This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T13:16:08+00:00 www.secnews.physaphae.fr The Last Watchdog - Blog Sécurité de Byron V Acohido The targeting of supply chains Last Friday, July 2, in a matter of a few … (more…) ]]> 2021-07-08T11:20:37+00:00 https://www.lastwatchdog.com/roundtable-kaseya-hack-aims-ransomware-at-smbs-via-a-solarwinds-style-compromise/ www.secnews.physaphae.fr/article.php?IdArticle=3040124 False Ransomware,Hack None None Bleeping Computer - Magazine Américain 2021-07-08T09:19:53+00:00 https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/ www.secnews.physaphae.fr/article.php?IdArticle=3037733 False Data Breach,Hack None None SecurityWeek - Security News 2021-07-07T11:24:04+00:00 http://feedproxy.google.com/~r/securityweek/~3/VIfWxsva-cU/researchers-reproduce-exploit-used-kaseya-hack www.secnews.physaphae.fr/article.php?IdArticle=3032510 False Hack None None The Last Watchdog - Blog Sécurité de Byron V Acohido Equipping Security Operations Centers (SOCs) for the long haul Enterprises have long operated in … (more…) ]]> 2021-06-30T11:40:04+00:00 https://www.lastwatchdog.com/guest-essay-why-online-supply-chains-remain-at-risk-and-what-companies-can-do-about-it/ www.secnews.physaphae.fr/article.php?IdArticle=3003048 False Hack None None Veracode - Application Security Research, News, and Education Blog 2021-06-29T11:30:29+00:00 https://www.veracode.com/blog/secure-development/speed-or-security-dont-compromise www.secnews.physaphae.fr/article.php?IdArticle=2996362 False Hack,Tool,Vulnerability,Guideline None None The Last Watchdog - Blog Sécurité de Byron V Acohido Reaction to Biden ‘s cybersecurity executive order Nobelium … (more…) ]]> 2021-06-28T18:10:20+00:00 https://www.lastwatchdog.com/shared-intel-microsoft-discloses-how-the-nobelium-hacking-ring-engages-in-routine-phishing/ www.secnews.physaphae.fr/article.php?IdArticle=2993544 False Malware,Hack,Threat None 5.0000000000000000 Security Affairs - Blog Secu 2021-06-27T11:25:36+00:00 https://securityaffairs.co/wordpress/119448/breaking-news/security-affairs-newsletter-round-320.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-320 www.secnews.physaphae.fr/article.php?IdArticle=2988080 False Hack,Guideline APT 31 None TroyHunt - Blog Security 2021-06-25T19:52:13+00:00 https://arstechnica.com/?p=1776333 www.secnews.physaphae.fr/article.php?IdArticle=2983813 True Hack None None Security Affairs - Blog Secu 2021-06-25T12:55:40+00:00 https://securityaffairs.co/wordpress/119387/security/fortinet-fortiweb-waf-flaw.html?utm_source=rss&utm_medium=rss&utm_campaign=fortinet-fortiweb-waf-flaw www.secnews.physaphae.fr/article.php?IdArticle=2981627 False Hack,Vulnerability None None Wired Threat Level - Security News 2021-06-24T18:32:09+00:00 https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale www.secnews.physaphae.fr/article.php?IdArticle=2978355 False Hack None None SecurityWeek - Security News ]]> 2021-06-21T11:33:59+00:00 http://feedproxy.google.com/~r/securityweek/~3/8hhdDuajMIc/water-sector-security-report-released-just-another-water-plant-hack-comes-light www.secnews.physaphae.fr/article.php?IdArticle=2959002 False Hack None None Security Affairs - Blog Secu 2021-06-20T16:36:59+00:00 https://securityaffairs.co/wordpress/119161/apt/norway-blames-china-apt31.html?utm_source=rss&utm_medium=rss&utm_campaign=norway-blames-china-apt31 www.secnews.physaphae.fr/article.php?IdArticle=2956293 False Hack APT 31 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-06-18T23:34:04+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/VnOrX2c4UI0/north-korea-exploited-vpn-flaw-to-hack.html www.secnews.physaphae.fr/article.php?IdArticle=2951605 False Hack,Vulnerability None None Graham Cluley - Blog Security 2021-06-17T11:24:00+00:00 https://grahamcluley.com/smashing-security-podcast-232/ www.secnews.physaphae.fr/article.php?IdArticle=2942077 False Hack None None Naked Security - Blog sophos 2021-06-17T00:09:00+00:00 https://nakedsecurity.sophos.com/2021/06/17/how-to-hack-a-bicycle-peloton-bike-rooting-bug-patched/ www.secnews.physaphae.fr/article.php?IdArticle=2940734 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-06-16T02:14:53+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/PG7p8DstpHc/ransomware-attackers-partnering-with.html www.secnews.physaphae.fr/article.php?IdArticle=2934320 False Ransomware,Hack,Threat None None Bleeping Computer - Magazine Américain 2021-06-15T06:39:02+00:00 https://www.bleepingcomputer.com/news/security/apple-fixes-ninth-zero-day-bug-exploited-in-the-wild-this-year/ www.secnews.physaphae.fr/article.php?IdArticle=2928816 False Hack None None SecurityWeek - Security News 2021-06-14T22:16:47+00:00 http://feedproxy.google.com/~r/securityweek/~3/Jbr_d4l30CE/apple-webkit-bugs-exploited-hack-older-iphones www.secnews.physaphae.fr/article.php?IdArticle=2925983 False Hack None None SecurityWeek - Security News 2021-06-14T21:00:28+00:00 http://feedproxy.google.com/~r/securityweek/~3/cU8EcZtbu80/codecov-kills-bash-uploader-blamed-supply-chain-hack www.secnews.physaphae.fr/article.php?IdArticle=2925813 False Hack,Tool None None InfoSecurity Mag - InfoSecurity Magazine 2021-06-14T17:13:00+00:00 https://www.infosecurity-magazine.com:443/news/revil-claims-responsibility-for/ www.secnews.physaphae.fr/article.php?IdArticle=2924030 False Ransomware,Hack None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-06-11T16:39:10+00:00 https://threatpost.com/cyberpunk-2077-hacked-data-online/166852/ www.secnews.physaphae.fr/article.php?IdArticle=2909672 False Hack None None The Security Ledger - Blog Sécurité Episode 216: Signed, Sealed and Delivered: The Future of Supply Chain...Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/654400338/0/thesecurityledger -->» ]]> 2021-06-10T14:26:25+00:00 https://feeds.feedblitz.com/~/654400338/0/thesecurityledger~Episode-Signed-Sealed-and-Delivered-The-Future-of-Supply-Chain-Security/ www.secnews.physaphae.fr/article.php?IdArticle=2903708 False Hack None None UnderNews - Site de news "pirate" francais Cyberguerre : l'armée américaine présente les résultats de son bug bounty " Hack the Army 3.0 " first appeared on UnderNews.]]> 2021-06-10T13:52:44+00:00 https://www.undernews.fr/culture-web-emploi/evenements/cyberguerre-larmee-americaine-presente-les-resultats-de-son-bug-bounty-hack-the-army-3-0.html www.secnews.physaphae.fr/article.php?IdArticle=2903128 False Hack None None InformationSecurityBuzzNews - Site de News Securite 2021-06-09T12:07:07+00:00 https://informationsecuritybuzz.com/expert-comments/experts-inisght-on-security-threats-of-vpn-and-what-organisations-can-do-to-manage-the-risk-of-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=2895597 False Hack None None Naked Security - Blog sophos 2021-06-04T14:09:26+00:00 https://nakedsecurity.sophos.com/2021/06/04/how-to-hack-into-5500-accounts-just-using-credential-stuffing/ www.secnews.physaphae.fr/article.php?IdArticle=2875257 False Hack None None ComputerWeekly - Computer Magazine 2021-06-04T06:14:00+00:00 https://www.computerweekly.com/news/252501921/Secrecy-around-EncroChat-cryptophone-hack-breaches-French-constitution-court-hears www.secnews.physaphae.fr/article.php?IdArticle=2874550 False Hack None None InfoSecurity Mag - InfoSecurity Magazine 2021-06-03T08:20:00+00:00 https://www.infosecurity-magazine.com:443/news/fbi-revil-ransomware-jbs-attack/ www.secnews.physaphae.fr/article.php?IdArticle=2870783 False Ransomware,Hack None None InformationSecurityBuzzNews - Site de News Securite 2021-06-02T07:54:01+00:00 https://informationsecuritybuzz.com/expert-comments/experts-react-on-jbs-foods-hack-must-prompt-supply-chain-cyber-protection/ www.secnews.physaphae.fr/article.php?IdArticle=2867175 False Hack None None SecurityWeek - Security News 2021-06-01T12:41:33+00:00 http://feedproxy.google.com/~r/securityweek/~3/XLW5ZlUXDk8/swedish-public-health-agency-says-disease-database-targeted-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=2865172 False Hack None None SecurityWeek - Security News latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. ]]> 2021-05-30T14:19:20+00:00 http://feedproxy.google.com/~r/securityweek/~3/8Fk7vo-HZuI/us-says-agencies-largely-fended-latest-russian-hack www.secnews.physaphae.fr/article.php?IdArticle=2859643 False Hack None None Wired Threat Level - Security News 2021-05-29T13:00:00+00:00 https://www.wired.com/story/nuclear-secrets-flashcards-citizen-app-japan-hack-security-news www.secnews.physaphae.fr/article.php?IdArticle=2856520 False Hack None None Security Affairs - Blog Secu 2021-05-28T20:16:19+00:00 https://securityaffairs.co/wordpress/118367/ics-scada/cve-2020-15782-siemens-plcs-flaw.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2020-15782-siemens-plcs-flaw www.secnews.physaphae.fr/article.php?IdArticle=2854601 False Hack,Vulnerability None None SecurityWeek - Security News 2021-05-28T15:08:02+00:00 http://feedproxy.google.com/~r/securityweek/~3/hSgTTqLiIR0/newly-disclosed-vulnerability-allows-remote-hacking-siemens-plcs www.secnews.physaphae.fr/article.php?IdArticle=2852478 False Hack,Vulnerability None None SecurityWeek - Security News the ransomware hack that disrupted gas supplies in several states this month. ]]> 2021-05-27T14:24:34+00:00 http://feedproxy.google.com/~r/securityweek/~3/Gn0lXfFZaZc/us-pipelines-ordered-increase-cyber-defenses-after-hack www.secnews.physaphae.fr/article.php?IdArticle=2846217 False Ransomware,Hack None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-05-27T13:56:20+00:00 https://threatpost.com/fujitsu-saas-hack-japan-scrambling/166517/ www.secnews.physaphae.fr/article.php?IdArticle=2846041 False Hack,Threat None None InformationSecurityBuzzNews - Site de News Securite 2021-05-27T12:58:14+00:00 https://informationsecuritybuzz.com/expert-comments/expert-reaction-on-japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2845594 True Hack None None Schneier on Security - Chercheur Cryptologue Américain long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come. ]]> 2021-05-27T11:41:26+00:00 https://www.schneier.com/blog/archives/2021/05/the-story-of-the-2011-rsa-hack.html www.secnews.physaphae.fr/article.php?IdArticle=2845556 False Hack None 4.0000000000000000 Darknet - The Darkside - Site de news