This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T20:35:18+00:00 www.secnews.physaphae.fr Wired Threat Level - Security News 2018-06-20T00:00:00+00:00 https://www.wired.com/story/why-ford-buying-detroit-derelict-train-station www.secnews.physaphae.fr/article.php?IdArticle=712842 False None Uber None Wired Threat Level - Security News 2018-06-15T11:00:00+00:00 https://www.wired.com/story/four-reasons-we-dont-have-flying-cars-yet www.secnews.physaphae.fr/article.php?IdArticle=705741 False None Uber None Adam Shostack - American Security Blog Continue reading "NTSB on Uber (Preliminary)"]]> 2018-05-25T14:55:03+00:00 https://adam.shostack.org/blog/2018/05/ntsb-on-uber-preliminary/ www.secnews.physaphae.fr/article.php?IdArticle=672397 False None Uber None Adam Shostack - American Security Blog Continue reading "Threat Model Thursday: Google on Kubernetes"]]> 2018-05-24T15:03:00+00:00 https://adam.shostack.org/blog/2018/05/threat-model-thursday-google-on-kubernetes/ www.secnews.physaphae.fr/article.php?IdArticle=669889 False None Uber None CVE Liste - Common Vulnerability Exposure 2018-05-17T03:29:00+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0268 www.secnews.physaphae.fr/article.php?IdArticle=654498 False None Uber None InformationSecurityBuzzNews - Site de News Securite Uber To Resume Tests With Self-Driving Cars, Just A Few Months After Fatal Crash]]> 2018-05-11T23:21:04+00:00 https://www.informationsecuritybuzz.com/expert-comments/uber-to-resume-tests-with-self-driving-cars/ www.secnews.physaphae.fr/article.php?IdArticle=639569 False None Uber None Next INpact - Site de news francais Lire la suite]]> 2018-05-09T08:45:01+00:00 https://www.nextinpact.com/news/106571-lebrief-android-p-nouvelle-fusee-falcon-9-salve-mises-a-jour-windows-etuberair.htm www.secnews.physaphae.fr/article.php?IdArticle=632402 True None Uber None Zataz - Magazine Francais de secu Courvoisier, un pirate et sa petite amie arrêtés, 500 000€ saisis est apparu en premier sur ZATAZ. ]]> 2018-05-03T10:09:02+00:00 https://www.zataz.com/courvoisier-pirate/ www.secnews.physaphae.fr/article.php?IdArticle=624229 False None Uber None Krebs on Security - Chercheur Américain 2018-05-02T19:26:04+00:00 https://krebsonsecurity.com/2018/05/when-your-employees-post-passwords-online/ www.secnews.physaphae.fr/article.php?IdArticle=623143 False None Uber None SecurityWeek - Security News ]]> 2018-04-30T06:33:01+00:00 https://www.securityweek.com/uber-updates-bug-bounty-program www.secnews.physaphae.fr/article.php?IdArticle=619355 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-04-27T17:16:02+00:00 https://threatpost.com/uber-tightens-bug-bounty-extortion-policies/131512/ www.secnews.physaphae.fr/article.php?IdArticle=618520 False None Uber 5.0000000000000000 IT Security Guru - Blog Sécurité 2018-04-17T11:55:03+00:00 http://www.itsecurityguru.org/2018/04/17/youtuber-hacked-livestream/ www.secnews.physaphae.fr/article.php?IdArticle=592454 False None Uber None SecurityWeek - Security News 2018-04-13T13:09:00+00:00 https://www.securityweek.com/25-million-us-individuals-impacted-2016-uber-hack www.secnews.physaphae.fr/article.php?IdArticle=583616 False None Uber None Security Affairs - Blog Secu 2018-04-13T07:41:01+00:00 https://securityaffairs.co/wordpress/71332/laws-and-regulations/uber-2016-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=583056 False None Uber None Dark Reading - Informationweek Branch 2018-04-12T13:20:00+00:00 https://www.darkreading.com/attacks-breaches/uber-agrees-to-new-ftc-settlement-over-2016-breach-disclosure/d/d-id/1331525?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=581993 False None Uber None SecurityWeek - Security News Security Teams Must Prioritize Risk Mitigation Against Android Malware Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users' computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android. Threat actors watch these trends too. They're opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks.  As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android's official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores.  Users are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations. Apps have been found that impersonate Uber, any number of financial institutions, gaming apps and perhaps most galling, security apps. Mobile malware is generally delivered and deployed via a multi-step process requiring some user interaction. This presents threat actors with many opportunities to infiltrate a device. For example, once installed, many malicious apps request users to approve unnecessary privileges, such as administration access, to execute processes. Overlays (superimposing phishing screens on a legitimate app) are also used to prompt users to provide sensitive information, such as credentials or financial data.  So, what's the ultimate endgame for cyber criminals? The most prevalent objective is espionage – gathering information through profiling device data or recording phone calls and messages. Mobile banking malware, such as Marcher and BankBot, uses sophisticated techniques to harvest user banking data, including overlays specific to target banks, and intercepts SMS messages to obtain multi-factor authentication codes. Recently, mobile devices have also been targeted for cryptocurrency mining. While less powerful than desktops and servers used for this purpose, more Android devices exist, and they are often less protected and, thus, more easily accessible. You can expect t]]> 2018-04-05T13:32:05+00:00 https://www.securityweek.com/mitigating-digital-risk-android-pc-your-pocket www.secnews.physaphae.fr/article.php?IdArticle=567842 True None Uber None Malwarebytes Labs - MalwarebytesLabs By now it's obvious that data security technology hasn't kept pace with the needs of consumers. In 2017 alone, we learned about massive data breaches from major organizations like Equifax, Uber, and Verizon. In other words: We're in the midst of a data breach epidemic. Categories: 101 Infographics Tags: data breachdata breachesdata breaches of 2017Equifaxprivacy (Read more...) ]]> 2018-03-29T16:00:00+00:00 https://blog.malwarebytes.com/101/2018/03/the-data-breach-epidemic-no-info-is-safe/ www.secnews.physaphae.fr/article.php?IdArticle=550672 False None Uber,Equifax None SecurityWeek - Security News four distinct ways.  The logic is to streamline the company's mitigation efforts and allow you to focus more time and investment where it matters most-on the unique risks inherent to the business. But there is a fifth element, and it is going to be in your future. While security-as-a-service for functions like WAF and DDoS protection are well-established, they are just the beginning of a new industry that is emerging around consumption-based security models.   To a certain extent, security in the future is going to be Uberized, and for some situations, you may be able to get rid of your car entirely. No insurance. No maintenance. No hassles with parking. And you won't even have to wash it or vacuum crumbs out of the seat cracks.  That is to say, you won't hire a company just for DDoS and WAF. You'll hire a company for IDaaS, IPS, encryption/decryption, SSL orchestration, governance, risk and compliance (GRC).  And over time, you'll dial in your use of these services. Spin them up when they're needed most. Ratchet them back when they're not in demand. Pay only for what you use. This is a strategic way to contain costs as you may only fully use your GRC service when it's time for an audit, enabling the company to increase its capacity without having a consulting service on site.  All of this will dramatically change how CISOs function and how their teams are structured. Instead of hiring dozens of people to build and maintain multiple systems, CISOs will shift to focus on the data that powers the business and how it flows through and interacts with these outsourced relationships.  