This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T17:49:22+00:00 www.secnews.physaphae.fr Checkpoint - Fabricant Materiel Securite Summary Following a significant phishing campaign in the previous quarter, Yahoo became the top brand impersonated in phishing attacks in Q4 2022, climbing 23 spots in the ranking from the previous quarter. DHL dropped from the lead in Q3 2022 to 2nd place in the last quarter of the year, followed by Microsoft which also… ]]> 2023-01-23T11:00:05+00:00 https://blog.checkpoint.com/2023/01/23/brand-phishing-report-q4-2022/ www.secnews.physaphae.fr/article.php?IdArticle=8303366 False Guideline Yahoo,Yahoo 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2022-12-21T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/top-bug-bounty-platforms-for-organizations-to-improve-security www.secnews.physaphae.fr/article.php?IdArticle=8293343 False Vulnerability,Guideline Yahoo 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web (published: September 5, 2022) Resecurity researchers analyzed EvilProxy, a phishing kit that uses reverse proxy and cookie injection methods to bypass two-factor authentication (2FA). EvilProxy uses extensive virtual machine checks and browser fingerprinting. If the victim passes the checks, Evilproxy acts as a proxy between the victim and the legitimate site that asks for credentials. EvilProxy is being sold as a service on the dark web. Since early May 2022, Evilproxy enables phishing attacks against customer accounts of major brands such as Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, Yandex, and others. Analyst Comment: EvilProxy is a dangerous automation tool that enables more phishing attacks. Additionally, EvilProxy targeting GitHub and npmjs accounts increases risks of follow-up supply-chain attacks. Anomali platform has historic EvilProxy network indicators that can help when investigating incidents affecting 2FA. With 2FA bypass, users need to be aware of phishing risks and pay even more attention to domains that ask for their credentials and 2FA codes. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Supply Chain Compromise - T1195 Tags: EvilProxy, Phishing, Phishing-as-s-service, Reverse proxy, Cookie injection, 2FA, MFA, Supply chain Ragnar Locker Ransomware Targeting the Energy Sector (published: September 1, 2022) Cybereason researchers investigated the Ragnar Locker ransomware that was involved in cyberattack on DESFA, a Greek pipeline company. On August 19, 2022, the Ragnar Locker group listed DESFA on its data leak site. The group has been active since 2019 and it is not the first time it targets critical infrastructure companies with the double-extortion scheme. Their Ragnar Locker ransomware shows the typical abilities of modern ransomware including system information and location collection, deleting shadow copies, identifying processes (antiviruses, backup solutions, IT remote management solutions, and virtual-based software), and encrypting the system with the exception list in mind. Analyst Comment: Ragnar Locker appears to be an aggressive ransomware group that is not shy attacking critical infrastructure as far as they are not in the Commonwealth of Independent States (Russia and associated countries). Always be on high alert while reading emails, in particular those with attachments, URL redirection, false sense of urgency or poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders. Additionally, it is important to have a comprehensive and teste]]> 2022-09-07T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-evilproxy-defeats-second-factor-ragnar-locker-ransomware-hits-critical-infrastructure-montenegro-blames-russia-for-massive-cyberattack-and-more www.secnews.physaphae.fr/article.php?IdArticle=6768417 False Ransomware,Malware,Tool,Threat,Patching,Guideline Yahoo None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Update: The Phish Goes On - 5 Million Stolen Credentials and Counting (published: June 16, 2022) PIXM researchers describe an ongoing, large-scale Facebook phishing campaign. Its primary targets are Facebook Messenger mobile users and an estimated five million users lost their login credentials. The campaign evades Facebook anti-phishing protection by redirecting to a new page at a legitimate service such as amaze.co, famous.co, funnel-preview.com, or glitch.me. In June 2022, the campaign also employed the tactic of displaying legitimate shopping cart content at the final page for about two seconds before displaying the phishing content. The campaign is attributed to Colombian actor BenderCrack (Hackerasueldo) who monetizes displaying affiliate ads. Analyst Comment: Users should check what domain is asking for login credentials before providing those. Organizations can consider monitoring their employees using Facebook as a Single Sign-On (SSO) Provider. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 Tags: Facebook, Phishing, Facebook Messenger, Social networks, Mobile, Android, iOS, Redirect, Colombia, source-country:CO, BenderCrack, Hackerasueldo F5 Labs Investigates MaliBot (published: June 15, 2022) F5 Labs researchers describe a novel Android trojan, dubbed MaliBot. Based on re-written SOVA malware code, MaliBot is maintaining its Background Service by setting itself as a launcher. Its code has some unused evasion portions for emulation environment detection and setting the malware as a hidden app. MaliBot spreads via smishing, takes control of the device and monetizes using overlays for certain Italian and Spanish banks, stealing cryptocurrency, and sometimes sending Premium SMS to paid services. Analyst Comment: Users should be wary of following links in unexpected SMS messages. Try to avoid downloading apps from third-party websites. Be cautious with enabling accessibility options. MITRE ATT&CK: [MITRE ATT&CK] System Network Configuration Discovery - T1016 | [MITRE ATT&CK] User Execution - T1204 Tags: MaliBot, Android, MFA bypass, SMS theft, Premium SMS, Smishing, Binance, Trust wallet, VNC, SOVA, Sality, Cryptocurrency, Financial, Italy, target-country:IT, Spain, target-country:ES Extortion Gang Ransoms Shoprite, Largest Supermarket Chain in Africa (published: June 15, 2022) On June 10, 2022, the African largest supermarket chain operating in twelve countries, Shoprite Holdings, announced a possible cybersecurity incident. The company notified customers in E]]> 2022-06-21T15:03:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gallium-expands-targeting-across-telecommunications-government-and-finance-sectors-with-new-pingpull-tool-dragonforce-malaysia-opspatuk-opsindia-and-more www.secnews.physaphae.fr/article.php?IdArticle=5309464 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline,Conference APT 35,Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image Source This blog was written by an independent guest blogger. Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity. Despite differences in implementation, at its core, cybersecurity pertains to the mitigation of potential intrusion of unauthorized persons into your system(s). It should encompass all aspects of one’s digital experience--whether you are an individual user or a company. Your cyber protection needs to cover your online platforms, devices, servers, and even your cloud storage. Any unprotected area of your digital journey can serve as an exploit point for hackers and cyber criminals intent on finding vulnerabilities.  People assume that it is the responsibility of the IT Department to stop any intrusion. That may be true up to a certain point, cybersecurity responsibility rests with everyone, in reality. Cybersecurity should be everybody’s business. The cybersecurity landscape is changing. With 68% of businesses saying that their cybersecurity risks have increased, it is no wonder that businesses have been making increased  efforts to protect from, and mitigate attacks. During the height of the pandemic,  about 46% of the workforce shifted to working from home. We saw a surge in cybersecurity attacks - for example, RDP brute-force attacks increased by 400% around the same time. This is why cybersecurity must be and should be everybody’s business. According to the 2019 Cost of Cybercrime Study, cyberattacks often are successful due to employees willingly participating as an internal actors or or employees and affiliates carelessly clicking a link by accident. Sadly, it is still happening today. Unsuspecting employees can be caught vulnerable and cause a corporate-wide cyberattack by opening a phishing email or bringing risks into the company’s network in a BYOD (Bring Your Own Device) system. Just a decade ago, Yahoo experienced a series of major data breaches, via a backdoor to their network system established by a hacker (or a group of hackers). Further digital forensic investigation shows the breach started from a phishing email opened by an employee. Another example was Equifax when it experienced a data breach in 2017 and was liable for fines amounting to $425 million by the Federal Trade Commission (FTC). Companies continue to double up on their investments in cybersecurity and privacy protection today to ensure that incidents like these do not happen to their own networks. But a network is only as strong as its weakest link. Hackers continue to innovate, making their attacks more and mo]]> 2021-01-12T11:00:00+00:00 https://feeds.feedblitz.com/~/641451762/0/alienvault-blogs~Why-cybersecurity-awareness-is-a-team-sport www.secnews.physaphae.fr/article.php?IdArticle=2175341 False Ransomware,Data Breach,Malware,Vulnerability,Guideline Equifax,Equifax,Yahoo,Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Last time I covered the talks I attended on day one. Interestingly enough, the talks all had to do with threat detection and analysis. Maybe that’s just what I’m fixated on these days. The talks I attended on the second day all covered matters businesses must be aware of these days and well into the future. On day two, I learned a lot about how to talk to non-technical executives about security, the unique challenges of cloud security, and the legal implications of cyber threats. Enjoy! How to Talk to the Board About Cybersecurity The first talk I attended on the second day was presented by Jeff Costlow, a CISO with nearly 25 years of industry experience. This is the description of the talk from SecTor’s web app: “With the sudden shift of the global workforce from in-office to remote, IT teams quickly transformed their operations to accommodate the new realities of business — including large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services. While these examples of agility allowed business to continue, they also greatly increased the risk of misconfigurations and cyberthreats. Now, it’s looking like they could be here to stay for a while. On top of that, bad actors have wasted no time trying to exploit new vulnerabilities. In the past several weeks, we’ve seen ransomware attacks affect several major organizations. These attacks come on the tail of a surge of attacks across the board brought on during the pandemic, as hackers scanned and took advantage of new workloads, and vulnerable VPN connections and misconfigurations left the gates to the network open. When attacks like these make headlines, panicked board members have one question for CISOs: how can we be sure that won’t happen to us? Drawing from nearly 25 years of experience in the security industry, Jeff Costlow, CISO at ExtraHop, will share his top strategies for CISOs to lead board-level conversations about risk management amidst the stark new realities of IT.” When risk enters an organization through devices that the IT department cannot control, securing a network becomes very difficult. Any devices and applications that connect to the network that administrators can’t administrate are considered to be “shadow IT.” This is often a consequence of bring-your-own-device habits, but not always. Costlow discussed the implications of shadow IT: “All you have to do is Google or use the search engine of your choice. Search ‘shadow IT horror stories,’ and you will find a ton of these. There is the laptop that runs underneath someone's desk. It turns out it's a business critical piece of software that everyone's using, and it's just running on a laptop under a desk somewhere. There are also plenty of stories. These are some of my favorites the ones about somebody just wanted to get their job done. And so they started forwarding all their business email to their Google account or their Yahoo account or something like that. Or maybe a personal Dropbox use. One of my favorites is unapproved chat clients. Or an even worse, operating those chat rooms. This is sometimes called ChatOps. We're inside a chat r]]> 2020-11-09T12:00:00+00:00 https://feeds.feedblitz.com/~/638496232/0/alienvault-blogs~SecTor-Canada%e2%80%99s-Biggest-Cybersecurity-Event-Day-Two www.secnews.physaphae.fr/article.php?IdArticle=2024708 False Ransomware,Vulnerability,Threat,Guideline Yahoo None Darknet - The Darkside - Site de news Américain The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. Information Gathering Techniques Used by OWASP Amass for DNS Enumeration and More The main functionality of Amass is as follows: DNS: Basic