This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-07T13:18:01+00:00 www.secnews.physaphae.fr Ars Technica - Risk Assessment Security Hacktivism Fixing the helium leak would delay Starliner crew test flight for months.]]> 2024-05-25T03:34:42+00:00 https://arstechnica.com/?p=2027053 www.secnews.physaphae.fr/article.php?IdArticle=8506506 False None APT 17 2.0000000000000000 The Register - Site journalistique Anglais Starliner or Padstayer? Boeing\'s Starliner, aka the Calamity Capsule, has suffered another setback after a hoped-for May 25 launch date has been dropped as engineers work to deal with a helium leak in the spacecraft\'s propulsion system.…]]> 2024-05-22T15:45:12+00:00 https://go.theregister.com/feed/www.theregister.com/2024/05/22/boeings_calamity_capsule_launch_date/ www.secnews.physaphae.fr/article.php?IdArticle=8504841 False None APT 17 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism The first launch of astronauts aboard Boeing\'s Starliner capsule is now set for May 21.]]> 2024-05-14T19:47:22+00:00 https://arstechnica.com/?p=2024298 www.secnews.physaphae.fr/article.php?IdArticle=8499790 False None APT 17 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain web3 va bien & # 8221;FAME & # 8212; critiques Chris Dixon & # 8217; s Blockchain Solutions Livre: lisez écrire propre : En fait, tout au long du livre, Dixon ne parvient pas à identifier un projet de blockchain qui a réussi à fournir un service non spécifique à tout type.Le plus proche qu'il arrive, c'est quand il parle de la façon dont & # 8220; Pendant des décennies, les technologues ont rêvé de construire un fournisseur d'accès Internet de base & # 8221;.Il décrit un projet qui est obtenu plus loin que quiconque & # 8221;: Helium.Il est raisonnable, tant que vous ignorez le fait que l'hélium fournissait à Lorawan, pas Internet, qu'au moment où il écrivait son livre, les hotspots d'hélium avaient depuis longtemps passé la phase où ils pourraient générer encore assez de jetons pour leurs opérateurs pour leurs opérateursPour se casser même, et que le réseau s'arrête dans environ 1 150 $ de frais d'utilisation par mois malgré le fait que l'entreprise soit évaluée à 1,2 milliard de dollars.Oh, et que l'entreprise avait largement menti au public sur ses supposés clients de renom, et que ses dirigeants ont été accusés d'avoir thésaurigeant le jeton du projet pour s'enrichir.Mais bon, A16Z a coulé des millions d'hélium (un fait que Dixon ne mentionne jamais), donc aussi bien essayer de stimuler un nouvel intérêt! ...

---

Molly White—of “Web3 is Going Just Great” fame—reviews Chris Dixon’s blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he ever comes is when he speaks of how “for decades, technologists have dreamed of building a grassroots internet access provider”. He describes one project that “got further than anyone else”: Helium. He’s right, as long as you ignore the fact that Helium was providing LoRaWAN, not Internet, that by the time he was writing his book Helium hotspots had long since passed the phase where they might generate even enough tokens for their operators to merely break even, and that the network was pulling in somewhere around $1,150 in usage fees a month despite the company being valued at $1.2 billion. Oh, and that the company had widely lied to the public about its supposed big-name clients, and that its executives have been accused of hoarding the project’s token to enrich themselves. But hey, a16z sunk millions into Helium (a fact Dixon never mentions), so might as well try to drum up some new interest!...]]> 2024-02-13T12:07:03+00:00 https://www.schneier.com/blog/archives/2024/02/molly-white-reviews-blockchain-book.html www.secnews.physaphae.fr/article.php?IdArticle=8449566 False None APT 17 3.0000000000000000 Kovrr - cyber risk management platform 2023-11-28T00:00:00+00:00 https://www.kovrr.com/reports/investigating-the-risk-of-compromised-credentials-and-internet-exposed-assets www.secnews.physaphae.fr/article.php?IdArticle=8417472 False Ransomware,Threat,Studies,Prediction,Cloud APT 17,APT 39,APT 39 3.0000000000000000 Kovrr - cyber risk management platform 2023-07-13T00:00:00+00:00 https://www.kovrr.com/reports/the-ransomware-threat-landscape-h123 www.secnews.physaphae.fr/article.php?IdArticle=8393595 False Ransomware,Data Breach,Vulnerability,Threat,Cloud APT 17 3.0000000000000000 Dark Reading - Informationweek Branch A threat you\'ve never heard of is using double extortion attacks on mom-and-pop shops around the globe.]]