This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T15:47:21+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-05-23T01:11:45+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/Ohhnu77nRwU/yahoo-imagemagick-hack.html www.secnews.physaphae.fr/article.php?IdArticle=367581 False None Yahoo None Ars Technica - Risk Assessment Security Hacktivism 2017-05-22T19:51:48+00:00 https://arstechnica.com/security/2017/05/yahoobleed-flaw-that-festered-for-years-leaked-private-yahoo-mail-data/ www.secnews.physaphae.fr/article.php?IdArticle=367431 False None Yahoo None Bleeping Computer - Magazine Américain 2017-05-22T11:12:40+00:00 https://www.bleepingcomputer.com/news/security/yahoo-retires-problematic-library-after-bug-exposes-user-email-content/ www.secnews.physaphae.fr/article.php?IdArticle=367504 False None Yahoo None ZD Net - Magazine Info 2017-05-22T05:39:15+00:00 http://www.zdnet.com/article/yahoo-retires-imagemagick-library-after-18-byte-exploit-leaks-user-email-content/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=367223 False None Yahoo None Dark Reading - Informationweek Branch 2017-05-19T10:00:00+00:00 http://www.darkreading.com/attacks-breaches/deconstructing-the-2016-yahoo-security-breach-/a/d-id/1328866?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=367130 False None Yahoo None Kevin Townsend - Blog Sécurité 2017-05-17T20:21:07+00:00 http://feedproxy.google.com/~r/ITSecurity_co_uk/~3/TZLn-izAAAA/ www.secnews.physaphae.fr/article.php?IdArticle=366389 False Guideline Yahoo None SANS Institute - SANS est un acteur de defense et formation 1] and the numerous interesting features they offer. Theyre plenty of web shells available, there are easy to find and install. They are usually delivered as one big obfuscated (read: Base64, ROT13 encoded and gzip width:801px" /> Im pretty sure that some people are using web shells as a remote administration tool. Is it really a good idea? Not sure When we install a software on our computer, one of the recommendations is to check the hash of the files/archives with the one provided by the developer to be sure that the software has not been altered by any means. It could be a good idea to make the same with web shells! While preparing a presentation about web shells and testing some of them in a lab, I found a specific version of the RC-Shell (v2.0.2011.0827) that started to generatesuspicious traffic. Almost at the same time, I was contacted by one of our readers that reported to me the same behaviour. He did some analysis on his side and the conclusion was thatthe web shell was backdoored! The PHP code contains anarray of Base64 encoded images which are icons used to identify the file types. In the backdoored version, the unknown padding:5px 10px"> $images = array( small_unk = iVBORw0KGgoAAAANSU ..., unknown = iVBORw0KGgoAAAANSU ... MD5 (unknown.png) = 1470521de78ef3d0795f83ea7af7c6ad If you have a look at the picture metadata, you will see that the unknown width:800px" /> Multiple functions have been added to the web shell to deploy the backdoor. padding:5px 10px"> function z8t($i, $o)//run backdoor { $r = @create_function($o, return @ . z7v($o, 0) . } Note: I found different versions of the web shell with different function names. The decoding of the PNG image comment and the installation of the backdoor is available here[3]. The code of the backdoor is located here[4]. Basically, it collects juicy information (local PHP variables and details about the web shell and phone home via two channels: SMTP is used to drop an email to peterlegere51@yahoo[.]com HTTP is used to post the same data to padding:5px 10px"> To: peterlegere51@yahoo.com Subject: Linux|http://shiva/lab/VW4Zy8Yg.php? X-PHP-Originating-Script: 1000:VW4Zy8Yg.php(830) : runtime-created function(1) : eval()d code Message-Id: 20170509202418.BE96124112C@shiva .NET CLR SERVER_NAME=xxxxxx SERVER_ADDR=192.168.254.8 SERVER_PORT=80 HTTP_REFERER=http://shiva/lab/ PHP_SELF=/lab/VW4Zy8Yg.php REQUEST_URI=/lab/VW4Zy8Yg.php SCRIPT_NAME=/lab/VW4Zy8Yg.php SCRIPT_FILENAME=/var/www/lab/VW4Zy8Yg.php REMOTE_ADDR=192.168.254.11 So, be warned when you download and use tools from unknown or unreliable sources. Even underground tools can be backdoored! [1]https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257 [2]http://entropymine.com/jason/tweakpng/ [3]https://gist.github.com/anonymous/319ef7124affebec67ebc56bc83cbe87 [4]https://pastebin.com/bgj7aH9u Xavier Mertens (@xme) ISC Handler - Freelance Security Consultant PGP Key (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]> 2017-05-12T06:34:35+00:00 https://isc.sans.edu/diary.html?storyid=22410&rss www.secnews.physaphae.fr/article.php?IdArticle=364561 False None Yahoo None Errata Security - Errata Security executive order on "cybersecurity". The first draft during his first weeks in power were hilariously ignorant. The current draft, though, is pretty reasonable as such things go. I'm just reading the plain language of the draft as a cybersecurity expert, picking out the bits that interest me. In reality, there's probably all sorts of politics in the background that I'm missing, so I may be wildly off-base.Holding managers accountableThis is a great idea in theory. But government heads are rarely accountable for anything, so it's hard to see if they'll have the nerve to implement this in practice. When the next breech happens, we'll see if anybody gets fired."antiquated and difficult to defend Information Technology"The government uses laughably old computers sometimes. Forces in government wants to upgrade them. This won't work. Instead of replacing old computers, the budget will simply be used to add new computers. The old computers will still stick around."Legacy" is a problem that money can't solve. Programmers know how to build small things, but not big things. Everything starts out small, then becomes big gradually over time through constant small additions. What you have now is big legacy systems. Attempts to replace a big system with a built-from-scratch big system will fail, because engineers don't know how to build big systems. This will suck down any amount of budget you have with failed multi-million dollar projects.It's not the antiquated systems that are usually the problem, but more modern systems. Antiquated systems can usually be protected by simply sticking a firewall or proxy in front of them."address immediate unmet budgetary needs necessary to manage risk"Nobody cares about cybersecurity. Instead, it's a thing people exploit in order to increase their budget. Instead of doing the best security with the budget they have, they insist they can't secure the network without more money.An alternate way to address gaps in cybersecurity is instead to do less. Reduce exposure to the web, provide fewer services, reduce functionality of desktop computers, and so on. Insisting that more money is the only way to address unmet needs is the strategy of the incompetent.Use