—
China spies — sex to cyber
Sex-and-spying award winner? China’s nominee is surely Katrina Leung, codenamed Parlour Maid. She’d pocketed $1.
http://www.torontosun.com/2014/08/09/china-spies—-sex-to-cyber
Le NIST élabore son test de sécurité des systèmes Scada
Le NIST (National Institute of Standards and Technology), qui est une branche du département du Commerce américain, a comme objectif de promouvoir l’économie en développant des technologies, la métrologie et des standards de concert avec l’industrie.
http://www.silicon.fr/nist-elabore-test-securite-systemes-scada-96101.html
Pour le FBI, même le plus anonyme des Anonymous ne le reste pas
Jeremy Hammond va passer dix ans en prison – ici en mars 2012. | AP Il a fallu des mois au FBI pour retrouver la trace de M. Hammond sur Internet.
http://mobile.lemonde.fr/pixels/article/2014/08/12/pour-le-fbi-meme-le-plus-anonyme-des-anonymous-ne-le-reste-pas-eternellement_4470363_4408996.html
Targeted Attacks: Raising Risk Urgency
Detecting and preventing advanced attacks isn’t just a technology issue – it’s a business risk that needs to be elevated to the highest levels of an organization. Trend Micro’s Tom Kellermann shares strategies. Attackers vary – they could be organized criminals, hacktivists or nation states.
http://www.databreachtoday.eu/targeted-attacks-raising-risk-urgency-a-7178
Twitter suspend le compte du hacker pro-israélien Ulcan après le piratage de Rue89
Après la justice, c’est le réseau social Twitter qui se penche sur le cas d’Ulcan, alias Gregory Chelli. Les équipes du réseau social ont décidé de suspendre son compte après l’avoir examiné ce mardi.
http://www.undernews.fr/hacking-hacktivisme/twitter-suspend-le-compte-du-hacker-pro-israelien-ulcan-apres-le-piratage-de-rue89.html
Bientot la cyber-assurance en France
Depuis 2012, déclarée en son temps “Année de la fuite de données” par IBM, la sensibilité des acteurs économiques au Cyber-Risque semblerait avoir enfin progressé puisque ce domaine devient assurable.
http://blog.trendmicro.fr/bientot-la-cyber-assurance-en-france/#.UuoHD9V7GUM.twitter
Who Receives Hacker Threat Info From DHS?
Health care, banking and other key sectors at risk of cyberattacks have not joined a Department of Homeland Security program required to offer these industries protections against a potential catastrophic hack, according to federal inspectors.
http://www.nextgov.com/cybersecurity/2014/08/who-receiving-hacker-threat-info-dhs/91154/
Report: Hacker posts Gamma International data exposing FinFisher concerns
Last week, a Reddit user called “PhineasFisher” claimed to have “made off with 40GB of data from Gamma’s networks,” and in doing so, provided proof of the company’s unethical business practices, such as selling to government clients who use the software to spy on Bahraini activists.
http://www.scmagazine.com/report-hacker-posts-gamma-international-data-exposing-finfisher-concerns/article/365665/
BlackHat 2014 : Oracle, un outil de sécurité peu sécurisé
Une fois de plus, l’un des frères Litchfield (David) dévoile, à l’occasion de la BlackHat 2014, un PoC visant une faille Oracle. Ce qui est moins banal, c’est que la faille en question concerne une extension de sécurité intégrée à Oracle 12c, extension baptisée Data Redaction.
http://www.cnis-mag.com/blackhat-2014-oracle-un-outil-de-securite-peu-securise.html
The Dilemma of PCI Scoping – Part 3
In part 2 we discussed the criticality of a risk assessment and started on implementing the framework with fixing monitoring and alerting so that we can properly manage the risk we will be accepting. In this part I will deal with Category 2 and 3 systems and how to manage their risk.
https://www.infosecisland.com/blogview/23912-The-Dilemma-of-PCI-Scoping-Part-3.html
Getting Revenge: The Ethics of Active Countermeasures
Businesses and individuals are getting fed up with always being one step behind cyber criminals and constantly playing defense. In an attempt to be more proactive and shift the dynamic, some security experts are now advocating active countermeasures—basically attacking the attackers.
http://blogs.rsa.com/getting-revenge-ethics-active-countermeasures/
US Air Force cyber security competition comes to UK
A defence contractor has joined with the UK’s Cyber Security Challenge to bring a US Air Force cyber competition to this side of the Atlantic.
http://www.wired.co.uk/news/archive/2014-08/11/cybercenturion
Un coffre-fort virtuel chez Oracle pour les clés de chiffrement
Avec Key Vault, Oracle fournit un référentiel centralisé pour stocker les milliers ou centaines de milliers de clés de chiffrement auxquelles une entreprise peut devoir recourir.
http://www.lemondeinformatique.fr/actualites/lire-un-coffre-fort-virtuel-chez-oracle-pour-les-cles-de-chiffrement-58301.html
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
Threat sharing networks have been around for a long time, however they have typically been « invitation-only, » available to only large companies, or those within a particular industry. The AlienVault Open Threat Exchange is different.
http://www.infoworld.com/d/wc/how-use-crowd-sourced-threat-intelligence-stop-malware-in-its-tracks-248105
NATO’s September Summit Must Confront Cyber Threats
Jarno Limnéll is the Director of Cyber Security at McAfee (now part of Intel), a PhD in military science, and a former officer in the famously tough Finnish armed forces, where he spent five years as a strategic analyst.
http://breakingdefense.com/2014/08/natos-september-summit-must-confront-cyber-threats/
Does U.S. Truly Want Cyber Peace?
The United States government does not want peace in cyberspace, contends cyber-conflict historian Jason Healey, a former White House cyber infrastructure protection director.
http://www.govinfosecurity.com/interviews/does-us-truly-want-cyber-peace-i-2415
Checking In On Africa: The Latest Developments in Cybercrime
In the early 2000s, Africa gained notoriety due to the 419 “Nigerian” scam. This scam involved making payments in exchange for a reward for helping so-called high-ranking Nigerian officials and their families.
http://blog.trendmicro.com/trendlabs-security-intelligence/checking-in-on-africa-the-latest-developments-in-cybercrime/
State-of-the-art spear phishing and defenses
The number of phishing sites was up 10.7-percent as of Q1 this year (over last year) while at the same time almost 32.
http://www.csoonline.com/article/2462368/data-protection/state-of-the-art-spear-phishing-and-defenses.html#tk.rss_all
The making of a cybercrime market
I recently had the opportunity to speak with two representatives from the Netherlands-based security research firm Fox-IT—Maurits Lucas, InTELL Business Director, and Andy Chandler, VP of WW Sales & Marketing.
http://www.csoonline.com/article/2463175/data-protection/the-making-of-a-cybercrime-market.html#tk.rss_all
—
Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié : https://www.cyber-securite.fr/category/veille-cyber/feed
