www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-12T05:31:04+00:00 www.secnews.physaphae.fr Schneier on Security - Chercheur Cryptologue Américain X.com modifiant automatiquement le texte du lien mais pas les URL X.com Automatically Changing Link Text but Not URLs rapporté Que X (anciennement connu sous le nom de Twitter) a commencé à modifier automatiquement les liens Twitter.com vers des liens X.com.Le problème est: (1) il a changé tout nom de domaine qui s'est terminé avec & # 8220; twitter.com, & # 8221;et (2) il n'a changé que l'apparence du lien (AnchOrtExt), pas l'URL sous-jacente.Donc, si vous étiez un phisher intelligent et un Fedtwitter.com inscrit, les gens verraient le lien comme FedEx.com, mais cela enverrait les gens à Fedtwitter.com. Heureusement, le problème a été résolu.

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would see the link as fedex.com, but it would send people to fedetwitter.com. Thankfully, the problem has been fixed.]]> 2024-04-16T11:00:58+00:00 https://www.schneier.com/blog/archives/2024/04/x-com-automatically-changing-link-names-but-not-links.html www.secnews.physaphae.fr/article.php?IdArticle=8483368 False None FedEx 2.0000000000000000 Krebs on Security - Chercheur Américain Le pivot maladroit de Twitter \\ à X.com est un cadeau pour Phishers Twitter\\'s Clumsy Pivot to X.com Is a Gift to Phishers On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets.]]> 2024-04-10T14:28:17+00:00 https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/ www.secnews.physaphae.fr/article.php?IdArticle=8479369 False None FedEx 3.0000000000000000 ProofPoint - Cyber Firms 2023 Prédictions de l'escroquerie de vacances, si ce que vous devez savoir 2023 Holiday Scam Predictions-Here\\'s What You Should Know 2023-11-10T08:04:20+00:00 https://www.proofpoint.com/us/blog/security-awareness-training/holiday-scam-predictions www.secnews.physaphae.fr/article.php?IdArticle=8409070 False Tool,Threat,Prediction FedEx 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Confidentialité des services d'impression Privacy of Printing Services Article sur les services d'impression populaires, et s'ils lisent ou non vos documents et exploitent les données lorsque vous les utilisez pour l'impression: Idéalement, les services d'impression devraient éviter de stocker le contenu de vos fichiers, ou du moins de supprimer quotidiennement.Les services d'impression doivent également communiquer clairement à l'avance des informations qu'ils collectent et pourquoi.Certains services, comme la bibliothèque publique de New York et la gravure, font les deux. D'autres ont esquivé nos questions sur les données qu'ils collectent, combien de temps ils les stockent et avec qui ils les partagent.Certains & # 8212; y compris Canon, FedEx et Staples & # 8212; ont refusé de répondre aux questions de base sur leurs pratiques de confidentialité ...

The Washington Post has an article about popular printing services, and whether or not they read your documents and mine the data when you use them for printing: Ideally, printing services should avoid storing the content of your files, or at least delete daily. Print services should also communicate clearly upfront what information they\'re collecting and why. Some services, like the New York Public Library and PrintWithMe, do both. Others dodged our questions about what data they collect, how long they store it and whom they share it with. Some—including Canon, FedEx and Staples—declined to answer basic questions about their privacy practices...]]> 2023-07-11T11:57:46+00:00 https://www.schneier.com/blog/archives/2023/07/privacy-of-printing-services.html www.secnews.physaphae.fr/article.php?IdArticle=8354538 False None FedEx 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 26 [Eyes Open] La FTC révèle les cinq dernières escroqueries par SMS CyberheistNews Vol 13 #26 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams

CyberheistNews Vol 13 #26 | June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT,APT 15,APT 28,FedEx 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Campagne de phishing de FedEx abusant de TrustForm et Paay FedEx Phishing Campaign Abusing TrustedForm and PAAY Résumé Netskope Threat Labs suit une campagne de phishing qui imite une livraison de package FedEx comme appât pour voler les données de la carte de crédit.Ce type d'attaque d'ingénierie sociale se trouve couramment dans les pages de phishing, les e-mails et autres escroqueries, où un faux sentiment d'urgence est créé pour exhorter la victime à effectuer une action qui [& # 8230;]