Américain Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment. Features of Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub contains many frameworks, databases, applications, programming languages and more such as: Drupal ffmpeg CouchDB ActiveMQ Glassfish Joombla JBoss Kibana Laravel Rails Python Tomcat And many, many more. Read the rest of Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack now! Only available at Darknet. ]]> 2021-05-27T10:57:54+00:00 https://www.darknet.org.uk/2021/05/vulhub-pre-built-vulnerable-docker-environments-for-learning-to-hack/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed www.secnews.physaphae.fr/article.php?IdArticle=2844993 False Hack None None Bleeping Computer - Magazine Américain 2021-05-27T09:48:37+00:00 https://www.bleepingcomputer.com/news/security/us-announces-new-security-directive-after-critical-pipeline-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2846161 False Ransomware,Hack None None Bleeping Computer - Magazine Américain 2021-05-27T03:21:17+00:00 https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2844557 False Hack None None SecurityWeek - Security News 2021-05-26T19:29:45+00:00 http://feedproxy.google.com/~r/securityweek/~3/Y53iAMcJ_ec/us-exchanges-offer-rich-potential-target-hackers www.secnews.physaphae.fr/article.php?IdArticle=2842309 False Hack,Threat None None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Air India passenger data breach reveals SITA hack worse than first thought (published: May 23, 2021) Adding to the growing body of knowledge related to the March 2021 breach of SITA, a multinational information technology company providing IT and telecommunication services to the air transport industry, Air India announced over the weekend that the personal information of 4.5 million customers was compromised. According to the airline, the stolen information included passengers’ name, credit card details, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data. The compromise included data for passengers who registered with Indian Airlines between 26 August 2011 and 3 February 2021; nearly a decade. Air India adds to the growing list of SITA clients impacted by their data breach, including Malaysia Airlines, Finnair, Singapore Airlines, Jeju Air, Cathay Pacific, Air New Zealand, and Lufthansa. Analyst Comment: Unfortunately, breaches like this are commonplace. While customers have no control over their information being included in such a breach, they can and should take appropriate actions once notified they may be impacted, Those actions can include changing passwords and credit cards associated with the breached accounts, engaging with credit reporting agencies for enhanced credit monitoring or freezing of credit inquiries without permission, and reaching out to companies that have reportedly been breached to learn what protections they may be offering their clients. Tags: Data Breach, Airline, PII BazarCall: Call Centers Help Spread BazarLoader Malware (published: May 19, 2021) Researchers from PaloAlto’s Unit42 released a breakdown of a new infection method for the BazarLoader malware. Once installed, BazarLoader provides backdoor access to an infected Windows host which criminals can use to scan the environment, send follow-up malware, and exploit other vulnerable hosts on the network. In early February 2021, researchers began to report a “call center” method of distributing BazarLoader. Actors would send phishing emails with trial subscription-based themes encouraging victims to phone a number to unsubscribe. If a victim called, the actor would answer the phone and direct the victim through a process to infect the computer with BazarLoader. Analysts dubbed this method of infection “BazarCall.” Analyst Comment: This exemplifies social engineering tactics threat actors employ to trick users into installing malware on their machines. All social media users should be cautious when accepting unknown requests to connect, and particularly cautious when receiving communication from unknown users. Even if cal]]> 2021-05-25T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-bizzaro-trojan-expands-to-europe-fake-call-centers-help-spread-bazarloader-malware-toshiba-business-reportedly-hit-by-darkside-ransomware-and-more www.secnews.physaphae.fr/article.php?IdArticle=2835873 False Ransomware,Data Breach,Malware,Hack,Tool,Vulnerability,Threat,Guideline None None Hacking Articles - Blog de Raj Chandel 2021-05-25T14:08:37+00:00 https://www.hackingarticles.in/time-hackthebox-walkthrough/ www.secnews.physaphae.fr/article.php?IdArticle=2836158 True Hack None 5.0000000000000000 Hacking Articles - Blog de Raj Chandel 2021-05-24T18:22:26+00:00 https://www.hackingarticles.in/delivery-hackthebox-walkthrough/ www.secnews.physaphae.fr/article.php?IdArticle=2832262 False Hack None None SecurityWeek - Security News ]]> 2021-05-24T14:14:26+00:00 http://feedproxy.google.com/~r/securityweek/~3/-DeQibbqOLQ/needle-haystack-inside-story-microsoft-exchange-hack www.secnews.physaphae.fr/article.php?IdArticle=2831022 False Hack None None SecurityWeek - Security News 2021-05-24T13:18:10+00:00 