This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T19:19:40+00:00 www.secnews.physaphae.fr ZD Net - Magazine Info 2020-12-15T20:18:00+00:00 https://www.zdnet.com/article/microsoft-and-industry-partners-seize-key-domain-used-in-solarwinds-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2103450 False Hack None None Dark Reading - Informationweek Branch 2020-12-15T18:50:00+00:00 https://www.darkreading.com/attacks-breaches/concerns-run-high-as-more-details-of-solarwinds-hack-emerge/d/d-id/1339726?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=2103835 False Hack None None Krebs on Security - Chercheur Américain 2020-12-15T17:41:37+00:00 https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/ www.secnews.physaphae.fr/article.php?IdArticle=2103037 False Hack None None Acunetix - Firm Blog Read more ]]> 2020-12-15T13:49:52+00:00 https://www.acunetix.com/blog/web-security-zone/acunetix-stance-solarwinds-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2131496 False Hack None None ZD Net - Magazine Info 2020-12-14T17:36:00+00:00 https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2101100 False Hack None None IT Security Guru - Blog Sécurité 2020-12-14T12:24:34+00:00 https://www.itsecurityguru.org/2020/12/14/russian-hackers-potentially-spied-on-u-s-treasury-emails/?utm_source=rss&utm_medium=rss&utm_campaign=russian-hackers-potentially-spied-on-u-s-treasury-emails www.secnews.physaphae.fr/article.php?IdArticle=2100573 False Hack None None Security Affairs - Blog Secu 2020-12-13T21:48:48+00:00 https://securityaffairs.co/wordpress/112258/data-breach/pay2key-hacked-habana-labs.html?utm_source=rss&utm_medium=rss&utm_campaign=pay2key-hacked-habana-labs www.secnews.physaphae.fr/article.php?IdArticle=2098505 False Ransomware,Hack None None Security Affairs - Blog Secu 2020-12-13T17:19:51+00:00 https://securityaffairs.co/wordpress/112248/data-breach/subway-uk-trickbot-phishing.html?utm_source=rss&utm_medium=rss&utm_campaign=subway-uk-trickbot-phishing www.secnews.physaphae.fr/article.php?IdArticle=2098012 False Malware,Hack None None Security Affairs - Blog Secu 2020-12-13T09:58:29+00:00 https://securityaffairs.co/wordpress/112235/malware/pgminer-botnet-postgresql.html?utm_source=rss&utm_medium=rss&utm_campaign=pgminer-botnet-postgresql www.secnews.physaphae.fr/article.php?IdArticle=2097023 False Hack None None Security Affairs - Blog Secu 2020-12-12T12:05:02+00:00 https://securityaffairs.co/wordpress/112218/hacking/easy-wp-smtp-wordpress-plugin-flaw.html?utm_source=rss&utm_medium=rss&utm_campaign=easy-wp-smtp-wordpress-plugin-flaw www.secnews.physaphae.fr/article.php?IdArticle=2094480 False Hack,Vulnerability None None LogPoint - Blog Secu 2020-12-11T13:32:28+00:00 https://www.logpoint.com/fr/blog/detection-of-stolen-fireeye_tools/ www.secnews.physaphae.fr/article.php?IdArticle=2092338 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-12-10T23:42:22+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/WobQ7zMc8KA/facebook-tracks-apt32-oceanlotus.html www.secnews.physaphae.fr/article.php?IdArticle=2091583 False Hack,Threat APT 32 None Adam Shostack - American Security Blog 2020-12-09T16:32:16+00:00 https://adam.shostack.org/blog/2020/12/fireeye-hack-culture/?utm_source=rss&utm_medium=rss&utm_campaign=fireeye-hack-culture www.secnews.physaphae.fr/article.php?IdArticle=2087321 False Hack None None Wired Threat Level - Security News 2020-12-09T01:42:51+00:00 https://www.wired.com/story/russia-fireeye-hack-statement-not-catastrophe www.secnews.physaphae.fr/article.php?IdArticle=2086105 False Hack None None Security Affairs - Blog Secu 2020-12-08T17:58:14+00:00 https://securityaffairs.co/wordpress/112077/hacking/d-link-vpn-routers-flaws.html?utm_source=rss&utm_medium=rss&utm_campaign=d-link-vpn-routers-flaws www.secnews.physaphae.fr/article.php?IdArticle=2085387 False Hack,Vulnerability,Threat None None ZD Net - Magazine Info 2020-12-08T14:42:06+00:00 https://www.zdnet.com/article/norway-says-russian-hacking-group-apt28-is-behind-august-2020-parliament-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2085060 False Hack APT 28 None SecureMac - Security focused on MAC 2020-12-07T17:42:00+00:00 https://www.securemac.com/news/new-ios-exploit-can-hack-iphones-wirelessly www.secnews.physaphae.fr/article.php?IdArticle=2085422 False Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Credit: Pexels With many countries now participating in the Paris Agreement to address climate change, coupled with the rising popularity of electric vehicles, it is expected that 125 million electric cars will be on the road worldwide by 2030. But these cars, although beneficial to the environment, come with cybersecurity risks. According to experts, security concerns should be addressed before a massive rollout of electric vehicles take place. While the United States has less than 5.4 million hybrid electric vehicles on its roads (based on numbers from 1999 to 2019), the slow growth of the American market might suddenly experience a spike before cybersecurity risks involving charging stations and the energy grid are reduced or removed.  