in

Veille #Cybersécurité du 07/08/2014

Tout ce qu’il ne fallait pas manquer aujourd’hui dans votre veille #Cybersécurité. Bonne lecture ! —

Black Hat 2014 : un pirate peut-il prendre le contrôle à distance d’une voiture?

Deux chercheurs ont analysé les risques liés aux technologies radiofréquence intégrées dans les voitures. Certains modèles s’en sortent beaucoup mieux que d’autres. http://www.01net.com/editorial/624860/black-hat-2014-un-pirate-peut-il-prendre-le-controle-a-distance-d-une-voiture/Black

Former top brass say cyberspace key in new defense rules

http://www.japantimes.co.jp/news/2014/08/06/national/politics-diplomacy/former-top-brass-say-cyberspace-key-new-defense-rules/

US Homeland Security data possibly stolen in cyberattack

One of the US government’s biggest contractors revealed Wednesday that its computer systems were hit by hackers, according to the Washington Post. http://www.cnet.com/news/us-homeland-security-data-possibly-stolen-in-cyberattack/

Blocklists of Suspected Malicious IPs and URLs

Several organizations maintain and publish blocklists (a.k.a blacklists) of IP addresses and URLs of systems and networks suspected in malicious activities on-line. Many of these lists are available for free; some have usage restrictions: http://zeltser.com/combating-malicious-software/malicious-ip-blocklists.html

Operation Poisoned Hurricane

Our worldwide sensor network provides researchers at FireEye Labs with unique opportunities to detect innovative tactics employed by malicious actors and protects our clients from these tactics. http://www.fireeye.com/blog/technical/targeted-attack/2014/08/operation-poisoned-hurricane.html

Deploying and monitoring honeypots made easy

LogRhythm released a new analytics suite that monitors honeypots to track would-be attackers, enabling customers to analyze nefarious tactics and generate targeted threat intelligence that facilitates an ongoing adaptive defense posture. http://www.net-security.org/secworld.php?id=17215

Sophisticated Phishing is targeting French-Speaking banking users

A very sophisticated phishing campaign has been discovered by Malcovery Security, it targets French-speaking computer users to steal banking credentials. http://securityaffairs.co/wordpress/27287/cyber-crime/sophisticated-phishing-target-french.html

L’arrestation du créateur de Blackhole n’a pas supprimé les menaces

Selon le rapport annuel sur la sécurité publié mardi par Cisco lors de la conférence sur la sécurité Black Hat qui se tient à Las Vegas, un grand nombre de kit permettant d’exploiter des failles logicielles essayent de supplanter le fameux kit Blackhole et les menaces ne sont pas écartées. http://www.lemondeinformatique.fr/actualites/lire-l-arrestation-du-createur-de-blackhole-n-a-pas-supprime-les-menaces-58270.html

Why I’m Not at Black Hat or DEFCON

Making software do things for us is a lot like stringing words together to make coherent and interesting sentences. We know how to gather, record, and reason over data. We know efficient and proven algorithms for all sorts of interesting problems. http://www.cigital.com/justice-league-blog/2014/08/06/black-hat/

Oh, great. It’s not that hard to hack TSA’s airport security scanning machines

LAS VEGAS — It’s been more than a decade since 9/11 brought a stringent screening process to all airports. http://venturebeat.com/2014/08/06/oh-great-its-not-that-hard-to-hack-tsas-airport-security-scanning-machines/

Black Hat 2014 Keynote: What InfoSec Needs to Do

In a far-ranging speech, Geer outlined 10 policy proposals “on a suite of pressing current topics,” such as government surveillance, embedded systems security, net neutrality, the right to be forgotten, and the state of vulnerability research and disclosure, to name just a few. http://www.infosecurity-magazine.com/news/black-hat-2014-keynote-what/

Creating a Bitcoin-Mining Botnet at No Cost

At the Black Hat 2014 conference in Las Vegas, Rob Ragan and Oscar Salazar, penetration testers from Bishop Fox, demonstrated a technique for cloud-based bitcoin mining that cost them exactly…nothing. At this moment, one bitcoin is worth $576.57. http://securitywatch.pcmag.com/hacking/326153-creating-a-bitcoin-mining-botnet-at-no-cost

How To Talk To Your Employees About Cybersecurity (Without Putting Them To Sleep)

You can just see the eye-rolls across the conference table when you bring it up. http://www.forbes.com/sites/kathryndill/2014/08/06/how-to-talk-to-your-employees-about-cybersecurity-without-putting-them-to-sleep/

Black Hat 2014 : peut-on hacker un avion ?

Un expert affirme pouvoir pirater les systèmes de navigation et de sécurité à bord des avions et des navires qui utilisent des communications satellites. Il en fera la démonstration le 7 août prochain à la conférence Black Hat. http://www.01net.com/editorial/624788/black-hat-2014-peut-on-hacker-un-avion/#

Buy All the Cybersecurity Vulnerabilities: Black Hat Keynote

LAS VEGAS: Dan Geer, a well known and respected digital security expert and the CISO of In-Q-Tel, had a unique opportunity this year, as he was the only keynote speaker at the Black Hat USA conference. http://www.esecurityplanet.com/network-security/buy-all-the-cybersecurity-vulnerabilities-black-hat-keynote.html

Cybersecurity experts take Russian hacking scare ‘with a pinch of salt’

Security researchers have expressed concern over the claim that more than 4.5bn user credentials including 1.2bn unique usernames and passwords have been amassed by a Russian cybercriminal gang. http://www.theguardian.com/technology/2014/aug/06/cybersecurity-expert-russian-hacking-scare-hold-security-passwords

Researchers Get $10M to Build Modular Cybersecurity System

A project headed by Boston University researchers has received a $10 million grant to build a cloud-based modular cybersecurity system. The grant is a Frontier Award, awarded by the National Science Foundation (NSF) as part of its Secure and Trustworthy Cyberspace program. http://www.thewhir.com/web-hosting-news/boston-university-researchers-get-10-million-build-modular-cybersecurity-system

A Cold War in Cyberspace: Does the US Have Jurisdiction Over Russian Hackers?