enumeration, Brute forcing (optional), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (optional) Scraping: Ask, Baidu, Bing, DNSDumpster, DNSTable, Dogpile, Exalead, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo Certificates: Active pulls (optional), Censys, CertSpotter, Crtsh, Entrust, GoogleCT APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, CommonCrawl, DNSDB, GitHub, HackerTarget, IPToASN, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Spyse (CertDB & FindSubdomains), Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback Usage of Amass for DNS Enumeration, Attack Surface Mapping & External Asset Discovery The Amass tool has several subcommands shown below for handling your Internet exposure investigation. Read the rest of OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery now! Only available at Darknet. ]]> 2020-02-10T14:05:43+00:00 https://www.darknet.org.uk/2020/02/owasp-amass-dns-enumeration-attack-surface-mapping-external-asset-discovery/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=1533751 False Tool,Guideline Yahoo None IT Security Guru - Blog Sécurité 2019-10-08T09:06:48+00:00 https://www.itsecurityguru.org/2019/10/08/yahoo-engineer-has-pleaded-guilty-to-stealing-pictures-of-women/ www.secnews.physaphae.fr/article.php?IdArticle=1390111 False Hack,Guideline Yahoo None TechRepublic - Security News US 2019-10-02T14:53:45+00:00 https://www.techrepublic.com/article/yahoo-porn-hacking-breach-shows-need-for-better-security-5-ways-to-protect-your-company/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1375783 False Guideline Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2019-10-02T01:30:32+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/CFPGW3ngSds/yahoo-email-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=1375145 False Hack,Guideline Yahoo None SecurityWeek - Security News 2019-10-01T13:24:45+00:00 http://feedproxy.google.com/~r/Securityweek/~3/aDbXJvWE1Ts/former-yahoo-programmer-pleads-guilty-hacking-user-accounts www.secnews.physaphae.fr/article.php?IdArticle=1373990 False Guideline Yahoo None taosecurity - Blog Sécurité Chinois Meet the US's First Ever Cyber Chief, published 8 September 2016.Mr. Bejtlich was interviewed for the NPR story Cybersecurity: Who's Vulnerable To Attack?, aired 30 July 2016.Mr. Bejtlich was interviewed for the Washington Post story It's not just the DNC; we all send emails we probably shouldn't, published 25 July 2016.Mr. Bejtlich was interviewed for the New Scientist story NATO says the internet is now a war zone – what does that mean?, published 22 June 2016.Mr. Bejtlich was interviewed for the Military Times story The Pentagon's controversial plan to hire military leaders off the street, published 19 June 2016.Mr. Bejtlich was interviewed for the Idealog story Idealog talks with a cyber-war expert, published 6 May 2016.Mr. Bejtlich was cited in the New Zealand Herald story Cyber-attacks part of doing business with China - experts, published 5 May 2016.Mr. Bejtlich was cited in the Christian Science Monitor story Iran hacking indictment highlights US naming and shaming strategy, published 30 March 2016.Mr. Bejtlich was cited in the Financial Times story Defence groups take aim at cyber security, published 28 March 2016.Mr. Bejtlich was interviewed for the Security Management story A Chinese New Year, published 4 January 2016.2015Mr. Bejtlich was cited in the AP story US Advised to Examine "Hack Back" Options against China, published 17 November 2015.Mr. Bejtlich was cited in the Reuters story Data from US agency cyber breach not on black market - researcher, published 2 November 2015.Mr. Bejtlich was cited in the NextGov story Creative, Audacious or Destructive: The Different Personalities of Nation-State Hackers, published 2 November 2015.Mr. Bejtlich was cited in the Baltimore Sun story As more devices go online, hackers hunt for vulnerabilities, published 24 October 2015.Mr. Bejtlich was cited in the Atlantic story Can Campus Networks Ever Be Secure?, published 12 October 2015.Mr. Bejtlich was cited in the Info Security story ]]> 2019-07-01T08:00:01+00:00 https://taosecurity.blogspot.com/2019/07/reference-taosecurity-press.html www.secnews.physaphae.fr/article.php?IdArticle=1181234 False Guideline Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC last blog on DNS cache poisoning only covered the superficial aspects of this long-standing issue. This installment aims to give a bit more technical detail, and expose some of the tactics used by the "bad-actors" looking to leverage a poisoned DNS cache against you and your network. In a worst-case scenario, the results of a poisoned DNS cache could lead to more than just a headache: civil liability, phishing, increased DNS overhead, and other kinds of nightmares are too easy to overlook with this type of 'attack'. So, you may be wondering, "What exactly makes a DNS cache poisoning attack so dangerous, and what can we do to prevent it?" Well, as outlined in my first article, not answering DNS requests on the web is a great place to start. If you're only running an internal DNS infrastructure, your attack-surface is much lower. However, this comes with a caveat; "internal-only" DNS attacks are much harder to detect, and can often go weeks or months before even the keenest of sysops recognize them. This has to do with the fundamental structure of DNS. Let me explain. Fundamental structure of DNS In a typical DNS server (e.g. Windows DNS, or BIND) there is little mechanism (e.g. NONE) to provide any sanity checking. In its simplest form, a DNS query will look to its local database (the 'cache') first, upon finding no answer for the request it will then send a lookup request to its configured DNS server (the one you hopefully manage) and see if it can find an answer for the request. If this lookup fails a 2nd time, there is a 'forwarder' configuration that kicks in, and the request goes to a list of pre-specified DNS hosts that your server will send the request to, looking for a resolution to the name. If this final 'forward' lookup fails, the final lookup happens out on the internet, on one of the 'Root' nameservers that share a distributed list of all the DNS hosts that make up the TCP/IPv4 internet. If this final lookup fails, the original requesting client is returned with a 'DNS Name not found' answer, and the name will not resolve. At any point during this journey, a "faked" response can be issued, and the initiator will accept it. No questions asked. Problems with the model This model is good when we can trust each one of the segments in the process. However, even during the early days of the web - there were some issues that became apparent with the way DNS works. For example, what if the root servers are unavailable? Unless your local DNS server has a record of ALL of the domains on the web, or one of your 'forwarders' does - the DNS name will not resolve. Even if it is a valid domain, DNS will simply not be able to lookup your host. There was an "attack" on several of the root servers in the late 1990's. Several of the root servers were knocked offline, effectively taking down the internet for a large portion of the USA. It was during this outage that many network operators realized a large oversight of the DNS system, and a push was made to distribute control of these systems to a variety of trustworthy and capable internet entities. At the time of this attack, much of the internet name resolution duties fell to a single entity: Yahoo. A DDoS of Yahoo effectively killed the internet. Sure, we could still get to our desired hosts via IP, but e-mail, for example, was not as resilient. It was a great learning lesson for the web community at-large. This was just a denial-of-service at the highest level of the infrastructure. What would  happen if the localized database on every computer in your organization had different "answers" for DNS lookups? Instead of consistent ]]> 2019-04-11T13:00:00+00:00 https://feeds.feedblitz.com/~/600721416/0/alienvault-blogs~DNS-cache-poisoning-part www.secnews.physaphae.fr/article.php?IdArticle=1092951 False Tool,Guideline Yahoo None SecurityWeek - Security News plea bargain with prosecutors. ]]> 2018-05-30T04:54:03+00:00 https://www.securityweek.com/accused-yahoo-hacker-gets-five-years-prison-fine www.secnews.physaphae.fr/article.php?IdArticle=681706 False Guideline Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2018-05-30T00:30:03+00:00 https://thehackernews.com/2018/05/yahoo-hacker-russia-intel.html www.secnews.physaphae.fr/article.php?IdArticle=681925 False Guideline Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Researchers Find Way to Create Master Keys to Hotels | F-Secure A ONE-MINUTE ATTACK LET HACKERS SPOOF HOTEL MASTER KEYS | Wired SEC Fines Yahoo $35 Million The company formerly known as Yahoo is paying a $35 million fine to resolve federal regulators’ charges that the online pioneer deceived investors by failing to disclose one of the biggest data breaches in internet history. The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba after its email and other digital services were sold to Verizon Communications for $4.48 billion last year. Yahoo, which is no longer publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws. SEC Fines Yahoo $35 Million for Data Breach That Affected 500 Million Users | Bleeping Computer Company Formerly Known As Yahoo Pays $35M Fine Over 2014 Hack | CBS SF SOCs require automation to avoid analyst fatigue for emerging threats SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats. SOCs require automation to avoid analyst fatigue for emerging threats | HelpNetSecurity On the topic incident response, I enjoyed this piece by Steve Ragan, Two incident response phases most organizations get wrong | CSO Online Also related: How to Build a Cybersecurity Incident Response Plan | Dark Reading The Seven Circles of Security An insightful post from a CISO highlighting where most of their time is spent. Number six will shock you! Well, it probably won’t, but a little clickbait never hurt did it? The Seven Circles of Security: Where This CISO Spends Her Time | ]]> 2018-04-27T13:00:00+00:00 http://feeds.feedblitz.com/~/541953022/0/alienvault-blogs~Things-I-Hearted-this-Week-th-April www.secnews.physaphae.fr/article.php?IdArticle=618076 False Guideline Yahoo None SecurityWeek - Security News ]]> 2018-03-23T12:42:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/4stOA1PLtuk/pwner-lonely-heart-sad-reality-romance-scams www.secnews.physaphae.fr/article.php?IdArticle=536713 False Guideline Equifax,Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Pretty much the motto of my profession is “word choice matters.” I say it a lot. It appears somewhere in the marginalia of pretty much everything I’ve ever edited. Words have denotation, and connotation. There are considerations for dialect, and for popular use. It can be fiddly and annoying to be queried so; I get it. You know what you meant, and you grabbed the word in your head that, to you, meant that thing. One of the glories of having your work edited is that someone who isn’t you can hold up a mirror, to make sure that the word on the page means as close as possible to what you meant in your head, to the greatest number of people, no matter where they’re from or what language they natively speak. Here at AlienVault, we’ve had some great discussions about the differences in connotation in different words between our Irish speakers, who learned Hiberno-English (which gets the hyphen when none of the others do), Chinese speakers, who learned British English, and Americans, who learned American English with intense regional dialect (the Texans and the Californians are occasionally mutually unintelligible.) But there’s one thing that none of us tolerate; the choosing of a word to deliberately mislead. When one works in fiction, one is used to the painting of pictures with words. When one chooses to work primarily in technology, it’s often because you’re way more comfortable with the nicely concrete, if entirely mutable. In technology, a thing is, or it is not. It’s variations on a theme of zeros and ones, no matter whether it’s software or hardware. It is therefore maddening beyond belief when the unambiguous words of technology are used to mislead the non-technical public. I’m of course talking about the Cambridge Analytica debacle, which is being referred to across the media landscape as “a data breach.” A data breach is when someone who is not authorized to handle specific information obtains access to that information. It’s a non-trivial failure of the security measures a responsible company or reasonable individuals would have in place. It implies wrongdoing, it implies malice, it implies a victim/attacker relationship. But when data is harvested and used with the unknowing opt-in of thousands of people, that’s not a breach. There are no hackers here; just people who knew how to use freely-given personal data to manipulate not very technically astute people to some political end. Lorenzo Franceschi-Bicchierai, as usual, gets it: We’ve been regularly covering data breaches for years. No one hacked into Facebook’s servers exploiting a bug, like hackers did when they stole the personal data of more than 140 million people from Equifax. No one tricked Facebook users into giving away their passwords and then stole their data, like Russian hackers did when they broke into the email accounts of John Podesta and others through phishing emails. Facebook obviously doesn't want the public to think it suffered a ma]]> 2018-03-20T19:50:00+00:00 http://feeds.feedblitz.com/~/533823614/0/alienvault-blogs~Cambridge-Analytica-Debacle-The-Definition-Of-Breach www.secnews.physaphae.fr/article.php?IdArticle=532195 False Guideline Equifax,Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC DNS poisoning. Simply the name conjures up the kind of thoughts that keep network admins up at night. What if my RNDC key gets leaked? Could there be a rogue DHCP server within my perimeter? Are the Lizard Squad planning an attack on  for Christmas? Much of what we know now about DNS, address protocol, and packet priority is being redefined with the recent 'Net Neutrality' legislation. Instead of becoming a party to the hoopla that is partisan politics surrounding THAT issue, let me assure you there are many different mitigation strategies for not only securing your own network against DNS poisoning, but also working towards a harmonious kum-by-ah solution that in the end, may end up resolving (pun intended) the DNS plight. So, let's silence the alerting system, and get down to what DNS poisoning is, why it's still around, and one of the best ways to solve it. Why is DNS Poisoning Possible? The first thing to understand about DNS 'poisoning' is that the purveyors of the Internet were very much aware of the problem. Essentially, DNS requests are "cached", or stored, into a database which can be queried in almost real-time to point names like 'hotmail.com' or 'google.com' to their appropriate IP addresses. Can you imagine having to remember a string of numbers instead of a fancy name to get to your desired WWW (or GOPHER - if that's your thing) resources? 321.652.77.133 or 266.844.11.66 or even 867.53.0.9 would be very hard to remember. [Note: I have obfuscated REAL IP addresses with very fake ones here. Always trying to stay one step ahead of the AI Armageddon. Real IP addresses end with the numerical value of '255' within each octet.] No, remembering strings of numbers would be next to impossible. But thankfully, and all because of Al Gore (sarcasm) we have the DNS mechanism that gives us [relatively] easy names to remember how to get to our favorite resources. DNS basically runs the Internet. Without it, only the most uber-geeky of computer scientists would be able to traverse it.   Strings of numbers are just simply not how humans identify information. They help, but in reality, words and language are what separate us from our impending robotic overlords. It's because of this, that as the Internet began to grow, the DNS (Domain Name System) was created. To help us get from one side of the world to the other, with little angst. However, due to the limitations of computing (especially storage and bandwidth) at the time, the early versions of DNS simply used a "distributed" text file for name resolution. Think "blockchain" for EVERY SINGLE HOST that existed on the 'Net back then. It was a nicer and friendlier place, and that system worked well. Until it didn't, and some nice folks at ARIN and ICANN came along and began the system we use today: DNS. In its simplest explanation, DNS takes a name (e.g. yahoo.com) and looks at the locally configured 'Nameservers' for the "answer" to the question: 'What is the IP address of yahoo.com?'. Once an answer is found, it is passed back to the client requesting it, and the routing and magic of the TCP protocol kicks into gear, and the peasants rejoice. Except there are sometimes problems that arise that cause the peasants to NOT rejoice, and for network engineers to curse the vile notion of DNS. You see, since DNS arose during a time where "real-time" anything was not technically possible; to aid performance and allow for USABLE networks, DNS answers were logged into a locally stored 'cache' or database o]]> 2018-03-19T13:00:00+00:00 http://feeds.feedblitz.com/~/533506094/0/alienvault-blogs~DNS-Poisoning-and-How-To-Prevent-It www.secnews.physaphae.fr/article.php?IdArticle=528806 False Guideline Uber,Yahoo None SecurityWeek - Security News “With great sadness and a broken heart I have to let know all of Adrian's friends and acquaintances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son…” he wrote. Lamo had been living in Wichita, Kansas, and he was found dead in an apartment on Wednesday. The cause of death is not known, but representatives of local police said they had found nothing suspicious, The Wichita Eagle reported. Lamo broke into the systems of companies such as Yahoo, AOL, Comcast, Microsoft and The New York Times in an effort to demonstrate that they had been vulnerable to hacker attacks. He was arrested in 2003 and in early 2004 he pleaded guilty to computer crimes against Microsoft, The New York Times, and data analytics provider LexisNexis. He was sentenced to six months' detention at the home of his parents. Lamo drew criticism in 2010 after he reported Chelsea Manning (at the time U.S. Army intelligence analyst Bradley Manning) to the Army for leaking a massive amount of classified documents to WikiLeaks. Related: Bradley Manning Sentenced to 35 years‎ Related: Famed Hacker Barnaby Jack Dies Days Before Black Hat Conference (function() { var po = document.createElement("script"); po.type = "text/javascript"; p]]> 2018-03-19T05:23:04+00:00 http://feedproxy.google.com/~r/Securityweek/~3/9TN-pr3v4WA/hacker-adrian-lamo-dies-age-37 www.secnews.physaphae.fr/article.php?IdArticle=527483 False Guideline Yahoo None Krebs on Security - Chercheur Américain 2017-12-02T01:15:15+00:00 https://krebsonsecurity.com/2017/12/carding-kingpin-sentenced-again-yahoo-hacker-pleads-guilty/ www.secnews.physaphae.fr/article.php?IdArticle=443298 False Guideline Yahoo None SecurityWeek - Security News 2017-11-29T18:39:21+00:00 http://feedproxy.google.com/~r/Securityweek/~3/tuqEyZ8vIzo/canadian-pleads-guilty-hacking-yahoo www.secnews.physaphae.fr/article.php?IdArticle=441858 False Guideline Yahoo 3.0000000000000000 Security Affairs - Blog Secu The Kazakhstan-born Canadian citizen Karim Baratov (22) has pleaded guilty to massive 2014 Yahoo hack that affected three billion accounts. The Kazakhstan-born Canadian citizen Karim Baratov (22) (Kay, a.k.a Karim Taloverov, a.k.a Karim Akehmet Tokbergenov), has pleaded guilty to massive 2014 Yahoo data breach that affected three billion accounts. Karim Baratov was arrested in Toronto at his home by the Toronto Police […] ]]> 2017-11-29T10:40:24+00:00 http://securityaffairs.co/wordpress/66156/cyber-crime/yahoo-hack-intelligence.html www.secnews.physaphae.fr/article.php?IdArticle=441695 False Guideline Yahoo None Bleeping Computer - Magazine Américain 2017-11-29T07:48:19+00:00 https://www.bleepingcomputer.com/news/security/the-least-significant-pawn-in-the-yahoo-hack-pleads-guilty/ www.secnews.physaphae.fr/article.php?IdArticle=441776 False Guideline Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-11-29T00:56:38+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/AtLQNkwBHgU/yahoo-email-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=441380 False Guideline Yahoo None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/468643926/0/thesecurityledger -->»]]> 2017-10-12T06:23:52+00:00 https://feeds.feedblitz.com/~/468643926/0/thesecurityledger~In-Post-Password-Era-Passwords-are-the-Problem/ www.secnews.physaphae.fr/article.php?IdArticle=417830 False Guideline Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC In fact, it was not difficult for researchers to discover the culprit’s identity: “Following extensive research into the campaign, researchers have revealed the identity of the criminal behind it. He is a Nigerian national, working on his own. On his social media accounts, he uses the motto: ‘get rich or die trying.’” The attacker had sent very crudely written phishing emails with improper punctuation, which would've made me immediately suspicious of if one had ended up in my inbox. Here's what was sent in the body of his emails: “Dear Sir/Ms,... Please confirm the receipt of this mail as we have sent several emails to your esteemed company. Find attach 2 pages of our purchase order request for the month of May, kindly send us PI signed and stamped also do advice bank details for LC processing. Thanks and Regards Nurafi -- Saudi Aramco P.O. Box 5000 Dhahran 31311, Saudi Arabia” The email attachment's file name was “Saudi Aramco Oil And Gas.rar,” and the 591.1 Kb file had NetWire, a remote access Trojan, and HawkEye, a commericial keylogger, bound to it. NetWire is considered to be the first multi-platform RAT malware. It's primarily designed to exploit weaknesses in point-of-sale systems, but can also acquire sensitive financial data from client machines which aren't part of a POS system. It's configured to be spread as an email attachment Trojan, where it can linger for months while undetected. HawkEye is another malware which is sold in the Dark Web to be distributed as an email attachment Trojan. Its payload is a DOCX file, which can then acquire email and web browser passwords and engage in keylogger spyware functions. The only thing the attacker did to obscure his location was to put “Saudi Arabia” in his emails. He used two free Yahoo webmail addresses, which made it easy for the researchers to trace him. Plus, the fact that he only used two email addresses also meant that the companies he was targeting could have easily blocked those addresses to avoided receiving email from that attacker again. Given the simplistic nature of this operation, it's really concerning that his victims were large companies, not small or medium sized businesses. It's often assumed that large companies are more likely to have CISOs and better security monitoring systems with technologies such as SIEM in their server rooms. It's surprising to hear about so many large organizations falling for such a pedestrian, script kiddie sort of attack. Here are lessons that can be learned from its success, which can help you be better prepared and avoid falling victim to similar attacks: Train all your employees and contractors who have business email accounts. Teach them about phishing. Tell them to never open email attachments from senders who aren't known to the company, and to never share financial details except with specific people. Avoid sharing sensitive data o]]> 2017-08-29T13:00:00+00:00 http://feeds.feedblitz.com/~/451946600/0/alienvault-blogs~One-Man-Cyber-Attacked-Companies-Dont-Let-It-Happen-to-You www.secnews.physaphae.fr/article.php?IdArticle=401953 False Guideline Yahoo None Kevin Townsend - Blog Sécurité 2017-05-17T20:21:07+00:00 http://feedproxy.google.com/~r/ITSecurity_co_uk/~3/TZLn-izAAAA/ www.secnews.physaphae.fr/article.php?IdArticle=366389 False Guideline Yahoo None Errata Security - Errata Security executive order on "cybersecurity". The first draft during his first weeks in power were hilariously ignorant. The current draft, though, is pretty reasonable as such things go. I'm just reading the plain language of the draft as a cybersecurity expert, picking out the bits that interest me. In reality, there's probably all sorts of politics in the background that I'm missing, so I may be wildly off-base.Holding managers accountableThis is a great idea in theory. But government heads are rarely accountable for anything, so it's hard to see if they'll have the nerve to implement this in practice. When the next breech happens, we'll see if anybody gets fired."antiquated and difficult to defend Information Technology"The government uses laughably old computers sometimes. Forces in government wants to upgrade them. This won't work. Instead of replacing old computers, the budget will simply be used to add new computers. The old computers will still stick around."Legacy" is a problem that money can't solve. Programmers know how to build small things, but not big things. Everything starts out small, then becomes big gradually over time through constant small additions. What you have now is big legacy systems. Attempts to replace a big system with a built-from-scratch big system will fail, because engineers don't know how to build big systems. This will suck down any amount of budget you have with failed multi-million dollar projects.It's not the antiquated systems that are usually the problem, but more modern systems. Antiquated systems can usually be protected by simply sticking a firewall or proxy in front of them."address immediate unmet budgetary needs necessary to manage risk"Nobody cares about cybersecurity. Instead, it's a thing people exploit in order to increase their budget. Instead of doing the best security with the budget they have, they insist they can't secure the network without more money.An alternate way to address gaps in cybersecurity is instead to do less. Reduce exposure to the web, provide fewer services, reduce functionality of desktop computers, and so on. Insisting that more money is the only way to address unmet needs is the strategy of the incompetent.Use the NIST frameworkProbably the biggest thing in the EO is that it forces everyone to use the NIST cybersecurity framework.The NIST Framework simply documents all the things that organizations commonly do to secure themselves, such run intrusion-detection systems or impose rules for good passwords.There are two problems with the NIST Framework. The first is that no organization does all the things listed. The second is that many organizations don't do the things well.Password rules are a good example. Organizations typically had bad rules, such as frequent changes and complexity standards. So the NIST Framework documented them. But cybersecurity experts have long opposed those complex rules, so have been fighting NIST on them.Another good example is intrusion-detection. These days, I scan the entire Internet, setting off everyone's intrusion-detection systems. I can see first hand that they are doing intrusion-detection wrong. But the NIST Framework recommends they do it, because many organizations do it, but the NIST Framework doesn't demand they do it well.When this EO forces everyone to follow the NIST Framework, then, it's likely just going to i]]> 2017-05-12T02:51:43+00:00 http://blog.erratasec.com/2017/05/some-notes-on-trumps-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=364556 False Guideline Tesla,Yahoo None SANS Institute - SANS est un acteur de defense et formation https://myaccount.google.com/security , I found that at some point in the past, I granted TripAdvisor access to my Gmail account. This wasnt intentional, it was probably an OK prompt during an install or update process you know, the ones you sometimes just click quickly / accidentally without paying attention to? Then wonder if you just clicked something dumb right after? Anyway, yes, one of those - *click* - gone now! I moved on to Facebook - application settings are here: https://www.facebook.com/settings and privacy settings are here: https://www.facebook.com/settings?tab=privacy Really, everything in that page needs to be looked at!. Me, I was surprised to find that I was using an older email address for my Facebook login (oops) with the login buried in my iPad app, it wasnt something I had thought about (plus Im not in facebook too much lately) Other sites of interest: Twitter: https://twitter.com/settings/account In particular: https://twitter.com/settings/safety And: https://twitter.com/settings/applications Linkedin: https://www.linkedin.com/psettings/ Really, most apps that you run have a privacy or a security page it never seems to be front-and-center though, in fact for many of the apps I access primarily from a dedicated app on my phone or tablet, I needed to go to the real application in my browser to find these settings. As you go, be sure to translate the security questions to plain English. For instance, from Googles privacy checkup, youbase64,iVBORw0KGgoAAAANSUhEUgAAAwQAAABsCAIAAABb1uIfAAAgAElEQVR4nOy9Z1dcSbYm3D9p3o8zs9adO/ftrq6qLkkljwBhlSC89wiPkAQyIIckQB5ZZAp5A3IgCYQTMiAJhIf0mcfGOXEinvkQSRZluqf7TvVU1TTPyiUlJzMj4+zYe8cTO/aO/AOWsYxlLGMZy1jGMv6F8YdfuwPLWMYylrGMZSxjGb8mlsnQMpaxjGUsYxnL+JfGMhlaxjKWsYxlLGMZ/9JYJkPLWMYylrGMZSzjXxrLZGgZy1jGMpaxjGX8S2OZDC1jGctYxjKWsYx/afwBAOccAGPsR6+pqmqapnjOGHO73X9no4QQxpho9teCZVm6rovnlFJxI4qi/Ipd+llomgYgKGdKKQC/3/9Ltf9LyeH3Is/fETjnnHPTNAkh4opQhmX857DUgxmGsVRFg/a1rLe/ffwG7cI0TVVVgwpmWRYASikhRExzv+5kt4xfBD8gQ2KMOedL3Yqu63+P71BVdenb+CJ++S7/I9B1/Vc3pL8HQZ4hy/I/qf1fRA6/F3n+9vGjmVuY3jL+DyEm0eCfQSGrqvqjJ8v4beK3ZhdBzyzAGAsuBZfCsqyfRhOW8fvCHwBYliVYi2maIjLx1/D3uJKlXCpI7f/vI8jMRB8Mw/gFwy2/IITBBwUlSdIva/+/lBx+L/L8vYAQQik1DCNoLLqu/+qu//eLoBjFet00TRGctizLsqylZEhc+fV6uoy/hd+aXSxd0gsmFLy+9G3LSvX/AP4AgFIqBjI4opTSN2/enDlzpqioqLCwMCsrKyUlpbCwMDs7O+evIzs7u7CwMD09vamp6d27d7/ujf2Ipwu3+Gt15m/gnx08+6Xk8HuR5+8XhmH82l34fWPpWi7o05bxe8evbheWZWma9iN1opRSSpejQf8vIRAZEnG/IBkaGxurq6urqalJT0/Pzc3NzMxMTEwsKSnJy8v7a0woMzMzJSUlNzc3JSVl7969hw4dGhoa+nXvTZIkTdM458GdnV8xUvU3IFZCuq4LV/6LG9gvJYffizx/Fwj6VsaYqqo+n++nsfdl/ENQFMXn8y2dtIJujTFmGIaINyyTpN8yfmt28dNVHyEk6AAFJQq+tMyNftcIVJOJWS0YXr506VJGRsbY2NiP3v23M1qEKliW5XK5cnNz6+vr/zl9/ruwdO]]> 2017-05-10T02:16:35+00:00 https://isc.sans.edu/diary.html?storyid=22400&rss www.secnews.physaphae.fr/article.php?IdArticle=363706 False Guideline Guam,Yahoo None AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC When users clicked on the button, they were prompted to give “Google Docs” permission to read / send email, manage their email, and access their contact lists.  In reality, this was a malicious application registered by the attackers. And, in fact, is one of the most well-crafted phishing attempts in the last year. By clicking on the ALLOW button, users authorized the malicious application to perform actions on their behalf. The users’ browsers were redirected to one of the malicious servers set up by the attackers, for example: https://googledocs[.]docscloud[.]win/g.php. The AlienVault Labs Security Research Team detected the activity, and while the attack was still in progress, we created a Pulse in the Open Threat Exchange (OTX) with all the indicators of the infrastructure the attackers used (mainly the domains they used in redirection). In addition, several OTX users jumped in and shared more malicious infrastructure in a matter of minutes! This helped get the indicators out immediately to the 30,000+ people that follow the AlienVault OTX account. Kudos to the OTX members who jumped in and delivered this valuable information so quickly to the community! Sign up to OTX to join the 53,000+ users who already benefit from this free service > Going back to the attack–when the user was redirected to one of the servers after allowing the malicious application to perform those actions, it was served with the JavaScript code that contained the self-replication / worm functionality. First, the malicious JavaScript would get access to the contact list (first 1000 entries): The code parsed the names and email addresses of those contacts and then prioritize addresses from gmail.com, avoiding addresses containing the words “google”, “keeper” and “unty”. Once the list of potential victims was crafted, the code sent the same email to them as well, thus propagating the attack: When sending the email, the attackers also decided to BCC the address hhhhhhhhhhhhhhhh[at]mailinator[.]com -, presumably to monitor progress or collect the list of victims. Impact Luckily, Google reacted to this quickly, and the malicious applications were shut down in about an hour after the start of the campaign. Cloudflare, which the attackers used in front of the malicious infrastructure, took down that part of the attack infrastructure quickly, too. It is important to mentio]]> 2017-05-04T17:18:00+00:00 http://feeds.feedblitz.com/~/309131881/0/alienvaultotx~OAuth-Worm-Targeting-Google-Users-You-Need-to-Watch-Cloud-Services www.secnews.physaphae.fr/article.php?IdArticle=362065 False Guideline APT 28,Yahoo None Network World - Magazine Info hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a "state-sponsored" group.On Wednesday, the FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.To read this article in full or to leave a comment, please click here]]> 2017-03-15T09:07:14+00:00 http://www.networkworld.com/article/3181308/legal/four-charged-including-russian-govt-agents-for-massive-yahoo-hack.