>Summary Netskope Threat Labs is tracking a phishing campaign that mimics a FedEx package delivery as bait to steal credit card data. This type of social engineering attack is commonly found in phishing pages, emails, and other scams, where a false sense of urgency is created to urge the victim into doing an action that […] ]]> 2023-04-24T17:00:00+00:00 https://www.netskope.com/blog/fedex-phishing-campaign-abusing-trustedform-and-paay www.secnews.physaphae.fr/article.php?IdArticle=8330641 False Threat FedEx,FedEx 3.0000000000000000 Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe Open Redirect Flaw Snags Amex, Snapchat User Data 2022-08-05T13:17:09+00:00 https://threatpost.com/open-redirect-flaw-snags-amex-snapchat-user-data/180354/ www.secnews.physaphae.fr/article.php?IdArticle=6142623 False None FedEx,FedEx None Silicon - Site de News Francais Pourquoi FedEx bascule des grands systèmes au cloud 2022-07-01T10:06:49+00:00 https://www.silicon.fr/fedex-bascule-grands-systemes-cloud-442661.html www.secnews.physaphae.fr/article.php?IdArticle=5488977 False None FedEx,FedEx None Fortinet - Fabricant Materiel Securite PGA TOUR\'s Fortinet Championship Returns September 15-18, 2022

]]> 2022-06-09T21:52:00+00:00 https://www.fortinet.com/blog/business-and-technology/fortinet-pga-tour-2022 www.secnews.physaphae.fr/article.php?IdArticle=5060676 False None FedEx None CSO - CSO Daily Dashboard WannaCry 5 years on: Still a top threat ransomware that infected thousands of computers five years ago and cost companies all over the world billions of dollars in damages.WannaCry broke onto the infosec scene on May 12, 2017. Taking advantage of the vulnerable version of the Server Message Block (SMB) protocol, it ultimately infected approximately 200,000+ machines in more than 150 countries. While Microsoft had issued a patch for the SMB flaw more than a month before the attacks began, millions of computers had not been unpatched against the bug. The largest ransomware attack ever, it impacted several big names globally, including the UK's National Health Service, US delivery giant FedEx, and Deutsche Bahn, the German railway company.To read this article in full, please click here]]> 2022-05-19T02:00:00+00:00 https://www.csoonline.com/article/3660575/wannacry-5-years-on-still-a-top-threat.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=4704405 False Ransomware,Threat FedEx,Wannacry None Schneier on Security - Chercheur Cryptologue Américain SMS Phishing Attacks are on the Rise becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about. Mine are usually of the form: “thank you for paying your bill, here’s a free gift for you.” ]]> 2022-04-25T10:18:40+00:00 https://www.schneier.com/blog/archives/2022/04/sms-phishing-attacks-are-on-the-rise.html www.secnews.physaphae.fr/article.php?IdArticle=4503774 False None FedEx None Ars Technica - Risk Assessment Security Hacktivism Our first impressions after driving FedEx\'s new electric delivery van 2022-04-22T20:40:06+00:00 https://arstechnica.com/?p=1849985 www.secnews.physaphae.fr/article.php?IdArticle=4494907 False None FedEx,FedEx 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Walmart wants to buy 5,000 electric delivery vans from GM\'s BrightDrop 2022-01-05T17:15:48+00:00 https://arstechnica.com/?p=1823801 www.secnews.physaphae.fr/article.php?IdArticle=3927953 False None FedEx,FedEx None Ars Technica - Risk Assessment Security Hacktivism FedEx receives its first electric BrightDrop delivery vans 2021-12-17T16:02:32+00:00 https://arstechnica.com/?p=1821474 www.secnews.physaphae.fr/article.php?IdArticle=3814782 False None FedEx None Krebs on Security - Chercheur Américain \'Tis the Season for the Wayward Package Phish 2021-11-04T16:49:59+00:00 https://krebsonsecurity.com/2021/11/tis-the-season-for-the-wayward-package-phish/ www.secnews.physaphae.fr/article.php?IdArticle=3608893 False None FedEx,FedEx None TechRepublic - Security News US Salesforce announces partnership with FedEx, new features to marketing cloud 2021-09-16T16:23:56+00:00 https://www.techrepublic.com/article/salesforce-announces-partnership-with-fedex-new-features-to-marketing-cloud/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3379222 False None FedEx None TechRepublic - Security News US FedEx announces autonomous delivery agreement as bots brave the logistical last mile 2021-06-16T15:59:53+00:00 https://www.techrepublic.com/article/fedex-announces-autonomous-delivery-agreement-as-bots-brave-the-logistical-last-mile/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2936875 False None FedEx None Schneier on Security - Chercheur Cryptologue Américain Vulnerabilities in Weapons Systems 2021-06-08T10:32:33+00:00 https://www.schneier.com/blog/archives/2021/06/vulnerabilities-in-weapons-systems.html www.secnews.physaphae.fr/article.php?IdArticle=2889732 False None FedEx,FedEx None IT Security Guru - Blog Sécurité DHL Express and FedEx targeted by