, blame, and calls for consequences, but that that eventually settles down into apathetic acceptance. Remember when everyone was really upset about the Ashley Madison hack, and then forgot about it? Remember when everyone was really upset about the LinkedIn hack, and then forgot about it? Remember when everyone was really upset about the Equifax hack, and then forgot about it? And let me ask one last question: are we any better for having done so? Are companies still making silly security mistakes? Has there been any change at the government level? Any new laws passed? Has anyone gone to jail for having screwed up in such an egregious manner? Perhaps it’s time to treat all security breaches -- all security breaches, but especially the big ones -- as the biggest mountains we’ve ever seen, because change isn’t going to happen any other way. I, for one, think it’s better to be a fool. Who’s with me?  ]]> 2018-04-19T13:00:00+00:00 http://feeds.feedblitz.com/~/540292974/0/alienvault-blogs~Let%e2%80%99s-be-Fools www.secnews.physaphae.fr/article.php?IdArticle=596455 False None Equifax None SecurityWeek - Security News 2018-04-13T16:10:02+00:00 https://www.securityweek.com/illumio-qualys-partner-vulnerability-based-micro-segmentation www.secnews.physaphae.fr/article.php?IdArticle=583923 False None NotPetya,Wannacry,Equifax None IT Security Guru - Blog Sécurité 2018-04-06T11:26:00+00:00 http://www.itsecurityguru.org/2018/04/06/state-ags-equifax-case-may-portend-big-problems-data-breach-defendants/ www.secnews.physaphae.fr/article.php?IdArticle=570071 False None Equifax 3.0000000000000000 Graham Cluley - Blog Security Yes, we should be mad at Panera Bread for its lousy response to a serious security issue. But things turn ugly when the masses begin to blame individually-named members of the security team. ]]> 2018-04-04T13:27:00+00:00 https://www.grahamcluley.com/dont-blame-panera-breads-security-guy-just-because-he-used-to-work-at-equifax/ www.secnews.physaphae.fr/article.php?IdArticle=565613 False None Equifax None SecurityWeek - Security News blog post, adding that the window of compromise was estimated to be May 2017 to present.” As of Sunday, roughly 125,000 records had been released for sale so far, Gemini said, with the “entire cache” expected to become available in the following months. HBC did not provide details on the number of customers/records impacted in the incident.  “The Company is working rapidly with leading data security investigators to get customers the information they need, and the investigation is ongoing. HBC is also coordinating with law enforcement authorities and the payment card companies,” HBC said. “The details of how these cards were stolen remains unclear at this time, but it's important that we learn what happened so that others can work to prevent similar breaches," commented Tim Erlin, VP, product management and technology at Tripwire. "This appears to be the type of breach, through point-of-sale systems, that EMV is supposed to prevent, so we need to ask what happened here. Was EMV in use, and if so, how did the attackers circumvent it? ]]> 2018-04-02T15:25:00+00:00 https://www.securityweek.com/saks-lord-taylor-stores-hit-data-breach www.secnews.physaphae.fr/article.php?IdArticle=561302 False Guideline Equifax None SecurityWeek - Security News Sports gear maker Under Armour said Thursday a data breach of its fitness application was hacked, affecting some 150 million user accounts. The Baltimore, Maryland-based company said it had contacted law enforcement and outside consultants after learning of the breach. Under Armour said it learned on March 25 of the breach of its MyFitnessPal application, which enables users to track activity and calorie intake using a smartphone. It said an unauthorized party obtained usernames, email addresses, and "hashed" passwords, which make it harder for a hacker to ascertain. The hack did not affect social security numbers, drivers licenses or credit card data, according to the company. "The company's investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue," a statement said. Users were being notified by email and messaging to update settings to protect account information. The attack is the latest affecting companies with large user bases such as Yahoo, retailer Target and credit reporting agency Equifax. (function() { var po = document.createElement("script"); po.type = "text/javascript"; po.async = true; po.src = "https://apis.google.com/js/plusone.