—
Black Hat 2014 : un pirate peut-il prendre le contrôle à distance dune voiture?
Deux chercheurs ont analysé les risques liés aux technologies radiofréquence intégrées dans les voitures. Certains modèles sen sortent beaucoup mieux que dautres.
http://www.01net.com/editorial/624860/black-hat-2014-un-pirate-peut-il-prendre-le-controle-a-distance-d-une-voiture/Black
Former top brass say cyberspace key in new defense rules
http://www.japantimes.co.jp/news/2014/08/06/national/politics-diplomacy/former-top-brass-say-cyberspace-key-new-defense-rules/
US Homeland Security data possibly stolen in cyberattack
One of the US government’s biggest contractors revealed Wednesday that its computer systems were hit by hackers, according to the Washington Post.
http://www.cnet.com/news/us-homeland-security-data-possibly-stolen-in-cyberattack/
Blocklists of Suspected Malicious IPs and URLs
Several organizations maintain and publish blocklists (a.k.a blacklists) of IP addresses and URLs of systems and networks suspected in malicious activities on-line. Many of these lists are available for free; some have usage restrictions:
http://zeltser.com/combating-malicious-software/malicious-ip-blocklists.html
Operation Poisoned Hurricane
Our worldwide sensor network provides researchers at FireEye Labs with unique opportunities to detect innovative tactics employed by malicious actors and protects our clients from these tactics.
http://www.fireeye.com/blog/technical/targeted-attack/2014/08/operation-poisoned-hurricane.html
Deploying and monitoring honeypots made easy
LogRhythm released a new analytics suite that monitors honeypots to track would-be attackers, enabling customers to analyze nefarious tactics and generate targeted threat intelligence that facilitates an ongoing adaptive defense posture.
http://www.net-security.org/secworld.php?id=17215
Sophisticated Phishing is targeting French-Speaking banking users
A very sophisticated phishing campaign has been discovered by Malcovery Security, it targets French-speaking computer users to steal banking credentials.
http://securityaffairs.co/wordpress/27287/cyber-crime/sophisticated-phishing-target-french.html
L’arrestation du créateur de Blackhole n’a pas supprimé les menaces
Selon le rapport annuel sur la sécurité publié mardi par Cisco lors de la conférence sur la sécurité Black Hat qui se tient à Las Vegas, un grand nombre de kit permettant d’exploiter des failles logicielles essayent de supplanter le fameux kit Blackhole et les menaces ne sont pas écartées.
http://www.lemondeinformatique.fr/actualites/lire-l-arrestation-du-createur-de-blackhole-n-a-pas-supprime-les-menaces-58270.html
Why I’m Not at Black Hat or DEFCON
Making software do things for us is a lot like stringing words together to make coherent and interesting sentences. We know how to gather, record, and reason over data. We know efficient and proven algorithms for all sorts of interesting problems.
http://www.cigital.com/justice-league-blog/2014/08/06/black-hat/
Oh, great. It’s not that hard to hack TSA’s airport security scanning machines
LAS VEGAS — It’s been more than a decade since 9/11 brought a stringent screening process to all airports.
http://venturebeat.com/2014/08/06/oh-great-its-not-that-hard-to-hack-tsas-airport-security-scanning-machines/
Black Hat 2014 Keynote: What InfoSec Needs to Do
In a far-ranging speech, Geer outlined 10 policy proposals “on a suite of pressing current topics,” such as government surveillance, embedded systems security, net neutrality, the right to be forgotten, and the state of vulnerability research and disclosure, to name just a few.
http://www.infosecurity-magazine.com/news/black-hat-2014-keynote-what/
Creating a Bitcoin-Mining Botnet at No Cost
At the Black Hat 2014 conference in Las Vegas, Rob Ragan and Oscar Salazar, penetration testers from Bishop Fox, demonstrated a technique for cloud-based bitcoin mining that cost them exactly…nothing. At this moment, one bitcoin is worth $576.57.
http://securitywatch.pcmag.com/hacking/326153-creating-a-bitcoin-mining-botnet-at-no-cost
How To Talk To Your Employees About Cybersecurity (Without Putting Them To Sleep)
You can just see the eye-rolls across the conference table when you bring it up.
http://www.forbes.com/sites/kathryndill/2014/08/06/how-to-talk-to-your-employees-about-cybersecurity-without-putting-them-to-sleep/
Black Hat 2014 : peut-on hacker un avion ?
Un expert affirme pouvoir pirater les systèmes de navigation et de sécurité à bord des avions et des navires qui utilisent des communications satellites. Il en fera la démonstration le 7 août prochain à la conférence Black Hat.
http://www.01net.com/editorial/624788/black-hat-2014-peut-on-hacker-un-avion/#
Buy All the Cybersecurity Vulnerabilities: Black Hat Keynote
LAS VEGAS: Dan Geer, a well known and respected digital security expert and the CISO of In-Q-Tel, had a unique opportunity this year, as he was the only keynote speaker at the Black Hat USA conference.
http://www.esecurityplanet.com/network-security/buy-all-the-cybersecurity-vulnerabilities-black-hat-keynote.html
Cybersecurity experts take Russian hacking scare ‘with a pinch of salt’
Security researchers have expressed concern over the claim that more than 4.5bn user credentials including 1.2bn unique usernames and passwords have been amassed by a Russian cybercriminal gang.
http://www.theguardian.com/technology/2014/aug/06/cybersecurity-expert-russian-hacking-scare-hold-security-passwords
Researchers Get $10M to Build Modular Cybersecurity System
A project headed by Boston University researchers has received a $10 million grant to build a cloud-based modular cybersecurity system. The grant is a Frontier Award, awarded by the National Science Foundation (NSF) as part of its Secure and Trustworthy Cyberspace program.
http://www.thewhir.com/web-hosting-news/boston-university-researchers-get-10-million-build-modular-cybersecurity-system
A Cold War in Cyberspace: Does the US Have Jurisdiction Over Russian Hackers?