the NIST frameworkProbably the biggest thing in the EO is that it forces everyone to use the NIST cybersecurity framework.The NIST Framework simply documents all the things that organizations commonly do to secure themselves, such run intrusion-detection systems or impose rules for good passwords.There are two problems with the NIST Framework. The first is that no organization does all the things listed. The second is that many organizations don't do the things well.Password rules are a good example. Organizations typically had bad rules, such as frequent changes and complexity standards. So the NIST Framework documented them. But cybersecurity experts have long opposed those complex rules, so have been fighting NIST on them.Another good example is intrusion-detection. These days, I scan the entire Internet, setting off everyone's intrusion-detection systems. I can see first hand that they are doing intrusion-detection wrong. But the NIST Framework recommends they do it, because many organizations do it, but the NIST Framework doesn't demand they do it well.When this EO forces everyone to follow the NIST Framework, then, it's likely just going to i]]> 2017-05-12T02:51:43+00:00 http://blog.erratasec.com/2017/05/some-notes-on-trumps-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=364556 False Guideline Tesla,Yahoo None SANS Institute - SANS est un acteur de defense et formation https://myaccount.google.com/security , I found that at some point in the past, I granted TripAdvisor access to my Gmail account. This wasnt intentional, it was probably an OK prompt during an install or update process you know, the ones you sometimes just click quickly / accidentally without paying attention to? Then wonder if you just clicked something dumb right after? Anyway, yes, one of those - *click* - gone now! I moved on to Facebook - application settings are here: https://www.facebook.com/settings and privacy settings are here: https://www.facebook.com/settings?tab=privacy Really, everything in that page needs to be looked at!. Me, I was surprised to find that I was using an older email address for my Facebook login (oops) with the login buried in my iPad app, it wasnt something I had thought about (plus Im not in facebook too much lately) Other sites of interest: Twitter: https://twitter.com/settings/account In particular: https://twitter.com/settings/safety And: https://twitter.com/settings/applications Linkedin: https://www.linkedin.com/psettings/ Really, most apps that you run have a privacy or a security page it never seems to be front-and-center though, in fact for many of the apps I access primarily from a dedicated app on my phone or tablet, I needed to go to the real application in my browser to find these settings. As you go, be sure to translate the security questions to plain English. For instance, from Googles privacy checkup, youbase64,iVBORw0KGgoAAAANSUhEUgAAAwQAAABsCAIAAABb1uIfAAAgAElEQVR4nOy9Z1dcSbYm3D9p3o8zs9adO/ftrq6qLkkljwBhlSC89wiPkAQyIIckQB5ZZAp5A3IgCYQTMiAJhIf0mcfGOXEinvkQSRZluqf7TvVU1TTPyiUlJzMj4+zYe8cTO/aO/AOWsYxlLGMZy1jGMv6F8YdfuwPLWMYylrGMZSxjGb8mlsnQMpaxjGUsYxnL+JfGMhlaxjKWsYxlLGMZ/9JYJkPLWMYylrGMZSzjXxrLZGgZy1jGMpaxjGX8S2OZDC1jGctYxjKWsYx/afwBAOccAGPsR6+pqmqapnjOGHO73X9no4QQxpho9teCZVm6rovnlFJxI4qi/Ipd+llomgYgKGdKKQC/3/9Ltf9LyeH3Is/fETjnnHPTNAkh4opQhmX857DUgxmGsVRFg/a1rLe/ffwG7cI0TVVVgwpmWRYASikhRExzv+5kt4xfBD8gQ2KMOedL3Yqu63+P71BVdenb+CJ++S7/I9B1/Vc3pL8HQZ4hy/I/qf1fRA6/F3n+9vGjmVuY3jL+DyEm0eCfQSGrqvqjJ8v4beK3ZhdBzyzAGAsuBZfCsqyfRhOW8fvCHwBYliVYi2maIjLx1/D3uJKlXCpI7f/vI8jMRB8Mw/gFwy2/IITBBwUlSdIva/+/lBx+L/L8vYAQQik1DCNoLLqu/+qu//eLoBjFet00TRGctizLsqylZEhc+fV6uoy/hd+aXSxd0gsmFLy+9G3LSvX/AP4AgFIqBjI4opTSN2/enDlzpqioqLCwMCsrKyUlpbCwMDs7O+evIzs7u7CwMD09vamp6d27d7/ujf2Ipwu3+Gt15m/gnx08+6Xk8HuR5+8XhmH82l34fWPpWi7o05bxe8evbheWZWma9iN1opRSSpejQf8vIRAZEnG/IBkaGxurq6urqalJT0/Pzc3NzMxMTEwsKSnJy8v7a0woMzMzJSUlNzc3JSVl7969hw4dGhoa+nXvTZIkTdM458GdnV8xUvU3IFZCuq4LV/6LG9gvJYffizx/Fwj6VsaYqqo+n++nsfdl/ENQFMXn8y2dtIJujTFmGIaINyyTpN8yfmt28dNVHyEk6AAFJQq+tMyNftcIVJOJWS0YXr506VJGRsbY2NiP3v23M1qEKliW5XK5cnNz6+vr/zl9/ruwdO]]> 2017-05-10T02:16:35+00:00 https://isc.sans.edu/diary.html?storyid=22400&rss www.secnews.physaphae.fr/article.php?IdArticle=363706 False Guideline Guam,Yahoo None SecurityWeek - Security News 2017-05-08T18:05:39+00:00 http://feedproxy.google.com/~r/Securityweek/~3/KLKPIQua9ec/yahoo-paid-out-2-million-bug-bounty-program www.secnews.physaphae.fr/article.php?IdArticle=363121 False None Yahoo None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC When users clicked on the button, they were prompted to give “Google Docs” permission to read / send email, manage their email, and access their contact lists.  In reality, this was a malicious application registered by the attackers. And, in fact, is one of the most well-crafted phishing attempts in the last year. By clicking on the ALLOW button, users authorized the malicious application to perform actions on their behalf. The users’ browsers were redirected to one of the malicious servers set up by the attackers, for example: https://googledocs[.]docscloud[.]win/g.php. The AlienVault Labs Security Research Team detected the activity, and while the attack was still in progress, we created a Pulse in the Open Threat Exchange (OTX) with all the indicators of the infrastructure the attackers used (mainly the domains they used in redirection). In addition, several OTX users jumped in and shared more malicious infrastructure in a matter of minutes! This helped get the indicators out immediately to the 30,000+ people that follow the AlienVault OTX account. Kudos to the OTX members who jumped in and delivered this valuable information so quickly to the community! Sign up to OTX to join the 53,000+ users who already benefit from this free service > Going back to the attack–when the user was redirected to one of the servers after allowing the malicious application to perform those actions, it was served with the JavaScript code that contained the self-replication / worm functionality. First, the malicious JavaScript would get access to the contact list (first 1000 entries): The code parsed the names and email addresses of those contacts and then prioritize addresses from gmail.com, avoiding addresses containing the words “google”, “keeper” and “unty”. Once the list of potential victims was crafted, the code sent the same email to them as well, thus propagating the attack: When sending the email, the attackers also decided to BCC the address hhhhhhhhhhhhhhhh[at]mailinator[.]com -, presumably to monitor progress or collect the list of victims. Impact Luckily, Google reacted to this quickly, and the malicious applications were shut down in about an hour after the start of the campaign. Cloudflare, which the attackers used in front of the malicious infrastructure, took down that part of the attack infrastructure quickly, too. It is important to mentio]]> 2017-05-04T17:18:00+00:00 