And yes, I am going so far as to say this shift is inevitable, because it's being driven by some pretty clear economic pressures: Talent scarcity  It's well-known that there are a lot of open job reqs in cybersecurity. I mean a lot-more than a million today. And according to Center for Cyber Safety and Education's 2017 Global Information Security Workforce Study, there may be as many as 1.8 million open jobs in the field by 2022.   In this market, finding the right person can take months. You either have to poach them from another company or develop them yourself. Development means trial by fire. I don't know about you, but I don't want trial by fire. And if you do steal a great hire from another company, the cost-benefit analysis is such that you're basically being driven to a vendor anyway, simply because the salary pressure makes it more cost-effective.  There are also specific areas of ]]> 2018-03-28T15:31:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/034iqil1OgA/risky-business-fifth-element www.secnews.physaphae.fr/article.php?IdArticle=547896 False None Uber None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/535224376/0/thesecurityledger -->» ]]> 2018-03-26T16:08:00+00:00 https://feeds.feedblitz.com/~/535224376/0/thesecurityledger~Podcast-Beta-Deaths-are-we-driving-too-fast-towards-Autonomous-Vehicles/ www.secnews.physaphae.fr/article.php?IdArticle=543025 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC CyberByte steals Malwarebytes’ intellectual property | Malwarebytes Uber Self-Driving Car Strikes and Kills Arizona Woman An Uber self-driving car has struck and killed a woman pedestrian in Tempe, Arizona, the company revealed. Our hearts go out to the victim’s family. We’re fully cooperating with @TempePolice and local authorities as they investigate this incident. — Uber Comms (@Uber_Comms) March 19, 2018 Uber Self-Driving Car Strikes and Kills Arizona Woman | Bleeping Computer Information Security Misconceptions I thought I’d slip a self-promotional link in here for an article I wrote for CSO Online. Channelling my inner Billy Bragg, isn't it fair to say that nobody knows nothing anymore? I'm not just talking about the press -- although sloppy security reporting is far too common, and unfailingly gets my goat. What about people in the inside of the industry? Information Security Misconceptions | CSO Online AWS S3 leaky bucket of the week This week's misconfigured AWS S3 bucket award goes to Walmart jewellery partner MBM for exposing 1.3m customers. Open AWS S3 bucket managed by Walmart jewelry partner exposes info on 1.3M customers | SC Magazine DNS Poisoning and how to prevent it Much of what we know now about DNS, address protocol, and packet priority is being redefined with the recent 'Net Neutrality' legislation. Instead of becoming a party to the hoopla that is partisan politics surrounding THAT issue, let me assure you there are many different mitigation strategies for not only securing your own network against DNS poisoning, but also working towards a harmonious kum-by-ah solution that in the en]]> 2018-03-23T13:00:00+00:00 http://feeds.feedblitz.com/~/534454534/0/alienvault-blogs~Things-I-Hearted-this-Week-rd-March www.secnews.physaphae.fr/article.php?IdArticle=536779 False None Uber None Bleeping Computer - Magazine Américain 2018-03-22T15:10:01+00:00 https://www.bleepingcomputer.com/news/security/coinminer-campaigns-move-to-the-cloud-via-docker-kubernetes/ www.secnews.physaphae.fr/article.php?IdArticle=535748 False None Uber None Graham Cluley - Blog Security It's not fair to describe what happened at Facebook as a data breach - it's much worse than that. An autonomous Uber vehicle kills a pedestrian. And sextortion continues to be a serious problem. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by researcher Scott Helme. ]]> 2018-03-22T00:36:05+00:00 https://www.grahamcluley.com/smashing-security-070-facebook-and-cambridge-diabolica/ www.secnews.physaphae.fr/article.php?IdArticle=534193 True None Uber None SecurityWeek - Security News British political consulting firm linked to Donald Trump's presidential campaign. "Delete and forget. It's time to care about privacy," he said. The huge social network also faces investigations on both sides of the Atlantic over its data practices, and a handful of lawsuits which could turn into class actions that may prove a costly distraction for Facebook. It remains to be seen whether the uproar would lead to any significant departures, but the topic was active on social media, including on Facebook itself. Donella Cohen, a Weather Channel product manager, posted on her Facebook page that she would be off the network by midnight. "The latest revelations are showing just how corrupt and detrimental to society this particular platform is," she wrote.  "I hope that a new social network emerges. One that isn't so greedy as to corrupt the political process in the name of the almighty dollar." - Fabric of internet - Yet analysts noted Facebook is unlikely to fade quickly because of how it is woven into the fabric of the internet, with "like" buttons on websites, comments sections for news articles and an ad network that delivers messages to those who are not Facebook members. The #deleteFacebook movement "is a social media feedback loop from the public -- we saw the same thing with #deleteUber," said Jennifer Grygiel, a communications professor at Syracuse University. "Sure, some people will delete Facebook, but to truly delete Facebook would mean that users would need to delete Facebook, Instagram, WhatsApp, and Messenger. This is not realistic for most people given how social media has been integrated into everyday life." Sandra Proske, head of communications for the Finla]]> 2018-03-21T18:20:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/3NCEQ3nvRB0/growing-mistrust-threatens-facebook-after-data-mining-scandal www.secnews.physaphae.fr/article.php?IdArticle=533743 False Guideline Uber None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/533862288/0/thesecurityledger -->»]]> 2018-03-20T22:47:05+00:00 https://feeds.feedblitz.com/~/533862288/0/thesecurityledger~Autonomous-vehicles-could-save-more-lives-than-they-take-That-might-not-matter/ www.secnews.physaphae.fr/article.php?IdArticle=532476 False None Tesla,Uber None Security Affairs - Blog Secu 2018-03-20T12:20:03+00:00 http://securityaffairs.co/wordpress/70476/security/uber-self-driving-car-accident.html www.secnews.physaphae.fr/article.php?IdArticle=531572 False None Uber None SecurityWeek - Security News acquired Coverity in 2014, started notifying Coverity Scan users about the breach on Friday. The company said malicious actors gained access to Coverity Scan systems sometime in February. “We suspect that the access was to utilize our computing power for cryptocurrency mining,” Synopsys told users. “We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.” Synopsys says the service is now back online and it believes the point of access leveraged by the attackers has been closed. In order to regain access to Coverity Scan, users will need to reset their passwords. “Please note that the servers in question were not connected to any other Synopsys computer networks. This should have no impact on customers of our commercial products, and this event did not put any Synopsys corporate data or intellectual property at risk,” users were told. Cybercriminals have become increasingly interested in making a profit by hacking PCs and servers and abusing them to mine cryptocurrencies. Cryptocurrency mining malware can target a wide range of devices, including industrial systems. One recent high-profile victim was the carmaker Tesla, whose Kubernetes pods were compromised and used for cryptocurrency mining. According to RedLock, which discovered the breach, hackers gained access to Tesla's Kubernetes console due to the lack of password protection. Related: Avoid Becoming a Crypto-Mining Bot - Where to Look for Mining Malware and How to Respond Related: Linux Malware Targets Raspberry Pi for Cryptocurrency Mining ]]> 2018-03-20T07:03:01+00:00 http://feedproxy.google.com/~r/Securityweek/~3/pjXWT1DACL4/coverity-scan-hacked-abused-cryptocurrency-mining www.secnews.physaphae.fr/article.php?IdArticle=531122 False None Tesla,Uber None Bleeping Computer - Magazine Américain 