The recent arrest of Russian citizen Roman Valeravich Seleznev by US authorities for alleged cyber crimes highlights one of the most difficult jurisdictional problems facing the international community today. http://jurist.org/hotline/2014/08/arkady-bukh-cyber-crime.php

Mots de passe volés: Pourquoi il ne faut pas paniquer

INFORMATIQUE – L’entreprise qui révèle ce casse est loin d’être transparente sur l’ampleur réelle du problème… Peur sur le Net. http://www.20minutes.fr/high-tech/1426095-mots-passe-voles-pourquoi-faut-paniquer

A Peek Inside The Black Hat Show Network

Black Hat USA’s wireless network offers authenticated, secure access as well as ‘open’ access. http://www.darkreading.com/mobile/a-peek-inside-the-black-hat-show-network/d/d-id/1297803

Vulnerability Management: Just Turn It Off! Part II

Our last post in the “Turn It Off!” blog series discussed some of the most common and yet unnecessary features that can make your environment more vulnerable, including JBoss JMX consoles, server banners and the Apache HTExploit. http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-management-just-turn-it-off-part-ii/

Researcher demonstrates how he controlled room devices in luxury hotel

At a Black Hat 2014 session, one hacker revealed how he was able to control basic amenities in a luxury hotel – and why the hospitality industry must update its security policies to take into consideration Internet of Things threats. While staying at the St. http://www.scmagazine.com/researcher-demonstrates-how-he-controlled-room-devices-in-luxury-hotel/article/365038/

MDM is Terrible: When Security Solutions Hurt Security

Much to Blackberry’s chagrin, most people aren’t interested in carrying a stodgy work phone along with the fun smart phone they picked out themselves. That’s why big companies have invested heavily in mobile device management (MDM). http://securitywatch.pcmag.com/mobile-security/326166-mdm-is-terrible-when-security-solutions-hurt-security

US Department of Homeland Security contractor hacked

According to the Washington Post, the attackers managed to steal personal information about Department of Homeland Security’s (DHS) employees from systems of Virginia-based US Investigations Services. http://eandt.theiet.org/news/2014/aug/homeland-security-hack.cfm

Cisco 2014 Midyear Security Report: Threats – Inside and Out

Through our ongoing “Inside Out” project at Cisco, our threat researchers have the opportunity to closely examine select networks—with our customers’ permission—to identify evidence of malicious traffic. http://blogs.cisco.com/security/cisco-2014-midyear-security-report-threats-inside-and-out/

Snowden allowed to stay in Russia for three more years

NSA whistleblower Edward Snowden has been permitted to stay in Russia for another three years, and is free to travel within the country and abroad, Russia Today reports. http://www.net-security.org/secworld.php

Magnitude Exploit Kit Backend Infrastructure Insight – Part I

In our recently released Trustwave Global Security Report Online and previous Magnitude blog post, A Peek Into the Lion’s Den – The Magnitude [aka PopAds] Exploit Kit, we detailed our discovery of one of the more prevalent exploit kits seen these days, showed an inside look at the control pane http://blog.spiderlabs.com/2014/08/magnitude-exploit-kit-backend-infrastructure-insight-part-i.html

New PCI Guidance for Third-Party Risks

Card data security risks posed by third parties have gotten renewed attention in recent months because of a string of U.S. retailer breaches that have compromised millions of credit and debit cards. http://www.inforisktoday.com/interviews/new-pci-guidance-for-third-party-risks-i-2406

Cybersecurity: What the U.S. can teach Europe

Having attended two reputable information security conferences this year, one on each side of the Atlantic, a few observations emerged on the differences and similarities of opinion on cybersecurity issues in the U.S. and Europe. http://fcw.com/articles/2014/08/07/comment-cybersecurity-us-and-europe.aspx

L’ANSSI publie la version anglaise des mesures visant à renforcer la cybersécurité des systèmes industriels

Depuis février 2013, les acteurs industriels (utilisateurs, équipementiers, intégrateurs, associations et groupements d’industriels, etc. http://www.ssi.gouv.fr/fr/menu/actualites/l-anssi-publie-la-version-anglaise-des-mesures-visant-a-renforcer-la.html

Le « secret des affaires » de retour dans le débat public, encore un essai sans suite ou réelle prise de conscience ?

Depuis plusieurs années maintenant les entreprises françaises estiment que leur patrimoine immatériel n’est pas assez protégé par la législation. http://www.solucominsight.fr/2014/08/secret-affaires-retour-debat-public-encore-essai-suite-reelle-prise-conscience/

The Epic Turla Operation

Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call « Epic Turla ». http://securelist.com/analysis/publications/65545/the-epic-turla-operation/ — Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié : https://www.cyber-securite.fr/category/veille-cyber/feed

Vous aimerez aussi cet article:

Newsletter

Envie de ne louper aucun de nos articles ? Abonnez vous pour recevoir chaque semaine les meilleurs actualités avant tout le monde.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *