—
Chiffrement : neuf correctifs pour OpenSSL
Plusieurs mises à jour ont été livrées cette semaine pour OpenSSL 1.0.1i, 1.0.0n et 0.9.8zb. Il est conseillé aux administrateurs d’appliquer les mises à jour livrées cette semaine pour le composant de chiffrement OpenSSL.
http://www.lemondeinformatique.fr/actualites/lire-chiffrement-neuf-correctifs-pour-openssl-58287.html
Facebook gets serious about cybersecurity with new purchase
Facebook FB is getting serious about fighting off online data threats with its latest purchase. The social network is buying PrivateCore, a cybersecurity firm founded in 2012.
http://fortune.com/2014/08/08/facebook-gets-serious-about-cybersecurity-with-new-purchase/
$83k in bitcoins ‘stolen’ through BGP hijack
Short-lived network changes used to make miners connect to rogue pool.
https://www.virusbtn.com/blog/2014/08_08.xml
Social Engineering a Telemarketer
Okay, this is funny.
https://www.schneier.com/blog/archives/2014/08/social_engineer_6.html
Blackphone: Inside a Secure Smart Phone
Can a smart phone increase your privacy and security while remaining both highly usable and attractive to buyers? The inaugural Blackphone is testing that question for consumers and businesses.
http://www.govinfosecurity.com/interviews/blackphone-inside-secure-smart-phone-i-2414
Gamma FinFisher hacked: 40 GB of internal documents and source code of government malware published
A hacker claims to have hacked a network of the surveillance technology company Gamma International and has published 40 gigabytes of internal data. A Twitter account has published release notes, price lists – and source code.
https://netzpolitik.org/2014/gamma-finfisher-hacked-40-gb-of-internal-documents-and-source-code-of-government-malware-published/
How to Use Your Cat to Hack Your Neighbor’s Wi-Fi
Late last month, a Siamese cat named Coco went wandering in his suburban Washington, DC neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy.
http://www.wired.com/2014/08/how-to-use-your-cat-to-hack-your-neighbors-wi-fi/
Gemalto annonce l’acquisition de SafeNet
Gemalto annonce avoir signé un accord définitif en vue de l’acquisition de 100% du capital de SafeNet, leader mondial de la protection des données et de la monétisation des logiciels, actuellement propriété de Vector Capital, pour un montant de 890 millions de dollars.
http://www.globalsecuritymag.fr/Gemalto-annonce-l-acquisition-de,20140808,46802.html
L’Afnor aborde la gestion des risques en 100 questions
100 questions pour comprendre et agir – Gestion des risques, par Jean-Paul Louisot (Editions Afnor, 268 pages, 21,80 euros HT) Pour acquérir l’ouvrage chez l’éditeur
http://www.lemondeinformatique.fr/actualites/lire-l-afnor-aborde-la-gestion-des-risques-en-100-questions-58284.html
Pré-bulletin Microsoft PatchDay aout 2014
Microsoft a publié un pré-bulletin pour le patchday du mois d’août 2014.
http://www.lexsi-leblog.fr/cert/pre-bulletin-microsoft-patchday-aout-2014-2.html
Visit the Wrong Website, and the FBI Could End Up in Your Computer
Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor.
http://www.wired.com/2014/08/operation_torpedo/
Comment un gang de pirates a-t-il pu voler plus dun milliard de mots de passe ?
Un petit groupe de cybercriminels a employé un botnet pour infiltrer des dizaines des milliers de sites web et récupérer une quantité gigantesque de données sensibles. Mais la firme qui a fait cette découverte en profite pour faire un formidable coup de com et vendre un service derrière.
http://www.01net.com/editorial/624854/comment-un-gang-de-pirates-a-t-il-pu-voler-plus-d-un-milliard-de-mots-de-passe/
GCHQ vs Anonymous
Le GCHQ possède un rayon d’action étendu, portant d’une cible individuelle à l’échelle d’un pays.
http://www.libwalk.so/2014/07/04/gchq-jtrig-part1.html
Performing Incident Response using Yara
Yara is a tool that Symantec uses on incident response engagements in order to help us respond quickly and triage hosts while our security team is prepping signature updates for our affected clients.
http://www.symantec.com/connect/blogs/performing-incident-response-using-yara
Finding & Eradicating RATs
RATs are hard to deal with in part because they are small, scamper around generally unseen, and take your stuff without your knowledge.
https://community.emc.com/community/connect/rsaxchange/netwitness/blog/2014/08/07/finding-eradicating-rats
Advanced Malware: How it works
In Part 1 of this three-part series, we reviewed advanced malware basics. In this installment, we examine how advanced malware works. Advanced malware (AM) enables advanced persistent threats (APTs). Figure A shows basic operation of advanced malware supporting an advanced persistent threat.
http://it.toolbox.com/blogs/adventuresinsecurity/advanced-malware-how-it-works-62420
DOJ’s National Security Division Chief Warns of Dire Cyber Threat; Pleads for Public-Private Cooperation
With enough cooperation, the Department of Justice can protect the United States against the potentially devastating effects of cybercrime, Assistant Attorney General for National Security John Carlin said in a recent major speech.
http://www.mainjustice.com/2014/08/07/dojs-national-security-division-chief-warns-of-dire-cyber-threat-pleads-for-public-private-cooperation/
Professionalizing the Cybersecurity Industry
When we talk about cybersecurity, are we talking about a profession or a vocation? What should the field look like in order to provide better security for individuals, enterprises and critical infrastructure?
http://www.tripwire.com/state-of-security/government/professionalizing-the-cybersecurity-industry/
Sysinternals new Sysmon tool looks for intruder traces
For the first time in almost two years, Microsoft’s Mark Russinovich has added a new tool to the Sysinternals tool suite. The new tool is Sysmon which monitors for and logs certain specific events.
http://www.zdnet.com/sysinternals-new-sysmon-tool-looks-for-intruder-traces-7000032058/
Yahoo to provide PGP encryption for mail
Promises ease of use. One of the world’s largest web providers, Yahoo, will provide its email customers with digital signing and encryption of messages through an extension of the Pretty Good Privacy (PGP) program.
http://www.itnews.com.au/News/390832,yahoo-to-provide-pgp-encryption-for-mail.aspx
Travel Agency Fined £150,000 For Violating Data Protection Act
That’ll teach them not to retain credit card data in perpetuity. The UK Information Commissioner’s Office (ICO) has fined the online travel company Think W3 ₤150,000 ($254,610.
http://www.darkreading.com/travel-agency-fined–gb-pound-150000-for-violating-data-protection-act/d/d-id/1297538
—
Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié : https://www.cyber-securite.fr/category/veille-cyber/feed