> 2023-06-21T18:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally www.secnews.physaphae.fr/article.php?IdArticle=8347782 False Ransomware,Threat APT 17 2.0000000000000000 SkullSecurity - Blog Sécu CVE-2022-41352 - my AttackerKB analysis for Rapid7) that turned out to be a new(-ish) exploit path for a really old bug in cpio - CVE-2015-1194. But that was patched in 2019, so what happened? (I posted this as a tweet-thread awhile back, but I decided to flesh it out and make it into a full blog post!) cpio is an archive tool commonly used for system-level stuff (firmware images and such). It can also extract other format, like .tar, which we'll use since it's more familiar. cpio has a flag (--no-absolute-filenames), off by default, that purports to prevent writing files outside of the target directory. That's handy when, for example, extracting untrusted files with Amavis (like Zimbra does). The problem is, symbolic links can point to absolute paths, and therefore, even with --no-absolute-filenames, there was no safe way to extract an untrusted archive (outside of using a chroot environment or something similar, which they really ought to do). Much later, in 2019, the cpio team released cpio version 2.13, which includes a patch for CVE-2015-1194, with unit tests and everything. Some (not all) modern OSes include the patched version of cpio, which should be the end of the story, but it's not! I'm currently writing this on Fedora 35, so let's try exploiting it. We can confirm that the version of cpio installed with the OS is, indeed, the fixed version: ron@fedora ~ $ cpio --version cpio (GNU cpio) 2.13 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later . This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by Phil Nelson, David MacKenzie, John Oleynick, and Sergey Poznyakoff. That means that we shouldn't be able to use symlinks to write outside of the target directory, so let's create a .tar file that includes a symlink and a file written through that symlink (this is largely copied from this mailing list post: ron@fedora ~ $ mkdir cpiotest ron@fedora ~ $ cd cpiotest ron@fedora ~/cpiotest $ ln -s /tmp/ ./demo ron@fedora ~/cpiotest $ echo 'hello' > demo/imafile ron@fedora ~/cpiotest $ tar -cvf demo.tar demo demo/imafile demo demo/imafile ron@fedora ~/cpiotest $ ]]> 2023-01-23T20:14:17+00:00 https://www.skullsecurity.org/2023/blast-from-the-past--how-attackers-compromised-zimbra-with-a-patched-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8303535 False Tool,Vulnerability APT 17 4.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-12-17T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4584 www.secnews.physaphae.fr/article.php?IdArticle=8292381 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-13T10:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3974 www.secnews.physaphae.fr/article.php?IdArticle=8042470 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-02T13:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3809 www.secnews.physaphae.fr/article.php?IdArticle=7783701 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-02T13:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3810 www.secnews.physaphae.fr/article.php?IdArticle=7783702 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3814 www.secnews.physaphae.fr/article.php?IdArticle=7772560 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3817 www.secnews.physaphae.fr/article.php?IdArticle=7772564 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3812 www.secnews.physaphae.fr/article.php?IdArticle=7772558 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3816 www.secnews.physaphae.fr/article.php?IdArticle=7772563 False Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3815 www.secnews.physaphae.fr/article.php?IdArticle=7772562 False Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T22:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3813 www.secnews.physaphae.fr/article.php?IdArticle=7772559 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-11-01T20:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3807 www.secnews.physaphae.fr/article.php?IdArticle=7770916 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-31T21:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3785 www.secnews.physaphae.fr/article.php?IdArticle=7758364 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-31T21:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3784 www.secnews.physaphae.fr/article.php?IdArticle=7758363 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3670 www.secnews.physaphae.fr/article.php?IdArticle=7691534 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:26+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3669 www.secnews.physaphae.fr/article.php?IdArticle=7691533 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3668 www.secnews.physaphae.fr/article.php?IdArticle=7691532 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:24+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3667 www.secnews.physaphae.fr/article.php?IdArticle=7691531 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:23+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3666 www.secnews.physaphae.fr/article.php?IdArticle=7691530 False Guideline APT 17 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3665 