Veille #Cybersécurité du 12/08/2014

Tout ce qu'il ne fallait pas manquer aujourd'hui dans votre veille #Cybersécurité. Bonne lecture !

---

China spies -- sex to cyber

Sex-and-spying award winner? China’s nominee is surely Katrina Leung, codenamed Parlour Maid. She’d pocketed $1.

http://www.torontosun.com/2014/08/09/china-spies----sex-to-cyber

Le NIST élabore son test de sécurité des systèmes Scada

Le NIST (National Institute of Standards and Technology), qui est une branche du département du Commerce américain, a comme objectif de promouvoir l’économie en développant des technologies, la métrologie et des standards de concert avec l’industrie.

http://www.silicon.fr/nist-elabore-test-securite-systemes-scada-96101.html

Pour le FBI, même le plus anonyme des Anonymous ne le reste pas

Jeremy Hammond va passer dix ans en prison – ici en mars 2012. | AP Il a fallu des mois au FBI pour retrouver la trace de M. Hammond sur Internet.

http://mobile.lemonde.fr/pixels/article/2014/08/12/pour-le-fbi-meme-le-plus-anonyme-des-anonymous-ne-le-reste-pas-eternellement_4470363_4408996.html

Targeted Attacks: Raising Risk Urgency

Detecting and preventing advanced attacks isn't just a technology issue - it's a business risk that needs to be elevated to the highest levels of an organization. Trend Micro's Tom Kellermann shares strategies. Attackers vary - they could be organized criminals, hacktivists or nation states.

http://www.databreachtoday.eu/targeted-attacks-raising-risk-urgency-a-7178

Twitter suspend le compte du hacker pro-israélien Ulcan après le piratage de Rue89

Après la justice, c’est le réseau social Twitter qui se penche sur le cas d’Ulcan, alias Gregory Chelli. Les équipes du réseau social ont décidé de suspendre son compte après l’avoir examiné ce mardi.

http://www.undernews.fr/hacking-hacktivisme/twitter-suspend-le-compte-du-hacker-pro-israelien-ulcan-apres-le-piratage-de-rue89.html

Bientot la cyber-assurance en France

Depuis 2012, déclarée en son temps “Année de la fuite de données” par IBM, la sensibilité des acteurs économiques au Cyber-Risque semblerait avoir enfin progressé puisque ce domaine devient assurable.

http://blog.trendmicro.fr/bientot-la-cyber-assurance-en-france/#.UuoHD9V7GUM.twitter

Who Receives Hacker Threat Info From DHS?

Health care, banking and other key sectors at risk of cyberattacks have not joined a Department of Homeland Security program required to offer these industries protections against a potential catastrophic hack, according to federal inspectors.

http://www.nextgov.com/cybersecurity/2014/08/who-receiving-hacker-threat-info-dhs/91154/

Report: Hacker posts Gamma International data exposing FinFisher concerns

Last week, a Reddit user called “PhineasFisher” claimed to have “made off with 40GB of data from Gamma's networks,” and in doing so, provided proof of the company's unethical business practices, such as selling to government clients who use the software to spy on Bahraini activists.

http://www.scmagazine.com/report-hacker-posts-gamma-international-data-exposing-finfisher-concerns/article/365665/

BlackHat 2014 : Oracle, un outil de sécurité peu sécurisé

Une fois de plus, l’un des frères Litchfield (David) dévoile, à l’occasion de la BlackHat 2014, un PoC visant une faille Oracle. Ce qui est moins banal, c’est que la faille en question concerne une extension de sécurité intégrée à Oracle 12c, extension baptisée Data Redaction.

http://www.cnis-mag.com/blackhat-2014-oracle-un-outil-de-securite-peu-securise.html

The Dilemma of PCI Scoping - Part 3

In part 2 we discussed the criticality of a risk assessment and started on implementing the framework with fixing monitoring and alerting so that we can properly manage the risk we will be accepting. In this part I will deal with Category 2 and 3 systems and how to manage their risk.

https://www.infosecisland.com/blogview/23912-The-Dilemma-of-PCI-Scoping-Part-3.html

Getting Revenge: The Ethics of Active Countermeasures

Businesses and individuals are getting fed up with always being one step behind cyber criminals and constantly playing defense. In an attempt to be more proactive and shift the dynamic, some security experts are now advocating active countermeasures—basically attacking the attackers.

http://blogs.rsa.com/getting-revenge-ethics-active-countermeasures/

US Air Force cyber security competition comes to UK

A defence contractor has joined with the UK's Cyber Security Challenge to bring a US Air Force cyber competition to this side of the Atlantic.

http://www.wired.co.uk/news/archive/2014-08/11/cybercenturion

Un coffre-fort virtuel chez Oracle pour les clés de chiffrement

Avec Key Vault, Oracle fournit un référentiel centralisé pour stocker les milliers ou centaines de milliers de clés de chiffrement auxquelles une entreprise peut devoir recourir.

http://www.lemondeinformatique.fr/actualites/lire-un-coffre-fort-virtuel-chez-oracle-pour-les-cles-de-chiffrement-58301.html

How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks

Threat sharing networks have been around for a long time, however they have typically been "invitation-only," available to only large companies, or those within a particular industry. The AlienVault Open Threat Exchange is different.

http://www.infoworld.com/d/wc/how-use-crowd-sourced-threat-intelligence-stop-malware-in-its-tracks-248105

NATO’s September Summit Must Confront Cyber Threats

Jarno Limnéll is the Director of Cyber Security at McAfee (now part of Intel), a PhD in military science, and a former officer in the famously tough Finnish armed forces, where he spent five years as a strategic analyst.

http://breakingdefense.com/2014/08/natos-september-summit-must-confront-cyber-threats/

Does U.S. Truly Want Cyber Peace?

The United States government does not want peace in cyberspace, contends cyber-conflict historian Jason Healey, a former White House cyber infrastructure protection director.

http://www.govinfosecurity.com/interviews/does-us-truly-want-cyber-peace-i-2415

Checking In On Africa: The Latest Developments in Cybercrime

In the early 2000s, Africa gained notoriety due to the 419 “Nigerian” scam. This scam involved making payments in exchange for a reward for helping so-called high-ranking Nigerian officials and their families.

http://blog.trendmicro.com/trendlabs-security-intelligence/checking-in-on-africa-the-latest-developments-in-cybercrime/

State-of-the-art spear phishing and defenses

The number of phishing sites was up 10.7-percent as of Q1 this year (over last year) while at the same time almost 32.

http://www.csoonline.com/article/2462368/data-protection/state-of-the-art-spear-phishing-and-defenses.html#tk.rss_all

The making of a cybercrime market

I recently had the opportunity to speak with two representatives from the Netherlands-based security research firm Fox-IT—Maurits Lucas, InTELL Business Director, and Andy Chandler, VP of WW Sales & Marketing.

http://www.csoonline.com/article/2463175/data-protection/the-making-of-a-cybercrime-market.html#tk.rss_all

---

Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié : http://www.cyber-securite.fr/category/veille-cyber/feed

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

This site uses Akismet to reduce spam. Learn how your comment data is processed.