http://feeds.feedblitz.com/~/309131881/0/alienvaultotx~OAuth-Worm-Targeting-Google-Users-You-Need-to-Watch-Cloud-Services www.secnews.physaphae.fr/article.php?IdArticle=362065 False Guideline APT 28,Yahoo None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-05-01T16:08:01+00:00 https://threatpost.com/flickr-vulnerability-worth-7k-bounty-to-researcher/125312/ www.secnews.physaphae.fr/article.php?IdArticle=360664 False None Yahoo None SecurityWeek - Security News 2017-05-01T13:07:45+00:00 http://feedproxy.google.com/~r/Securityweek/~3/EleK_PQoLnM/yahoo-awards-7000-flickr-account-hijacking-flaws www.secnews.physaphae.fr/article.php?IdArticle=360598 False None Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC What Is Insider Threat – read more The recent “Vault 7” WikiLeaks download of thousands of pages of sensitive CIA hacking tools and techniques is the latest episode of high profile insider breaches. Other noted examples include Army Pfc Chelsea Manning - 400,000 documents - Iraq War logs, 91,000 documents- Afghanistan database, Edward Snowden - 50,000 to 200,000 NSA documents, Harold Thomas Martin III NSA Contractor- 50,000 gigabytes, about 500 million documents, Home Depot data breach - 56 million credit cards, Yahoo - 1 billion accounts, and Twitter - 32 million accounts. Healthcare – 4 million patient records. Average cost of a data breach in 2016 was $4 million dollars/company (Ponemon). Global business loss in 2014 – $1.7 trillion dollars with 23% annual growth. 2016 losses could be higher than $3 trillion dollars globally (stats courtesy of Mr. Thomas Kupiec – Chief Information Security Officer – SMS and former CISO of the National Geospatial Intelligence Agency) There are voluminous lists of breaches (see infographic), not all of them are insider breaches, but many of them can be attributed to actions from someone on the inside. These data breaches touch every vertical of society; security, healthcare, financial, transportation, and commerce. Source for Infographic For Chief Information Security Officers (CISOs), defending against insider threats is a biggest challenge. In fact, according to a recent SANS Survey on Insider Threats, 74% of CISOs expressed concern about employees stealing sensitive company information. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all cyber- attacks were carried out by insiders. The Verizon 2016 DBIR Report [KB2] disclosed that that 77 percent of internal breaches were deemed to be by employees, 11 percent by external actors only, 3 percent were from partners and 8 percent involved internal-external collusion which makes them hard to categorize. And according to Accenture HfS Research 69% of enterprise security executives reported experiencing an attempted theft or corruption of data by insiders during the last 12 months. TYPES OF INSIDER BREACHES To understand vulnerabilities to insider threats, it is important to be able to define and categorize the types. The Information Security Forum (ISF) provides a good framework for describing insider breaches: Malicious: Malicious insider behavior combines a motive to harm with a decision to act inappropriately. For example, keeping and turning over sensitive proprietary information to a competitor after being terminated. Negligent: Negligent behavior can occur when people look for ways to avoid poli]]> 2017-04-05T13:00:00+00:00 http://feeds.feedblitz.com/~/288094132/0/alienvault-blogs~Defining-and-Addressing-the-Growing-Cyber-Insider-Threat www.secnews.physaphae.fr/article.php?IdArticle=353728 False None Yahoo None Graham Cluley - Blog Security What can you do to better protect your online email accounts? In this special edition of the "Smashing Security" podcast, regular hosts Graham Cluley and Carole Theriault, joined by special guest Paul Ducklin, share tips on how to better defend your Gmail/Yahoo/Hotmail/Outlook/etc account. ]]> 2017-03-30T09:24:51+00:00 https://www.grahamcluley.com/smashing-security-014-protecting-webmail/ www.secnews.physaphae.fr/article.php?IdArticle=349389 False None Yahoo None Network World - Magazine Info IBM Security's 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as: The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion -- more than the combined total from the two previous years. In one case, a single source leaked more than 1.5 billion records [see Yahoo breach]. In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year. In 2016, many significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised. The most popular types of malcode we observed in 2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service vendors. Since DDoS tools are mostly sold as a service and not as malware per se, we will focus here on banking Trojans, Android malware and ransomware. In December 2016, a malware developer with an ongoing banking Trojan project showed up in underground forums, aspiring to sell some licenses as he worked on completing the development of all its modules. The actor promised to deliver future capabilities, such as a Socket Secure (SOCKS) proxy and hidden virtual network computing alongside technical support and free bug fixes. The malware was named Nuclear Bot, or NukeBot, at the time. IBM wrote it has yet to see NukeBot/Micro Bot active in the wild, analyses performed by X-Force and other vendors found that it has the potential to rise in 2017 and bring back commercial Trojan sales in the underground. In 2015, Healthcare was the most attacked industry with Financial Services falling to third, however, attackers in 2016 refocused back on Financial Services. IBM did note that while the healthcare industry continued to be beleaguered by a high number of incidents, attackers hit on smaller targets resulting in a lower number of leaked records. In 2016, only 12 million records were compromised in healthcare - keeping it out of the top 5 most-breached industries. For perspective, nearly 100 million healthcare records were compromised in 2015 resulting in an 88% drop in 2016, IBM stated.To read this article in full or to leave a comment, please click here]]> 2017-03-29T08:35:00+00:00 http://www.networkworld.com/article/3185813/security/ibm-on-the-state-of-network-security-abysmal.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=349028 False None Yahoo None SecurityWeek - Security News US indicted two FSB intelligence agents over cyberattacks on Yahoo that compromised 500 million accounts. ]]> 2017-03-17T19:27:52+00:00 http://feedproxy.google.com/~r/Securityweek/~3/4OB7c6wAn3E/kremlin-denies-involvement-after-yahoo-cyberattack-charges www.secnews.physaphae.fr/article.php?IdArticle=341266 False None Yahoo None Network World - Magazine Info here to subscribe.  