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(po, s); })(); Tweet ]]> 2018-03-29T21:50:00+00:00 https://www.securityweek.com/under-armour-says-150-million-affected-data-breach www.secnews.physaphae.fr/article.php?IdArticle=551314 False None Equifax,Yahoo None Malwarebytes Labs - MalwarebytesLabs By now it's obvious that data security technology hasn't kept pace with the needs of consumers. In 2017 alone, we learned about massive data breaches from major organizations like Equifax, Uber, and Verizon. In other words: We're in the midst of a data breach epidemic. Categories: 101 Infographics Tags: data breachdata breachesdata breaches of 2017Equifaxprivacy (Read more...) ]]> 2018-03-29T16:00:00+00:00 https://blog.malwarebytes.com/101/2018/03/the-data-breach-epidemic-no-info-is-safe/ www.secnews.physaphae.fr/article.php?IdArticle=550672 False None Uber,Equifax None SecurityWeek - Security News Sony hack of 2014 brought the world to a startling halt when it was revealed that attackers had spent over a year leaking 100 terabytes of data from the network. The next year brought us the Panama Papers, where allegedly 2.6 terabytes of data were leaked, causing reputational damage to some of the world's most recognizable public figures. And in 2016, allegedly 80 gigabytes of data escaped from the Democratic National Committee's network, launching two years of skepticism and distrust around the US elections. Each of these cases of sizeable data exfiltration remained undetected for months, or even years – only to be discovered when the data had already long been lost. When we look at this cycle of stealthy and silent data breaches, we have to ask ourselves: how can such tremendous amounts of data leave our corporate networks without raising any alarms? Modern Networks: Living Organisms The challenge in identifying indicators of data exfiltration lies partly in the structure of today's networks. As our businesses continue to innovate, we open the door to increased digital complexity and vulnerability – from BYOD to third party supply chains, organizations significantly amplify their cyber risk profile in the name of optimal efficiency. Against this backdrop, our security teams are hard-pressed to identify the subtle telling signs of a data exfiltr]]> 2018-03-27T11:20:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/eJyZz4ITycM/why-does-data-exfiltration-remain-almost-unsolvable-challenge www.secnews.physaphae.fr/article.php?IdArticle=544637 False None Equifax None The Last Watchdog - Blog Sécurité de Byron V Acohido 2018-03-27T09:36:05+00:00 http://www.lastwatchdog.com/qa-why-smbs-should-heed-lessons-from-equifax-breach-and-mitigate-open-source-risks/ www.secnews.physaphae.fr/article.php?IdArticle=544427 False None Equifax None SecurityWeek - Security News exploitation attempts were spotted one day after the patch was released, shortly after someone made available a proof-of-concept (PoC) exploit. Some of the attacks scanned servers in search of vulnerable Struts installations, while others were set up to deliver malware. Guy Bruneau, researcher and handler at the SANS Internet Storm Center, reported over the weekend that his honeypot had caught a significant number of attempts to exploit CVE-2017-5638 over the past two weeks. The expert said his honeypot recorded 57 exploitation attempts on Sunday, on ports 80, 8080 and 443. The attacks, which appear to rely on a publicly available PoC exploit, involved one of two requests designed to check if a system is vulnerable. Bruneau told SecurityWeek that he has yet to see any payloads. The researcher noticed scans a few times a week starting on March 13, coming from IP addresses in Asia. “The actors are either looking for unpatched servers or new installations that have not been secured properly,” Bruneau said. The CVE-2017-5638 vulnerability is significant as it was exploited by cybercriminals last year to hack into the systems of U.S. credit reporting agency Equifax. Attackers had access to Equifax systems for more than two months and they managed to obtain information on over 145 million of the company's customers. The same vulnerability was also leveraged late last year in a campaign that involved NSA-linked exploits and cryptocurrency miners.]]