www.secnews.physaphae.fr/article.php?IdArticle=7691529 False Vulnerability,Guideline APT 17 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3664 www.secnews.physaphae.fr/article.php?IdArticle=7691528 False Vulnerability,Guideline APT 17 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:19+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3663 www.secnews.physaphae.fr/article.php?IdArticle=7691527 False Vulnerability,Guideline APT 17 None CVE Liste - Common Vulnerability Exposure 2022-10-26T19:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3662 www.secnews.physaphae.fr/article.php?IdArticle=7691526 False Vulnerability,Guideline APT 17 None Security Affairs - Blog Secu China-linked threat actors APT41 (a.k.a. Winnti) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41, Axiom, Barium, Blackfly) is a cyberespionage […] ]]> 2022-10-18T14:15:09+00:00 https://securityaffairs.co/wordpress/137300/apt/apt41-spyder-loader.html www.secnews.physaphae.fr/article.php?IdArticle=7541666 False Threat,Guideline APT 17,APT 41 None Dark Reading - Informationweek Branch 2022-07-20T19:46:17+00:00 https://www.darkreading.com/application-security/lax-security-fuels-cloud-botnet-army-surge www.secnews.physaphae.fr/article.php?IdArticle=5837722 False Threat APT 17 None TroyHunt - Blog Security 2022-04-08T12:31:33+00:00 https://arstechnica.com/?p=1845191 www.secnews.physaphae.fr/article.php?IdArticle=4416984 False None APT 17 None TroyHunt - Blog Security 2022-03-16T16:00:04+00:00 https://arstechnica.com/?p=1841435 www.secnews.physaphae.fr/article.php?IdArticle=4292721 False None APT 17 None CVE Liste - Common Vulnerability Exposure 2022-01-30T02:15:06+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22919 www.secnews.physaphae.fr/article.php?IdArticle=4054631 False None APT 17 None CVE Liste - Common Vulnerability Exposure 2022-01-30T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24032 www.secnews.physaphae.fr/article.php?IdArticle=4054688 False None APT 17 None Wired Threat Level - Security News 2021-11-26T13:00:00+00:00 https://www.wired.com/story/pain-belief-and-the-consequences-of-scarrys-axiom www.secnews.physaphae.fr/article.php?IdArticle=3710835 False None APT 17 None NoticeBored - Experienced IT Security professional Congratulations on completing this cook's tour of the topic-specific information security policies in ISO/IEC 27002:2022 (forthcoming). Today we reach the end of the track, reflecting back on our journey and gazing forward to the next objective.Through the blog, we have stepped through the eleven topic-specific policy examples called out in clause 5.1, discussing various policy-related matters along the way: 0.  Introduction: an initial overview of the classical 'policy pyramid'. 1.  Access control: 'policy axioms' are key principles underpinning policies. 2.  Physical and environmental security: ignore these aspects at your peril!3.  Asset management: using templates/models to develop your policies.4.  Information transfer: consider the business context for policies. 5.  Networking security: risks associated with data and social networks.6.  Information security incident management: unique or general?7.  Backup: there's more to information risk management than cyber!  8.  Cryptography and key management: important for ]]> 2021-11-05T13:07:47+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/D8ssTjmdNBM/topic-specific-policies-1211-concluding.html www.secnews.physaphae.fr/article.php?IdArticle=3611157 False None APT 17 None TechRepublic - Security News US 2021-10-25T21:30:32+00:00 https://www.techrepublic.com/article/we-need-to-pay-attention-to-ai-bias-before-its-too-late/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3562857 False Guideline APT 17 4.0000000000000000 NoticeBored - Experienced IT Security professional ISO/IEC 27002 and picked as a topic-specific policy example for the forthcoming 3rd edition in order to include something directly relevant to governmental organisations, although to be fair crypto is a consideration for all of us these days. Many (most?) websites are now using HTTPS with TLS for encryption, for example, while cryptographic methods are commonly used for file and message integrity checks, such as application/patch installers that integrity-check themselves before proceeding, and password hashing.Here's a glimpse of one I prepared earlier:Like all our templates, this one is generic. Organisations with specific legal or contractual obligations in this area (such as governmental and defense companies bound to employ particular algorithms, key lengths and technologies such as physically secure hardware crypto modules, or companies bound by PCI-DSS) would need to adapt it accordingly. You'll see that it mentions the Information Classification Policy: I'll have more to blog about classification tomorrow.If you've been tagging along on my tiki-tour of the topic-specific policy examples in ISO/IEC 27002:2022, and if you read that LinkeDin piece by Chris Hall that I recommended, you will probably by now recognise the standard document structure we've adopted for all our policy templates. The main elements are:Page header with a logo (our logo in the template, yours to download and customise) and a short, pithy, catchy policy title.Information security policy up-front to be crystal clear about the nature and ownership of the policy, since some topics could equally belong to other corporate functions (e.g. our "Fraud" policy template is, in fact, an information security policy addressing the information risks associated with fraud, misrepresentation and so on, not an HR or legal policy about disciplinary procedures and compliance).      