Policy changes  As the United States started working on policy changes to reduce carbon emissions from its transport sector, 327,000 plug-in electric vehicles were sold in the country. And this was in 2019 alone. Although this is but a dent in the international market, electric vehicles have a bright future in the USA. Plug-in electrics are popular because they run on gasoline and electricity. Environmentally conscious motorists can use electricity to power their plug-ins, and still have a back-up system powered by gasoline if the need arises. And as expected, the savings are huge when it comes to fuel.  New York City noted recently that it is planning to spend $1 billion to improve its car charging infrastructure. Around 50,000 charging stations in NYC are said to be in the works, and are expected to be fully operational by 2025. The State of Florida is also doing the same thing, while other states are offering incentives in the form of rebates to individuals who buy electric vehicles. Charging stations And Cybersecurity attacks Although the rising popularity of electric vehicles is good news for America and the planet, their charging stations pose security risks. According to Yury Dvorkin, an electrical and computer engineering expert at New York University, charging stations can be entry points for cyberattacks directed at the American energy grid. The grid, Dvorkin says, is a complex mix of cyber and physical layers. Cybersecurity plays a crucial role in the United States’ transportation infrastructure and its interoperable power systems. Poorly implemented security in charging stations can have a negative impact on critical infrastructure, such as the grid itself and its operators, vehicles, and OEM vendors. Experts say that the concern is quite complicated, as it involves software and equipment vendors, stakeholders, and end users. Charging station vulnerabilities can lead to exploitation of the grid for gain, according to Dvorkin’s analysis. The assistant professor also explains in his research that electric vehicles that are charging in these charging stations can be hacked simultaneously and cause a disruption on the grid’s stability. Such attacks are possible, according to other experts, since electric vehicles have control interfaces and communication interfaces that interact with the grid. There is good news, however, as Dvorkin and other computer engineering professors say that there is still time for the United States to prepare for ]]> 2020-12-07T11:00:00+00:00 https://feeds.feedblitz.com/~/639807490/0/alienvault-blogs~Could-electric-vehicles-present-a-Cybersecurity-risk-to-the-grid www.secnews.physaphae.fr/article.php?IdArticle=2082414 False Hack,Guideline None 2.0000000000000000 Security Affairs - Blog Secu 2020-12-06T13:16:18+00:00 https://securityaffairs.co/wordpress/111978/breaking-news/security-affairs-newsletter-round-292.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-292 www.secnews.physaphae.fr/article.php?IdArticle=2080789 False Hack None None Security Affairs - Blog Secu 2020-12-04T12:39:59+00:00 https://securityaffairs.co/wordpress/111911/mobile-2/android-cve-2020-8913-flaw.html?utm_source=rss&utm_medium=rss&utm_campaign=android-cve-2020-8913-flaw www.secnews.physaphae.fr/article.php?IdArticle=2077079 False Hack,Vulnerability None None InformationSecurityBuzzNews - Site de News Securite Data Protection Is Integral In Wake Of COVID-19 Vaccine ‘Cold Supply’ Chain Network Hack]]> 2020-12-04T12:09:55+00:00 https://www.informationsecuritybuzz.com/expert-comments/data-protection-is-integral-in-wake-of-covid-19-vaccine-cold-supply-chain-network-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2077010 False Hack None None We Live Security - Editeur Logiciel Antivirus ESET 2020-12-03T17:44:32+00:00 http://feedproxy.google.com/~r/eset/blog/~3/g-DAZgndHtI/ www.secnews.physaphae.fr/article.php?IdArticle=2076811 False Hack None None Security Affairs - Blog Secu 2020-12-02T14:15:09+00:00 https://securityaffairs.co/wordpress/111788/mobile-2/iphone-devices-hack.html?utm_source=rss&utm_medium=rss&utm_campaign=iphone-devices-hack www.secnews.physaphae.fr/article.php?IdArticle=2072365 False Hack None None Bleeping Computer - Magazine Américain 2020-12-02T13:34:21+00:00 https://www.bleepingcomputer.com/news/google/google-chrome-will-soon-warn-you-when-using-weak-passwords/ www.secnews.physaphae.fr/article.php?IdArticle=2072858 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-12-01T23:18:58+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/Hq84swpKneM/google-hacker-details-zero-click.html www.secnews.physaphae.fr/article.php?IdArticle=2071507 False Hack None None Security Affairs - Blog Secu 2020-11-29T15:41:12+00:00 https://securityaffairs.co/wordpress/111646/ics-scada/automation-systems-opens-flaw.html?utm_source=rss&utm_medium=rss&utm_campaign=automation-systems-opens-flaw www.secnews.physaphae.fr/article.php?IdArticle=2065226 False Hack,Vulnerability None None SC Magazine - Magazine 2020-11-25T17:24:22+00:00 https://www.scmagazine.com/home/security-news/data-breach/home-depot-settles-with-state-ags-for-2014-point-of-sale-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2055444 False Hack None None Security Affairs - Blog Secu 2020-11-24T23:17:16+00:00 https://securityaffairs.co/wordpress/111415/hacking/2fa-bypass-cpanel.html?utm_source=rss&utm_medium=rss&utm_campaign=2fa-bypass-cpanel www.secnews.physaphae.fr/article.php?IdArticle=2054348 True Hack None None ZD Net - Magazine Info 2020-11-23T17:37:13+00:00 https://www.zdnet.com/article/tesla-model-x-hacked-and-stolen-in-minutes-using-new-key-fob-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2051440 False Hack None None IT Security Guru - Blog Sécurité 2020-11-20T12:12:17+00:00 https://www.itsecurityguru.org/2020/11/20/robot-vacuums-can-allow-bad-actors-into-your-home/?utm_source=rss&utm_medium=rss&utm_campaign=robot-vacuums-can-allow-bad-actors-into-your-home www.secnews.physaphae.fr/article.php?IdArticle=2046599 False Hack None None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-11-19T22:03:23+00:00 https://threatpost.com/robot-vacuums-audio-lidarphone-hack/161421/ www.secnews.physaphae.fr/article.php?IdArticle=2045476 False Hack None None InformationSecurityBuzzNews - Site de News Securite Expert Insight On Cryptocurrency Exchange Liquid Confirms HacK]]> 2020-11-19T11:22:54+00:00 https://www.informationsecuritybuzz.com/expert-comments/expert-insight-on-cryptocurrency-exchange-liquid-confirms-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2044357 False Hack None None IT Security Guru - Blog Sécurité 2020-11-19T11:15:44+00:00 https://www.itsecurityguru.org/2020/11/19/major-global-hack-found-to-be-state-funded-by-china/?utm_source=rss&utm_medium=rss&utm_campaign=major-global-hack-found-to-be-state-funded-by-china www.secnews.physaphae.fr/article.php?IdArticle=2044232 False Hack None None The State of Security - Magazine Américain Read More ]]> 2020-11-16T04:00:00+00:00 https://www.tripwire.com/state-of-security/featured/sec-ocie-warns-of-sudden-increase-credential-stuffing-hack/ www.secnews.physaphae.fr/article.php?IdArticle=2037210 False Hack None None Hacking Articles - Blog de Raj Chandel Continue reading → ]]> 2020-11-15T15:09:17+00:00 https://www.hackingarticles.in/the-server-from-hell-tryhackme-walkthrough/ www.secnews.physaphae.fr/article.php?IdArticle=2036366 False Hack None None Security Affairs - Blog Secu 2020-11-14T21:02:30+00:00 https://securityaffairs.co/wordpress/110927/cyber-crime/gonzaga-zoom-bombings-attack.html?utm_source=rss&utm_medium=rss&utm_campaign=gonzaga-zoom-bombings-attack www.secnews.physaphae.fr/article.php?IdArticle=2034852 False Hack None None Security Affairs - Blog Secu 2020-11-11T14:24:04+00:00 https://securityaffairs.co/wordpress/110752/cyber-crime/ragnar-locker-ransomware-ads-facebook.html?utm_source=rss&utm_medium=rss&utm_campaign=ragnar-locker-ransomware-ads-facebook www.secnews.physaphae.fr/article.php?IdArticle=2029303 False Ransomware,Hack,Threat None None Security Affairs - Blog Secu 2020-11-10T18:50:46+00:00 https://securityaffairs.co/wordpress/110717/hacking/wordpress-ultimate-member-flaws.html?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-ultimate-member-flaws www.secnews.physaphae.fr/article.php?IdArticle=2027767 False Hack None None Security Affairs - Blog Secu 2020-11-09T08:26:07+00:00 https://securityaffairs.co/wordpress/110609/hacking/tianfu-cup-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=tianfu-cup-2020 www.secnews.physaphae.fr/article.php?IdArticle=2024445 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-11-05T02:19:16+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/Fe6gxKcIS9E/premium-rate-phone-fraudsters-hack-voip.html www.secnews.physaphae.fr/article.php?IdArticle=2016962 False Hack,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Here’s the description of the talk, from SecTor’s web app: “Although times are unprecedented, for threat actors, it is business as usual. Even as times change, good threat intelligence will always be a bedrock of cybersecurity. Join Senior Security Research Consultant and Secureworks’ Threat Hunting lead Ryan Cobb, as he shares what’s on the threat horizon and how the Secureworks team is there to keep customers safe through the intersection of technology, tools, and passionate professionals who provide the ultimate advantage over the adversary. Ryan will present how to combine the insights from threat modeling and intelligence to hunt purposefully and effectively without being limited by what third-party intelligence and strategies can provide for your organization.” Proper threat hunting procedures can identify indications of compromise (IOCs) efficiently and produce intelligence that can help organizations mitigate a threat before it becomes a huge problem. Improper threat hunting wastes time, money, and effort, and misses data that could be leveraged to improve your organization’s defenses. So I paid close attention to what Cobb had to say. Here is an excerpt from his talk: “(Threat) modelling is going in and out of vogue over the years has a rich history, especially in Academia. It's a collaborative process where we enumerate threats and prioritize mitigations for them. It's basically a way of looking at your business the technologies that you've chosen and what we know about the threat after from a certain perspective, so we can look at a threat model from the perspective of the after what are the steps. They need to complete to accomplish their goals. What are the systems we are trying to protect and think about ways those assets to be to be attacked. The outcomes are many threat modeling exercise really should be a prioritized list of hypothetical scenarios and we want to organize them by which are the most plausible to actually occur. And the steps or other mediations? Hunting is the natural complement to threat modelling, hunting is determining whether some modeled threat actually occurred and went undetected, and hunting is largely focused on collecting and analyzing evidence that supports this hypothesis. So there's a