> 2018-03-26T15:27:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/bwhNGEstI4A/one-year-later-hackers-still-target-apache-struts-flaw www.secnews.physaphae.fr/article.php?IdArticle=542868 False Guideline Equifax None SecurityWeek - Security News ]]> 2018-03-23T12:42:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/4stOA1PLtuk/pwner-lonely-heart-sad-reality-romance-scams www.secnews.physaphae.fr/article.php?IdArticle=536713 False Guideline Equifax,Yahoo None Krebs on Security - Chercheur Américain 2018-03-22T14:08:04+00:00 https://krebsonsecurity.com/2018/03/survey-americans-spent-1-4b-on-credit-freeze-fees-in-wake-of-equifax-breach/ www.secnews.physaphae.fr/article.php?IdArticle=535217 False None Equifax None SecurityWeek - Security News CTS Labs, which was unheard of until last week, came under fire shortly after its disclosure for giving AMD only a 24-hour notice before going public with its findings, and for apparently attempting to short AMD stock. The company later made some clarifications regarding the flaws and its disclosure method. CTS Labs claimed that a number of vulnerabilities could be exploited for arbitrary code execution, bypassing security features, stealing data, helping malware become resilient against security products, and damaging hardware. “AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations,” the chipmaker wrote in an update on Tuesday. “It's important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.” AMD said that patches will be released through BIOS updates to address the flaws, which have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA. The company said that no performance impact is expected for any of the forthcoming mitigations. AMD attempte]]> 2018-03-21T01:24:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/26J4jdC4sTI/amd-says-patches-coming-soon-chip-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=532570 True Guideline Equifax None SecurityWeek - Security News Virsec explains that its technology can protect applications by protecting processes in memory and pinpointing attacks in real-time, within any application. In more detail, the company explains that its Trusted Execution technology “maps acceptable application execution, and instantly detects deviations caused by attacks.”  “The battleground has shifted in cybersecurity and the industry is not keeping up,” said Atiq Raza, CEO of San Jose, California-based Virsec. “With our deep understanding of process memory, control flow, and application context, we have developed a revolutionary solution that stops attacks in their tracks, where businesses are most vulnerable – within applications and processes.” Additional investors participating in the round include Artiman Ventures, Amity Ventures, Raj Singh, and Boston Seed Capital. (function() { var po = document.createElement("script"); po.type = "text/javascript"; po.async = true; po.src = "https://apis.google.com/js/plusone.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(po, s); })(); Tweet ]]> 2018-03-20T20:26:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/6EiwKyoIAME/virsec-raises-24-million-series-b-funding www.secnews.physaphae.fr/article.php?IdArticle=532255 False Guideline Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Pretty much the motto of my profession is “word choice matters.” I say it a lot. It appears somewhere in the marginalia of pretty much everything I’ve ever edited. Words have denotation, and connotation. There are considerations for dialect, and for popular use. It can be fiddly and annoying to be queried so; I get it. You know what you meant, and you grabbed the word in your head that, to you, meant that thing. One of the glories of having your work edited is that someone who isn’t you can hold up a mirror, to make sure that the word on the page means as close as possible to what you meant in your head, to the greatest number of people, no matter where they’re from or what language they natively speak. Here at AlienVault, we’ve had some great discussions about the differences in connotation in different words between our Irish speakers, who learned Hiberno-English (which gets the hyphen when none of the others do), Chinese speakers, who learned British English, and Americans, who learned American English with intense regional dialect (the Texans and the Californians are occasionally mutually unintelligible.) But there’s one thing that none of us tolerate; the choosing of a word to deliberately mislead. When one works in fiction, one is used to the painting of pictures with words. When one chooses to work primarily in technology, it’s often because you’re way more comfortable with the nicely concrete, if entirely mutable. In technology, a thing is, or it is not. It’s variations on a theme of zeros and ones, no matter whether it’s software