As of mid-February, the plan for Verizon Communications to acquire a majority of Yahoo's web assets is still on, despite the announcement of Yahoo having suffered two massive breaches of customer data in 2013 and 2014. The sale price, however, has been discounted by $350 million, and Verizon and Altaba Inc. have agreed to share any ongoing legal responsibilities related to the breaches. Altaba is the entity that will own the portion of Yahoo that Verizon is not acquiring.To read this article in full or to leave a comment, please click here]]> 2017-03-17T11:12:00+00:00 http://www.networkworld.com/article/3182139/security/a-cybersecurity-risk-assessment-is-a-critical-part-of-manda-due-diligence.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=340249 False None Yahoo None The State of Security - Magazine Américain Read More ]]> 2017-03-17T03:00:09+00:00 https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/yahoo-bleeds-protection-customer-data/ www.secnews.physaphae.fr/article.php?IdArticle=339449 False None Yahoo None Naked Security - Blog sophos ]]> 2017-03-16T18:41:43+00:00 https://nakedsecurity.sophos.com/2017/03/16/news-in-brief-yahoo-was-spear-phished-mcdonalds-twitter-hijacked-samsung-moots-face-recognition-for-payments/ www.secnews.physaphae.fr/article.php?IdArticle=339316 False None Yahoo None Network World - Magazine Info To read this article in full or to leave a comment, please click here]]> 2017-03-16T17:57:45+00:00 http://www.networkworld.com/article/3181791/security/yahoo-breach-exposes-the-drawbacks-of-state-sponsored-hacking.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=339326 False None Yahoo None Dark Reading - Informationweek Branch 2017-03-16T16:15:00+00:00 http://www.darkreading.com/mandiant-financial-cybercriminals-looking-more-like-nation-states/d/d-id/1328426?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=339690 False None Yahoo None We Live Security - Editeur Logiciel Antivirus ESET 2017-03-16T10:48:38+00:00 http://feedproxy.google.com/~r/eset/blog/~3/cqZe-SNjnFA/ www.secnews.physaphae.fr/article.php?IdArticle=339146 False None Yahoo None ComputerWeekly - Computer Magazine 2017-03-16T06:45:57+00:00 http://www.computerweekly.com/news/450414977/US-accuses-Russian-spies-of-directing-Yahoo-breach www.secnews.physaphae.fr/article.php?IdArticle=339246 False None Yahoo None Network World - Magazine Info compromise of more than 1.5 billion Yahoo! accounts, which took down its acquisition value by a reported $350 million – are seeking insurance. And when demand rises, the price tends to do so as well.To read this article in full or to leave a comment, please click here]]> 2017-03-16T05:52:00+00:00 http://www.networkworld.com/article/3181708/security/want-good-cyber-insurance-read-the-fine-print.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=339008 False None Yahoo None 01net. Actualites - Securite - Magazine Francais ]]> 2017-03-16T04:26:08+00:00 http://www.01net.com/actualites/comment-les-hackers-russes-ont-siphonne-les-donnees-de-yahoo-1123052.html www.secnews.physaphae.fr/article.php?IdArticle=339574 False None Yahoo 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-03-16T03:10:32+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/dcFKv2jDr-c/yahoo-data-breach-hack.html www.secnews.physaphae.fr/article.php?IdArticle=338827 False None Yahoo None Krebs on Security - Chercheur Américain 2017-03-16T00:49:07+00:00 https://krebsonsecurity.com/2017/03/four-men-charged-with-hacking-500m-yahoo-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=338086 False None Yahoo None Ars Technica - Risk Assessment Security Hacktivism 2017-03-15T21:13:05+00:00 https://arstechnica.com/tech-policy/2017/03/fbi-hints-that-hack-of-semi-privileged-yahoo-employee-led-to-massive-breach/ www.secnews.physaphae.fr/article.php?IdArticle=338066 False None Yahoo None Naked Security - Blog sophos ]]> 2017-03-15T18:37:39+00:00 https://nakedsecurity.sophos.com/2017/03/15/news-in-brief-france-drops-e-voting-alleged-yahoo-hackers-indicted-google-tool-for-parents/ www.secnews.physaphae.fr/article.php?IdArticle=337964 False None Yahoo None Network World - Magazine Info indictment might amount to nothing more than naming and shaming Russia. That's because no one expects the Kremlin to play along with the U.S. indictment. “I can't imagine the Russian government is going to hand over the two FSB officers,” said Jeremiah Grossman, chief of security strategy at SentinelOne. "Even in the most successful investigations, state hackers are still immune from prosecution or retaliation," said Kenneth Geers, a research scientist at security firm Comodo.To read this article in full or to leave a comment, please click here]]> 2017-03-15T18:20:04+00:00 http://www.networkworld.com/article/3181492/security/us-faces-limits-in-busting-russian-agents-over-yahoo-breach.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=338019 False None Yahoo None Dark Reading - Informationweek Branch 2017-03-15T18:20:00+00:00 http://www.darkreading.com/endpoint/doj-indicts-russian-fsb-officers-and-cybercriminals-in-yahoo-breach/d/d-id/1328412?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=338784 False None Yahoo None SecurityWeek - Security News 2017-03-15T18:17:23+00:00 http://feedproxy.google.com/~r/Securityweek/~3/24v6dwoKeeg/us-government-indicts-two-russian-fsb-officers-over-yahoo-hack www.secnews.physaphae.fr/article.php?IdArticle=338122 False None Yahoo None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-03-15T17:32:37+00:00 https://threatpost.com/fsb-officers-criminal-hackers-indicted-in-yahoo-breach/124340/ www.secnews.physaphae.fr/article.php?IdArticle=338816 False None Yahoo None Ars Technica - Risk Assessment Security Hacktivism 2017-03-15T16:26:07+00:00 https://arstechnica.com/tech-policy/2017/03/us-charges-two-fsb-officers-two-criminal-hackers-in-yahoo-breach/ www.secnews.physaphae.fr/article.php?IdArticle=338067 False None Yahoo None ZD Net - Magazine Info 2017-03-15T15:42:00+00:00 http://www.zdnet.com/article/justice-dept-charges-four-over-yahoo-hacks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=337974 False None Yahoo None Network World - Magazine Info To read this article in full or to leave a comment, please click here]]> 2017-03-15T15:37:00+00:00 http://www.networkworld.com/article/3181484/hacking/inside-the-russian-hack-of-yahoo-how-they-did-it.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=338020 False None Yahoo None Bleeping Computer - Magazine Américain 2017-03-15T13:24:36+00:00 https://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/ www.secnews.physaphae.fr/article.php?IdArticle=338693 False None Yahoo 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-03-15T12:13:59+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/7CgEcH0zI8w/yahoo-russian-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=338096 False None Yahoo None Network World - Magazine Info hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a "state-sponsored" group.On Wednesday, the FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.To read this article in full or to leave a comment, please click here]]> 2017-03-15T09:07:14+00:00 http://www.networkworld.com/article/3181308/legal/four-charged-including-russian-govt-agents-for-massive-yahoo-hack.