http://feedproxy.google.com/~r/securityweek/~3/gnAqg1CE0dk/us-government-asks-victims-2017-etherdelta-hack-come-forward www.secnews.physaphae.fr/article.php?IdArticle=2830548 False Hack None None Schneier on Security - Chercheur Cryptologue Américain report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn't another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US democracy ­– the ability of citizens to express their voice to their political representatives. And it was carried out by generating millions of fake comments and fake emails purporting to come from real citizens. This attack was detected because it was relatively crude. But artificial intelligence technologies are making it possible to generate genuine-seeming comments at scale, drowning out the voices of real citizens in a tidal wave of fake ones...]]> 2021-05-24T11:20:05+00:00 https://www.schneier.com/blog/archives/2021/05/ais-and-fake-comments.html www.secnews.physaphae.fr/article.php?IdArticle=2830982 False Hack None 3.0000000000000000 ComputerWeekly - Computer Magazine 2021-05-24T08:44:00+00:00 https://www.computerweekly.com/news/252501286/Air-India-is-latest-victim-of-Sita-hack www.secnews.physaphae.fr/article.php?IdArticle=2830880 False Hack None None IT Security Guru - Blog Sécurité 2021-05-24T07:46:47+00:00 https://www.itsecurityguru.org/2021/05/24/damage-of-sita-data-breach-still-unfolding-as-air-india-compromised/?utm_source=rss&utm_medium=rss&utm_campaign=damage-of-sita-data-breach-still-unfolding-as-air-india-compromised www.secnews.physaphae.fr/article.php?IdArticle=2829801 False Data Breach,Hack None 5.0000000000000000 SecurityWeek - Security News 2021-05-23T12:08:41+00:00 http://feedproxy.google.com/~r/securityweek/~3/_Ece50GlsVQ/indias-national-carrier-says-hack-leaked-passengers-data www.secnews.physaphae.fr/article.php?IdArticle=2827824 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-05-21T22:01:08+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/LEE6xqaWEM8/indias-flag-carrier-airline-air-india.html www.secnews.physaphae.fr/article.php?IdArticle=2824093 False Data Breach,Hack None None Bleeping Computer - Magazine Américain 2021-05-21T14:48:50+00:00 https://www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/ www.secnews.physaphae.fr/article.php?IdArticle=2822248 False Data Breach,Hack None None InformationSecurityBuzzNews - Site de News Securite 2021-05-20T10:19:46+00:00 https://informationsecuritybuzz.com/expert-comments/solarwinds-hack-happened-months-earlier-than-thought/ www.secnews.physaphae.fr/article.php?IdArticle=2815464 False Hack None None Wired Threat Level - Security News 2021-05-20T10:00:00+00:00 https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told www.secnews.physaphae.fr/article.php?IdArticle=2815312 False Hack None None SecurityWeek - Security News 2021-05-19T14:36:40+00:00 http://feedproxy.google.com/~r/securityweek/~3/o6JFl-nQ36s/probe-florida-water-plant-hack-led-discovery-watering-hole-attack-0 www.secnews.physaphae.fr/article.php?IdArticle=2811083 False Hack None None The Last Watchdog - Blog Sécurité de Byron V Acohido DHS embarks on 60-day cybersecurity sprints The attackers shut down the largest fuel pipeline in the U.S., compelling Colonial to pay them 75 bitcoins, worth a … (more…) ]]> 2021-05-19T12:30:07+00:00 https://www.lastwatchdog.com/roundtable-experts-react-to-president-bidens-exec-order-responding-to-colonial-pipeline-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2813934 False Ransomware,Hack None None SecurityWeek - Security News 2021-05-19T10:50:14+00:00 http://feedproxy.google.com/~r/securityweek/~3/zxjPybYPfJE/lawmakers-reintroduce-pipeline-security-act-following-colonial-hack www.secnews.physaphae.fr/article.php?IdArticle=2809916 False Hack None None Anomali - Firm Blog phishing. Phishing enables cybercriminals to gain the access needed for a ransomware attack, cyber extortion, or the theft of personally identifiable information (PII) which is used to steal money or identities. While the threat of compromise may be daunting to many who do not see themselves as very technical, even those with limited knowledge can employ a few simple techniques and tools to greatly reduce the potential for being compromised. Before we talk solutions, let us briefly examine the common threats most of us face and nearly all of us can minimize through simple cyber self-defense. 4 Common Threats Faced in Cyberspace Phishing: Someone poses as a legitimate institution or individual in an email or text to lure victims into providing sensitive data such as PII, banking and credit card details, and passwords. Ransomware: Malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. Theft of PII: The theft of data that may include a Social Security number, date of birth, driver’s license number, bank account and financial information, as well as a passport number. All this data can be assembled into a full financial record file (AKA, “fullz”) for identity theft. These reportedly sell for as little as $8/each on cybercriminal markets across the Dark Web. Cyber Extortion/Blackmail: A crime in which a threat actor demands payment to prevent the release of potentially embarrassing or damaging information. In most cases involving individual victims (not companies), a threat actor pretends to have compromised a victim’s computer or an account tied to something embarrassing. By quoting credentials usually gathered from a previously published breach, the threat actor quotes those credentials as “evidence” of access to the more embarrassing data. Because people commonly use the same credentials for multiple accounts, this bluff often works, leading to the victim being forced to provide more embarrassing content for extortion, pay money, or both. Cyber Self-Defense Practices: Safely Using Wi-Fi and Bluetooth Wireless connectivity to the Internet and other devices is one of the most convenient inventions in recent memory. Unfortunately, these technologies also come with risks many users fail to recognize or mitigate. Thankfully, it only takes a few simple changes to greatly reduce the risk of personal compromise and practice cyber self-defense. Keep Wi-Fi and Bluetooth features turned off on mobile phones and la]]> 2021-05-17T20:44:00+00:00 https://www.anomali.com/blog/cyber-self-defense-is-not-complicated www.secnews.physaphae.fr/article.php?IdArticle=2802241 False Malware,Hack,Threat,Guideline None None SecurityWeek - Security News 2021-05-14T17:35:22+00:00 http://feedproxy.google.com/~r/securityweek/~3/eKu0X0hpKto/darkside-ransomware-shutdown-exit-scam-or-running-hills www.secnews.physaphae.fr/article.php?IdArticle=2805945 False Ransomware,Hack,Threat None None CVE Liste - Common Vulnerability Exposure 2021-05-13T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29510 www.secnews.physaphae.fr/article.php?IdArticle=2781967 False Hack None 4.0000000000000000 Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-05-12T16:50:43+00:00 https://threatpost.com/gig-workers-paid-payroll-passwords/166086/ www.secnews.physaphae.fr/article.php?IdArticle=2774723 False Hack None None Security Affairs - Blog Secu 2021-05-12T16:32:21+00:00 https://securityaffairs.co/wordpress/117819/hacking/wifi-fragattacks.html?utm_source=rss&utm_medium=rss&utm_campaign=wifi-fragattacks www.secnews.physaphae.fr/article.php?IdArticle=2775259 False Hack None None The Last Watchdog - Blog Sécurité de Byron V Acohido (more…) ]]> 2021-05-11T12:11:31+00:00 https://www.lastwatchdog.com/rsac-insights-solarwinds-hack-illustrates-why-software-builds-need-scrutiny-at-deployment/ www.secnews.physaphae.fr/article.php?IdArticle=2770741 False Hack None None Wired Threat Level - Security News 2021-05-10T21:03:03+00:00 https://www.wired.com/story/apple-execs-chose-to-keep-hack-of-128-million-iphones-quiet www.secnews.physaphae.fr/article.php?IdArticle=2764094 False Hack None None SecurityWeek - Security News 2021-05-10T14:07:12+00:00 http://feedproxy.google.com/~r/Securityweek/~3/zWVuMaQVBz0/twilio-hashicorp-among-codecov-supply-chain-hack-victims www.secnews.physaphae.fr/article.php?IdArticle=2761748 False Hack None None Wired Threat Level - Security News 2021-05-08T21:33:57+00:00 https://www.wired.com/story/colonial-pipeline-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=2756736 False Ransomware,Hack None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-05-07T20:28:41+00:00 https://threatpost.com/iphone-hack-spying-china-uyghurs/165950/ www.secnews.physaphae.fr/article.php?IdArticle=2753694 False Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Lastpass survey, US employees working in mid-sized corporate businesses must manage approximately 75 passwords for work. Unsurprisingly, employees recycle passwords 13 times on average. In other words, employees are using the same passwords over and over. And in many cases, especially for corporate applications and resources that lack strong password requirements, some passwords just aren’t strong enough. Cybercriminals know this, and it’s why breaches happen. If hackers get access to your trusted data, the ramifications can be dire. The costs of a data breach go well beyond financial, and include damage to your company’s brand, trust and reputation. Why do we need stronger and longer passwords? As malware, phishing, and ransomware continue to skyrocket, we must understand that the password is the primary method for attackers to gain access to corporate systems.  Phishing passwords may be the easiest method, but passwords can also be cracked. The stronger the password, the harder it is for cybercriminals to decode. In a typical attack—the brute force password attack—attackers will use software that quickly attempts every possible password combination of numbers, letters, and symbols. These software programs get better as computing power increases. For example, an eight-character strong password was not long ago considered secure and difficult to crack. Today, it can be cracked in eight hours. But if we tack on two more characters to make it ten-character, cracking the password can take approximately five years.  