phishing scam 2021-02-24T15:33:24+00:00 https://www.itsecurityguru.org/2021/02/24/dhl-express-and-fedex-targeted-by-phishing-scam/?utm_source=rss&utm_medium=rss&utm_campaign=dhl-express-and-fedex-targeted-by-phishing-scam www.secnews.physaphae.fr/article.php?IdArticle=2393485 False None FedEx,FedEx 2.0000000000000000 Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 10K Microsoft Email Users Hit in FedEx Phishing Attack 2021-02-23T14:00:38+00:00 https://threatpost.com/microsoft-fedex-phishing-attack/164143/ www.secnews.physaphae.fr/article.php?IdArticle=2387955 False None FedEx,FedEx None TroyHunt - Blog Security FedEx will be the first customer for GM\'s new electric delivery van 2021-01-12T16:32:37+00:00 https://arstechnica.com/?p=1734430 www.secnews.physaphae.fr/article.php?IdArticle=2176767 False None FedEx None TechRepublic - Security News US Delivery scams surge to ring in the holiday season 2020-12-01T14:02:13+00:00 https://www.techrepublic.com/article/delivery-scams-surge-to-ring-in-the-holiday-season/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2070311 False None FedEx None TechRepublic - Security News US Dell Technologies, FedEx, and Switch to build tech hubs to support multiple cloud environments 2020-11-13T20:04:13+00:00 https://www.techrepublic.com/article/dell-technologies-fedex-and-switch-to-build-tech-hubs-to-support-multiple-cloud-environments/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2033266 False None FedEx None Wired Threat Level - Security News FedEx Will Track Your Packages More Precisely Than Ever 2020-09-15T11:00:00+00:00 https://www.wired.com/story/fedex-track-packages-more-precisely www.secnews.physaphae.fr/article.php?IdArticle=1918147 False None FedEx None Wired Threat Level - Security News Amazon and FedEx Push to Put Delivery Robots on Your Sidewalk 2020-08-25T11:00:00+00:00 https://www.wired.com/story/amazon-fedex-delivery-robots-your-sidewalk www.secnews.physaphae.fr/article.php?IdArticle=1880976 False None FedEx 3.0000000000000000 TechRepublic - Security News US Fake FedEx, DHL, and UPS delivery issues used in COVID-19 phishing scams 2020-05-01T18:59:28+00:00 https://www.techrepublic.com/article/fake-fedex-dhl-and-ups-delivery-issues-used-in-covid-19-phishing-scams/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1686142 False None FedEx None InformationSecurityBuzzNews - Site de News Securite Comment: Fake Fedex And UPS Delivery Issues Used In COVID-19 Phishing Comment: Fake Fedex And UPS Delivery Issues Used In COVID-19 Phishing]]> 2020-04-28T15:42:44+00:00 https://www.informationsecuritybuzz.com/expert-comments/comment-fake-fedex-and-ups-delivery-issues-used-in-covid-19-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=1679896 False None FedEx None Security Affairs - Blog Secu Experts warn of deliveries scams that use a COVID-19 theme 2020-04-28T13:09:55+00:00 https://securityaffairs.co/wordpress/102404/cyber-crime/covid-19-phishing-scams.html www.secnews.physaphae.fr/article.php?IdArticle=1679607 False None FedEx 4.0000000000000000 Bleeping Computer - Magazine Américain Fake Fedex and UPS delivery issues used in COVID-19 phishing 2020-04-27T18:28:59+00:00 https://www.bleepingcomputer.com/news/security/fake-fedex-and-ups-delivery-issues-used-in-covid-19-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=1678572 False None FedEx None IT Security Guru - Blog Sécurité Pemex Hit by Ransomware, US Postal Service Targeted by Copycat and New WhatsApp Bugs 2019-11-18T10:07:26+00:00 https://www.itsecurityguru.org/2019/11/18/pemex-hit-by-ransomware-us-postal-service-targeted-by-copycat-and-new-whatsapp-bugs/?utm_source=rss&utm_medium=rss&utm_campaign=pemex-hit-by-ransomware-us-postal-service-targeted-by-copycat-and-new-whatsapp-bugs www.secnews.physaphae.fr/article.php?IdArticle=1473624 False None FedEx 2.0000000000000000 SecurityWeek - Security News Vulnerability Found in SimpleMDM Apple Device Management Solution 2019-08-24T11:10:05+00:00 https://www.securityweek.com/vulnerability-found-simplemdm-apple-device-management-solution www.secnews.physaphae.fr/article.php?IdArticle=1283878 False Vulnerability FedEx,Deloitte None TechRepublic - Security News US Tech news roundup: FedEx sues the DOC, skilled workers are in demand, and how companies stay relevant 2019-06-26T15:55:03+00:00 https://www.techrepublic.com/article/tech-news-roundup-fedex-sues-the-doc-skilled-workers-are-in-demand-and-how-companies-stay-relevant/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1174959 False Guideline FedEx None TechRepublic - Security News US FedEx suing Department of Commerce over burden of enforcing Huawei blacklisting 2019-06-25T14:13:03+00:00 https://www.techrepublic.com/article/fedex-suing-department-of-commerce-over-burden-of-enforcing-huawei-blacklisting/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1173028 