Policy title, big and bold to stand out. The precise wording is important here (I'll return to that point in another blog piece).Policy summary, outlining]]> 2021-10-20T16:00:00+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/fh9i03AKXT4/topic-specific-policy-811-cryptography.html www.secnews.physaphae.fr/article.php?IdArticle=3534956 False None APT 17 None NoticeBored - Experienced IT Security professional "Information transfer" is another ambiguous, potentially misleading title for a policy, even if it includes "information security". Depending on the context and the reader's understanding, it might mean or imply a security policy concerning:Any passage of information between any two or more end points - network datacommunications, for instance, sending someone a letter, speaking to them or drawing them a picture, body language, discussing business or personal matters, voyeurism, surveillance and spying etc.One way flows or a mutual, bilateral or multilateral exchange of information.Formal business reporting between the organisation and some third party, such as the external auditors, stockholders, banks or authorities.Discrete batch-mode data transfers (e.g. sending backup or archival tapes to a safe store, or updating secret keys in distributed hardware security modules), routine/regular/frequent transfers (e.g. strings of network packets), sporadic/exceptional/one-off transfers (e.g. subject access requests for personal information) or whatever. Transmission of information through broadcasting, training and awareness activities, reporting, policies, documentation, seminars, publications, blogs etc., plus its reception and comprehension.  Internal communications within the organisation, for example between different business units, departments, teams and/or individuals, or between layers in the management hierarchy."Official"/mandatory, formalised disclosures to authorities or other third parties.Informal/unintended or formal/intentional communications that reveal or disclose sensitive information (raising confidentiality concerns) or critical information (with integrity and availability aspects). Formal provision of valuable information, for instance when a client discusses a case with a lawyer, accountant, auditor or some other professional. Legal transfer of information ownership, copyright etc. between parties, for example when a company takes over another or licenses its intellectual property.Again there are contextual ramifications. The nature and importance of information transfers differ between, say, hospitals and health service providers, consultants and their clients, social media companies and their customers, and battalion HQ with operating units out in the field. There is a common factor, however, namely information risk. The in]]> 2021-10-15T12:40:00+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/MHAW1fkbrQs/topic-specific-policy-411-information.html www.secnews.physaphae.fr/article.php?IdArticle=3516936 False General Information,Guideline APT 17 None NoticeBored - Experienced IT Security professional This piece is different to the others in this blog series. I'm seizing the opportunity to explain the thinking behind, and the steps involved in researching and drafting, an information security policy through a worked example. This is about the policy development process, more than the asset management policy per se. One reason is that, despite having written numerous policies on other topics in the same general area, we hadn't appreciated the value of an asset management policy, as such, even allowing for the ambiguous title of the example given in the current draft of ISO/IEC 27002:2022.  The standard formally but (in my opinion) misleadingly defines asset as 'anything that has value to the organization', with an unhelpful note distinguishing primary from supporting assets. By literal substitution, 'anything that has value to the organization management' is the third example information security policy topic in section 5.1 ... but what does that actually mean?Hmmmm. Isn't it tautologous? Does anything not of value even require management? Is the final word in 'anything that has value to the organization management' a noun or verb i.e. does the policy concern the management of organizational assets, or is it about securing organizational assets that are valuable to its managers; or both, or something else entirely?  