or hardware. It is therefore maddening beyond belief when the unambiguous words of technology are used to mislead the non-technical public. I’m of course talking about the Cambridge Analytica debacle, which is being referred to across the media landscape as “a data breach.” A data breach is when someone who is not authorized to handle specific information obtains access to that information. It’s a non-trivial failure of the security measures a responsible company or reasonable individuals would have in place. It implies wrongdoing, it implies malice, it implies a victim/attacker relationship. But when data is harvested and used with the unknowing opt-in of thousands of people, that’s not a breach. There are no hackers here; just people who knew how to use freely-given personal data to manipulate not very technically astute people to some political end. Lorenzo Franceschi-Bicchierai, as usual, gets it: We’ve been regularly covering data breaches for years. No one hacked into Facebook’s servers exploiting a bug, like hackers did when they stole the personal data of more than 140 million people from Equifax. No one tricked Facebook users into giving away their passwords and then stole their data, like Russian hackers did when they broke into the email accounts of John Podesta and others through phishing emails. Facebook obviously doesn't want the public to think it suffered a ma]]> 2018-03-20T19:50:00+00:00 http://feeds.feedblitz.com/~/533823614/0/alienvault-blogs~Cambridge-Analytica-Debacle-The-Definition-Of-Breach www.secnews.physaphae.fr/article.php?IdArticle=532195 False Guideline Equifax,Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Not sure if that means I’ve succeeded as a Dad or failed miserably. Hopefully she’ll come across one of these posts in the future and realise there was more to me than just memes. Operation Bayonet This article gives a fascinating insight into how law enforcement infiltrated and took down a drug market. As reports of these kinds of operations become available, Hollywood should really be looking to these for inspiration. Far better plots than most fiction! Operation Bayonet: Inside the sting that hijacked an entire dark web drug market | Wired How many devices are misconfigured… or not configured? I saw this blog that Anton Chuvakin posted over at Gartner stating that there’s a lot of security technology which is deployed yet misconfigured, not configured optimally, set to default, or deployed broken in other ways. Broadly speaking, I agree, in the race to get things done, assurance often takes a back seat. But there’s no obvious answer. Testing takes time and expertise. Unless it’s automated. But even then someone needs to look at the results and get things fixed. DevSecOps maybe? How Much of Your Security Gear Is Misconfigured or Not Configured? | Gartner Hacking encrypted phones Encrypted phone company Ciphr claims it was hacked by a rival company. A preview into how vicious digital rivals can get. And regardless of who is to blame, the fact remains that the real victims here are the users. Customer Data From Encrypted Phone Company Ciphr Has Been Dumped Online | Motherboard Hidden Cobra on Turkish Banks Bankshot implants are distributed from a domain with a name similar to that of the cryptocurrency-lending platform Falcon Coin, but the similarly named domain is not associated with the legitimate entity. The malicious domain falcancoin.io was created December 27, 2017, and was updated on February 19, only a few days before the implants began to appear. These implants are variations of earlier forms of Bankshot, a remote access tool that gives an attacker full capability on a victim’s system. This implant also contains functionality to wipe files and content from the targeted system to erase evidence or perform other destructive actions. Bankshot was first reported by the Department of Homeland Security on December 13, 2017, and has only recently resurfaced in newly compiled variants. The sample we analyzed is 99% similar to the documented Bankshot variants from 2017. ]]> 2018-03-16T13:00:00+00:00 http://feeds.feedblitz.com/~/532949046/0/alienvault-blogs~Things-I-hearted-this-week-th-March www.secnews.physaphae.fr/article.php?IdArticle=519344 False Medical APT 38,Equifax None SecurityWeek - Security News Traps for host-based security.  Pleasanton, Calif.