The recent arrest of Russian citizen Roman Valeravich Seleznev by US authorities for alleged cyber crimes highlights one of the most difficult jurisdictional problems facing the international community today.
http://jurist.org/hotline/2014/08/arkady-bukh-cyber-crime.php
Mots de passe volés: Pourquoi il ne faut pas paniquer
INFORMATIQUE – L’entreprise qui révèle ce casse est loin d’être transparente sur l’ampleur réelle du problème… Peur sur le Net.
http://www.20minutes.fr/high-tech/1426095-mots-passe-voles-pourquoi-faut-paniquer
A Peek Inside The Black Hat Show Network
Black Hat USA’s wireless network offers authenticated, secure access as well as ‘open’ access.
http://www.darkreading.com/mobile/a-peek-inside-the-black-hat-show-network/d/d-id/1297803
Vulnerability Management: Just Turn It Off! Part II
Our last post in the “Turn It Off!” blog series discussed some of the most common and yet unnecessary features that can make your environment more vulnerable, including JBoss JMX consoles, server banners and the Apache HTExploit.
http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-management-just-turn-it-off-part-ii/
Researcher demonstrates how he controlled room devices in luxury hotel
At a Black Hat 2014 session, one hacker revealed how he was able to control basic amenities in a luxury hotel – and why the hospitality industry must update its security policies to take into consideration Internet of Things threats. While staying at the St.
http://www.scmagazine.com/researcher-demonstrates-how-he-controlled-room-devices-in-luxury-hotel/article/365038/
MDM is Terrible: When Security Solutions Hurt Security
Much to Blackberry’s chagrin, most people aren’t interested in carrying a stodgy work phone along with the fun smart phone they picked out themselves. That’s why big companies have invested heavily in mobile device management (MDM).
http://securitywatch.pcmag.com/mobile-security/326166-mdm-is-terrible-when-security-solutions-hurt-security
US Department of Homeland Security contractor hacked
According to the Washington Post, the attackers managed to steal personal information about Department of Homeland Security’s (DHS) employees from systems of Virginia-based US Investigations Services.
http://eandt.theiet.org/news/2014/aug/homeland-security-hack.cfm
Cisco 2014 Midyear Security Report: Threats – Inside and Out
Through our ongoing “Inside Out” project at Cisco, our threat researchers have the opportunity to closely examine select networks—with our customers’ permission—to identify evidence of malicious traffic.
http://blogs.cisco.com/security/cisco-2014-midyear-security-report-threats-inside-and-out/
Snowden allowed to stay in Russia for three more years
NSA whistleblower Edward Snowden has been permitted to stay in Russia for another three years, and is free to travel within the country and abroad, Russia Today reports.
http://www.net-security.org/secworld.php
Magnitude Exploit Kit Backend Infrastructure Insight – Part I
In our recently released Trustwave Global Security Report Online and previous Magnitude blog post, A Peek Into the Lion’s Den – The Magnitude [aka PopAds] Exploit Kit, we detailed our discovery of one of the more prevalent exploit kits seen these days, showed an inside look at the control pane
http://blog.spiderlabs.com/2014/08/magnitude-exploit-kit-backend-infrastructure-insight-part-i.html
New PCI Guidance for Third-Party Risks
Card data security risks posed by third parties have gotten renewed attention in recent months because of a string of U.S. retailer breaches that have compromised millions of credit and debit cards.
http://www.inforisktoday.com/interviews/new-pci-guidance-for-third-party-risks-i-2406
Cybersecurity: What the U.S. can teach Europe
Having attended two reputable information security conferences this year, one on each side of the Atlantic, a few observations emerged on the differences and similarities of opinion on cybersecurity issues in the U.S. and Europe.
http://fcw.com/articles/2014/08/07/comment-cybersecurity-us-and-europe.aspx
L’ANSSI publie la version anglaise des mesures visant à renforcer la cybersécurité des systèmes industriels
Depuis février 2013, les acteurs industriels (utilisateurs, équipementiers, intégrateurs, associations et groupements d’industriels, etc.
http://www.ssi.gouv.fr/fr/menu/actualites/l-anssi-publie-la-version-anglaise-des-mesures-visant-a-renforcer-la.html
Le « secret des affaires » de retour dans le débat public, encore un essai sans suite ou réelle prise de conscience ?
Depuis plusieurs années maintenant les entreprises françaises estiment que leur patrimoine immatériel n’est pas assez protégé par la législation.
http://www.solucominsight.fr/2014/08/secret-affaires-retour-debat-public-encore-essai-suite-reelle-prise-conscience/
The Epic Turla Operation
Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call « Epic Turla ».
http://securelist.com/analysis/publications/65545/the-epic-turla-operation/
—
Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié : https://www.cyber-securite.fr/category/veille-cyber/feed
