Veille #Cybersécurité du 08/08/2014

Tout ce qu'il ne fallait pas manquer aujourd'hui dans votre veille #Cybersécurité. Bonne lecture !

---

Chiffrement : neuf correctifs pour OpenSSL

Plusieurs mises à jour ont été livrées cette semaine pour OpenSSL 1.0.1i, 1.0.0n et 0.9.8zb. Il est conseillé aux administrateurs d'appliquer les mises à jour livrées cette semaine pour le composant de chiffrement OpenSSL.

http://www.lemondeinformatique.fr/actualites/lire-chiffrement-neuf-correctifs-pour-openssl-58287.html

Facebook gets serious about cybersecurity with new purchase

Facebook FB is getting serious about fighting off online data threats with its latest purchase. The social network is buying PrivateCore, a cybersecurity firm founded in 2012.

http://fortune.com/2014/08/08/facebook-gets-serious-about-cybersecurity-with-new-purchase/

$83k in bitcoins 'stolen' through BGP hijack

Short-lived network changes used to make miners connect to rogue pool.

https://www.virusbtn.com/blog/2014/08_08.xml

Social Engineering a Telemarketer

Okay, this is funny.

https://www.schneier.com/blog/archives/2014/08/social_engineer_6.html

Blackphone: Inside a Secure Smart Phone

Can a smart phone increase your privacy and security while remaining both highly usable and attractive to buyers? The inaugural Blackphone is testing that question for consumers and businesses.

http://www.govinfosecurity.com/interviews/blackphone-inside-secure-smart-phone-i-2414

Gamma FinFisher hacked: 40 GB of internal documents and source code of government malware published

A hacker claims to have hacked a network of the surveillance technology company Gamma International and has published 40 gigabytes of internal data. A Twitter account has published release notes, price lists – and source code.

https://netzpolitik.org/2014/gamma-finfisher-hacked-40-gb-of-internal-documents-and-source-code-of-government-malware-published/

How to Use Your Cat to Hack Your Neighbor’s Wi-Fi

Late last month, a Siamese cat named Coco went wandering in his suburban Washington, DC neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy.

http://www.wired.com/2014/08/how-to-use-your-cat-to-hack-your-neighbors-wi-fi/

Gemalto annonce l'acquisition de SafeNet

Gemalto annonce avoir signé un accord définitif en vue de l’acquisition de 100% du capital de SafeNet, leader mondial de la protection des données et de la monétisation des logiciels, actuellement propriété de Vector Capital, pour un montant de 890 millions de dollars.

http://www.globalsecuritymag.fr/Gemalto-annonce-l-acquisition-de,20140808,46802.html

L'Afnor aborde la gestion des risques en 100 questions

100 questions pour comprendre et agir - Gestion des risques, par Jean-Paul Louisot (Editions Afnor, 268 pages, 21,80 euros HT) Pour acquérir l'ouvrage chez l'éditeur

http://www.lemondeinformatique.fr/actualites/lire-l-afnor-aborde-la-gestion-des-risques-en-100-questions-58284.html

Pré-bulletin Microsoft PatchDay aout 2014

Microsoft a publié un pré-bulletin pour le patchday du mois d’août 2014.

http://www.lexsi-leblog.fr/cert/pre-bulletin-microsoft-patchday-aout-2014-2.html

Visit the Wrong Website, and the FBI Could End Up in Your Computer

Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor.

http://www.wired.com/2014/08/operation_torpedo/

Comment un gang de pirates a-t-il pu voler plus d’un milliard de mots de passe ?

Un petit groupe de cybercriminels a employé un botnet pour infiltrer des dizaines des milliers de sites web et récupérer une quantité gigantesque de données sensibles. Mais la firme qui a fait cette découverte en profite pour faire un formidable coup de com’ et vendre un service derrière.

http://www.01net.com/editorial/624854/comment-un-gang-de-pirates-a-t-il-pu-voler-plus-d-un-milliard-de-mots-de-passe/

GCHQ vs Anonymous

Le GCHQ possède un rayon d'action étendu, portant d'une cible individuelle à l'échelle d'un pays.

http://www.libwalk.so/2014/07/04/gchq-jtrig-part1.html

Performing Incident Response using Yara

Yara is a tool that Symantec uses on incident response engagements in order to help us respond quickly and triage hosts while our security team is prepping signature updates for our affected clients.

http://www.symantec.com/connect/blogs/performing-incident-response-using-yara

Finding & Eradicating RATs

RATs are hard to deal with in part because they are small, scamper around generally unseen, and take your stuff without your knowledge.

https://community.emc.com/community/connect/rsaxchange/netwitness/blog/2014/08/07/finding-eradicating-rats

Advanced Malware: How it works

In Part 1 of this three-part series, we reviewed advanced malware basics. In this installment, we examine how advanced malware works. Advanced malware (AM) enables advanced persistent threats (APTs). Figure A shows basic operation of advanced malware supporting an advanced persistent threat.

http://it.toolbox.com/blogs/adventuresinsecurity/advanced-malware-how-it-works-62420

DOJ's National Security Division Chief Warns of Dire Cyber Threat; Pleads for Public-Private Cooperation

With enough cooperation, the Department of Justice can protect the United States against the potentially devastating effects of cybercrime, Assistant Attorney General for National Security John Carlin said in a recent major speech.

http://www.mainjustice.com/2014/08/07/dojs-national-security-division-chief-warns-of-dire-cyber-threat-pleads-for-public-private-cooperation/

Professionalizing the Cybersecurity Industry

When we talk about cybersecurity, are we talking about a profession or a vocation? What should the field look like in order to provide better security for individuals, enterprises and critical infrastructure?

http://www.tripwire.com/state-of-security/government/professionalizing-the-cybersecurity-industry/

Sysinternals new Sysmon tool looks for intruder traces

For the first time in almost two years, Microsoft's Mark Russinovich has added a new tool to the Sysinternals tool suite. The new tool is Sysmon which monitors for and logs certain specific events.

http://www.zdnet.com/sysinternals-new-sysmon-tool-looks-for-intruder-traces-7000032058/

Yahoo to provide PGP encryption for mail

Promises ease of use. One of the world's largest web providers, Yahoo, will provide its email customers with digital signing and encryption of messages through an extension of the Pretty Good Privacy (PGP) program.

http://www.itnews.com.au/News/390832,yahoo-to-provide-pgp-encryption-for-mail.aspx

Travel Agency Fined £150,000 For Violating Data Protection Act

That'll teach them not to retain credit card data in perpetuity. The UK Information Commissioner's Office (ICO) has fined the online travel company Think W3 ₤150,000 ($254,610.

http://www.darkreading.com/travel-agency-fined--gb-pound-150000-for-violating-data-protection-act/d/d-id/1297538

---

Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié : http://www.cyber-securite.fr/category/veille-cyber/feed

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

This site uses Akismet to reduce spam. Learn how your comment data is processed.