RSS Trending Cyber News

  • Veeam nomme Gil Vega au poste de RSSI
    . février 2020 par Marc Jacob Veeam® Software annonce la nomination de Gil Vega au poste de Responsable de la sécurité des systèmes d’information (RSSI). Il sera en charge d’établir et de maintenir la vision et la stratégie de Veeam afin d’assurer la protection adéquate de ses ressources et solutions en matière d’information.
  • WALLIX lance Bestsafe
    Forte de son expertise reconnue dans le monde entier sur la gestion des accès à privilèges, WALLIX étend aujourd’hui son offre à la protection des accès aux applications et aux postes bureautiques en lançant la solution WALLIX BestSafe. BestSafe permet aux organisations de toutes tailles de protéger....
  • Pourquoi la cybersécurité française est-elle reconnue à l'échelle mondiale ?
    Pourquoi la cybersécurité française est-elle reconnue à l’échelle mondiale ? février 2020 par Xavier FACELINA, Président de SECLAB Incontestablement, l’exportation de la technologie française est un sujet clé qui anime nombre de professionnels. Éditeurs, intégrateurs, opérateurs, tous innovent en....
  • Опрос: большинство поляков благодарны Красной армии за освобождение
    По мнению 73 процентов участников опроса, пленников концлагеря спасла Красная армия. В том, что фашистские войска самостоятельно изгнало Войско Польское, уверены 15 процентов. Еще пять процентов считают, что лагерь смерти освободили США. По одному проценту пришлось на поляков, заявивших, что это были войска Великобритании или армия другой страны.
  • Президент Швейцарии пригласила на свой юбилей всех родившихся с ней в один день
    Поясняется, что для того чтобы принять участие в торжестве, нужно зарегистрироваться на сайте президента и предоставить копию паспорта. Соммаруга отпразднует свой юбилей 14 мая недалеко от Берна. По данным издания в один день с главой государства родились около 260 швейцарцев.
  • En 2020, on devrait compter 200 millions de smartphones 5G sur le marché
    Cap vers les 200 millions de smartphones 5G ! Vous le savez, cette année 2020 marquera les grands débuts (en France) du tout nouveau réseau 5G, qui promet de faire passer notre 4G actuelle pour un ancestral réseau Edge. En 2019, dans le monde, ce sont un peu moins de 20 millions de terminaux compatibles […]
  • Japan’s curbs on foreign ownership to cover 12 sectors, sources say
    Japan is finalizing a plan that will tighten scrutiny of foreign investment in 12 key sectors, four government sources with knowledge of the matter said. The industries would include sectors like defense, nuclear power, aerospace, utilities, gas, cybersecurity and telecommunications, two of the sources said.
  • США и Великобритания обвинили РФ в кибератаке на Грузию
    . Правительства обеих стран уверены, что за крупнейшей хакерской атакой на постсоветском пространстве стоит Россия. Правительства США и Великобритании опубликовали , в которых обвинили Россию в осуществлении координированной кибератаки на тысячи грузинских сайтов в октябре 2019 года.
  • Trending Research Report on Cyber security as a Service Market 2020 | Top Companies are Symantec, MCAFEE, Trend Micro, Cisco, Fortinet, Panda Security, Ciphercloud, Zscaler, etc - Instant Tech News
    Cyber security as a Service market research report provides a detailed overview of Cyber security as a Service industry with respect to the drivers influencing the revenue factors, growth structure, Size, Share via the latest research addition. The current trends of Cyber security as a Service....
  • Sophos: Fleeceware blijft blok aan been
    Bij fleeceware krijgen gebruikers een app in een gratis proefperiode aangeboden maar zit er een betaald abonnement verborgen in de kleine lettertjes ('de vacht'= fleece). Deze truc komt vooral voor bij gratis of goedkope apps. Fleeceware past in de categorie ongewenste apps - pua's - waartoe ook....