Why do we need unique passwords for every login? As mentioned above, phishing is one of the simplest ways for hackers to steal our passwords. If you think your company has been victimized by phishing, malware, or ransomware, perhaps you’ve taken steps to reset those passwords. But the security risk here is if employees are using the same passwords for different apps, sites or resources. Have you heard about credential stuffing? With credential stuffing, attackers take username and password combinations they already know (which have been stolen or paid for on the dark web) and try them everywhere they can. Use of credential stuffing is escalating, and businesses of all sizes should take note. This type of attack is only successful if and when employees use the same password for different logins. What about password managers? Managing all those passwords doesn’t have to be complicated. A password management system is software that keeps an up-to-date list of all your passwords and logins, using a master password to access the password “vault”. That master password is the only one you need to remember. What if a hacker accesses your vault? Isn’t that riskier? Sure, there is undoubtedly an element of risk, but it’s critical to think in terms of relative safety. As a general rule, using some type of password ]]> 2021-05-06T10:00:00+00:00 https://feeds.feedblitz.com/~/651048994/0/alienvault-blogs~Password-security-tips-and-best-practices-for-enterprises www.secnews.physaphae.fr/article.php?IdArticle=2745384 False Ransomware,Data Breach,Hack LastPass None Bleeping Computer - Magazine Américain 2021-05-03T11:42:05+00:00 https://www.bleepingcomputer.com/news/security/pulse-secure-fixes-vpn-zero-day-used-to-hack-high-value-targets/ www.secnews.physaphae.fr/article.php?IdArticle=2733370 False Hack,Vulnerability None None Security Affairs - Blog Secu 2021-05-02T11:05:41+00:00 https://securityaffairs.co/wordpress/117441/hacking/tesla-model-x-hacking.html?utm_source=rss&utm_medium=rss&utm_campaign=tesla-model-x-hacking www.secnews.physaphae.fr/article.php?IdArticle=2729690 False Hack None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-04-30T17:03:51+00:00 https://threatpost.com/solarwinds-hack-seismic-shift/165758/ www.secnews.physaphae.fr/article.php?IdArticle=2722702 False Hack None None 01net. Actualites - Securite - Magazine Francais ]]> 2021-04-30T07:00:00+00:00 https://www.01net.com/actualites/cellebrite-et-si-l-outil-de-la-police-avait-perdu-toute-son-utilite-depuis-son-hack-par-le-createur-de-signal-2042105.html www.secnews.physaphae.fr/article.php?IdArticle=2719966 False Hack None None Security Affairs - Blog Secu 2021-04-29T16:53:26+00:00 https://securityaffairs.co/wordpress/117354/security/linux-kernel-flaw-2.html?utm_source=rss&utm_medium=rss&utm_campaign=linux-kernel-flaw-2 www.secnews.physaphae.fr/article.php?IdArticle=2715773 False Hack None None Security Through Education - Security Through Education 2021-04-29T15:46:03+00:00 https://www.social-engineer.org/social-engineering/home-is-where-the-hack-is/?utm_source=rss&utm_medium=rss&utm_campaign=home-is-where-the-hack-is www.secnews.physaphae.fr/article.php?IdArticle=2715227 False Hack None 5.0000000000000000 Wired Threat Level - Security News 2021-04-29T11:00:00+00:00 https://www.wired.com/story/how-pixar-uses-hyper-colors-to-hack-your-brain www.secnews.physaphae.fr/article.php?IdArticle=2713723 False Hack None None SecurityWeek - Security News counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it ]]> 2021-04-29T01:39:41+00:00 http://feedproxy.google.com/~r/Securityweek/~3/W-n23PbWhIQ/us-government-taking-creative-steps-counter-cyberthreats www.secnews.physaphae.fr/article.php?IdArticle=2711861 False Hack,Tool None None Schneier on Security - Chercheur Cryptologue Américain report I just published, artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage...]]> 2021-04-26T11:06:27+00:00 https://www.schneier.com/blog/archives/2021/04/when-ais-start-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=2695295 False Hack None 4.0000000000000000 ComputerWeekly - Computer Magazine 2021-04-26T10:27:00+00:00 https://www.computerweekly.com/news/252499785/French-legal-challenge-over-EncroChat-cryptophone-hack-could-hit-UK-prosecutions www.secnews.physaphae.fr/article.php?IdArticle=2696578 False Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC internet crime reports rising 69.4% and costing more than $4.2 billion. Now that more companies are embracing digital services after the pandemic, this trend will likely continue. All businesses, regardless of size or industry, must revisit their cybersecurity. Here are the five most important cybersecurity updates for this year. 1. Implementing a Zero-Trust framework The single most crucial cybersecurity upgrade for businesses this year is adopting a zero-trust security framework. These systems, which rely on network segmentation and thorough user verification, aren’t new but are increasingly crucial. In light of rising cyberthreats, companies can’t afford to trust anything inside or outside their networks without proof. A 2020 survey found that 82% of company leaders plan to let their employees work remotely at least part time after the pandemic. That many people accessing data remotely raises security concerns. Hackers could pose as remote workers to gain access or install spyware, and IT teams wouldn’t know it. Zero-trust models mitigate these threats. Verifying user identity at every step helps guarantee only employees can access mission-critical data. Segmentation ensures that only those who need access can get it, and if a breach occurs, it won’t impact the entire network. 