False None FedEx 5.0000000000000000 Errata Security - Errata Security Your threat model is wrong PhishingAn example is this question that misunderstands the threat of "phishing":Should failing multiple phishing tests be grounds for firing? I ran into a guy at a recent conference, said his employer fired people for repeatedly falling for (simulated) phishing attacks. I talked to experts, who weren't wild about this disincentive. https://t.co/eRYPZ9qkzB pic.twitter.com/Q1aqCmkrWL- briankrebs (@briankrebs) May 29, 2019The (wrong) threat model is here is that phishing is an email that smart users with training can identify and avoid. This isn't true.Good phishing messages are indistinguishable from legitimate messages. Said another way, a lot of legitimate messages are in fact phishing messages, such as when HR sends out a message saying "log into this website with your organization username/password".Recently, my university sent me an email for mandatory Title IX training, not digitally signed, with an external link to the training, that requested my university login creds for access, that was sent from an external address but from the Title IX coordinator.- Tyler Pieron (@tyler_pieron) May 29, 2019Yes, it's amazing how easily stupid employees are tricked by the most obvious of phishing messages, and you want to point and laugh at them. But frankly, you want the idiot employees doing this. The more obvious phishing attempts are the least harmful and a good test of the rest of your security -- which should be based on the assumption that users will frequently fall for phishing.In other words, if you paid attention to the threat model, you'd be mitigating the threat in other ways and not even bother training employees. You'd be firing HR idiots for phishing employees, not punishing employees for getting tricked. Your systems would be resilient against successful phishes, such as using two-factor authentication.IoT securityAfter the Mirai worm, government types pushed for laws to secure IoT devices, as billions of insecure devices like TVs, cars, security cameras, and toasters are added to the Internet. Everyone is afraid of the next Mirai-type worm. For example, they are pushing for devices to be auto-updated.But auto-updates are a bigger threat than worms.Since Mirai, roughly 10-billion new IoT devices have been added to the Internet, yet there hasn't been a Mirai-sized worm. Why is that? After 10-billion new IoT devices, it's still Windows and not IoT that is the main problem.The answer is that number, 10-billion. Internet worms work by guessing IPv4 addresses, of which there are only 4-billion. You can't have 10-billion new devices on the public IPv4 addresses because there simply aren't enough addresses. Instead, those 10-billion devices are almost entirely being put on private ne]]> 2019-05-29T20:16:09+00:00 https://blog.erratasec.com/2019/05/your-threat-model-is-wrong.html www.secnews.physaphae.fr/article.php?IdArticle=1131777 False Ransomware,Tool,Vulnerability,Threat,Guideline NotPetya,FedEx None Zataz - Magazine Francais de secu Problème de sécurité pour le site Fedex Problème de sécurité pour le site Fedex est apparu en premier sur ZATAZ. ]]> 2019-03-27T23:19:05+00:00 https://www.zataz.com/probleme-de-securite-pour-le-site-fedex/ www.secnews.physaphae.fr/article.php?IdArticle=1084306 False None FedEx None Wired Threat Level - Security News A Dunkin\' Donuts Hack, a Fake FedEx Site, and More Security News This Week 2018-12-01T15:13:03+00:00 https://www.wired.com/story/dunkin-donuts-hack-fake-fbi-fedex-site-security-news www.secnews.physaphae.fr/article.php?IdArticle=929657 False None FedEx None Graham Cluley - Blog Security Smashing Security #106: Google Maps, Fed phishing, and Grinch bots

Smashing Security #106: Google Maps, Fed phishing, and Grinch bots

How are scammers stealing your money through Google Maps? Why did the FBI create a fake FedEx website? And how are US senators hoping to stop Grinch bots ruining Christmas? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis. And don't miss our special bonus interview about passwords with Rachael Stockton of LastPass. ]]> 2018-11-29T12:04:05+00:00 https://www.grahamcluley.com/smashing-security-106-google-maps-fed-phishing-and-grinch-bots/ www.secnews.physaphae.fr/article.php?IdArticle=926026 False None LastPass,FedEx None Graham Cluley - Blog Security When the FBI rather than the fraudsters make the fake FedEx website

When the FBI rather than the fraudsters make the fake FedEx website