-based Evident.io's flagship Evident Security Platform (ESP) helps customers reduce cloud security risk by minimizing the attack surface and improving overall security posture. ESP can continuously monitor AWS and Microsoft Azure deployments, identify and assess security risks, provide security teams with remediation guidance, along with providing security auditing and compliance reporting by analyzing configurations of services and account settings against security and compliance controls.  “Once integrated with the Palo Alto Networks cloud security offering, customers will be able to use a single approach to continuous monitoring, comprehensive storage security, and compliance validation and reporting,” explained Tim Prendergast, CEO & Co-Founder of Evident.io. Evident.io is backed by Bain Capital Ventures, True Ventures, Venrock, Google Ventures, and In-Q-Tel, the not-for-profit venture capital arm of the CIA. The acquisition is expected to close during Palo Alto Networks fiscal third quarter, subject to satisfaction of customary closing conditions.  Evident.io's co-founders, Tim Prendergast and Justin Lundy, will join Palo Alto Networks. ]]> 2018-03-15T01:38:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/Hu4pePCnUcY/palo-alto-networks-acquire-cia-backed-cloud-security-firm-evidentio-300-million www.secnews.physaphae.fr/article.php?IdArticle=514540 False Guideline Equifax None Graham Cluley - Blog Security A former Equifax executive, who sold nearly $1 million worth of shares before the company's massive data breach was made public, has been charged with insider trading. ]]> 2018-03-14T17:16:03+00:00 https://www.grahamcluley.com/ex-equifax-exec-charged-with-insider-trading-after-selling-1-million-worth-of-stock-before-data-breach-disclosure/ www.secnews.physaphae.fr/article.php?IdArticle=513646 True None Equifax None ZD Net - Magazine Info 2018-03-14T15:49:00+00:00 http://www.zdnet.com/article/sec-charges-former-equifax-executive-with-insider-trading-after-data-breach/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=513431 False None Equifax None SecurityWeek - Security News unaware of the breach when they sold shares. “As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” said Richard R. Best, Director of the SEC's Atlanta Regional Office.  “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.” Ying has been charged with violating the antifraud provisions of the federal securities laws and seeks repayment of ill-gotten gains plus interest, penalties, and injunctive relief. “Upon learning about Mr. Ying's August sale of Equifax shares, we launched a re]]> 2018-03-14T15:17:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/k-GhQORxDk8/former-equifax-cio-charged-insider-trading www.secnews.physaphae.fr/article.php?IdArticle=513461 False Guideline Equifax None Dark Reading - Informationweek Branch 2018-03-14T11:50:00+00:00 https://www.darkreading.com/attacks-breaches/sec-charges-former-equifax-exec-with-insider-trading/d/d-id/1331272?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=513542 False None Equifax None SecurityWeek - Security News fileless attacks, primarily via PowerShell, grew; and there was a surge in cryptocurrency hijacking malware. These were the primary threats outlined in the latest McAfee Lab's Threat Report (PDF) covering Q4 2017. The growth of cryptomining malware coincided with the surge in Bitcoin value, which peaked at just under $20,000 on Dec. 22. With the cost of dedicated mining hardware at upwards of $5,000 per machine, criminals chose to steal users' CPU time via malware. It demonstrates how criminals always follow the money, and choose the least expensive method of acquiring it with the greatest chance of avoiding detection. Since December, Bitcoin's value has fallen to $9,000 (at the time of publishing). Criminals' focus on Bitcoin is likewise being modified, with Ethereum and Monero becoming popular. Last week, Microsoft discovered a major campaign focused on stealing Electroneum. "We currently see discussions in underground forums that suggest moving from Bitcoin to Litecoin because the latter is a safer model with less chance of exposure," comments Raj Samani, chief scientist and McAfee fellow with the Advanced Threat Research Team. The speed with which criminals adapt to their latest market conditions is also seen in the way they maximize their asymmetric advantage. "Adversaries," writes Samani, "have the luxury of access to research done by the technical community, and can download and use opensource tools to support their campaigns, while the defenders' level of insight into cybercriminal activities is considerably more limited, and identifying