Well, OK then, perhaps the standard is suggesting a policy on the information security aspects involved in managing information assets, by which I mean both the intangible information content and (as applicable) the physical storage media and processing/communications systems such as hard drives and computer networks?Seeking inspiration, Googling 'information security asset management policy' found me a policy by Sefton Council along those lines: with about 4 full pages of content, it covers security aspects of both the information content and IT systems, more specifically information ownership, valuation and acceptable use:1.2. Policy Statement The purpose of this policy is to achieve and maintain appropriate protection of organisational assets. It does this by ensuring that every information asset has an owner and that the nature and value of each asset is fully understood. It also ensures that the boundaries of acceptable use are clearly defined for anyone that has access to ]]> 2021-10-14T17:20:00+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/RzQfkTDBmhs/topic-specific-policy-311-asset.html www.secnews.physaphae.fr/article.php?IdArticle=3512451 False Tool,Guideline APT 17 None NoticeBored - Experienced IT Security professional ISO/IEC 27002 recommends having a topic-specific information security policy on "access control". OK, fine, so what would that actually look like, in practice?Before reading on, think about that for a moment. Imagine if you were tasked to draft an access control policy, what would it cover? What form would it take?How would you even start? How about something along these lines, for starters:What is access control intended to achieve? In about half a page, the background section explains the rationale for controlling access to assets (meaning valuable things such as information in various forms, including but more than just digital data).The policy goes on to state that, whereas access to information should be restricted where necessary, access by workers should be permitted by default unless there are legitimate reasons to restrict it. In other words, a liberal approach that releases information for use unless it needs to be restricted for some reason ... which in turn begs questions about what are those legitimate reasons?  Who decides and on what basis?The alternative approach is to restrict access to assets by default unless there sound reasons to permit access, begging the same questions.The template policy takes both approaches, in the form of these complementary 'policy axioms':Policy axioms (guiding principles) [if !supportLists]-->A. Access to corporate information assets by workers should be permitted by default unless there is a legitimate need to restrict it. [if !supportLists]-->B. Access to corporate information assets by third-parties should be restricted by default unless there is a legitimate need to permit it. The idea is that, generally speaking, "workers" (which is defined elsewhere to include employees on the organization's payroll - staff and managers - plus third party employees and others such as interns, temps and consultants working for and on behalf of the organisation, under its co]]> 2021-10-12T19:44:00+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/qlMa4Qxj6VM/topic-specific-policy-111-access-control.html www.secnews.physaphae.fr/article.php?IdArticle=3504314 False None APT 17 None Wired Threat Level - Security News 2021-08-23T13:00:00+00:00 https://www.wired.com/review/invoxia-longfi-gps-tracker www.secnews.physaphae.fr/article.php?IdArticle=3269788 False None APT 17 None Wired Threat Level - Security News 2021-05-07T12:00:00+00:00 https://www.wired.com/story/bats-raised-in-helium-rich-air-reveal-key-to-echolocation www.secnews.physaphae.fr/article.php?IdArticle=2751067 False None APT 17 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism 2021-05-04T16:45:45+00:00 https://arstechnica.com/?p=1762292 www.secnews.physaphae.fr/article.php?IdArticle=2738747 False None APT 17 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-03-10T08:31:56+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/bE5DhgOuekg/researchers-unveil-new-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=2462843 False Malware,Threat APT 17 None TroyHunt - Blog Security 2021-01-27T20:11:25+00:00 https://arstechnica.com/?p=1737738 www.secnews.physaphae.fr/article.php?IdArticle=2255524 False None APT 17 None Wired Threat Level - Security News 2020-09-09T14:00:00+00:00 https://www.wired.com/story/lets-calculate-how-many-balloons-david-blaine-needs-float www.secnews.physaphae.fr/article.php?IdArticle=1907170 False None APT 17 None Darknet - The Darkside - Site de news