Fraudsters beware! The Feds are prepared to use your own tricks against you. ]]> 2018-11-27T12:33:04+00:00 https://www.grahamcluley.com/when-the-fbi-rather-than-the-fraudsters-make-the-fake-fedex-website/ www.secnews.physaphae.fr/article.php?IdArticle=922115 False None FedEx None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Things I Hearted this Week – 29th June 2018 OWASP top 10 for .NET developers and thinking to myself that this guy really knows his stuff. Which is why I was optimistic when Troy launched Have I been Pwned - but I don't think I foresaw how big the project would become and now it is being integrated into Firefox and 1Password. Not bad going for the blogger from down under. We're Baking Have I Been Pwned into Firefox and 1Password| Troy Hunt Defining Hacker In 2018 If you do a Google Image Search against the word hacker, you’ll get images of scary-looking balaclava-clad cybercriminals hunched over a quintessentially green computer terminal. They’re up to no good… Stealing your data, crashing critical systems, or causing general Internet badness. In reality, the word “hacker” applies to a much broader group of people, one that extends well beyond cybersecurity. Merriam-Webster defines a “hacker” as “an expert at programming and solving problems with a computer”. Defining "Hacker" in 2018| BugCrowd Lessons From nPetya One Year Later This is the one year anniversary of NotPetya. It was probably the most expensive single hacker attack in history (so far), with FedEx estimating it cost them $300 million. Shipping giant Maersk and drug giant Merck suffered losses on a similar scale. Many are discussing lessons we should learn from this, but they are the wrong lessons. An example is this quote in a recent article: "One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains." This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen. But this is wrong, at least in the case of NotPetya. Lessons from nPetya one year later| Errata Security German Researcher Defeat Printers' Doc-Tracking Dots Beating the unique identifiers that printers can add to documents for security purposes is possible: you just need to add extra dots beyond those that security tools already add. The trick is knowing where to add them. Many printers can add extra dots to help identify which device printed a document, as it's handy to know that when they fall into the wrong hands. The ]]> 2018-06-29T13:00:00+00:00 http://feeds.feedblitz.com/~/557751898/0/alienvault-blogs~Things-I-Hearted-this-Week-%e2%80%93-th-June www.secnews.physaphae.fr/article.php?IdArticle=740329 False None NotPetya,FedEx,Wannacry None Errata Security - Errata Security Lessons from nPetya one year later An example is this quote in a recent article:"One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains." This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen.But this is wrong, at least in the case of NotPetya.NotPetya's spread was initiated through the Ukraining company MeDoc, which provided tax accounting software. It had an auto-update process for keeping its software up-to-date. This was subverted in order to deliver the initial NotPetya infection. Patching had nothing to do with this. Other common security controls like firewalls were also bypassed.Auto-updates and cloud-management of software and IoT devices is becoming the norm. This creates a danger for such "supply chain" attacks, where the supplier of the product gets compromised, spreading an infection to all their customers. The lesson organizations need to learn about this is how such infections can be contained. One way is to firewall such products away from the core network. Another solution is port-isolation/microsegmentation, that limits the spread after an initial infection.Once NotPetya got into an organization, it spread laterally. The chief way it did this was through Mimikatz/PsExec, reusing Windows credentials. It stole whatever login information it could get from the infected machine and used it to try to log on to other Windows machines. If it got lucky getting domain administrator credentials, it then spread to the entire Windows domain. This was the primary method of spreading, not the unpatched ETERNALBLUE vulnerability. This is why it was so devastating to companies like Maersk: it wasn't a matter of a few unpatched systems getting infected, it was a matter of losing entire domains, including the backup systems.Such spreading through Windows credentials continues to plague organizations. A good example is the recent ransomware infection of the City of Atlanta that spread much the same way. The limits of the worm were the limits of domain trust relationships. For example, it didn't infect the city airport because that Windows domain is separate from the city's domains.This is the most pressing lesson organizations need to learn, the one they are ignoring. They need to do more to prevent