significant overlap between what we do a threat hunting. The ultimate goal of for hunting is not simply finding the threat in the process of investigating the modeled threat. We are gauging the overal]]> 2020-11-02T12:00:00+00:00 https://feeds.feedblitz.com/~/638166588/0/alienvault-blogs~SecTor-Canada%e2%80%99s-biggest-cybersecurity-event-Day-one www.secnews.physaphae.fr/article.php?IdArticle=2010325 False Malware,Hack,Threat,Guideline None None InformationSecurityBuzzNews - Site de News Securite Three Ways To Hack An Election]]> 2020-11-02T11:15:01+00:00 https://www.informationsecuritybuzz.com/articles/three-ways-to-hack-an-election/ www.secnews.physaphae.fr/article.php?IdArticle=2010343 True Hack None None Global Security Mag - Site de news francais Événements ]]> 2020-11-02T08:10:05+00:00 http://www.globalsecuritymag.fr/SYSDREAM-annonce-le-report-de-Hack,20201102,104492.html www.secnews.physaphae.fr/article.php?IdArticle=2010074 False Hack None None InformationSecurityBuzzNews - Site de News Securite Three Ways To Hack An Election: Election Security Is About Cybersecurity]]> 2020-10-30T11:56:33+00:00 https://www.informationsecuritybuzz.com/articles/three-ways-to-hack-an-election-election-security-is-about-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=2004254 False Hack None None InformationSecurityBuzzNews - Site de News Securite Security Blueprints Of Many Companies Leaked In Hack Of Swedish Firm Gunnebo – Experts Reaction]]> 2020-10-29T12:07:36+00:00 https://www.informationsecuritybuzz.com/expert-comments/security-blueprints-of-many-companies-leaked-in-hack-of-swedish-firm-gunnebo-experts-reaction/ www.secnews.physaphae.fr/article.php?IdArticle=2002093 True Ransomware,Hack None None IT Security Guru - Blog Sécurité 2020-10-29T10:57:28+00:00 https://www.itsecurityguru.org/2020/10/29/iranian-attackers-hack-conference-attendees-emails-according-to-microsoft/?utm_source=rss&utm_medium=rss&utm_campaign=iranian-attackers-hack-conference-attendees-emails-according-to-microsoft www.secnews.physaphae.fr/article.php?IdArticle=2001905 False Hack,Threat None None IT Security Guru - Blog Sécurité 2020-10-28T11:44:01+00:00 https://www.itsecurityguru.org/2020/10/28/hackers-post-pornography-in-virtual-classroom/?utm_source=rss&utm_medium=rss&utm_campaign=hackers-post-pornography-in-virtual-classroom www.secnews.physaphae.fr/article.php?IdArticle=2000479 False Hack None None Security Affairs - Blog Secu 2020-10-27T12:03:10+00:00 https://securityaffairs.co/wordpress/110043/cyber-crime/harvest-finance-cyber-heist.html?utm_source=rss&utm_medium=rss&utm_campaign=harvest-finance-cyber-heist www.secnews.physaphae.fr/article.php?IdArticle=1999007 False Hack,Threat None None InformationSecurityBuzzNews - Site de News Securite 2020 Election Security: Russian Hack And First Voting System Ransomware Attack – Security Expert Comment]]> 2020-10-26T11:57:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/2020-election-security-russian-hack-and-first-voting-system-ransomware-attack-security-expert-comment/ www.secnews.physaphae.fr/article.php?IdArticle=1996882 False Ransomware,Hack None None Security Affairs - Blog Secu 2020-10-23T11:10:59+00:00 https://securityaffairs.co/wordpress/109897/cyber-warfare-2/fbi-cisa-joint-alert-energetic-bear.html?utm_source=rss&utm_medium=rss&utm_campaign=fbi-cisa-joint-alert-energetic-bear www.secnews.physaphae.fr/article.php?IdArticle=1992571 False Hack None None Security Affairs - Blog Secu 2020-10-22T19:21:47+00:00 https://securityaffairs.co/wordpress/109874/cyber-warfare-2/eu-sanctions-2015-bundestag-hack.html?utm_source=rss&utm_medium=rss&utm_campaign=eu-sanctions-2015-bundestag-hack www.secnews.physaphae.fr/article.php?IdArticle=1991421 False Hack None None ZD Net - Magazine Info 2020-10-22T16:47:00+00:00 https://www.zdnet.com/article/eu-sanctions-russia-over-2015-german-parliament-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1991212 False Hack None None TechRepublic - Security News US 2020-10-22T14:43:44+00:00 https://www.techrepublic.com/article/new-york-financial-watchdog-calls-for-social-media-cybersecurity-regulator-after-twitter-hack-of-biden-and-obama/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1991120 False Hack None None InformationSecurityBuzzNews - Site de News Securite Twitter Employees Handed Over VPN Credentials That Led To Infamous July Hack]]> 2020-10-20T09:46:18+00:00 https://www.informationsecuritybuzz.com/expert-comments/twitter-employees-handed-over-vpn-credentials-that-led-to-infamous-july-hack/ www.secnews.physaphae.fr/article.php?IdArticle=1987242 False Hack None None 01net. Actualites - Securite - Magazine Francais ]]> 2020-10-20T04:42:00+00:00 https://www.01net.com/actualites/les-etats-unis-inculpent-les-responsables-russes-du-hack-d-en-marche-1994000.html www.secnews.physaphae.fr/article.php?IdArticle=1992032 False Hack None None Graham Cluley - Blog Security 2020-10-19T13:26:35+00:00 https://hotforsecurity.bitdefender.com/blog/albion-online-gamers-told-to-change-passwords-following-forum-hack-24353.html www.secnews.physaphae.fr/article.php?IdArticle=1985860 False Hack None None Security Affairs - Blog Secu 2020-10-16T17:16:59+00:00 https://securityaffairs.co/wordpress/109589/data-breach/ico-fines-british-airways.html?utm_source=rss&utm_medium=rss&utm_campaign=ico-fines-british-airways www.secnews.physaphae.fr/article.php?IdArticle=1980929 False Data Breach,Hack None