2018-03-19T17:00:05+00:00 https://www.bleepingcomputer.com/news/technology/uber-self-driving-car-strikes-and-kills-arizona-woman/ www.secnews.physaphae.fr/article.php?IdArticle=530019 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC DNS poisoning. Simply the name conjures up the kind of thoughts that keep network admins up at night. What if my RNDC key gets leaked? Could there be a rogue DHCP server within my perimeter? Are the Lizard Squad planning an attack on  for Christmas? Much of what we know now about DNS, address protocol, and packet priority is being redefined with the recent 'Net Neutrality' legislation. Instead of becoming a party to the hoopla that is partisan politics surrounding THAT issue, let me assure you there are many different mitigation strategies for not only securing your own network against DNS poisoning, but also working towards a harmonious kum-by-ah solution that in the end, may end up resolving (pun intended) the DNS plight. So, let's silence the alerting system, and get down to what DNS poisoning is, why it's still around, and one of the best ways to solve it. Why is DNS Poisoning Possible? The first thing to understand about DNS 'poisoning' is that the purveyors of the Internet were very much aware of the problem. Essentially, DNS requests are "cached", or stored, into a database which can be queried in almost real-time to point names like 'hotmail.com' or 'google.com' to their appropriate IP addresses. Can you imagine having to remember a string of numbers instead of a fancy name to get to your desired WWW (or GOPHER - if that's your thing) resources? 321.652.77.133 or 266.844.11.66 or even 867.53.0.9 would be very hard to remember. [Note: I have obfuscated REAL IP addresses with very fake ones here. Always trying to stay one step ahead of the AI Armageddon. Real IP addresses end with the numerical value of '255' within each octet.] No, remembering strings of numbers would be next to impossible. But thankfully, and all because of Al Gore (sarcasm) we have the DNS mechanism that gives us [relatively] easy names to remember how to get to our favorite resources. DNS basically runs the Internet. Without it, only the most uber-geeky of computer scientists would be able to traverse it.   Strings of numbers are just simply not how humans identify information. They help, but in reality, words and language are what separate us from our impending robotic overlords. It's because of this, that as the Internet began to grow, the DNS (Domain Name System) was created. To help us get from one side of the world to the other, with little angst. However, due to the limitations of computing (especially storage and bandwidth) at the time, the early versions of DNS simply used a "distributed" text file for name resolution. Think "blockchain" for EVERY SINGLE HOST that existed on the 'Net back then. It was a nicer and friendlier place, and that system worked well. Until it didn't, and some nice folks at ARIN and ICANN came along and began the system we use today: DNS. In its simplest explanation, DNS takes a name (e.g. yahoo.com) and looks at the locally configured 'Nameservers' for the "answer" to the question: 'What is the IP address of yahoo.com?'. Once an answer is found, it is passed back to the client requesting it, and the routing and magic of the TCP protocol kicks into gear, and the peasants rejoice. Except there are sometimes problems that arise that cause the peasants to NOT rejoice, and for network engineers to curse the vile notion of DNS. You see, since DNS arose during a time where "real-time" anything was not technically possible; to aid performance and allow for USABLE networks, DNS answers were logged into a locally stored 'cache' or database o]]> 2018-03-19T13:00:00+00:00 http://feeds.feedblitz.com/~/533506094/0/alienvault-blogs~DNS-Poisoning-and-How-To-Prevent-It www.secnews.physaphae.fr/article.php?IdArticle=528806 False Guideline Uber,Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC You’ve been in the industry for a long time, what’s the secret to staying so apparently happy and enthusiastic - not to mention retaining a full head of hair? Life is so ghastly and absurd that it's impossible to take it too seriously.  One of my failings is that I have a pitifully low boredom threshold, and find it a hard thing to disguise.  This isn't a good thing, and has probably harmed my career immensely. Recently my wife says she's spotted a couple of grey hairs on my head, so it does appear that I am mortal My brothers don't seem to have lost their hair either, so it must be something in the Cluley gene pool.  That or the fact I spent the first eighteen years of my life eating only cheese sandwiches. There were your early days at Dr. Solomon’s, the Naked Security era, and now your life as an independent expert - with a more respected brand than most companies have. Was this a planned journey? How did your career end up here? I don't really think I have a career.  I find it hard to describe to people what exactly it is that I do for a job.  When I meet up with my brothers, they're baffled as to how I'm able to make a living too. So, there was no planned journey to get to this point.  At college, I wrote and sold computer games, and they're what got the attention of Alan Solomon who offered me a job as a programmer in the early days of anti-virus. I left Dr. Solomon's (which was a fun place to work) because they got acquired by McAfee (who didn't seem very fun).  I joined Sophos because it was a small fun company, and then left when it became big and stopped being fun. I make decisions like these fairly impulsively.  Something will switch in my head and make me say, "I'd rather do something fun", and then that's it, my mind’s made up. Life is a little different now as I have a wife and young son, and I need to remind myself that I have some responsibilities.  If they weren't in my life, it's quite possible that I would be doing something other than computer security.  But I do enjoy finding new things to do – and my latest obsession is the weekly podcast I co-host with Carole Theriault. You’re a pretty public figure, but what little-known fact about your background usually surprises people? While I was studying at university, my girlfriend joined a cult.   I tried for years to get her out, without success.  That was pretty horrible, but I met a lot of good people and - hopefully - helped some other people l]]> 2018-03-07T14:00:00+00:00 http://feeds.feedblitz.com/~/530864952/0/alienvault-blogs~An-Interview-with-Graham-Cluley www.secnews.physaphae.fr/article.php?IdArticle=499121 False General Information Uber None IT Security Guru - Blog Sécurité 2018-03-06T15:03:00+00:00 http://www.itsecurityguru.org/2018/03/06/pennsylvania-sues-uber-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=497870 False None Uber None The State of Security - Magazine Américain Read More ]]> 2018-03-06T13:36:02+00:00 https://www.tripwire.com/state-of-security/latest-security-news/uber-sued-penn-attorney-general-delayed-data-breach-notification/ www.secnews.physaphae.fr/article.php?IdArticle=497691 False None Uber None Korben - Bloger francais Suite]]> 2018-02-23T11:07:02+00:00 http://feedproxy.google.com/~r/KorbensBlog-UpgradeYourMind/~3/gGHDickzWDs/uber-run-un-outil-pour-recuperer-facilement-vos-factures-uber.html www.secnews.physaphae.fr/article.php?IdArticle=489886 False None Uber None IT Security Guru - Blog Sécurité 2018-02-21T14:10:04+00:00 http://www.itsecurityguru.org/2018/02/21/confidential-data-stolen-tesla-staff-failed-secure-cloud-server/ www.secnews.physaphae.fr/article.php?IdArticle=487269 False None Tesla,Uber None The State of Security - Magazine Américain Read More ]]> 2018-02-20T12:40:03+00:00 https://www.tripwire.com/state-of-security/security-data-protection/cloud/hacker-tools-amazon-cloud-storage/ www.secnews.physaphae.fr/article.php?IdArticle=486478 False None Uber,FedEx None SecurityWeek - Security News ]]> 2018-02-07T10:22:11+00:00 http://feedproxy.google.com/~r/Securityweek/~3/LD3ctXnTeNo/hackers-florida-canada-behind-2016-uber-breach www.secnews.physaphae.fr/article.php?IdArticle=465407 False None Uber None Dark Reading - Informationweek Branch 2018-02-06T19:23:00+00:00 https://www.darkreading.com/informationweek-home/ubers-response-to-2016-data-breach-was-legally-reprehensible-lawmaker-says/d/d-id/1330997?