Veille #Cybersécurité du 25 au 29 août 2014

Tout ce qu'il ne fallait pas manquer cette semaine dans votre veille #Cybersécurité. Bonne lecture !

---

Cybersecurity hiring crisis: Rockstars, anger and the billion dollar problem

At no time in history has there been a greater need to hire security professionals to protect and defend infrastructures from an inexhaustible onslaught of organized crime, industrial espionage, and nation-state attacks.

http://www.zdnet.com/cybersecurity-hiring-crisis-rockstars-anger-and-the-billion-dollar-problem-7000032924/

Pakistan is a FinFisher customer, leak confirms

In the first week of this month, someone hacked into the servers of FinFisher, the notorious surveillance software maker, which was reported to have two command and control servers inside Pakistan last year. The hackers got hold of whatever they could find on the server and leaked it as a torrent.

http://digitalrightsfoundation.pk/2014/08/pakistan-is-a-finfisher-customer-leak-confirms/

Snowden: The Deception Question

Epstein, Edward Jay. James Jesus Angleton: Was He Right? Even Angleton’s harshest critics at the CIA, such as William Colby, recognized that the KGB planted misleading clues in intelligence channels.

http://cryptome.org/2014/08/snowden-deception-question.htm

Gouvernance d'Internet : est-ce le bon mot ?

C’est d’ailleurs l’ambiguïté du mot « gouvernance » qui est problématique. Mais le débat s'est trop focalisé sur la question de la tutelle de l'ICANN.

http://www.egeablog.net/index.php?post%2F2014%2F08%2F28%2FGouvernance-d-Internet

Why Pay for AV When It’s Free?

I was at my local supermarket the other day, walking down the canned food aisle, and I saw 21 different brands of peas. Yes, peas. They are all grown under essentially the same conditions in the same way, yet there are dozens of brands all of which vary in price.

https://blogs.rsa.com/13893/

L'escroquerie «au président» fait des ravages en entreprises

L'escroquerie aux faux ordres de paiement a causé, selon un document de la police, «aux entreprises françaises un préjudice global supérieur à 200 millions d'euros».

http://www.lefigaro.fr/actualite-france/2014/08/27/01016-20140827ARTFIG00358-l-escroquerie-au-president-fait-des-ravages-en-entreprises.php

Espionnage chinois en France : le rapport qui acccuse

Dans son numéro de septembre, Vanity Fair dévoile le contenu d'un rapport secret remis à l'Élysée, qui dresse un panorama détaillé des menées de l'espionnage industriel chinois contre les intérêts français.

http://m.vanityfair.fr/actualites/france/articles/espionnage-chinois-en-france-le-rapport-qui-acccuse/15402

Le FBI enquête sur des cyberattaques peut-être en provenance de Russie

Une attaque informatique sophistiquée qui aurait permis de voler plusieurs gigaoctets de données à des banques américaines intrigue le FBI.

http://www.lemonde.fr/ameriques/article/2014/08/28/le-fbi-enquete-sur-des-cyberattaques-peut-etre-en-provenance-de-russie_4477865_3222.html

Cybersecurity official uses Tor but still gets caught with child porn

The former acting cybersecurity director for the US Department of Health and Human Services, Tim DeFoggi, was convicted yesterday on three child porn charges.

http://arstechnica.com/tech-policy/2014/08/federal-cybersecurity-official-going-to-jail-on-child-porn-charges/

We Must Secure America’s Cell Networks—From Criminals and Cops

This month, FCC Chairman Tom Wheeler revealed, in response to a letter from Congressman Alan Grayson, that his agency is assembling a task force “to combat the illicit and unauthorized use of IMSI catchers.

http://www.wired.com/2014/08/we-must-secure-americas-cell-networks-from-criminals-and-cops-alike/

50 confirmed, possibly more Norwegian oil companies hacked

50 Norwegian oil and energy companies have been hacked, and 250 more have been warned to check their networks and systems for evidence of a breach, The Local reports. Among the likely targets is Statoil, Norway's largest oil company.

http://www.net-security.org/secworld.php

Firewalls seem like a fixture of IT security, having been used for more than 15 years in most business environments to protect our internal assets from the scary nasties that are out there on the big bad internet. Of course, the origin of the term comes from the automotive business.

http://nakedsecurity.sophos.com/2014/08/27/there-is-no-inside-how-to-get-the-most-from-your-firewall/

Fortinet establishes R&D lab in Singapore

Fortinet is setting up a research and development (R&D) lab in Singapore to provide global threat intelligence and emergency threat response to its customers.

http://www.zdnet.com/sg/fortinet-establishes-r-and-d-lab-in-singapore-7000033006/#ftag=RSS14dc6a9

Cybersécurité au cinéma : la fiction est-elle à la hauteur de la réalité ?