None IT Security Guru - Blog Sécurité 2020-10-16T10:52:28+00:00 https://www.itsecurityguru.org/2020/10/16/dickeys-hack-leaks-information-of-3-million-customers/?utm_source=rss&utm_medium=rss&utm_campaign=dickeys-hack-leaks-information-of-3-million-customers www.secnews.physaphae.fr/article.php?IdArticle=1980271 False Hack None None InformationSecurityBuzzNews - Site de News Securite Experts Insight On Barnes & Noble Hack]]> 2020-10-15T19:04:10+00:00 https://www.informationsecuritybuzz.com/expert-comments/experts-insight-on-barnes-noble-hack/ www.secnews.physaphae.fr/article.php?IdArticle=1979228 False Hack None None Dark Reading - Informationweek Branch 2020-10-15T15:45:00+00:00 https://www.darkreading.com/threat-intelligence/twitter-hack-analysis-drives-calls-for-greater-security-regulation/d/d-id/1339193?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1979220 False Hack None 5.0000000000000000 Errata Security - Errata Security leak of emails of Hunter Biden. It has a definitive answer.Today's emails have "cryptographic signatures" inside the metadata. Such signatures have been common for the past decade as one way of controlling spam, to verify the sender is who they claim to be. These signatures verify not only the sender, but also that the contents have not been altered. In other words, it authenticates the document, who sent it, and when it was sent.Crypto works. The only way to bypass these signatures is to hack into the servers. In other words, when we see a 6 year old message with a valid Gmail signature, we know either (a) it's valid or (b) they hacked into Gmail to steal the signing key. Since (b) is extremely unlikely, and if they could hack Google, they could a ton more important stuff with the information, we have to assume (a).Your email client normally hides this metadata from you, because it's boring and humans rarely want to see it. But it's still there in the original email document. An email message is simply a text document consisting of metadata followed by the message contents.It takes no special skills to see metadata. If the person has enough skill to export the email to a PDF document, they have enough skill to export the email source. If they can upload the PDF to Scribd (as in the story), they can upload the email source. I show how to below.To show how this works, I send an email using Gmail to my private email server (from gmail.com to robertgraham.com).The NYPost story shows the email printed as a PDF document. Thus, I do the same thing when the email arrives on my MacBook, using the Apple "Mail" app. It looks like the following:The "raw" form originally sent from my Gmail account is simply a text document that looked like the following:This is rather simple. Client's insert details like a "Message-ID" that humans don't care about. There's also internal formatting details, like the fact that this is a "plain text" message rather than an "HTML" email.But this raw document was the one sent by the Gmail web client. It then passed through Gmail's servers, then was passed across the Internet to my private server, where I finally retrieved it using my MacBook.As email messages pass through servers, the servers add their own metadata.When it arrived, the "raw" document looked like the following. None of the important bits changed, but a lot more metadata was added:]]> 2020-10-14T19:34:25+00:00 https://blog.erratasec.com/2020/10/yes-we-can-validate-leaked-emails.html www.secnews.physaphae.fr/article.php?IdArticle=1977511 False Hack,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC protect remote workforces and keep casual users safe. Stealing SEO Hackers want to catch users off guard when they are browsing the internet. They want you to click on their links and download their files so they can install malware, ransomware or other viruses on your computer. One way they can achieve this is by piggybacking off the popularity of well-established websites. This rudimentary technique can be used by even the most novice hacker. For example, some websites allow users to post comments or upload files on their webpage. Hackers can post a link to their malware or upload a file that contains a virus on a popular webpage. They know that the website has a large audience, so chances are someone will click on it. A hack like this recently happened on the UNESCO website and a Cuban government website, among a few others. A user under the moniker  m1gh7yh4ck3r uploaded PDF files offering help in hacking into online accounts. When users clicked on the links, it led to a variety of scam websites that urged visitors to download files in exchange for the program. All the websites used an outdated Drupal CMS system tied to a Webform module that had vulnerabilities in the file share function. Modern websites can avoid having these glaring vulnerabilities by using SAST (Static Application Security Testing) to automatically scan written code for weaknesses. Coronavirus clickbait This particular hacking technique takes advantage of the coronavirus global health crisis. This technique exploits the fact that so many people around the world rely on the internet to provide them with information. This hack is very similar to the hack that was successfully used on the UNESCO website. It doesn’t take extensive Cybersecurity IQ training to understand. Researchers recently discovered fraudulent, online drugstores using credible