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=338038 False Guideline Yahoo None Network World - Magazine Info cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what's preventing this process from happening?To read this article in full or to leave a comment, please click here]]> 2017-03-01T08:28:00+00:00 http://www.networkworld.com/article/3174682/security/to-improve-information-security-enterprises-and-government-must-share-information.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=325592 False Guideline Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC 2017-01-17T14:00:00+00:00 http://feeds.feedblitz.com/~/259363180/0/alienvault-blogs~The-Priority-of-the-GovernmentIndustry-Cybersecurity-Partnership www.secnews.physaphae.fr/article.php?IdArticle=293986 False Guideline Yahoo None Network World - Magazine Info Yahoo announced the largest-ever data breach, involving more than 1 billion customer accounts.Despite the scale and potential harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to defend their companies against such attacks. It's not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.To read this article in full or to leave a comment, please click here]]> 2016-12-26T04:51:00+00:00 http://www.networkworld.com/article/3153409/security/corporate-boards-arent-prepared-for-cyberattacks.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=279728 False Guideline Yahoo None Network World - Magazine Info Yahoo breach, for example, which could lead to a $1 billion drop in the company's value.To read this article in full or to leave a comment, please click here]]> 2016-10-13T05:42:00+00:00 http://www.networkworld.com/article/3130611/security/yahoo-shows-that-breach-impacts-can-go-far-beyond-remediation-expenses.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=195442 False Guideline Yahoo None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Ransomware operator shut down Stealing an AI Nobody is bidding on shadowbrokers files US government IP address contract ends Don’t be Yahoo Verizon wants $1bn discount You don’t have to be stupid to work here Links to other interesting stories from the week MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled Hacker releases code that powered Botnet attack against Krebs Microsoft has announced it is to harden the edge browser for enterprise users A really sweet presentation format and great information for incident response and security operations teams by Frode Hommedal Thrillseekers stuck on rides at Universal Studios after massive power outage --- redundancy fail? Or all part of the show? Halvar flake was asked why he works in security – and gives a nice response. What he didn’t give was my 3 favourite answers. Good pay, Sponsorship money, and VC money What makes call-out culture so toxic? The three infrastructure mistakes your company must not make Hootsuite’s CEO on what he learned from getting hacked on social media AlienVault OTX Maltego Transforms In other news from the week: Singing for the Unsung Heroes of IT Security AlienVault was a proud sponsor of the 2016]]> 2016-10-07T13:11:00+00:00 http://feeds.feedblitz.com/~/208328478/0/alienvault-blogs~Alien-Eye-in-the-Sky-Friday-October www.secnews.physaphae.fr/article.php?IdArticle=175862 False Guideline Yahoo None Network World - Magazine Info 2016-10-06T10:51:00+00:00 http://www.networkworld.com/video/70396/what-csos-can-learn-from-the-yahoo-breach#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=172155 False Guideline Yahoo None SC Magazine - Magazine ]]> 2016-10-05T19:30:00+00:00 http://feedproxy.google.com/~r/SCMagazineHome/~3/XC3a4ldS8Kg/ www.secnews.physaphae.fr/article.php?IdArticle=168284 False Guideline Yahoo None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2016-10-05T16:30:51+00:00 https://threatpost.com/yahoo-slams-email-surveillance-story-experts-demand-details/121100/ www.secnews.physaphae.fr/article.php?IdArticle=167924 False Guideline Yahoo None SecurityWeek - Security News 2016-10-05T16:10:02+00:00 http://feedproxy.google.com/~r/Securityweek/~3/Gm2HHyN0vxk/amid-privacy-outcry-yahoo-denies-surveillance-allegations www.secnews.physaphae.fr/article.php?IdArticle=167823 False Guideline Yahoo None Network World - Magazine Info Reuters article claimed that Yahoo had created the custom software program after receiving a classified U.S. government order.  That software program is reportedly capable of scanning all incoming emails from Yahoo customers for information provided by U.S. intelligence officials.However, on Wednesday Yahoo disputed the report.“We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems," the company said in an email. To read this article in full or to leave a comment, please click here]]> 2016-10-05T07:30:06+00:00 http://www.networkworld.com/article/3128124/yahoo-calls-report-of-secret-email-scanning-misleading.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=167099 False Guideline Yahoo None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2016-09-28T17:18:40+00:00 https://threatpost.com/congressional-leaders-demand-answers-on-yahoo-breach/120931/ www.secnews.physaphae.fr/article.php?IdArticle=139868 False Guideline Yahoo None Network World - Magazine Info letter addressed to Yahoo's CEO, the lawmakers said they were particularly "disturbed" that the breach occurred in 2014, but that Yahoo only publicized it last week."That means millions of Americans' data may have been compromised for two years," the letter said. "This is unacceptable."The hacking incident, which Yahoo said it only learned recently, affects at least 500 million users, making it perhaps the largest known data breach in history. Account information, including email addresses, telephone numbers, and hashed passwords, may have been stolen.To read this article in full or to leave a comment, please click here]]> 2016-09-27T10:38:08+00:00 http://www.networkworld.com/article/3124420/six-senators-demand-more-details-about-the-yahoo-data-breach.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=134693 False Guideline Yahoo None