Extrait du synopsis du film Firewall : « Cadre supérieur d’une grande banque de Seattle, il a mis au point un « pare-feu » ultrasophistiqué, qu’aucun hacker n’a jamais réussi à pénétrer.

http://www.solucominsight.fr/2014/08/cybersecurite-au-cinema-fiction-hauteur-realite/

Facts on cybercrime threats in Turkey

CSIS Security Group A/S has briefly engaged with IT Security specialist Stefan Frei, PhD, in order to analyze the volume of Big Data that CSIS stores and which highlights different persistent malware families targeting Turkey. The report is now being made publicly available.

http://www.csis.dk/en/csis/news/4351/

How to Avoid 10 Common Active Directory Mistakes

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

http://www.cio.com/article/2599128/application-security/how-to-avoid-10-common-active-directory-mistakes.html#tk.rss_all

How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law

Beginning next year, if you buy a cell phone in California that gets lost or stolen, you’ll have a built-in ability to remotely deactivate the phone under a new “kill switch” feature being mandated by California law—but the feature will make it easier for police and others to disable th

http://www.wired.com/2014/08/how-cops-and-hackers-could-abuse-californias-new-phone-kill-switch-law/

Air Force looks to get proactive on cyber defense

The Air Force has put out a call for a range of proactive cyber defenses, including self-healing software and deceptive capabilities that could fool cyber attackers.

http://defensesystems.com/articles/2014/08/12/air-force-cyber-resilience.aspx

INDE • Gouvernement recrute hackers, 18 ans si possible

New Delhi s’apprête à employer des dizaines de milliers de pirates informatiques pour sécuriser ses installations stratégiques. La condition : être jeune et patriote.

http://www.courrierinternational.com/article/2014/08/26/gouvernement-recrute-hackers-18-ans-si-possible

Great Ambitions: Canada’s SIGINT Agency Tries to Cover the Globe

Who better to take on the grunt work of finding vulnerable machines than machines? According to the Landmark slides, the next step for CSEC was to essentially built an app.

http://www.matthewaid.com/post/95813297731

Surveillance : la NSA a créé son propre « Google »

Un véritable « Google made in NSA » : c’est ainsi que le site The Intercept, fondé par le journaliste Glenn Greenwald, qui a divulgué les documents secrets d’Edward Snowden, décrit le programme ICReach, dont il a dévoilé l’existence ce lundi.

http://www.lemonde.fr/pixels/article/2014/08/26/surveillance-la-nsa-a-cree-son-propre-google_4476822_4408996.html

Researcher details how malware gives AV the slip

Researcher James Wyke has discovered throw-off tactics used by malware to frustrate investigators.

http://www.theregister.co.uk/2014/08/26/researcher_details_how_malware_gives_av_the_slip/

To deter cyberattacks, build a public-private partnership

Cyberattacks loom as an increasingly dire threat to privacy, national security and the global economy, and the best way to blunt their impact may be a public-private partnership between government and business, researchers say.

http://phys.org/news/2014-08-deter-cyberattacks-public-private-partnership.html

ICREACH : How the NSA Built Its Own Secret Google -The Intercept

The National Security Agency is secretly providing data to nearly two dozen U.S.

https://firstlook.org/theintercept/article/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton/

Does the White House’s cybersecurity czar need to be a coder? He says no.

Many cybersecurity experts vented frustrations on Twitter yesterday about a recent interview by White House cybersecurity coordinator Michael Daniel published by Gov Info Security.

http://www.washingtonpost.com/blogs/the-switch/wp/2014/08/22/does-the-white-houses-cybersecurity-czar-need-to-be-a-coder-he-says-no/

Données de clients piratées : la CNIL juge Orange coupable, et puis c'est tout

Condamnée au pilori. En avril dernier, Orange avait alerté ses abonnés d'une nouvelle intrusion dans ses fichiers clients, qui a concerné les noms, prénoms, dates de naissance, adresse e-mail et numéros de téléphones de 1,3 millions de clients et prospects.

http://www.numerama.com/magazine/30336-donnees-de-clients-piratees-la-cnil-juge-orange-coupable-et-puis-c-est-tout.html

Secret Service estimates type of malware that led to Target breach is affecting over 1,000 U.S. businesses

The type of point of sale, or PoS, malware that resulted in massive credit card breaches from Target and other retailers over the past year is more widespread than previously reported, an advisory from the Department of Homeland Security and the Secret Service revealed Friday.

http://www.washingtonpost.com/blogs/the-switch/wp/2014/08/22/secret-service-estimates-type-of-malware-that-led-to-target-breach-is-affecting-over-1000-u-s-businesses/

Le Premier ministre dote l’Etat de sa première Politique globale de sécurité des systèmes d’information (PSSIE)

Portée par une circulaire du Premier ministre signée le 17 juillet 2014, la PSSIE fixe les règles de protection applicables aux systèmes d’information de l’État.

http://www.ssi.gouv.fr/fr/menu/actualites/le-premier-ministre-dote-l-etat-de-sa-premiere-politique-globale-de-securite.html

The Sabu Effect: An Interview with Jay Leiderman

The knock at the door. The blinding lights, the shouted orders, the helmets, the uniforms, the guns, the confusion, the melee. The raid.

http://thecryptosphere.com/2014/08/22/the-sabu-effect-an-interview-with-jay-leiderman/

L'escroc fabriquait de fausses façades de distributeurs

Pour se livrer à ses escroqueries, il avait recours à du matériel de pointe... A l'aide d'une imprimante 3D dernier cri, un homme de 34 ans est parvenu à modéliser puis fabriquer des fausses façades de distributeurs automatiques de billets (DAB).

http://www.leparisien.fr/faits-divers/l-escroc-fabriquait-de-fausses-facades-de-distributeurs-22-08-2014-4079261.php

Sécurité : pourquoi ça ne marche pas

Oksana, Erol et Yeshe sont tous trois journalistes, respectivement en Ukraine, en Turquie et au Tibet. Jeudi 26 juin,  ils étaient à Paris pour raconter à un public de hackers et bidouilleurs leur travail quotidien face aux menaces, à la censure et à la surveillance en ligne.

http://blog.barbayellow.com/2014/08/16/securite-pourquoi-ca-ne-marche-pas/

---

Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié : http://www.cyber-securite.fr/category/veille-cyber/feed

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

This site uses Akismet to reduce spam. Learn how your comment data is processed.