health websites with coronavirus-related headlines to gain web traffic. The cybercriminals visited high-profile health websites with comments sections or forums and used bots to post a multitude of messages linking to their website. Of course, most of the messages enticed users by claiming to have cures for coronavirus, or by promising those who click easy access to illicit drugs. An additional benefit for the bad actors is that websites with many coronavirus-related keywords will rank higher on a Google search due to high public interest. The bad actors with the dangerous links gain SEO credibility by the increased traf]]> 2020-10-13T11:00:00+00:00 https://feeds.feedblitz.com/~/636747000/0/alienvault-blogs~What-is-search-engine-clickbait-and-how-do-hackers-trick-Googles-crawlers www.secnews.physaphae.fr/article.php?IdArticle=1973499 False Ransomware,Malware,Hack,Vulnerability None None BBC - BBC News - Technology 2020-10-13T10:45:33+00:00 https://www.bbc.co.uk/news/technology-54522439 www.secnews.physaphae.fr/article.php?IdArticle=1973447 False Hack None None Security Affairs - Blog Secu 2020-10-11T09:21:25+00:00 https://securityaffairs.co/wordpress/109356/breaking-news/security-affairs-newsletter-round-285.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-285 www.secnews.physaphae.fr/article.php?IdArticle=1968998 False Hack None None InformationSecurityBuzzNews - Site de News Securite Wisepay: School Payments Service Hit By Cyber-Attack]]> 2020-10-09T13:32:54+00:00 https://www.informationsecuritybuzz.com/expert-comments/wisepay-school-payments-service-hit-by-cyber-attack/ www.secnews.physaphae.fr/article.php?IdArticle=1965632 False Hack None None BBC - BBC News - Technology 2020-10-08T15:56:26+00:00 https://www.bbc.co.uk/news/technology-54468207 www.secnews.physaphae.fr/article.php?IdArticle=1963906 False Hack None None BBC - BBC News - Technology 2020-10-06T14:56:04+00:00 https://www.bbc.co.uk/news/technology-54436575 www.secnews.physaphae.fr/article.php?IdArticle=1959712 False Hack None None IT Security Guru - Blog Sécurité 2020-10-06T11:31:16+00:00 https://www.itsecurityguru.org/2020/10/06/hacker-infiltrates-15-million-deal/?utm_source=rss&utm_medium=rss&utm_campaign=hacker-infiltrates-15-million-deal www.secnews.physaphae.fr/article.php?IdArticle=1959437 False Hack None None IT Security Guru - Blog Sécurité 2020-10-05T10:56:00+00:00 https://www.itsecurityguru.org/2020/10/05/hacker-leaves-literal-fingerprints-at-the-crime-scene/?utm_source=rss&utm_medium=rss&utm_campaign=hacker-leaves-literal-fingerprints-at-the-crime-scene www.secnews.physaphae.fr/article.php?IdArticle=1956997 False Hack None None Security Affairs - Blog Secu 2020-10-04T08:27:09+00:00 https://securityaffairs.co/wordpress/109052/security/hp-device-manager-flaws.html?utm_source=rss&utm_medium=rss&utm_campaign=hp-device-manager-flaws www.secnews.physaphae.fr/article.php?IdArticle=1955059 False Hack None None Security Affairs - Blog Secu 2020-10-01T11:57:36+00:00 https://securityaffairs.co/wordpress/108991/hacking/industrial-remote-access-systems-flaws.html?utm_source=rss&utm_medium=rss&utm_campaign=industrial-remote-access-systems-flaws www.secnews.physaphae.fr/article.php?IdArticle=1949870 False Hack,Threat,Guideline None None BBC - BBC News - Technology 2020-10-01T11:30:44+00:00 https://www.bbc.co.uk/news/technology-54370568 www.secnews.physaphae.fr/article.php?IdArticle=1949880 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-10-01T01:29:08+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/bj3b3xlIG7o/industrial-remote-access.html www.secnews.physaphae.fr/article.php?IdArticle=1949577 False Hack None None ZD Net - Magazine Info 2020-09-30T19:50:00+00:00 https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1948879 False Hack None None Security Affairs - Blog Secu 2020-09-29T12:56:50+00:00 https://securityaffairs.co/wordpress/108919/hacking/fbi-cisa-warn-disinformation.html?utm_source=rss&utm_medium=rss&utm_campaign=fbi-cisa-warn-disinformation www.secnews.physaphae.fr/article.php?IdArticle=1945839 False Hack,Threat None None Security Affairs - Blog Secu 2020-09-25T14:39:55+00:00 https://securityaffairs.co/wordpress/108737/hacking/fortigate-vpn-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=fortigate-vpn-attacks www.secnews.physaphae.fr/article.php?IdArticle=1938800 False Hack None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-09-24T03:11:10+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/UPCwtNhYu7M/instagram%20hacking.html www.secnews.physaphae.fr/article.php?IdArticle=1936192 False Hack None None TechRepublic - Security News US 2020-09-22T12:05:26+00:00 https://www.techrepublic.com/article/10-raspberry-pi-alternatives-for-you-to-try-out/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1932271 False Hack None None Wired Threat Level - Security News 2020-09-22T10:00:00+00:00 https://www.wired.com/story/silent-pocket-signal-blocking-smartphone-pouch www.secnews.physaphae.fr/article.php?IdArticle=1931952 False Hack None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Experts On Major Activision Hack Reportedly Compromises Over 500k CoD Accounts]]> 2020-09-21T19:06:56+00:00 https://www.informationsecuritybuzz.com/expert-comments/experts-on-major-activision-hack-reportedly-compromises-over-500k-cod-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=1930971 False Data Breach,Hack None None BBC - BBC News - Technology 2020-09-18T10:45:31+00:00 https://www.bbc.co.uk/news/technology-54204356 www.secnews.physaphae.fr/article.php?IdArticle=1924643 False Hack None None Graham Cluley - Blog Security Continue reading "Smashing Security podcast #196: Smart guns, smart cars, and smart street lights – oh my!"]]