desktops from infecting each other, such as through port-isolation/microsegmentation. They need to control the spread of administrative credentials within the organization. A lot of organizations put the same local admin account on every workstation which makes the spread of NotPetya style worms trivial. They need to reevaluate trust relationships between domains, so that the admin of one can't infect the others.These solutions are difficult, which is why news articles don't mention them. You don't have to know anything about security to proclaim "the problem is lack of patches". It's moral authority, chastising the weak, rather than a proscription of what to do. Solving supply chain hacks and Windows credential sharing, though, is hard. I don't know any universal solution to this -- I'd have to thoroughly analyze your network and business in order to ]]> 2018-06-27T15:49:15+00:00 https://blog.erratasec.com/2018/06/lessons-from-npetya-one-year-later.html www.secnews.physaphae.fr/article.php?IdArticle=725976 False Ransomware,Malware,Patching NotPetya,FedEx,Wannacry None The State of Security - Magazine Américain Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings Read More ]]> 2018-02-20T12:40:03+00:00 https://www.tripwire.com/state-of-security/security-data-protection/cloud/hacker-tools-amazon-cloud-storage/ www.secnews.physaphae.fr/article.php?IdArticle=486478 False None Uber,FedEx None InformationSecurityBuzzNews - Site de News Securite FedEx Data Breach FedEx Data Breach]]> 2018-02-19T16:30:02+00:00 https://www.informationsecuritybuzz.com/expert-comments/fedex-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=484850 False None FedEx None Security Affairs - Blog Secu 119,000 Scanned IDs of FedEx-owned company Bongo International\'s customers exposed online 2018-02-16T19:19:03+00:00 http://securityaffairs.co/wordpress/69152/data-breach/fedex-company-data-leak.html www.secnews.physaphae.fr/article.php?IdArticle=481318 False None FedEx None InformationSecurityBuzzNews - Site de News Securite FedEx Customer Documents Exposed In Mass Data Breach FedEx Customer Documents Exposed In Mass Data Breach]]> 2018-02-16T15:00:05+00:00 https://www.informationsecuritybuzz.com/expert-comments/fedex-customer-documents-exposed-mass-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=481039 False None FedEx None ZD Net - Magazine Info Unsecured server exposed thousands of FedEx customer records 2018-02-15T14:00:00+00:00 www.secnews.physaphae.fr/article.php?IdArticle=479632 False None FedEx None IT Security Guru - Blog Sécurité New Phishing scam combines FedEx and Google Drive to lure victims Several universities and more than 20 companies have been hit with malware whose creators are using several layers of subterfuge to camouflage their phishing attack by taking advantage of a few trusted brand names. View full story ORIGINAL SOURCE: SC Magazine ]]> 2018-01-26T11:41:13+00:00 http://www.itsecurityguru.org/2018/01/26/new-phishing-scam-combines-fedex-google-drive-lure-victims/ www.secnews.physaphae.fr/article.php?IdArticle=460643 False None FedEx 4.0000000000000000 The Security Ledger - Blog Sécurité NotPetya\'s Cost to FedEx: $400 Million and counting Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/512318212/0/thesecurityledger -->»]]> 2017-12-22T15:22:32+00:00 https://feeds.feedblitz.com/~/512318212/0/thesecurityledger~NotPetyas-Cost-to-FedEx-Million-and-counting/ www.secnews.physaphae.fr/article.php?IdArticle=454702 False None NotPetya,FedEx None SecurityWeek - Security News White House Blames North Korea for Cyberattack 2017-12-19T18:07:17+00:00 http://feedproxy.google.com/~r/Securityweek/~3/2CzGzv_mYJ8/white-house-blames-north-korea-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=452645 False None FedEx None The Security Ledger - Blog Sécurité Is CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night? Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/461342024/0/thesecurityledger -->»

Related StoriesIs CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night? - Enclosure Report: 1.9b Records Lost in First Half of 2017, topping 2016 FedEx: NotPetya Cost $300m, Wrecked Q1 Earnings ]]> 2017-09-25T16:50:28+00:00 https://feeds.feedblitz.com/~/461342024/0/thesecurityledger~Is-CCleaner-the-Tip-of-an-Iceberg-of-Supply-Chain-Hacks-And-Alexa-did-China-hack-us-Last-Night/ www.secnews.physaphae.fr/article.php?IdArticle=412050 False None NotPetya,FedEx,CCleaner None Security Affairs - Blog Secu FedEx announces $300m in lost business and response costs after NotPetya attack 2017-09-21T05:29:26+00:00 http://securityaffairs.co/wordpress/63241/malware/fedex-300-million-notpetya-attack.html www.secnews.physaphae.fr/article.php?IdArticle=410384 True None NotPetya,FedEx None SecurityWeek - Security News FedEx Profit Takes $300 Million Hit After Malware Attack 2017-09-20T19:29:44+00:00 http://feedproxy.google.com/~r/Securityweek/~3/wqaLLPne7uk/fedex-profit-takes-300-million-hit-after-malware-attack www.secnews.physaphae.fr/article.php?IdArticle=410295 True None FedEx None The Security Ledger - Blog Sécurité FedEx: NotPetya Cost $300m, Wrecked Q1 Earnings Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/460060256/0/thesecurityledger -->»Related StoriesEquifax Executives Depart Amid Growing Backlash Beset by Lawsuits, Scams, Investigations, Equifax names Source of Breach Bluetooth Flaw affects Billions of Devices and has a Name: BlueBorne ]]> 2017-09-20T02:19:33+00:00 https://feeds.feedblitz.com/~/460060256/0/thesecurityledger~FedEx-NotPetya-Cost-m-Wrecked-Q-Earnings/ www.secnews.physaphae.fr/article.php?IdArticle=409965 False None NotPetya,FedEx,Equifax None InformationSecurityBuzzNews - Site de News Securite ESET Ireland Warns Of Office 365 Phishing Scam Via Fake FedEx Email ESET Ireland Warns Of Office 365 Phishing Scam Via Fake FedEx Email]]> 2017-08-24T15:15:03+00:00 http://www.informationsecuritybuzz.com/news/eset-ireland-warns-office-365-phishing-scam-via-fake-fedex-email/ www.secnews.physaphae.fr/article.php?IdArticle=400539 False None FedEx None The Security Ledger - Blog Sécurité The Spectrum of Mobile Risk: Protecting Your Corporate Data Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/438067450/0/thesecurityledger -->»Related StoriesGerman Electronics Store Sued for Selling Un-Patchable Android Phones Petya-Bitten Subsidiary will materially impact FedEx Heartbleed’s Heartburn: Why a 5 Year Old Vulnerability Continues to Bite ]]> 2017-08-17T19:25:09+00:00 https://feeds.feedblitz.com/~/438067450/0/thesecurityledger~The-Spectrum-of-Mobile-Risk-Protecting-Your-Corporate-Data/ www.secnews.physaphae.fr/article.php?IdArticle=397963 False None FedEx None The Security Ledger - Blog Sécurité Uber\'s Endless Summer: FTC Settlement over Bogus Security, Privacy Claims Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/435373146/0/thesecurityledger -->»Related StoriesPetya-Bitten Subsidiary will materially impact FedEx OSINT University: are Colleges and Universities protecting Student Data?OSINT University: are Colleges and Universities protecting Student Data? - Enclosure ]]> 2017-08-15T14:57:54+00:00 https://feeds.feedblitz.com/~/435373146/0/thesecurityledger~Ubers-Endless-Summer-FTC-Settlement-over-Bogus-Security-Privacy-Claims/ www.secnews.physaphae.fr/article.php?IdArticle=396936 False None Uber,FedEx None The Security Ledger - Blog Sécurité OSINT University: are Colleges and Universities protecting Student Data? Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/434366218/0/thesecurityledger -->»

Related StoriesOSINT University: are Colleges and Universities protecting Student Data? - Enclosure Petya-Bitten Subsidiary will materially impact FedEx It’s the Corruption, Stupid: why Russians aren’t the biggest threat to Election Security ]]> 2017-08-14T18:53:33+00:00 https://feeds.feedblitz.com/~/434366218/0/thesecurityledger~OSINT-University-are-Colleges-and-Universities-protecting-Student-Data/ www.secnews.physaphae.fr/article.php?IdArticle=396617 False None FedEx None The Security Ledger - Blog Sécurité At BlackHat: Hell is Other People\'s Machine Learning Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/410524850/0/thesecurityledger -->»Related StoriesPetya Malware may be an Early Test of Muscular Trump Cyber Doctrine Petya-Bitten Subsidiary will materially impact FedEx Petya Malware is about wreaking Havoc, not collecting Ransom | The Register ]]> 2017-07-25T16:14:27+00:00 https://feeds.feedblitz.com/~/410524850/0/thesecurityledger~At-BlackHat-Hell-is-Other-Peoples-Machine-Learning/ www.secnews.physaphae.fr/article.php?IdArticle=388876 False None FedEx None The Security Ledger - Blog Sécurité German Electronics Store Sued for Selling Un-Patchable Android Phones Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/406068508/0/thesecurityledger -->»Related StoriesPetya-Bitten Subsidiary will materially impact FedEx Will ‘Right to Repair’ imperil IoT Security?Heartbleed’s Heartburn: Why a 5 Year Old Vulnerability Continues to Bite ]]> 2017-07-21T18:20:50+00:00 https://feeds.feedblitz.com/~/406068508/0/thesecurityledger~German-Electronics-Store-Sued-for-Selling-UnPatchable-Android-Phones/ www.secnews.physaphae.fr/article.php?IdArticle=387960 False None FedEx None SecurityWeek - Security News FedEx May Have Permanently Lost Data Encrypted by NotPetya 2017-07-20T13:54:09+00:00 http://feedproxy.google.com/~r/Securityweek/~3/eCGvmlp1bRM/fedex-may-have-permanently-lost-data-encrypted-notpetya www.secnews.physaphae.fr/article.php?IdArticle=387281 False None