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=338038 False Guideline Yahoo None Ars Technica - Risk Assessment Security Hacktivism 2017-03-13T15:51:58+00:00 https://arstechnica.com/business/2017/03/yahoo-to-give-marissa-mayer-23-million-parting-gift-after-sale-to-verizon/ www.secnews.physaphae.fr/article.php?IdArticle=335387 False None Yahoo None UnderNews - Site de news "pirate" francais Dans un contexte où la CIA développe des programmes de piratage destinés à transformer les smartphones ou les télévisions connectées en appareils d'écoute, où la messagerie d'Hilary Clinton a pu être accédée frauduleusement, où Yahoo révèle avoir été victime d'une vulnérabilité ayant affecté 32 millions de comptes, les internautes ont pris conscience des risques liés aux cyberattaques.]]> 2017-03-09T10:40:16+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/24vrKf8v8sU/cybersecurite-5-astuces-pour-se-proteger-en-ligne.html www.secnews.physaphae.fr/article.php?IdArticle=332835 False None Yahoo None Network World - Magazine Info To read this article in full or to leave a comment, please click here]]> 2017-03-07T09:58:00+00:00 http://www.networkworld.com/article/3177435/social-networking/honeypot-catches-social-engineering-scams-on-social-media.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=330123 False None Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-03-06T08:50:33+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/j7a3cKL21Zg/gmail-yahoo-password-hack.html www.secnews.physaphae.fr/article.php?IdArticle=328767 False None Yahoo None Errata Security - Errata Security For example, there is the notorious "CIA hacked Senate computers" scandal. In fact, the computers in question were owned by the CIA, located in a CIA facility, and managed/operated by CIA employees. You can't "hack" computers you own. Yes, the CIA overstepped the bounds of an informal agreement with the Senate committee overseeing them, but in no way did anything remotely like "hacking" occur.This detail matter. If the CIA had truly hacked the Senate committee, that would be a constitutional crisis. A small misstep breaking an informal agreement is not.A more recent example is this story, which mentions that AlfaBank-Trump connection, claiming the server was in Trump Tower [*]:What about the computer server at Trump Tower?Several news media outlets have reported that investigators last year were puzzled by data transmissions between a computer server at Trump Tower and a computer server associated with a Russian bank. Although Mr. Trump on Twitter talked about his “phones,” in theory a judge might determine that the computer address of the server in the tower was a facility being used by a foreign power, Russia, to communicate, and authorize surveillance of it.No, the server was not located in Trump Tower. It was located outside Philadelphia. It's owned and operated by a company called Listrak. There's no evidence anybody in the Trump Organization even knew about the server. It was some other company named Cendyn who decided to associate Trump's name with the server. There's no evidence of communication between the server and Alfa -- only evidence of communication about the server from Alfa.The details are important to the story, because it's trying to show how a judge "might determine that the computer ... in the tower was a facility being used by a foreign power". If it's not anywhere near or related to the Trump Tower, no such determination could be made.Then there was that disastrous story from the Washington Post about Russia hacking into a Vermont power plant [*], which still hasn't been retracted despite widespread condemnation. No such hacking occurred. Instead, the details of what happened is that an employee checked Yahoo mail from his laptop. The night before, the DHS had incorrectly configured its "Einstein" intrusion detection system to trigger on innocent traffic with Yahoo as an indicator of compromise from Russian hackers.You can see how journalists make these mistakes. If CIA is spying on computers used by Senate staffers, then the natural assumption is that the CIA hacked those computers. If there was a server associated with the Trump Organization, however tenuous, it's easy to assume a more concrete relationship, such as the server being located in Trump's offices. You can see how once the DHS claims there was a hack, and you've filled your stories with quotes from senators pontificating about the meaning of such hacks, it's very difficult to retract the story when the details emerge there was nothing remotely resembling a hack.I'm not trying to claim that journalists need to be smarter about hacking. I'm instead claiming that journalists need to be smarter about journalism. The flaws here all go one way -- toward the sensational. Instead of paying attention to the details and questioning whether such sensational]]> 2017-03-06T06:50:36+00:00 http://blog.erratasec.com/2017/03/journalists-how-hacking-details-matter.html www.secnews.physaphae.fr/article.php?IdArticle=328651 False None Yahoo None ComputerWeekly - Computer Magazine 2017-03-06T05:00:19+00:00 http://www.computerweekly.com/news/450414335/More-than-a-million-Gmail-and-Yahoo-account-credentials-on-sale www.secnews.physaphae.fr/article.php?IdArticle=328573 False None Yahoo None Network World - Magazine Info To read this article in full or to leave a comment, please click here]]> 2017-03-04T13:07:00+00:00 http://www.networkworld.com/article/3176887/security/enough-with-the-cyber.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=327857 False None Yahoo None We Live Security - Editeur Logiciel Antivirus ESET 2017-03-03T15:34:08+00:00 http://feedproxy.google.com/~r/eset/blog/~3/NJq2ognUfUg/ www.secnews.physaphae.fr/article.php?IdArticle=327988 False None Yahoo None Dark Reading - Informationweek Branch 2017-03-03T09:27:00+00:00 http://www.darkreading.com/careers-and-people/yahoo-ceo-punished-for-data-breaches/d/d-id/1328309?