2. Securing machine learning training data Machine learning algorithms are becoming increasingly common among companies in various industries. These models take considerable amounts of data to train, which presents an enticing opportunity for cybercriminals. As more companies rely on machine learning, more threat actors will likely try to poison the training data. By injecting incorrect or corrupt data into the training pool, cybercriminals could manipulate a machine learning system. If companies don’t catch the problem before it’s too late, the algorithms they rely on could influence poor or even harmful business decisions. Given this threat, securing machine learning training data is a must. Businesses should carefully inspect the information they use to train machine learning models. They should also enact stricter access controls over training pools, including activity monitoring. 3. Verifying third-party and partner security Businesses should also look outward when improving their cybersecurity. The growing public awareness of cyberthreats is changing expectations about visibility, and that’s a good thing. It’s no longer sufficient to trust that a business partner or third party has robust data security. Companies must verify it. Third-party data breaches in 2020 exposed millions of records, and major events like the SolarWinds hack have revealed how fragile some systems are. In light of these risks, businesses must ask all potential partners to prove]]> 2021-04-26T10:00:00+00:00 https://feeds.feedblitz.com/~/650096666/0/alienvault-blogs~The-most-crucial-Cybersecurity-updates-for-businesses-in www.secnews.physaphae.fr/article.php?IdArticle=2694605 False Data Breach,Hack,Threat,Guideline None None Security Affairs - Blog Secu 2021-04-23T07:45:44+00:00 https://securityaffairs.co/wordpress/117139/hacking/evil-maid-attack-vacuum-hack.html?utm_source=rss&utm_medium=rss&utm_campaign=evil-maid-attack-vacuum-hack www.secnews.physaphae.fr/article.php?IdArticle=2682411 False Hack None None ZD Net - Magazine Info 2021-04-22T13:08:16+00:00 https://www.zdnet.com/article/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2678601 False Hack None None Errata Security - Errata Security their paper is useful. I would not be able to immediately recognize their patches as adding a vulnerability -- and I'm an expert at such things.In addition, the sorts of bugs it exploits shows a way forward in the evolution of programming languages. It's not clear that a "safe" language like Rust would be the answer. Linux kernel programming requires tracking resources in ways that Rust would consider inherently "unsafe". Instead, the C language needs to evolve with better safety features and better static analysis. Specifically, we need to be able to annotate the parameters and return statements from functions. For example, if a pointer can't be NULL, then it needs to be documented as a non-nullable pointer. (Imagine if pointers could be signed and unsigned, meaning, can sometimes be NULL or never be NULL).So I'm glad this paper exists. As a researcher, I'll likely cite it in the future. As a programmer, I'll be more vigilant in the future. In my own open-source projects, I should probably review some previous pull requests that I've accepted, since many of them have been the same crappy quality of simply adding a (probably) unnecessary NULL-pointer check.The next question is whether this is ethical. Well, the paper claims to have sign-off from their university's IRB -- their Institutional Review Board that reviews the ethics of experiments. Universities created IRBs to deal with the fact that many medical experiments were done on either unwilling or unwitting subjects, such as the Tuskegee Syphilis Study. All medical research must have IRB sign-off these days.However, I think IRB sign-off for computer security research is stupid. Things like masscanning of the entire Internet are undecidable with traditional ethics. I regularly scan every device on the IPv4 Internet, including your own home router. If you paid attention to the packets your firewall drops, some of them would be from me. Some consider this a gross violation of basic ethics and get very upset that I'm scanning their computer. Others consider this to be the expected consequence of the end-to-end nature of the public Internet, that there's an inherent social contract that you must be prepared to receive any packet from anywhere. Kerckhoff's Principle from the 1800s suggests that core ethic of cybersecurity is exposure to such things rather than trying to cover them up.The point isn't to argue whether masscanning is ethical. The point is to argue that it's undecided, and that your IRB isn't going to be able to answer the question