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=465354 False None Uber None Korben - Bloger francais 2018-02-03T13:37:58+00:00 http://feedproxy.google.com/~r/KorbensBlog-UpgradeYourMind/~3/B_ReX8he18k/comment-faire-une-bonne-vignette-youtube-bien-clickbait.html www.secnews.physaphae.fr/article.php?IdArticle=464003 False None Uber None InformationSecurityBuzzNews - Site de News Securite Security Flaw Ignored By Uber That Renders “]]> 2018-01-23T21:00:52+00:00 http://www.informationsecuritybuzz.com/expert-comments/security-flaw-ignored-uber-renders/ www.secnews.physaphae.fr/article.php?IdArticle=459492 False None Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-01-23T05:37:52+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/xRe9RAtHU4M/cybersecurity-certification-courses.html www.secnews.physaphae.fr/article.php?IdArticle=459694 False None NotPetya,Uber,Wannacry,Equifax None ZD Net - Magazine Info 2018-01-21T14:26:00+00:00 http://www.zdnet.com/article/uber-security-flaw-two-factor-login-bypass/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=459386 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Dan Klinedist to pen his thoughts in a thought-provoking post that will probably leave you with more questions than answers. The 100 Billion Dollar Infosec Question | Dan Klinedinst, Medium IT Security Spending to reach $96 billion in 2018 | Dark Reading Putting the bug in bounty I’m a big fan of bug bounties, I think that they have a lot of benefits. But, as with any emerging service, there will be issues. One of them is differentiating between Bug Bounty and Security Consulting or Testing. And that can cause some problems, which are very well articulated by John Carroll. BugBounty != Security Consulting | CTU Security Inside Uber’s $100,000 Payment to a Hacker, and the Fallout | NY Times Mirai Okiru botnet targets ARC-based IoT devices For those of you who don't know, ARC (Argonaut RISC Core) processors are the second most widely used processors in the world and can be found in all manner of unassuming connected devices, from car tech to storage, home and mobile devices. The new Mirai botnet, known as Mirai Okiru, is going after them with the aim knock them offline with distributed denial of service (DDoS) attacks. Mirai Okiru botnet targets for first time ever in the history ARC-based IoT devices | Security Affairs Mirai Okiru is a botnet that's going after ARC-based IoT gadgets | The Inquirer Mirai Okiru: New DDoS botnet targets ARC-based IoT devices | CSO Mental Models & Security: Thinking Like a Hacker Is it weird that I’m including one of my own articles from this week? Is that the equivalent of someone liking their own facebook posts? I’ve been reading up on mental models lately a lot and thought a lot could be applied to security, or as is often said, to think like a hacker. I listed seven of my favourite models in this Dark Reading contributed article. Mental Models & Security: Thinking Like a Hacker | Dark Reading LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials ]]> 2018-01-19T14:00:00+00:00 http://feeds.feedblitz.com/~/518651014/0/alienvault-blogs~Things-I-Hearted-this-Week-%e2%80%93-th-Jan www.secnews.physaphae.fr/article.php?IdArticle=459642 False Guideline Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Meltdown Attack, the website. Google Project Zero blog NCSC’s advice Replace CPU hardware – legit advice. Linus Torvald was not happy, and issued a strongly-worded statement Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks | Bleeping Computer Facebook and India’s controversial National ID Database Facebook has clarified that it’s not asking new users in India for their Aadhaar information while signing up for a new Facebook account. Aadhaar is India’s biometric ID system that links the demographic information of more than a billion Indians with their fingerprints and iris scans, and stores it in a centralized government-owned database that both government agencies and private companies can access to authenticate people’s identities. The program has been slammed by critics for enabling surveillance and violating privacy. Facebook said this was a “small test” that the company ran with a limited number of Indian users, and that its goal was to help new users understand how to sign up to Facebook with their real names. It sounds an awful lot like the “wallet inspector” in the school playground that would also then keep my money safe for me. Facebook Just Clarified That It Is Not Collecting Data From India's Controversial National ID Database |Buzzfeed Rs 500, 10 minutes, and you have access to billion Aadhaar details | The Tribune India Trackmageddon Two researchers have disclosed problems with hundreds of vulnerable GPS services using open APIs and trivial passwords (123456), resulting in a multitude of privacy issues including direct tracking. Further, many of the vulnerable services have open directories exposing logged data. For some, the vulnerabilities discovered and disclosed by Vangelis Stykas (@evstykas) and Michael Gruhn (@0x6d696368) aren't new. They were disclosed during Kiwicon in 2015 by Lachlan Temple, who demonstrated flaws in a popular car tracking immobilization device. ]]> 2018-01-05T14:00:00+00:00 http://feeds.feedblitz.com/~/515235074/0/alienvault-blogs~Things-I-Hearted-this-Week-th-Jan www.secnews.physaphae.fr/article.php?IdArticle=455992 False None Uber,Wannacry None IT Security Guru - Blog Sécurité Symantec researchers have uncovered malware that harvests users passwords from the Uber’s Android App, giving hackers access to users accounts. View Full Story ORIGINAL SOURCE: MSN ]]> 2018-01-04T17:34:05+00:00 http://www.itsecurityguru.org/2018/01/04/uber-android-app-targeted-malware/ www.secnews.physaphae.fr/article.php?IdArticle=455373 False None Uber 3.0000000000000000 Malwarebytes Labs - MalwarebytesLabs This year saw a handful of spectacularly bad security fails that resulted in massive sets of compromised data. Here are the most colossal data breaches of 2017. Categories: Cybercrime Hacking Tags: data breachesdata breaches of 2017EdmodoEquifaxUberVerizon (Read more...) ]]> 2017-12-21T16:00:00+00:00 https://blog.malwarebytes.com/cybercrime/2017/12/the-seven-most-colossal-data-breaches-of-2017/ www.secnews.physaphae.fr/article.php?IdArticle=453963 False None Uber,Equifax None Errata Security - Errata Security The Bitcoin Boom: In Code We Trust". He is wrong is wrong about "code".The wrong "trust"Wu builds a big manifesto about how real-world institutions aren't can't be trusted. Certainly, this reflects the rhetoric from a vocal wing of Bitcoin fanatics, but it's not the Bitcoin manifesto.Instead, the word "trust" in the Bitcoin paper is much narrower, referring to how online merchants can't trust credit-cards (for example). When I bought school supplies for my niece when she studied in Canada, the online site wouldn't accept my U.S. credit card. They didn't trust my credit card. However, they trusted my Bitcoin, so I used that payment method instead, and succeeded in the purchase.Real-world currencies like dollars are tethered to the real-world, which means no single transaction can be trusted, because "they" (the credit-card company, the courts, etc.) may decide to reverse the transaction. The manifesto behind Bitcoin is that a transaction cannot be reversed -- and thus, can always be trusted.Deliberately confusing the micro-trust in a transaction and macro-trust in banks and governments is a sort of bait-and-switch.The wrong inspirationWu claims:"It was, after all, a carnival of human errors and misfeasance that inspired the invention of Bitcoin in 2009, namely, the financial crisis."Not true. Bitcoin did not appear fully formed out of the void, but was instead based upon a series of innovations that predate the financial crisis by a decade. Moreover, the financial crisis had little to do with "currency". The