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=328204 False None Yahoo None TechRepublic - Security News US 2017-03-02T15:42:59+00:00 http://www.techrepublic.com/article/yahoo-confirms-32m-accounts-breached-in-2015-2016-forged-cookies-attack/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=327105 False None Yahoo None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-03-02T14:55:49+00:00 https://threatpost.com/yahoo-tells-sec-executives-failed-to-act-on-breach/124017/ www.secnews.physaphae.fr/article.php?IdArticle=327274 False None Yahoo None The State of Security - Magazine Américain Read More ]]> 2017-03-02T12:16:52+00:00 https://www.tripwire.com/state-of-security/latest-security-news/32-million-yahoo-accounts-affected-forged-cookies-investigation-finds/ www.secnews.physaphae.fr/article.php?IdArticle=326138 False None Yahoo None SecurityWeek - Security News 2017-03-02T09:54:24+00:00 http://feedproxy.google.com/~r/Securityweek/~3/JF3ciAgBJKE/forged-cookie-attack-affected-32-million-yahoo-users www.secnews.physaphae.fr/article.php?IdArticle=325900 False None Yahoo None ComputerWeekly - Computer Magazine 2017-03-02T06:30:32+00:00 http://www.computerweekly.com/news/450414167/Yahoo-breaches-underline-executive-role-in-cyber-security www.secnews.physaphae.fr/article.php?IdArticle=326761 False None Yahoo None Bleeping Computer - Magazine Américain 2017-03-02T06:03:37+00:00 https://www.bleepingcomputer.com/news/security/yahoo-ceo-gives-annual-bonus-to-employees-after-company-confirms-new-hacks/ www.secnews.physaphae.fr/article.php?IdArticle=326782 False None Yahoo None Ars Technica - Risk Assessment Security Hacktivism 2017-03-02T01:10:14+00:00 https://arstechnica.com/security/2017/03/marissa-mayer-forgoes-bonus-after-yahoo-botches-hack-investigation/ www.secnews.physaphae.fr/article.php?IdArticle=325533 False None Yahoo None Graham Cluley - Blog Security Also it is revealed that hackers accessed 32 million Yahoo user accounts in the last two years using forged cookies. ]]> 2017-03-02T00:46:06+00:00 https://www.grahamcluley.com/yahoo-ceo-marissa-mayer-will-miss-cash-bonus-security-breaches/ www.secnews.physaphae.fr/article.php?IdArticle=325732 False None Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-03-02T00:17:31+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/92AWla3T7g0/yahoo-cookie-forging-hack.html www.secnews.physaphae.fr/article.php?IdArticle=325875 False None Yahoo None Network World - Magazine Info data breach involving 500 million user accounts in September, actually knew an intrusion had occurred back in 2014, but allegedly botched its response.The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.To read this article in full or to leave a comment, please click here]]> 2017-03-01T17:01:38+00:00 http://www.networkworld.com/article/3176042/security/yahoo-execs-botched-its-response-to-2014-breach-investigation-finds.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=325574 False None Yahoo None Network World - Magazine Info cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what's preventing this process from happening?To read this article in full or to leave a comment, please click here]]> 2017-03-01T08:28:00+00:00 http://www.networkworld.com/article/3174682/security/to-improve-information-security-enterprises-and-government-must-share-information.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=325592 False Guideline Yahoo None SecurityWeek - Security News 2017-02-22T16:51:20+00:00 http://feedproxy.google.com/~r/Securityweek/~3/z6OA-DWtJd8/yahoo-slashes-price-verizon-deal-350-million-after-data-breaches www.secnews.physaphae.fr/article.php?IdArticle=320885 False None Yahoo None Dark Reading - Informationweek Branch 2017-02-22T09:15:00+00:00 http://www.darkreading.com/attacks-breaches/yahoo-trims-its-price-tag-to-verizon-by-$350-million-/d/d-id/1328232?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=321087 False None Yahoo None Naked Security - Blog sophos ]]> 2017-02-21T18:37:34+00:00 https://nakedsecurity.sophos.com/2017/02/21/news-in-brief-concern-about-windows-10-hacks-cost-yahoo-php-gets-better-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=319532 False None Yahoo None Ars Technica - Risk Assessment Security Hacktivism 2017-02-21T15:45:51+00:00 https://arstechnica.com/security/2017/02/recent-meeting-finds-yahoos-badly-hacked-systems-were-still-compromised/ www.secnews.physaphae.fr/article.php?IdArticle=319541 False None Yahoo None ZD Net - Magazine Info 2017-02-21T14:40:00+00:00 http://www.zdnet.com/article/verizon-cuts-yahoo-price-after-hacks-by-1-55-per-customer/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=319443 False None Yahoo None ComputerWeekly - Computer Magazine 2017-02-21T11:15:26+00:00 http://www.computerweekly.com/news/450413483/Yahoo-takes-350m-cut-on-deal-with-Verizon-after-security-breaches www.secnews.physaphae.fr/article.php?IdArticle=320148 False None Yahoo 3.0000000000000000 Network World - Magazine Info Everything you know about cyberwar is wrong + The massive Yahoo data breaches of 2013 and 2014 now have a real cost attached to them, and it's a couple orders of magnitude larger than those piddly estimates. Simply put, the breaches forced Yahoo to renegotiate its sale to Verizon, cutting the price by $350 million. To read this article in full or to leave a comment, please click here]]> 2017-02-21T06:54:00+00:00 http://www.networkworld.com/article/3172402/security/we-finally-know-how-much-a-data-breach-can-cost.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=319505 False None Yahoo None Network World - Magazine Info announced the amended terms of the deal Tuesday.Back in October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.To read this article in full or to leave a comment, please click here]]> 2017-02-21T06:41:55+00:00 http://www.networkworld.com/article/3172121/security/verizon-knocks-off-350m-from-yahoo-deal-after-breaches.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=319506 False None Yahoo None ZD Net - Magazine Info 2017-02-17T18:00:00+00:00 http://www.zdnet.com/article/yahoo-not-deleting-email-accounts-say-users/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=317808 False None Yahoo None UnderNews - Site de news "pirate" francais Après avoir révélé la compromission de 500 millions de comptes en septembre, puis celle de près d'un milliard de données en décembre dans le cadre de cyberattaques, Yahoo alerte aujourd'hui ses utilisateurs de nouveaux piratages.]]> 2017-02-17T14:21:23+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/gj_csAjeaes/la-double-authentification-et-la-deconnexion-systematique-cles-pour-contrer-les-cookies-falsifies.html www.secnews.physaphae.fr/article.php?IdArticle=318011 False None Yahoo None Dark Reading - Informationweek Branch 2017-02-17T13:30:00+00:00 http://www.darkreading.com/attacks-breaches/yahoo-explains-cookie-forgery-related-to-two-2016-breaches/d/d-id/1328205?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=318097 False None Yahoo None Naked Security - Blog sophos ]]> 2017-02-16T17:48:17+00:00 https://nakedsecurity.sophos.com/2017/02/16/news-in-brief-cookie-breach-alert-for-yahoo-users-text-spammer-fined-churchills-search-for-alien-life/ www.secnews.physaphae.fr/article.php?IdArticle=316798 False None Yahoo None The State of Security - Magazine Américain 2017-02-16T10:17:48+00:00 https://www.tripwire.com/state-of-security/featured/more-yahoo-users-warned-of-malicious-account-access-via-forged-cookies/ www.secnews.physaphae.fr/article.php?IdArticle=316288 False None Yahoo None Dark Reading - Informationweek Branch 2017-02-16T09:25:00+00:00 http://www.darkreading.com/yahoo-warns-users-of-forged-cookies-in-third-breach-/d/d-id/1328178?