Américain Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line. With Axiom, you just need to run a single command to get setup, and then you can use the Axiom toolkit scripts to spin up and down your new hacking VPS. Setting up your own 'hacking vps', to catch shells, run enumeration tools, scan, let things run in the background in a tmux window, used to be an afternoon project – running into a whole day sometimes if you hit some package isues or 'dependency hell'. Read the rest of Axiom – Pen-Testing Server For Collecting Bug Bounties now! Only available at Darknet. ]]> 2020-07-06T19:09:32+00:00 https://www.darknet.org.uk/2020/07/axiom-pen-testing-server-for-collecting-bug-bounties/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=1793682 False None APT 17 None InformationSecurityBuzzNews - Site de News Securite Experts Insight On NutriBullet.com Magecart Attack]]> 2020-03-19T11:35:31+00:00 https://www.informationsecuritybuzz.com/expert-comments/experts-insight-on-nutribullet-com-magecart-attack/ www.secnews.physaphae.fr/article.php?IdArticle=1607247 False Malware APT 17 4.0000000000000000 NoticeBored - Experienced IT Security professional In a thread on the ISO27k Forum, Ed Hodgson said:"There are many security controls we have already implemented that already manage risk to an acceptable level e.g. my building has a roof which helps ensure my papers don't get wet, soggy  and illegible.  But I don't tend to include the risk of papers getting damaged by rain in my risk assessment".Should we consider or ignore our existing information security controls when assessing information risks for an ISO27k ISMS? That question took me back to the origins of ISO27k, pre-BS7799 even. As I recall, Donn Parker originally suggested a standard laying out typical or commonplace controls providing a security baseline, a generally-applicable foundation or bedrock of basic or fundamental controls. The idea was to bypass the trivial justification for baseline controls: simply get on with implementing them, saving thinking-time and brain-power to consider the need for additional controls where the baseline controls are insufficient to mitigate the risks.  [I'm hazy on the details now: that was ~30 years ago after all.]I have previous used and still have a soft-spot for the baseline concept … and yet it's no easier to define a generic baseline today than it was way back then.  In deciding how to go about information risk analysis, should we:Go right back to basics and assume there are no controls at]]> 2019-12-22T13:14:31+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/xM2mY8xgkq0/nblog-dec-22-zero-based-risk-assessment.html www.secnews.physaphae.fr/article.php?IdArticle=1495733 False None APT 17 None TechRepublic - Security News US 2019-11-07T17:00:15+00:00 https://www.techrepublic.com/article/helium-activates-wireless-network-for-iot-devices-in-more-than-425-us-cities/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1452253 False None APT 17 None ZD Net - Magazine Info 2019-07-24T18:24:00+00:00 https://www.zdnet.com/article/apt-doxing-group-expose-apt17-as-jinan-bureau-of-chinas-security-ministry/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1221757 False None APT 17,APT 10,APT 3 None The Last Watchdog - Blog Sécurité de Byron V Acohido 2019-06-26T08:43:01+00:00 https://www.lastwatchdog.com/my-take-lets-not-lose-sight-of-why-iran-is-pushing-back-with-military-cyber-strikes/ www.secnews.physaphae.fr/article.php?IdArticle=1174365 False None APT 17 None CSO - CSO Daily Dashboard 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ]]]> 2018-06-27T06:14:00+00:00 https://www.csoonline.com/article/3284379/security/reduce-breach-risk-and-costs-with-security-resilience.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=725495 False None APT 17 None taosecurity - Blog Sécurité Chinois Last week I Tweeted the following on the 8th anniversary of Google's blog post about its compromise by Chinese threat actors:This intrusion made the term APT mainstream. I was the first to associate it with Aurora, in this post https://taosecurity.blogspot.com/2010/01/google-v-china.htmlMy first APT post was a careful reference in 2007, when we all feared being accused of "leaking classified" re China: https://taosecurity.blogspot.com/2007/10/air-force-cyberspace-report.htmlI should have added the term "publicly" to my original Tweet. There were consultants with years of APT experience involved in the Google incident response, and they recognized the work of APT17 at that company and others. Those consultants honored their NDAs and have stayed quiet.I wrote my original Tweet as a reminder that "APT" was not a popular, recognized term until the Google announcement on 12 January 2010. In my Google v China blog post I wrote:Welcome to the party, Google. You can use the term "advanced persistent threat" (APT) if you want to give this adversary its proper name.I also