value of the dollar and other major currencies were essentially unscathed by the crisis. Certainly, enthusiasts looking backward like to cherry pick the financial crisis as yet one more reason why the offline world sucks, but it had little to do with Bitcoin.In crypto we trustIt's not in code that Bitcoin trusts, but in crypto. Satoshi makes that clear in one of his posts on the subject:A generation ago, multi-user time-sharing computer systems had a similar problem. Before strong encryption, users had to rely on password protection to secure their files, placing trust in the system administrator to keep their information private. Privacy could always be overridden by the admin based on his judgment call weighing the principle of privacy against other concerns, or at the behest of his superiors. Then strong encryption became available to the masses, and trust was no longer required. Data could be secured in a way that was physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter what.You don't possess Bitcoins. Instead, all the coins are on the public blockchain under your "address". What you possess is the secret, private key that matches the address. Transferring Bitcoin means using your private key to unlock your coins and transfer them to another. If you print out your private key on paper, and delete it from the computer, it can never be hacked.Trust is in this crypto operation. Trust is in your private crypto key.We don't trust the codeThe manifesto "in code we trust" has been proven wrong again and again. We don't trust computer code (software) in the cryptocurrency world.The most profound example is something known as the "DAO" on top of Ethereum, Bitcoin's major competitor. Ethereum allows "smart contracts" containing code. The quasi-religious manifesto of the DAO smart-contract is that the "code is the contract", that all the terms and conditions are specified within the smart-contract co]]> 2017-12-19T21:59:49+00:00 http://blog.erratasec.com/2017/12/bitcoin-in-crypto-we-trust.html www.secnews.physaphae.fr/article.php?IdArticle=452742 False None Uber None 01net. Actualites - Securite - Magazine Francais ]]> 2017-12-18T05:06:22+00:00 http://www.01net.com/actualites/comment-uber-a-pille-les-secrets-de-ses-concurrents-1330165.html www.secnews.physaphae.fr/article.php?IdArticle=452191 False None Uber None Bleeping Computer - Magazine Américain 2017-12-18T00:30:00+00:00 https://www.bleepingcomputer.com/news/security/hacker-courvoisier-pleads-guilty-to-attacks-on-uber-groupon-t-mobile-others/ www.secnews.physaphae.fr/article.php?IdArticle=451943 False Guideline Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC life of its own a few days ago. But I’m reminded of the ending monologue by Morgan Freeman in “The Shawshank Redemption”, in which he starts off by saying, “Get busy living or get busy dying.” So the thought of the week is, “Get busy securing, or get busy insecuring.” Hmm doesn’t quite have the same ring to it. Will have to think of a better word – but you catch my drift. Let’s jump into this week’s interesting security bits Mirai Mirai on the wall I picture Brian Krebs as being a Liam Neeson type – he sees that his website is under attack by a never-before seen DDoS attack. He mutters to himself, “I don’t know who you are, but I will hunt you, I will find you, and I will blog about it until you get arrested, prosecuted, and thrown in jail.” It so happens that this week the hackers behind the Mirai botnet and a series of DDoS attacks pled guilty. The Hackers Behind Some of the Biggest DDoS Attacks in History Plead Guilty | Motherboard Mirai IoT Botnet Co-Authors Plead Guilty | KrebsonSecurity Botnet Creators Who Took Down the Internet Plead Guilty | Gizmondo Bug Laundering Bounties Apparently, HBO negotiated with hackers. Paying them $250,000 under the guise of a bug bounty as opposed to a ransom. Maybe in time, it will be found that HBO acted above board, maybe it was a sting operation, maybe it was a misconstrued email. The worrying fact is that any payment exchange system can be used to launder money. However, bug bounty providers don’t (as far as I can tell) have financial services obligations. Does the bug bounty industry need more regulation (shudder)? Leaked email shows HBO negotiating with hackers | Calgary Herald Remember the 'Game of Thrones' leak? An Iranian hacker was charged with stealing HBO scripts to raise bitcoin | USA Today Uber used bug bounty program to launder blackmail payment to hacker | ars Technica Inside a low budget consumer hardware espionage implant I’m not much of a hardware expert – actually, I’m not much of a hardware novice either. But this writeup by Mich is awesome. I didn’t even know there were so many ways to sniff, intercept and basically mess around with stuff at such small scale. It’s extremely detailed and I’ve permanently bookmarked it for future reference. ]]> 2017-12-15T14:00:00+00:00 http://feeds.feedblitz.com/~/510731884/0/alienvault-blogs~Things-I-Hearted-This-Week-th-December www.secnews.physaphae.fr/article.php?IdArticle=451486 False Guideline,Medical,Cloud APT 38,APT 37,Uber None SecurityWeek - Security News 2017-12-14T03:11:10+00:00 http://feedproxy.google.com/~r/Securityweek/~3/fXNhI62fONk/us-prosecutors-confirm-uber-target-criminal-probe www.secnews.physaphae.fr/article.php?IdArticle=449931 False None Uber None InformationSecurityBuzzNews - Site de News Securite How Not To Uber Your Data Breach: A Guide For Handling A Cyber-Attack]]> 2017-12-12T21:00:09+00:00 http://www.informationsecuritybuzz.com/articles/not-uber-data-breach-guide-handling-cyber-attack/ www.secnews.physaphae.fr/article.php?IdArticle=449106 False None Uber None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/509894038/0/thesecurityledger -->» ]]> 2017-12-12T15:31:05+00:00 https://feeds.feedblitz.com/~/509894038/0/thesecurityledger~Podcast-will-Ubers-Florida-Man-Problem-chill-Bug-Bounties/ www.secnews.physaphae.fr/article.php?IdArticle=449251 False None Uber None The Last Watchdog - Blog Sécurité de Byron V Acohido 2017-12-10T17:04:28+00:00 http://www.lastwatchdog.com/what-the-uber-hack-tells-us-about-fresh-attack-vectors-created-by-the-rise-of-devops/ www.secnews.physaphae.fr/article.php?IdArticle=447651 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Dr. Jessica Barker was the opening keynote and made some great points about optimism and how positive reinforcement is a far better motivator in security than the usual negativity. As I’m one that likes to take on board good ideas and implement them as quickly as possible – today’s wrap up will feature an optimistic and bright tone. So, put on your rose tinted glasses, sit back, and enjoy this week’s wrap up. Uber invests in Florida youth A hacker only identified as a 20-year old Florida man, was apparently behind the Uber breach a year ago. Uber was so grateful it awarded him $100,000 via HackerOne bug bounty platform, but wanted to keep its act of philanthropy quiet. No word on whether the youth will spend the money on an orphanage or an animal shelter, but we are hopeful. Uber hacked by a 20-year-old man in the US | Computer Weekly Uber paid 20-year-old man to hide hack, destroy data | ZDNet Three Uber security managers resign after CEO criticizes practices | Reuters $60m in bitcoin shared The days of Robin Hood aren’t over. Over $60m in cryptocurrency has been involuntarily redistributed after hackers bloke into Slovenian-based bitcoin mining marketplace NiceHash. More than $60 million worth of bitcoin potentially stolen after hack on cryptocurrency site | CNBC Bitcoin: $64m in cryptocurrency stolen in 'sophisticated' hack, exchange says | The Guardian $60m Bitcoin heist potentially hits cryptocurrency mining site | CBRonline Three ways to improve cybersecurity maturity I really like the name, “The Rochford Files” which is the contributed blog by Oliver Rochford on CSO. Keeping in tune with my optimistic theme, the subtitle is “here’s what’s holding us back” – but I’d rather rephrase it as “Here are our greatest opportunities”. 