> 2020-09-16T23:09:15+00:00 https://grahamcluley.com/smashing-security-podcast-196/ www.secnews.physaphae.fr/article.php?IdArticle=1921328 False Hack None None IT Security Guru - Blog Sécurité 2020-09-16T11:10:05+00:00 https://www.itsecurityguru.org/2020/09/16/french-law-enforcement-deploy-malware-to-hack-into-organised-crime-networks/?utm_source=rss&utm_medium=rss&utm_campaign=french-law-enforcement-deploy-malware-to-hack-into-organised-crime-networks www.secnews.physaphae.fr/article.php?IdArticle=1920182 False Malware,Hack None None Security Affairs - Blog Secu 2020-09-10T08:57:19+00:00 https://securityaffairs.co/wordpress/108085/digital-id/eterbase-hacked.html?utm_source=rss&utm_medium=rss&utm_campaign=eterbase-hacked www.secnews.physaphae.fr/article.php?IdArticle=1908662 True Hack,Threat None None ZD Net - Magazine Info 2020-09-10T01:05:03+00:00 https://www.zdnet.com/article/slovak-cryptocurrency-exchange-eterbase-discloses-5-4-million-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1908198 False Hack None None The State of Security - Magazine Américain Read More ]]> 2020-09-09T03:00:23+00:00 https://www.tripwire.com/state-of-security/security-data-protection/learn-ghidra-home-sector-2020/ www.secnews.physaphae.fr/article.php?IdArticle=1906582 False Hack None None Security Affairs - Blog Secu 2020-09-08T15:12:12+00:00 https://securityaffairs.co/wordpress/108040/hacking/expert-found-multiple-critical-issues-in-mofi-routers.html?utm_source=rss&utm_medium=rss&utm_campaign=expert-found-multiple-critical-issues-in-mofi-routers www.secnews.physaphae.fr/article.php?IdArticle=1905619 False Hack None None taosecurity - Blog Sécurité Chinois U.S. notified 3,000 companies in 2013 about cyberattacks. The story noted the following:"Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions...About 2,000 of the notifications were made in person or by phone by the FBI, which has 1,000 people dedicated to cybersecurity investigations among 56 field offices and its headquarters. Some of the notifications were made to the same company for separate intrusions, officials said. Although in-person visits are preferred, resource constraints limit the bureau's ability to do them all that way, former officials said...Officials with the Secret Service, an agency of the Department of Homeland Security that investigates financially motivated cybercrimes, said that they notified companies in 590 criminal cases opened last year, officials said. Some cases involved more than one company."The reason this program is so important is that it shattered the delusion that some executives used to reassure themselves. When the FBI visits your headquarters to tell you that you are compromised, you can't pretend that intrusions are "someone else's problem."It may be difficult for some readers to appreciate how prevalent this mindset was, from the beginnings of IT to about the year 2010.I do not know exactly when the FBI began notifying victims, but I believe the mid-2000's is a safe date. I can personally attest to the program around that time.I was reminded of the importance of this program by Andy Greenberg's new story The FBI Botched Its DNC Hack Warning in 2016-but Says It Won't Next Time. I strongly disagree with this "botched" characterization. Andy writes:"[S]omehow this breach [of the Democratic National Committee] had come as a terrible surprise-despite an FBI agent's warning to [IT staffer Yared] Tamene of potential Russian hacking over a series of phone calls that had begun fully nine months earlier.The FBI agent's warnings had 'never used alarming language,' Tamene would tell the Senate committee, and never reached higher than the DNC's IT director, who dismissed them after a cursory search of the network for signs of foul play."As with all intrusions, criminal responsibility lies with the intruder. However, I do not see why the FBI is supposed to carry the blame for how this intrusion unfolded. According to investigatory documents and this Crowdstrike blog post on their involvement, at least seven months passed from the time the FBI notified the DNC (sometime in September 2015) and when they contacted Crowdstrike (30 April 2015). That is ridiculous. If I received a call from the FBI even hinting at a Russian presence in my network, I would be on the phone with a professional incident response firm right after I briefed the CEO about the call.I'm glad the FBI continues to improve its victim notification procedures, but it doesn't make much of a difference if the individuals running IT and the organization are negligent, either through incompetence or inaction.Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and w]]> 2020-09-03T11:11:10+00:00 https://taosecurity.blogspot.com/2020/09/the-fbi-intrusion-notification-program.html www.secnews.physaphae.fr/article.php?IdArticle=1896679 False Hack None None Wired Threat Level - Security News 2020-09-02T15:56:16+00:00 https://www.wired.com/story/fbi-hacking-victim-notifications www.secnews.physaphae.fr/article.php?IdArticle=1894818 False Ransomware,Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC sharp increase in malicious activity related to COVID has taken the typical form of adversaries seeking to benefit financially, gain unauthorized access to networks for immediate and long-term strategic benefit, and spread misinformation with political agendas. Much of this is a direct result of the work from home (WFH) phenomenon. With organizations and businesses rapidly deploying systems and networks to support remote staff, criminals can’t help themselves. Increased security vulnerabilities have offered the opportunity to steal data, generate profits, and generally cause havoc. In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners. There are a number of other threats, though, that have also been caused by the pandemic but that are less visible. One of these is the increased vulnerability of industrial control systems. The threat The most up to date data on the vulnerability of industrial control systems, and how this has been affected by the pandemic, comes courtesy of the ICS Risk & Vulnerability Report, released this week by Claroty. This research contains an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors. The findings are striking, and particularly so given how many systems engineers now work from home. Fully 70% of the vulnerabilities published by the NVD can be exploited remotely, while the most common potential impact is remote code execution, which is possible with 49% of the vulnerabilities. When combined with the fact that recent research has found that 83% of firms are simultaneously struggling to ensure the security of remote working systems, this is highly concerning. In practice, this means that if an organization’s remote working systems are insecure – which seems likely, given the difficulties that many have reported in recent months – then hackers may be granted an increased capability to remotely execute malicious code on industrial systems. The Impact The increased likelihood of this kind of attack should concern all organizations working with industrial control systems, but especially those companies employing centralized systems such as DCS, SCADA, or PLS. In recent years, these solutions have been used for networking previously discrete industrial systems together. While this has allowed organizations to dramatically increase their efficiency and productivity, it potentially leaves these systems open to laterally-deployed cyberattacks. This risk is compounded by a similarly worrying trend in international cyber warfare. Tho]]> 2020-09-02T11:00:00+00:00 https://feeds.feedblitz.com/~/634950206/0/alienvault-blogs~How-Covid-has-increased-vulnerabilities-in-Industrial-Control-Systems www.secnews.physaphae.fr/article.php?IdArticle=1894714 False Spam,Hack,Vulnerability,Guideline None None ZD Net - Magazine Info 2020-09-02T08:29:45+00:00 https://www.zdnet.com/article/auscert-says-alleged-doe-hack-came-from-a-third-party/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1894153 False Data Breach,Hack None None Graham Cluley - Blog Security 2020-09-01T10:53:27+00:00 https://grahamcluley.com/hack-this-email-account-plz-plz-plz/ www.secnews.physaphae.fr/article.php?IdArticle=1892303 False Malware,Hack None None InformationSecurityBuzzNews - Site de News Securite Experts Reacted On Musk Confirms Russian Hack Targeted Tesla Factory]]> 2020-08-28T11:35:19+00:00 https://www.informationsecuritybuzz.com/expert-comments/experts-reacted-on-musk-confirms-russian-hack-targeted-tesla-factory/ www.secnews.physaphae.fr/article.php?IdArticle=1886781 False Malware,Hack None None Dark Reading - Informationweek Branch 2020-08-26T12:40:00+00:00 https://www.darkreading.com/attacks-breaches/russian-national-arrested-for-conspiracy-to-hack-nevada-company/d/d-id/1338763?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1883558 False Hack None None ZD Net - Magazine Info 2020-08-26T00:57:04+00:00 https://www.zdnet.com/article/russian-arrested-for-trying-to-recruit-an-insider-and-hack-a-nevada-company/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1882234 False Malware,Hack None None InformationSecurityBuzzNews - Site de News Securite Former Uber Security Chief Charged With Paying Hush Money To Cover Up 2016 Hack]]> 2020-08-24T15:21:46+00:00 https://www.informationsecuritybuzz.com/expert-comments/former-uber-security-chief-charged-with-paying-hush-money-to-cover-up-2016-hack/ www.secnews.physaphae.fr/article.php?IdArticle=1879487 False Data Breach,Hack Uber None Security Affairs - Blog Secu 2020-08-22T08:15:04+00:00 https://securityaffairs.co/wordpress/107396/hacking/wordpress-woocommerce-flaw-2.html?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-woocommerce-flaw-2 www.secnews.physaphae.fr/article.php?IdArticle=1876048 False Hack None None Security Affairs - Blog Secu 2020-08-21T17:48:00+00:00 https://securityaffairs.co/wordpress/107379/cyber-crime/hoa-sen-group-maze-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=hoa-sen-group-maze-ransomware www.secnews.physaphae.fr/article.php?IdArticle=1874960 False Ransomware,Hack,Threat None None BBC - BBC News - Technology 2020-08-21T10:04:22+00:00 https://www.bbc.co.uk/news/technology-53861375 www.secnews.physaphae.fr/article.php?IdArticle=1873958 False Hack Uber None ZD Net - Magazine Info 2020-08-20T20:51:02+00:00 https://www.zdnet.com/article/former-uber-cso-charged-for-2016-hack-cover-up/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1873013 False Hack Uber None