evolving tactics often must take place after malicious campaigns have begun." Examples of attackers making use of legitimate research include Fancy Bear (APT28) leveraging a Microsoft Office Dynamic Data Exchange technique in November 2017 that had been made public just a few we]]> 2018-03-13T15:50:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/oZrY8mCN0zo/usual-threats-more-sophisticated-and-faster-report www.secnews.physaphae.fr/article.php?IdArticle=510719 True None NotPetya,APT 28,Equifax None Krebs on Security - Chercheur Américain 2018-03-11T18:51:00+00:00 https://krebsonsecurity.com/2018/03/checked-your-credit-since-the-equifax-hack/ www.secnews.physaphae.fr/article.php?IdArticle=506886 False None Equifax None Krebs on Security - Chercheur Américain 2018-03-06T21:24:01+00:00 https://krebsonsecurity.com/2018/03/what-is-your-banks-security-banking-on/ www.secnews.physaphae.fr/article.php?IdArticle=498266 False None Equifax None InformationSecurityBuzzNews - Site de News Securite Expanded Equifax Breach]]> 2018-03-05T15:30:02+00:00 https://www.informationsecuritybuzz.com/expert-comments/expanded-equifax-breach/ www.secnews.physaphae.fr/article.php?IdArticle=496377 False None Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-03-02T20:12:05+00:00 https://threatpost.com/equifax-adds-2-4-million-more-people-to-list-of-those-impacted-by-2017-breach/130209/ www.secnews.physaphae.fr/article.php?IdArticle=495248 False None Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC schools closed and the capital on red alert. Fortunately, one of the perks of working from home is that I get to stay on top of the security news regardless of the weather, so put on your snow boots and jump right in. Trading stocks in the wake of breaches The US securities and Exchange Commission (SEC) has waned high-ranking executives not to trade stocks before disclosing beaches, major vulnerabilities and other cybersecurity related incidents. SEC statement on public company cybersecurity disclosure (PDF) | SEC After Intel & Equifax Incidents, SEC Warns Execs Not to Trade Stock While Investigating Security Incidents | Bleeping Computer Tracking your sold hardware Many devices now come with tracking features to help you find it if it gets lost or stolen. It started predominantly with phones, but now is in most laptops, desktops, and plenty of smart devices. The trouble is that location tracking isn’t something we intuitively ask for when buying or selling an item. We just assume that the seller has disabled it, or it wasn’t enabled in the first place. Will we get to a point where before buying a smart teddy, a kid will ask if its been factory-wiped and all credentials removed? How I sold an old Mac and unknowingly had access to its location for over 3 years | Bredon Mulligan / Medium Cover your own assets John Carroll wrote an interesting blog post on influencing business layers that might not get infosec. Cover your own ass(ets) | CTU Security Cybersecurity Style Guide How many times have you wished you had a cybersecurity style guide to help you understand how to pronounce security phrases, or write a word, or the definitive meaning of a term. Well, your wishes have all been answered as Bishop Fox has created a style guide for you. Web Semantics: The Bishop Fox Cybersecurity Style Guide | Wired Download the Bishop Fox Cybersecurity Style Guide (PDF) | Bishop Fox Revenge Hacking Well, at least the motive was easy to establish. Man admits hacking former employer’s computer system for revenge | Hackread Teach a man to Phis]]> 2018-03-02T14:00:00+00:00 http://feeds.feedblitz.com/~/529863222/0/alienvault-blogs~Things-I-Hearted-this-Week-nd-March www.secnews.physaphae.fr/article.php?IdArticle=494688 False None Equifax None Security Affairs - Blog Secu 2018-03-02T13:25:05+00:00 http://securityaffairs.co/wordpress/69755/data-breach/equifax-additional-identifies.html www.secnews.physaphae.fr/article.php?IdArticle=494710 False None Equifax None SecurityWeek - Security News 2018-03-02T03:26:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/eyhC8cE3cLE/equifax-identifies-24-million-more-affected-massive-hack www.secnews.physaphae.fr/article.php?IdArticle=494368 False None Equifax None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/529742322/0/thesecurityledger -->»]]> 2018-03-02T01:40:00+00:00 https://feeds.feedblitz.com/~/529742322/0/thesecurityledger~Equifax-finds-Million-more-Victims-of-Hack/ www.secnews.physaphae.fr/article.php?IdArticle=494406 False None Equifax None