3 common cybersecurity maturity failings Predictions It’s that time of year for everyone to collectively gaze into crystal balls and predict what the new year will bring. I jumped onto the bandwagon myself and boldly made some predictions. The good thing about the future though is that it never comes, so you can never be proven wrong! Six Cybersecurity Predictions for The Year Ahead | AlienVault ]]> 2017-12-08T14:00:00+00:00 http://feeds.feedblitz.com/~/507506118/0/alienvault-blogs~Things-I-Hearted-this-Week-%e2%80%93-th-December www.secnews.physaphae.fr/article.php?IdArticle=447588 False Guideline Uber None Tech Worm - Desc Uber paid hackers to keep data breach secret, says sources Uber, the ride-hailing smartphone app, suffered a data breach last year in which over 57 million customers and 600,000 drivers had their personal information stolen by a 20-year-old hacker from Florida. Now, in a statement released on the 2016 attack, Uber said that it paid […] ]]> 2017-12-07T17:14:24+00:00 https://www.techworm.net/2017/12/uber-paid-20-year-old-florida-hacker-100000-keep-data-breach-secret.html www.secnews.physaphae.fr/article.php?IdArticle=446845 False None Uber None ZD Net - Magazine Info 2017-12-07T10:15:22+00:00 http://www.zdnet.com/article/uber-paid-20-year-old-man-to-hide-data-breach-destroy-information/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=446342 False None Uber None ComputerWeekly - Computer Magazine 2017-12-07T07:00:56+00:00 http://www.computerweekly.com/news/450431454/Uber-hacked-by-a-20-year-old-man-in-the-US www.secnews.physaphae.fr/article.php?IdArticle=446865 False None Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-12-06T23:49:31+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/vPvMpSpNVgo/uber-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=446119 False None Uber None InformationSecurityBuzzNews - Site de News Securite STEALTHbits re PayPal’s Discovery Of TIO Data Breach (Contrasting With Uber)]]> 2017-12-06T21:00:11+00:00 http://www.informationsecuritybuzz.com/expert-comments/stealthbits-re-paypals-discovery-tio-data-breach-contrasting-uber/ www.secnews.physaphae.fr/article.php?IdArticle=445820 False None Uber None IT Security Guru - Blog Sécurité The City of LA has sued Uber, for failing to inform the public about a breach that occured 2 years ago. Read Full Story  ORIGINAL SOURCE: OC Register ]]> 2017-12-05T15:37:15+00:00 http://www.itsecurityguru.org/2017/12/05/la-sues-uber/ www.secnews.physaphae.fr/article.php?IdArticle=445163 False None Uber None SecurityWeek - Security News 2017-12-01T18:42:44+00:00 http://feedproxy.google.com/~r/Securityweek/~3/rQwnzS7Q6D0/senators-propose-new-breach-notification-law www.secnews.physaphae.fr/article.php?IdArticle=443333 False None Uber,Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC thankful for all the good in their life. The best things in life: SIEM and log management, crowd-based threat intelligence, vulnerability assessment, asset discovery, and intrusion detection. I am Root Apple found itself in the headlines as it was revealed that anyone could log in with root credentials without a password. I’m sure employees Geniuses at Apple stores were delighted with customers trying out the hack on display units. While many experts bemoaned the irresponsible disclosure of the vulnerability, it was apparently known on the Apple developer forums and thought of more as a bug. Perhaps one of the most impressive aspects of this debacle was how quickly Apple turned it around and issued a patch within a day. I don’t know what they put in their coffee at Apple HQ, but I’ll have two! Anyone can hack MacOS High Sierra just by typing “root”. | Wired New security update fixes macOS root bug | ars Technica Apple releases update to fix critical macOS High Sierra security issue | The Verge Portable Faraday Cage This story caught my attention because of its simplicity.  A man in Australia was sacked from his job after it was discovered the 60-year old electrician blocked his whereabouts by storing his personal digital assistant, that has a GPS inside, in an empty foil packet of Twisties, a puffy cheese-based snack that is popular in Australia. I can only imagine how the prosecution kept a straight face claiming the man was using an elaborate Faraday cage while holding up an empty packet of crisps (chips). Employee used crisp packet as ‘Faraday cage’ to hide his whereabouts during work | Telegraph Net Neutrality Net neutrality is a hot topic at the moment, there are some strong proponents and a lot of dialogue ongoing. To coin a phrase, everything is fair in love, war, and online comments. Jeff Kao used natural language processing techniques to analyse net neutrality comments submitted to the FCC from April-October 2017 – and at the risk of sounding like a Buzzfeed article – the results were pretty disturbing. More than a Million Pro-Repeal Net Neutrality Comments were Likely Faked | Hackernoon Holiday Cybersecurity guide The lovable reprobate Rob Graham posted a great guide for anyone visiting relatives during the holidays, and what you can do to help them become more secure. It’s a very decent list that’s worth checking out. Your holiday cybersecurity guide | Errata Security Uber breach Ride share company Uber ]]> 2017-12-01T14:00:00+00:00 http://feeds.feedblitz.com/~/502870788/0/alienvault-blogs~Things-I-Hearted-this-Week-%e2%80%93-st-December www.secnews.physaphae.fr/article.php?IdArticle=443447 False None Uber None InformationSecurityBuzzNews - Site de News Securite Uber Reveals 2.7 Million British Users Hit By Data Breach]]> 2017-11-30T19:00:40+00:00 http://www.informationsecuritybuzz.com/expert-comments/uber-reveals-2-7-million-british-users-hit-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=442506 False None Uber None IT Security Guru - Blog Sécurité Uber has finally come up with a figure for the number of UK-based riders and drivers affected by its massive data breach: 2.7 million. The taxi hire firm has been slammed by regulators around the world for keeping the hack, which happened in October 2016, quiet for the best part of a year. To make matters ... ]]> 2017-11-30T11:42:14+00:00 http://www.itsecurityguru.org/2017/11/30/uber-says-2-7-meeellionish-uk-users-affected-hack/ www.secnews.physaphae.fr/article.php?IdArticle=442348 False None Uber 5.0000000000000000 SecurityWeek - Security News Uber, the ride-sharing giant hit with a number of scandals in recent months, is now suspected of operating a program to hide nefarious tactics. ]]> 2017-11-30T03:37:38+00:00 http://feedproxy.google.com/~r/Securityweek/~3/TTbCZ0aI6pQ/court-investigating-whether-uber-connived-cover-its-tracks www.secnews.physaphae.fr/article.php?IdArticle=441855 False None Uber None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/502274886/0/thesecurityledger -->» ]]> 2017-11-29T15:13:11+00:00 https://feeds.feedblitz.com/~/502274886/0/thesecurityledger~Podcast-Uber-Breach-Puts-Focus-on-Securing-DevOps-Secrets/ www.secnews.physaphae.fr/article.php?IdArticle=442659 False None Uber None BBC - BBC News - Technology 2017-11-29T13:32:46+00:00 http://www.bbc.co.uk/news/technology-42169813 www.secnews.physaphae.fr/article.php?IdArticle=441584 False None Uber None Network World - Magazine Info 2017-11-29T12:00:00+00:00 https://www.networkworld.com/video/83615/tech-talk-uber-hack-google-tracks-aws-packs-in-china-and-firefox-is-back#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=441813 False None Uber None ComputerWeekly - Computer Magazine 2017-11-29T11:40:27+00:00 http://www.computerweekly.com/news/450430904/Uber-breach-affected-27-million-Britons www.secnews.physaphae.fr/article.php?IdArticle=442101 False None Uber None SecurityWeek - Security News 2017-11-28T15:34:46+00:00 http://feedproxy.google.com/~r/Securityweek/~3/dWheussRsKg/majority-android-apps-contain-embedded-user-tracking-report www.secnews.physaphae.fr/article.php?IdArticle=441149 False None Uber None The Last Watchdog - Blog Sécurité de Byron V Acohido 2017-11-27T21:50:47+00:00 http://www.lastwatchdog.com/my-take-why-ubers-flaunting-of-disclosure-laws-will-ignite-security-regulations/ www.secnews.physaphae.fr/article.php?IdArticle=440554 False None Uber,Deloitte None Malwarebytes Labs - MalwarebytesLabs Learn what happened in the world of security during the week of November 20 to November 26. Categories: Security world Week in security Tags: bitcoinsfacebookimgurImgur breachKRACKmac malwareOSX.ProtonsecurityTerdot TrojantrojanUber breachweek in security (Read more...) ]]> 2017-11-27T19:25:39+00:00 https://blog.malwarebytes.com/security-world/2017/11/week-in-security-november-20-november-26/ www.secnews.physaphae.fr/article.php?IdArticle=440441 False None Uber None Dark Reading - Informationweek Branch 2017-11-27T16:40:00+00:00 https://www.darkreading.com/attacks-breaches/ubers-security-slip-ups-what-went-wrong/d/d-id/1330496?