Tweeted a similar statement on the same day:This is horrifying: http://bit.ly/7x7vVW Google admits intellectual property theft from China; it's called Advanced Persistent Threat, GOOGI made the explicit link of China and APT because no one had done that publicly.This slide from a 2011 briefing I did in Hawaii captures a few historical points:The Google incident was a watershed, for reasons I blogged on 16 January 2010. I remember the SANS DFIR 2008 event as effectively "APTCon," but beyond Mandiant, Northrup Grumman, and NetWitness, no one was really talking publicly about the APT until after Google.As I noted in the July 2009 blog post, You Down With APT? (ugh):Aside from Northrup Grumman, Mandiant, and a few vendors (like NetWitness, one of the full capture vendors out there) mentioning APT, there's not much else available. A Google search for "advanced persistent threat" -netwitness -mandiant -Northrop yields 34 results (prior to this blog post). (emphasis added)Today that search yields 244,000 results.I would argue we're "past APT." APT was the buzzword for ]]> 2018-01-14T14:08:40+00:00 http://taosecurity.blogspot.com/2018/01/remembering-when-apt-became-public.html www.secnews.physaphae.fr/article.php?IdArticle=459740 False None APT 17,APT 1 None Security Affairs - Blog Secu 2017-10-04T11:12:03+00:00 http://securityaffairs.co/wordpress/63801/apt/ccleaner-apt17-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=415099 False None APT 17,CCleaner None 01net. Actualites - Securite - Magazine Francais ]]> 2017-09-21T08:34:32+00:00 http://www.01net.com/actualites/piratage-ccleaner-la-chine-se-cache-t-elle-derriere-cette-attaque-1261474.html www.secnews.physaphae.fr/article.php?IdArticle=410912 False None APT 17,CCleaner 3.0000000000000000 Network World - Magazine Info Jeffrey Scolaro, an attorney at Daley Mohan Groble PC in Chicago and a member of Legal Services Link, answers questions about employment contracts.Are employment contracts for IT workers negotiable, or are they one-size-fits-all? The axiom that “everything is negotiable” should be where all IT professionals begin their assessment of proposed employment contracts. However, the IT industry in particular can be especially rigid in its collective enforcement of employment agreements.To read this article in full or to leave a comment, please click here]]> 2017-05-01T05:22:00+00:00 http://www.networkworld.com/article/3193377/careers/career-watch-be-wary-of-it-employment-contracts.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=360462 False None APT 17 None Network World - Magazine Info writer and lawyer, brought an interesting turn of events to my attention last week. We need to pay heed: A litigant can have standing in a U.S. Federal breach case where no personal fraud or identity theft has yet occurred.Usually, a litigant has to have suffered injury-a breech caused them identity theft or other fraudulent activity based upon information released in a security breach. This means if you're cracked, you can be liable if personally identifiable information is released, exfiltrated, absconded, whatever. It also means that should you believe the axiom that currently most of us are hacked, we're in for a litigious treat. To read this article in full or to leave a comment, please click here]]> 2016-10-11T04:00:00+00:00 http://www.networkworld.com/article/3128859/security/a-breach-alone-means-liability.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=190204 False None APT 17 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Part 1 - we looked at Inventory of Authorized and Unauthorized Devices. Part 2 - we looked at Inventory of Authorized and Unauthorized Software. Part 3 - we looked at Secure Configurations. Part 4 - we looked at Continuous Vulnerability Assessment and Remediation. Part 5 - we looked at Malware Defenses. Part 6 - we looked at Application Security. Part 7 - we looked at Wireless Access Control. Part 8/9 – we looked at Data Recovery and Security Training. Part 10/11 - we looked at Secure Configurations for Network Devices such as Firewalls, Routers, and Switches and Limitation and Control of Network Ports, Protocols and Services. Part 12 - we looked at Controlled Use of Administrative Privileges Part 13 - we looked at Boundary Defense Part 14 - we looked at Maintenance, Monitoring and Analysis of Audit Logs Part 15 - We looked at Controlled Access Based on the Need to Know. ]]> 2016-09-13T13:00:00+00:00 http://feeds.feedblitz.com/~/196176696/0/alienvault-blogs~Free-and-Commercial-Tools-to-Implement-the-Center-for-Internet-Security-CIS-Security-Controls-Part-Data-Protection www.secnews.physaphae.fr/article.php?IdArticle=59479 False None APT 17 None The State of Security - Magazine Américain Read More]]> 2016-05-27T03:00:57+00:00 http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/ciso/ www.secnews.physaphae.fr/article.php?IdArticle=2108 False None APT 17 None