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=317057 False None Yahoo None 01net. Actualites - Securite - Magazine Francais ]]> 2017-02-16T07:06:30+00:00 http://www.01net.com/actualites/des-utilisateurs-de-yahoo-victimes-d-attaques-par-faux-cookies-1104444.html www.secnews.physaphae.fr/article.php?IdArticle=316979 False None Yahoo 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-02-16T02:26:05+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/pt472UVUopw/yahoo-hack.html www.secnews.physaphae.fr/article.php?IdArticle=316263 False None Yahoo None Ars Technica - Risk Assessment Security Hacktivism 2017-02-15T23:35:34+00:00 https://arstechnica.com/information-technology/2017/02/yahoo-reveals-more-breachiness-to-users-victimized-by-forged-cookies/ www.secnews.physaphae.fr/article.php?IdArticle=315464 False None Yahoo None SecurityWeek - Security News 2017-02-15T21:17:27+00:00 http://feedproxy.google.com/~r/Securityweek/~3/hp2VX-UcWkM/yahoo-notifies-users-sophisticated-breach-methods www.secnews.physaphae.fr/article.php?IdArticle=315975 False None Yahoo None Naked Security - Blog sophos ]]> 2017-02-15T18:47:50+00:00 https://nakedsecurity.sophos.com/2017/02/15/news-in-brief-nokia-to-reboot-iconic-phone-ai-assistants-set-to-do-voice-calls-yahoo-verizon-agree-price/ www.secnews.physaphae.fr/article.php?IdArticle=315408 False None Yahoo 2.0000000000000000 Krebs on Security - Chercheur Américain 2017-02-15T18:03:06+00:00 https://krebsonsecurity.com/2017/02/who-ran-leakedsource-com/ www.secnews.physaphae.fr/article.php?IdArticle=315397 False None Yahoo None Network World - Magazine Info seeking a discount of US$250 million because of the data breaches.To read this article in full or to leave a comment, please click here]]> 2017-02-15T10:46:38+00:00 http://www.networkworld.com/article/3170688/security/yahoo-warns-users-of-account-breaches-related-to-recent-attacks.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=315434 False None Yahoo None ZD Net - Magazine Info 2017-02-13T19:40:00+00:00 http://www.zdnet.com/article/senators-stonewalled-by-yahoo-silence-over-historical-hacks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=312581 False None Yahoo None Naked Security - Blog sophos ]]> 2017-02-09T17:21:13+00:00 https://nakedsecurity.sophos.com/2017/02/09/news-in-brief-yahoo-faced-with-suit-dev-hits-back-at-support-scammers-note-7-batteries-flare-up/ www.secnews.physaphae.fr/article.php?IdArticle=310384 False None Yahoo 2.0000000000000000 Network World - Magazine Info a breach at Yahoo that reveals millions of user accounts, a compromise involving Gmail phishing scams. Security professionals are constantly moving the chess pieces around, but it can be a losing battle.Yet, there is one ally that has emerged in recent years. Artificial intelligence can stay vigilant at all times, looking for patterns in behavior and alerting you to a new threat.To read this article in full or to leave a comment, please click here]]> 2017-02-03T04:35:00+00:00 http://www.networkworld.com/article/3165232/security/how-ai-is-stopping-criminal-hacking-in-real-time.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=306106 False None Yahoo None Network World - Magazine Info 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] “I think we are going to find more, not less, breaches in 2017,” says Ray Rothrock, CEO of RedSeal, a security analytics firm.To read this article in full or to leave a comment, please click here]]> 2017-02-02T04:53:00+00:00 http://www.networkworld.com/article/3164514/security/why-2017-will-be-the-worst-year-ever-for-security.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=304751 False None Yahoo None We Live Security - Editeur Logiciel Antivirus ESET 2017-01-27T09:30:24+00:00 http://feedproxy.google.com/~r/eset/blog/~3/TygkuW-bgPA/ www.secnews.physaphae.fr/article.php?IdArticle=301133 False None Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Open Threat Exchange (OTX) platform. As a way to say hello, I’ve put down some thoughts on why I was so keen to come work on OTX. A lot has changed since I jumped into cyber security just 5 years ago. First there was the Target breach. Then Sony. OPM. Yahoo. The elections. Between those infamous landmark case studies IT administrators have been battling constant attacks against their own networks. Ransomware trashing network shares. Users clicking “Enable Macros”. Finance teams approving fraudulent wire transactions. The security industry has had to continuously evolve to respond to ever-changing threats. The Evolution of Threat Intelligence Back in 2011 an employee of an incident response company was frustrated at the lack of threat intelligence sharing across the industry. So, they leaked the domain names used by the biggest group of attackers to Pastebin. It was a desperate attempt to prevent the mass of attacks the group was committing against both companies and governments. Two years, and hundreds of compromised organisations later, Mandiant released their landmark APT1 report. It was on the very same attackers, still using many of the same domain names. We’ve come a long way since then. Now security vendors race each other to share new waves of attacks first and government institutions are mandated to do the same. But this has led to other problems. Keeping up with all the reports is in itself a full-time job. And some reports contain false positives that set off security devices like Christmas tree lights. OTX From my viewpoint, Alienvault OTX solves these problems by: Reducing the manpower and effort organisations require to pull IoC’s out of every report. The indicators are peer reviewed for problems and fixes are applied almost instantly. The information is easy in, easy out with a growing API and list of integrations. The power of the massive community that can perform vetted information sharing in a structured format at no-cost. The key for any network like OTX is the community, and so far it’s going strong. Interested in vetted sharing of ransomware indicators? An OTX user has made a group for that. How about importing the indicators into your MISP instance? There's a group for that too. AlienVault has a long history of building community solutions that are available to organisations of all sizes, not just those with the largest security budgets. Some of you may know me from a community project I’ve worked on in my spare-time called ThreatCrowd - another open threat intelligence platform. ThreatCrowd has become used by more people than I could have hoped. It’s been a fun experiment to keep a prototype running for thousands of simultaneous users from a single Linux box! But there are serious limitations to how much I can tack onto a prototype, in my spare time and limited by my own knowledge. I’m looking forward to working with the top-notch team of AlienVault engineers to help enhance OTX and the overall community experience. I’ve only been at AlienVault a few days but I’ve seen there are some awesome enhancements planned to the interface, data-set and