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=440610 False Guideline Uber None UnderNews - Site de news "pirate" francais Décidément, c'est la saisons des aveux pour les sociétés du Web. A peine quelques jours après l'annonce fracassante du piratage de Uber, voici que Imgur avoue une brèche et un vol de donnée datant de 2014.]]> 2017-11-27T08:37:32+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/Nu1ryRIgkzs/imgur-avoue-lui-aussi-setre-fait-pirate-en-2014.html www.secnews.physaphae.fr/article.php?IdArticle=440141 False None Uber None Security Affairs - Blog Secu Imgur, the popular image sharing service, confirms email addresses and passwords were stolen in a security breach occurred in 2014. Are you an Imgur user? News of the day it that the popular image sharing service Imgur was hacked in 2014, the incident was confirmed by the company a few days after Uber admitted to have concealed […] ]]> 2017-11-25T10:51:10+00:00 http://securityaffairs.co/wordpress/65991/data-breach/imgur-2014-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=439788 False None Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-11-25T00:29:30+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/qR0ebXirRaA/imgur-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=439641 False None Uber None Checkpoint - Fabricant Materiel Securite Cloud security has had a rough ride of it recently, and this past week its driver was the $68bn global transportation company, Uber. Earlier this week, it was revealed that the personal details of Uber's 57 million drivers and had been stolen back in 2016. The company then made matters worse by not reporting the […] ]]> 2017-11-24T13:57:42+00:00 http://blog.checkpoint.com/2017/11/24/uber-takes-cloud-security-ride/ www.secnews.physaphae.fr/article.php?IdArticle=439674 False None Uber None Darknet - The Darkside - Site de news Américain Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts – which is a very shady thing to do. Getting hacked is one thing (usually someone f*cked up), but choosing as a company to systematically cover up a breach to the tune of $100,000 – that's just wrong. 57 Million is a fairly significant number as well with Uber having around 40 Million monthly users, of course, it's not the scale of Equifax with 143 Million (or more). Read the rest of Uber Paid Hackers To Hide 57 Million User Data Breach now! Only available at Darknet. ]]> 2017-11-23T11:33:06+00:00 https://www.darknet.org.uk/2017/11/uber-paid-hackers-hide-57-million-user-data-breach/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=438679 False None Uber,Equifax None Errata Security - Errata Security The issue here is not which side is right. The issue here is whether you stand for truth, or whether you'll seize any factoid that appears to support your side, regardless of the truthfulness of it. The ACLU obviously chose falsehoods, as I documented. In the following tweet, Don Jr. does the same.It's a preview of the hyperpartisan debates are you are likely to have across the dinner table tomorrow, which each side trying to outdo the other in the false-hoods they'll claim.Need something to discuss over #Thanksgiving dinner? Try thisStock markets at all time highsLowest jobless claims since 736 TRILLION added to economy since Election1.5M fewer people on food stampsConsumer confidence through roof Lowest Unemployment rate in 17 years #maga- Donald Trump Jr. (@DonaldJTrumpJr) November 23, 2017What we see in this number is a steady trend of these statistics since the Great Recession, with no evidence in the graphs showing how Trump has influenced these numbers, one way or the other.Stock markets at all time highsThis is true, but it's obviously not due to Trump. The stock markers have been steadily rising since the Great Recession. Trump has done nothing substantive to change the market trajectory. Also, he hasn't inspired the market to change it's direction.To be fair to Don Jr., we've all been crediting (or blaming) presidents for changes in the stock market despite the fact they have almost no influence over it. Presidents don't run the economy, it's an inappropriate conceit. The most influence they've had is in harming it.Lowest jobless claims since 73Again, let's graph this:As we can see, jobless claims have been on a smooth downward trajectory since the Great Recession. It's difficult to see here how President Trump has influenced these numbers.6 Trillion added to the economyWhat he's referring to is that assets have risen in value, like the stock market, homes, gold, and even Bitcoin.But this is a well known fallacy known as Mercantilism, believing the "economy" is measure]]> 2017-11-23T01:31:13+00:00 http://blog.erratasec.com/2017/11/don-jr-ill-bite.html www.secnews.physaphae.fr/article.php?IdArticle=438356 False None Uber None InformationSecurityBuzzNews - Site de News Securite Uber Hack]]> 2017-11-22T23:03:43+00:00 http://www.informationsecuritybuzz.com/expert-comments/uber-hack/ www.secnews.physaphae.fr/article.php?IdArticle=438243 False None Uber None SecurityWeek - Security News Uber's cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers. ]]> 2017-11-22T18:52:34+00:00 http://feedproxy.google.com/~r/Securityweek/~3/wOX9bvgUfcI/uber-legal-crosshairs-over-hack-cover www.secnews.physaphae.fr/article.php?IdArticle=438212 False None Uber None NoticeBored - Experienced IT Security professional I didn't quite finish the A-to-Z on social engineering methods yesterday as planned but that's OK, it's coming along nicely and we're still on track. I found myself dipping back into the A-to-Z on scams, con-tricks and frauds for inspiration or to make little changes, and moving forward to sketch rough notes on the third and final part of our hot new security awareness trilogy: an A-to-Z on the controls and countermeasures against social engineering. Writing that is my main task for today, and all three pieces are now progressing in parallel as a coherent suite.It's no blockbuster but I have a good feeling about this, and encouraging feedback from readers who took me up on my offer of a free copy of the first part.Along the way, a distinctive new style and format has evolved for the A-to-Zs, using big red drop caps to emphasize the first item under each letter of the alphabet. I've created and saved a Word template to make it easier and quicker to write A-to-Zs in future - a handy tip, that, for those of you who are singing along at home, writing your own awareness and training content.I'd like to include some graphics and examples to illustrate them and lighten them up a bit, but with the deadline fast approaching that may have to wait until they are next updated. Getting the entire awareness module across the line by December 1st comes first, which limits the amount of tweaking time I can afford - arguably a good thing as I find this topic fascinating, and I could easily prepare much more than is strictly necessary for awareness purposes. Aside from that, the release of an updated OWASP top 10 list of application security controls prompted me to update our information security glossary with a couple of new definitions, and a radio NZ program about a book fair in Edinburgh (!) prompted me to explain improv sessions as a creative suggestion for the train-the-trainer guide for the social engineering module.]]