better than anybody else.But here's the thing about masscanning: I'm honest and transparent about it. My very first scan of the entire Internet came with a tweet "BTW, this is me scanning the entire Internet".A lot of ethical questions in other fields comes down to honesty. If you have to lie about it or cover it up, then th]]> 2021-04-21T17:27:21+00:00 https://blog.erratasec.com/2021/04/ethics-university-of-minnesotas-hostile.html www.secnews.physaphae.fr/article.php?IdArticle=2675984 False Hack,Vulnerability None None Security Affairs - Blog Secu 2021-04-21T13:12:46+00:00 https://securityaffairs.co/wordpress/117083/cyber-crime/revil-ransomware-apple-quanta.html?utm_source=rss&utm_medium=rss&utm_campaign=revil-ransomware-apple-quanta www.secnews.physaphae.fr/article.php?IdArticle=2674623 False Ransomware,Hack None None ZD Net - Magazine Info 2021-04-21T09:45:24+00:00 https://www.zdnet.com/article/codecov-breach-impacted-hundreds-of-customer-networks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2673835 False Hack None 2.0000000000000000 Security Affairs - Blog Secu 2021-04-21T05:38:01+00:00 https://securityaffairs.co/wordpress/117060/apt/pulse-secure-vpn-zeroday-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=pulse-secure-vpn-zeroday-attacks www.secnews.physaphae.fr/article.php?IdArticle=2673257 False Hack,Vulnerability None None Security Affairs - Blog Secu 2021-04-20T19:50:57+00:00 https://securityaffairs.co/wordpress/117053/hacking/hacking-x-ray-machine.html?utm_source=rss&utm_medium=rss&utm_campaign=hacking-x-ray-machine www.secnews.physaphae.fr/article.php?IdArticle=2672095 False Hack None None Bleeping Computer - Magazine Américain 2021-04-20T11:03:06+00:00 https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/ www.secnews.physaphae.fr/article.php?IdArticle=2671029 False Hack None None Security Affairs - Blog Secu 2021-04-19T21:49:23+00:00 https://securityaffairs.co/wordpress/117001/ics-scada/ot-network-hack-smart-meters.html?utm_source=rss&utm_medium=rss&utm_campaign=ot-network-hack-smart-meters www.secnews.physaphae.fr/article.php?IdArticle=2668102 False Hack None None Graham Cluley - Blog Security 2021-04-19T15:46:19+00:00 https://grahamcluley.com/six-million-male-members-may-have-been-exposed-after-hack-of-gay-dating-service/ www.secnews.physaphae.fr/article.php?IdArticle=2666526 False Data Breach,Hack None None Naked Security - Blog sophos 2021-04-19T13:52:46+00:00 https://nakedsecurity.sophos.com/2021/04/19/naked-security-live-to-hack-or-not-to-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2666125 False Hack None None Wired Threat Level - Security News 2021-04-19T13:00:00+00:00 https://www.wired.com/story/opinion-hackers-used-to-be-humans-soon-ais-will-hack-humanity www.secnews.physaphae.fr/article.php?IdArticle=2665824 False Hack None None Security Affairs - Blog Secu 2021-04-17T06:38:38+00:00 https://securityaffairs.co/wordpress/116914/hacking/solarwinds-eu-agencies-hacked.html?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-eu-agencies-hacked www.secnews.physaphae.fr/article.php?IdArticle=2658297 False Hack None None SecurityWeek - Security News 2021-04-16T02:47:55+00:00 http://feedproxy.google.com/~r/Securityweek/~3/QP8ZjL0tmSg/codecov-bash-uploader-dev-tool-compromised-supply-chain-hack www.secnews.physaphae.fr/article.php?IdArticle=2650438 False Hack,Tool None None Security Affairs - Blog Secu 2021-04-15T22:20:58+00:00 https://securityaffairs.co/wordpress/116866/cyber-warfare-2/us-sanctions-russia-solarwinds.html?utm_source=rss&utm_medium=rss&utm_campaign=us-sanctions-russia-solarwinds www.secnews.physaphae.fr/article.php?IdArticle=2649643 False Hack APT 29 None TroyHunt - Blog Security 2021-04-15T20:17:39+00:00 https://arstechnica.com/?p=1757269 www.secnews.physaphae.fr/article.php?IdArticle=2648453 False Hack None None Bleeping Computer - Magazine Américain 2021-04-15T10:54:57+00:00 https://www.bleepingcomputer.com/news/security/us-government-confirms-russian-svr-behind-the-solarwinds-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2646628 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-15T04:09:58+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/YY9_4CI-gLI/1-click-hack-found-in-popular-desktop.html www.secnews.physaphae.fr/article.php?IdArticle=2645585 False Hack None None Security Affairs - Blog Secu 2021-04-14T21:03:35+00:00 https://securityaffairs.co/wordpress/116833/hacking/whatsapp-flaws-remote-hack.html?utm_source=rss&utm_medium=rss&utm_campaign=whatsapp-flaws-remote-hack www.secnews.physaphae.fr/article.php?IdArticle=2641761 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-04-14T07:51:05+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/qPhYThzKAzI/new-whatsapp-bug-couldve-let-attackers.html www.secnews.physaphae.fr/article.php?IdArticle=2639119 False Hack None None Security Affairs - Blog Secu 2021-04-14T06:15:09+00:00 https://securityaffairs.co/wordpress/116775/cyber-warfare-2/swedish-sports-confederation-hack.html?utm_source=rss&utm_medium=rss&utm_campaign=swedish-sports-confederation-hack www.secnews.physaphae.fr/article.php?IdArticle=2636180 False Hack None None