NotPetya,FedEx None The Security Ledger - Blog Sécurité Petya-Bitten Subsidiary will materially impact FedEx Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/403744680/0/thesecurityledger -->»Related StoriesPetya Malware may be an Early Test of Muscular Trump Cyber Doctrine After Petya, NATO will provide Cybersecurity Help to Ukraine Petya Malware is about wreaking Havoc, not collecting Ransom | The Register ]]> 2017-07-19T21:02:31+00:00 https://feeds.feedblitz.com/~/403744680/0/thesecurityledger~PetyaBitten-Subsidiary-will-materially-impact-FedEx/ www.secnews.physaphae.fr/article.php?IdArticle=386888 False None FedEx None Bleeping Computer - Magazine Américain FedEx Says Some Damage From NotPetya Ransomware May Be Permanent 2017-07-18T06:35:10+00:00 https://www.bleepingcomputer.com/news/security/fedex-says-some-damage-from-notpetya-ransomware-may-be-permanent/ www.secnews.physaphae.fr/article.php?IdArticle=386040 False None NotPetya,FedEx None Dark Reading - Informationweek Branch After Cyber Attack, FedEx Temporarily Halts Trading of Its Shares 2017-06-28T13:40:00+00:00 https://www.darkreading.com/attacks-breaches/after-cyber-attack-fedex-temporarily-halts-trading-of-its-shares/d/d-id/1329244?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=379529 False None FedEx None UnderNews - Site de news "pirate" francais WannaCry, et si ce n\'était que la partie immergée de l\'iceberg ? Depuis vendredi dernier, plus de 300 000 ordinateurs dans 150 pays ont été touchés lors de la plus grande opération de cyber-extorsion à ce jour. Renault, Vodafone, FedEx, ministère de l'Intérieur russe, la Deutsche Bahn ou encore les NHS se sont fait pirater dans cette vague de cyberattaques sans précédent. De quoi s’agit-il ? À […]]]> 2017-05-16T17:53:42+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/-tPSGTzAdtY/wannacry-et-si-ce-netait-que-la-partie-immergee-de-liceberg.html www.secnews.physaphae.fr/article.php?IdArticle=365907 False None FedEx,Wannacry None 01net. Actualites - Securite - Magazine Francais Ransomware WannaCry: les victimes les plus insolites ]]> 2017-05-15T04:52:55+00:00 http://www.01net.com/actualites/ransomware-wannacry-les-victimes-les-plus-insolites-1164268.html www.secnews.physaphae.fr/article.php?IdArticle=365884 False None FedEx,Wannacry 5.0000000000000000 Bleeping Computer - Magazine Américain FedEx Will Give You $5 If You Install Flash 2017-03-30T14:20:16+00:00 https://www.bleepingcomputer.com/news/software/fedex-will-give-you-5-if-you-install-flash/ www.secnews.physaphae.fr/article.php?IdArticle=350152 False None FedEx None Network World - Magazine Info What it takes to become an IT security engineer download What it takes to become an IT security engineer | PDF download CSO Online Getting started After being laid off in 2008 from his first IT job in tech support and systems administration, friends encouraged Copeland to use his networking talents to get a certification that would boost his career. He studied for three months and earned his Cisco Certified Network Associate (CCNA) certification in routing and switching. â€œCCNA was the biggest helper [for my security career path],â€ says Copeland. â€œIt's one of the hardest network certifications in the industry.â€ Also, he notes, â€œbecause it ties networking for firewalls and VPN, it has security components to it.â€ He also scoured daily posts on Reddit, the news aggregation and discussion website, to learn as much as he could about network and IT security, and to keep up with the latest threats.To read this article in full or to leave a comment, please click here]]> 2017-03-21T13:41:00+00:00 http://www.networkworld.com/article/3183113/careers/what-it-takes-to-become-an-it-security-engineer.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=341990 False None FedEx None Network World - Magazine Info The Ring Stick Up Cam. Don\'t bother. I reviewed the Ring ($199), a security camera that replaces your conventional doorbell and lets you not only see who's ringing your doorbell but also talk with them. The Ring doorbell provides movement detection with optional cloud video recording for a monthly fee ($3 per month).While I liked the product conceptually, the startup lag (the time between detecting movement and when recording begins, usually a delay of a few seconds) is long enough that fast moving people like the Fedex guy can come and go before the device starts recording and the so-so video quality led me to give it a Gearhead rating of 3.5 out of 5.To read this article in full or to leave a comment, please click here]]> 2016-12-13T11:33:00+00:00 http://www.networkworld.com/article/3149083/security/the-ring-stick-up-cam-dont-bother.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=271600 False None FedEx None