> 2017-11-22T16:30:57+00:00 http://feedproxy.google.com/~r/NoticeBored/~3/v2WM2ROYpu0/nblog-november-22-to-z-of-social.html www.secnews.physaphae.fr/article.php?IdArticle=437513 False None Uber None SecurityWeek - Security News ]]> 2017-11-22T15:52:08+00:00 http://feedproxy.google.com/~r/Securityweek/~3/EGECzNkkZrc/should-uber-users-be-worried-about-data-hack www.secnews.physaphae.fr/article.php?IdArticle=438214 False None Uber None Dark Reading - Informationweek Branch 2017-11-22T15:00:00+00:00 https://www.darkreading.com/risk/time-to-pull-an-uber-and-disclose-your-data-breach-now/a/d-id/1330488?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=438402 False None Uber None Dark Reading - Informationweek Branch 2017-11-22T13:20:00+00:00 https://www.darkreading.com/attacks-breaches/uber-paid-hackers-$100k-to-conceal-2016-data-breach/d/d-id/1330487?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=438403 False None Uber None 01net. Actualites - Securite - Magazine Francais ]]> 2017-11-22T12:45:50+00:00 http://www.01net.com/actualites/uber-s-est-fait-pirater-les-donnees-de-57-millions-d-utilisateurs-mais-l-a-cache-pendant-un-an-1309612.html www.secnews.physaphae.fr/article.php?IdArticle=438135 False None Uber None IT Security Guru - Blog Sécurité It has been reported that Uber has concealed a massive data breach that affected 57 million customers. The breach occurred in 2016, and instead of disclosing the breach to the relevant authorities, the company paid the hackers $100,00 to delete the data. Read Full Story  ORIGINAL SOURCE: BBC ]]> 2017-11-22T10:56:27+00:00 http://www.itsecurityguru.org/2017/11/22/uber-concealed-massive-data-breach-2016/ www.secnews.physaphae.fr/article.php?IdArticle=438076 True None Uber 2.0000000000000000 BBC - BBC News - Technology 2017-11-22T10:55:47+00:00 http://www.bbc.co.uk/news/technology-42079937 www.secnews.physaphae.fr/article.php?IdArticle=437938 False None Uber None Global Security Mag - Site de news francais Marchés ]]> 2017-11-22T10:03:03+00:00 http://www.globalsecuritymag.fr/Uber-Leak-Reaction-de-Malwarebytes,20171122,75300.html www.secnews.physaphae.fr/article.php?IdArticle=438079 False Guideline Uber None Security Affairs - Blog Secu Unbelievable: Uber concealed data breach that exposed 57 Million records in 2016 and paid hackers to delete stolen records. Uber CEO Dara Khosrowshahi announced on Tuesday that hackers broke into the company database and accessed the personal data of 57 million of its users, the bad news is that the company covered up the hack […] ]]> 2017-11-22T08:56:20+00:00 http://securityaffairs.co/wordpress/65868/data-breach/uber-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=437852 False None Uber None UnderNews - Site de news "pirate" francais Mauvaise nouvelle ! Le PDG d'Uber a avoué mardi qu'une cyberattaque d'envergure avait été dissimulée fin 2016. Le bilan est pourtant lourd : ce sont les données de 57 millions d'utilisateurs / chauffeurs à travers le monde qui ont été piratées.]]> 2017-11-22T08:23:03+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/op61D0lHPDM/uber-revele-avoir-ete-pirate-en-2016-57-millions-dutilisateurs-touches.html www.secnews.physaphae.fr/article.php?IdArticle=437898 False None Uber None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-11-22T05:40:13+00:00 https://threatpost.com/uber-reveals-breach-of-57-million-users-admits-to-covering-up-incident/128969/ www.secnews.physaphae.fr/article.php?IdArticle=437660 False None Uber 4.0000000000000000 ComputerWeekly - Computer Magazine 2017-11-22T05:30:12+00:00 http://www.computerweekly.com/news/450430525/Uber-recognises-need-for-consumer-trust-after-breach-cover-up www.secnews.physaphae.fr/article.php?IdArticle=438116 False Guideline Uber None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-11-22T01:38:22+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/v19kwPNQMro/uber-hack-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=437738 False None Uber None SecurityWeek - Security News Uber Covered Up Massive Hack in 2016 for More Than a Year ]]> 2017-11-22T00:46:15+00:00 http://feedproxy.google.com/~r/Securityweek/~3/aMHgNLZnX1Y/uber-hacked-information-57-million-users-accessed-covered-breach www.secnews.physaphae.fr/article.php?IdArticle=437521 False None Uber None Graham Cluley - Blog Security ]]> 2017-11-21T23:34:10+00:00 https://www.grahamcluley.com/uber-hackers-paid-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=437687 True None Uber None The State of Security - Magazine Américain A massive breach impacting 57 million Uber customers and drivers went undisclosed for more than a year. According to Bloomberg, the ride-hailing app ousted its Chief Security Officer Joe Sullivan and one of his deputies for attempting to conceal the data breach. The cyberattack, which dates back to October 2016, led to the exposure of […]… Read More ]]> 2017-11-21T22:53:04+00:00 https://www.tripwire.com/state-of-security/latest-security-news/uber-reportedly-paid-hackers-100k-conceal-data-breach-impacting-57m-users/ www.secnews.physaphae.fr/article.php?IdArticle=437456 False None Uber None ZD Net - Magazine Info 2017-11-21T22:19:00+00:00 http://www.zdnet.com/article/uber-concealed-hack-of-57-million-accounts-for-more-than-a-year/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=437465 False None Uber None Bleeping Computer - Magazine Américain 2017-11-21T19:16:44+00:00 https://www.bleepingcomputer.com/news/security/uber-supposedly-paid-hackers-100-000-to-keep-quiet-about-a-2016-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=437726 False None Uber None Zataz - Magazine Francais de secu 57 millions de fiches clients et chauffeurs de la société UBER piratés. Deux personnes auraient téléchargés les informations contenant, entre autres : permis de conduire, trajet, adresses, mails … Opération transparence pour le PDG d’Uber, Dara Khosrowshahi. Le nouveau boss de l’en... Cet article 57 millions de fiches clients et chauffeurs UBER piratés est apparu en premier sur ZATAZ. ]]> 2017-11-21T17:49:22+00:00 https://www.zataz.com/clients-chauffeurs-uber-pirates/ www.secnews.physaphae.fr/article.php?IdArticle=437864 False None Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Red Cross in 2016. Contractor breach exposes 50k Aussie govt, bank staff records | IT News AMP among companies affected by data breach of 50,000 staff records | The Guardian Wrestling student hacks grades A former chemistry student allegedly used keystroke-logging gadgets to steal tutors' passwords, change classmates' grades and download copies of exams ahead of time. Amateur wrestler Trevor Graves, 22, who studied at the University of Iowa was arrested and indicted this month on two hacking charges – each of which could land him up to ten years in the clink if found guilty. In paperwork (pdf) submitted to an Iowa district court, FBI agent Jeffrey Huber recounted that in December of last year one of the university's teachers noticed that Graves' grades had mysteriously improved. High-tech cheating scheme prompts charges at University of Iowa | Press Citizen FBI: Student wrestler grappled grades after choking passwords from PCs using a key logger | The Register Hackers Using Default SSH Creds to Take Over Ethereum Mining Equipment A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own. Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner. Change your default credentials, kids. Or better still, manufacturers – force users to change default credentials on first use! Hackers Using Default SSH Creds to Take Over Ethereum Mining Equipment | Bleeping Computer How to become a pentester This one is from the archives, but equally relevant today as it was two years ago when published. Going through a lot of the methodology and answering most questions budding pen testers would have. How to become a pentester | Corelan Team Circle with Disney web filter riddled with vulnerabilities A ‘smart’ thing made by Disney has more holes in it than swiss cheese. Who could have ever predicted such a thing? Circle]]> 2017-11-03T13:00:00+00:00 http://feeds.feedblitz.com/~/485064892/0/alienvault-blogs~Things-I-Hearted-this-Week-%e2%80%93-rd-November www.secnews.physaphae.fr/article.php?IdArticle=427990 False Guideline Uber None