integrations. I won’t ruin the surprise! If you’re a user of Thr]]> 2017-01-26T14:00:00+00:00 http://feeds.feedblitz.com/~/263345200/0/alienvault-blogs~The-Evolution-of-Threat-Intelligence www.secnews.physaphae.fr/article.php?IdArticle=300868 False None APT 1,Yahoo None Network World - Magazine Info data breach at Yahoo, it was met with a collective “This, again? Didn't they just report a breach?” The company had, in fact, reported a record-breaking breach of 500 million user accounts three months earlier, but it was dwarfed by the December breach, which impacted over 1 billion records.That pair of record breaking breaches was a fitting way to cap off a year marked by massive data breaches. As security intelligence provider Risk Based Security (RBS) points out in its newly-released 2016 Data Breach Trends report, “six 2016 breaches have taken their place on the Top 10 List of All Time Largest Breaches.”To read this article in full or to leave a comment, please click here]]> 2017-01-26T05:32:00+00:00 http://www.networkworld.com/article/3161894/security/top-data-breach-trends-in-2016-phishing-skimming-rise-hacking-holds-ground.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=300356 False None Yahoo None Network World - Magazine Info Yahoo, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords.  To read this article in full or to leave a comment, please click here]]> 2017-01-25T18:28:59+00:00 http://www.networkworld.com/article/3161925/security/password-free-security-uses-voice-user-behavior-to-verify-identity.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=299948 False None Yahoo None Naked Security - Blog sophos ]]> 2017-01-25T16:45:40+00:00 https://nakedsecurity.sophos.com/2017/01/25/verizons-4-8bn-acquisition-of-yahoo-put-on-hold-after-breach-revelations/ www.secnews.physaphae.fr/article.php?IdArticle=299916 False None Yahoo None We Live Security - Editeur Logiciel Antivirus ESET 2017-01-25T11:30:40+00:00 http://feedproxy.google.com/~r/eset/blog/~3/r--L0OZKVII/ www.secnews.physaphae.fr/article.php?IdArticle=299644 False None Yahoo None Graham Cluley - Blog Security If you're in the business of scooping up another company, you probably want to uncover all of its dirty little secrets before you hand over any cash. ]]> 2017-01-24T15:12:53+00:00 https://www.grahamcluley.com/yahoo-sale-verizon-delayed-following-revelation-massive-security-breaches/ www.secnews.physaphae.fr/article.php?IdArticle=299348 False None Yahoo None Dark Reading - Informationweek Branch 2017-01-24T11:50:00+00:00 http://www.darkreading.com/attacks-breaches/verizon-acquisition-of-yahoo-delayed/d/d-id/1327955?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=299390 False None Yahoo None SecurityWeek - Security News ]]> 2017-01-23T22:06:35+00:00 http://feedproxy.google.com/~r/Securityweek/~3/oTbfpDxZiVw/sale-core-yahoo-assets-verizon-delayed www.secnews.physaphae.fr/article.php?IdArticle=298027 False None Yahoo None Network World - Magazine Info statement, without elaborating.Verizon has suggested that the data breaches, and the resulting blow to Yahoo's reputation, might cause it to halt or renegotiate the deal.To read this article in full or to leave a comment, please click here]]> 2017-01-23T15:17:14+00:00 http://www.networkworld.com/article/3160749/security/yahoo-pushes-back-timing-of-verizon-deal-after-breaches.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=297466 False None Yahoo None Dark Reading - Informationweek Branch 2017-01-23T14:40:00+00:00 http://www.darkreading.com/attacks-breaches/sec-investigates-yahoo-data-breaches/d/d-id/1327951?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=298191 False None Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC blog@advancedpersistentsecurity.net This blog aims to inform you about insider threat. This is from both a personal and a commercial perspective, meaning that it can be applied in both settings. Disclaimer: I am in no way, shape, or form - past or present, compensated to endorse any solutions or software mentioned throughout this blog post. Introduction This is a time when organizations are spending more than ever before on information security solutions. Often, these solutions are effective in protecting much of an organization's assets. The one element that there is no true comprehensive solution to protect from attack is the human element. As Social Engineering evolves and grows in application and popularity, people are being exploited more frequently to enable successful attacks that would be otherwise unthinkable. Department of Homeland Security Insider threat, per the US Department of Homeland Security and Carnegie-Mellon University CERT (Computer Emergency Response Team), is a "current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization's information or information systems." Director, National Intelligence The Director of National Intelligence via National Counterintelligence and Security Center (NCSC) : An insider threat arises when a person with authorized access to U.S. Government resources, to include personnel, facilities, information, equipment, networks, and systems, uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage. They enable the enemy to plant boots behind our lines and can compromise our nation's most important endeavors. We are seeing more attacks and incidents being associated with various forms of insider threat: One theory of the Ashley Madison data breach is that insider threat enabled the “Impact Team breach” or readily handed the data over. With limited knowledge and insight, some believe that the Bank of Bangladesh SWIFT attacks were insider threat. Seemingly without information, the Yahoo data breaches may be due to insider threat. What is Not Insider Threat There is a level of ambiguity in terms of what constitutes insider threat. Some entities state that all actions dealing with users is insider threat. I tend to disagree with this broad generalization. If I am able to crack a password or find a password on a dump site, that is ]]> 2017-01-23T14:00:00+00:00 http://feeds.feedblitz.com/~/261985142/0/alienvault-blogs~What-is-Insider-Threat www.secnews.physaphae.fr/article.php?IdArticle=298101 False None Yahoo None SecurityWeek - Security News 2017-01-23T13:15:33+00:00 http://feedproxy.google.com/~r/Securityweek/~3/5AyaubGtP1s/yahoo-faces-sec-probe-breach-disclosures www.secnews.physaphae.fr/article.php?IdArticle=297277 False None Yahoo None Dark Reading - Informationweek Branch 2017-01-20T11:00:00+00:00 http://www.darkreading.com/endpoint/3-lessons-from-the-yahoo-breach/a/d-id/1327916?_mc=RSS_DR_EDT www.secnews.physaphae.fr/article.php?IdArticle=297069 False None Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC 2017-01-17T14:00:00+00:00 http://feeds.feedblitz.com/~/259363180/0/alienvault-blogs~The-Priority-of-the-GovernmentIndustry-Cybersecurity-Partnership www.secnews.physaphae.fr/article.php?IdArticle=293986 False Guideline Yahoo None