RSS Vulnerabilities

  • Как успешно пройти любой пентест (вредные советы)
    Представим ситуацию: вы — специалист по информационной безопасности и знаете, что выстроенная вами защита — полная чушь. Возможно, вы этого и не знаете, но проверять особо не желаете, ведь кому хочется выходить из зоны комфорта и дополнительно что-то предпринимать, внедрять средства защиты, смягчать....
  • Remote code execution in Rockwell Automation FactoryTalk Diagnostics
    . Security Advisory. This security advisory describes one high risk vulnerability. 1) Deserialization of Untrusted Data. Severity: High. CVSSv3: [PCI] CVE-ID: CVE-2020-6967. CWE-ID: Description. CWE-502 - Deserialization of Untrusted Data The vulnerability allows a remote attacker to execute arbitrary code on the target system.
  • Dragos Report: Analysis of ICS flaws disclosed in 2019
    Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. More than 400 flaws affecting industrial control systems (ICS) were disclosed in 2019, more than 100 were zero-day vulnerabilities.
  • Adobe выпустила внеплановые патчи для критических уязвимостей
    . Уязвимости содержатся в Adobe After Effects и Adobe Media Encoder. Компания Adobe выпустила внеплановое обновление для Windows- и macOS-версий приложений Adobe After Effects и Adobe Media Encoder, исправляющие две критические уязвимости. Обе проблемы представляют собой уязвимости записи за пределами поля.
  • Bugtraq: [slackware-security] proftpd (SSA:2020-051-01)
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.6c-i586-1_slack14.
  • Chinese Hackers, Coronavirus Phishing Attacks, How to Stay (Almost) Anonymous Online
    Chinese Hackers, Coronavirus Phishing Attacks, How to Stay (Almost) Anonymous Online. In episode 97 of our monthly show we discuss how Chinese hackers caused the Equifax data breach, new coronavirus phishing attacks to be aware of, and how to stay (almost) anonymous online. ** Show notes and links mentioned on the show ** U.
  • High-risk vulnerabilities and public cloud-based attacks on the rise
    Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. High-risk vulnerabilities and public cloud-based attacks on the rise.
  • 加密挖掘威胁研究报告(上)
    起源. 在90年代,研究科学家Stuart Haber和W. Scott Stornetta提出了一个用时间戳的方法保证数字文件安全的协议,协议要求在文件创建后,其时间戳不能改动,这就使得文件被篡改的可能性为零。这项安全协议后来也成为了比特币区块链协议的原型,但此原型中还需要依赖受托人签名,让解决方案的完整性存在了一定缺陷。 2008年,一个以Satoshi Nakamoto化名的个人或团体将区块链背后的想法概念化,他(们)通过实施加密签名来为数字文档添加时间戳,改进了上述的解决方案,从而消除了依赖信任的风险。 为了了解社会对加密货币的需求,我们需要回顾一下2007年和2009年初的全球金融危机....
  • CodeQL 若干问题思考及 CVE-2019-3560 审计详解
    CodeQL 的这些能力是它独有的吗? 当然不是。白盒代码审计并不是新的领域,业界已经有非常多的工具。老牌商业软件如 Fortify SCA, Coverity,开源软件如 Cobra,各大互联网公司也都会建设自己的源代码安全审计平台,这里就不一一列举了。以 Fortify 为例, 其产品白皮书中就说明了它的五大主要分析引擎:数据流、语义、结构、控制流、配置流。各家也都在做,学术界研究的也不少。 CodeQL 有什么优势? 简单说就是免费、开源、Semmle 团队强大的研究能力。Semmle 孵化于牛津大学, 其投资者包括 Google, Microsoft, NASA 等,现在又加入了....
  • [Bug 1805006] Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
    Eclipse Mojarra before version 2.3.14 is vulnerable to a path traversal flaw via either the loc parameter or the con parameter. An attacker could exploit this to read arbitrary files. It was reported as CVE-2019-0199, but it was an incomplete fix. Eclipse Mojarra before version 2.3.

RSS Threats and Incidents

  • Как успешно пройти любой пентест (вредные советы)
    Представим ситуацию: вы — специалист по информационной безопасности и знаете, что выстроенная вами защита — полная чушь. Возможно, вы этого и не знаете, но проверять особо не желаете, ведь кому хочется выходить из зоны комфорта и дополнительно что-то предпринимать, внедрять средства защиты, смягчать....
  • Remote code execution in Rockwell Automation FactoryTalk Diagnostics
    . Security Advisory. This security advisory describes one high risk vulnerability. 1) Deserialization of Untrusted Data. Severity: High. CVSSv3: [PCI] CVE-ID: CVE-2020-6967. CWE-ID: Description. CWE-502 - Deserialization of Untrusted Data The vulnerability allows a remote attacker to execute arbitrary code on the target system.
  • Dragos Report: Analysis of ICS flaws disclosed in 2019
    Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. More than 400 flaws affecting industrial control systems (ICS) were disclosed in 2019, more than 100 were zero-day vulnerabilities.
  • Adobe выпустила внеплановые патчи для критических уязвимостей
    . Уязвимости содержатся в Adobe After Effects и Adobe Media Encoder. Компания Adobe выпустила внеплановое обновление для Windows- и macOS-версий приложений Adobe After Effects и Adobe Media Encoder, исправляющие две критические уязвимости. Обе проблемы представляют собой уязвимости записи за пределами поля.
  • Bugtraq: [slackware-security] proftpd (SSA:2020-051-01)
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.6c-i586-1_slack14.
  • Chinese Hackers, Coronavirus Phishing Attacks, How to Stay (Almost) Anonymous Online
    Chinese Hackers, Coronavirus Phishing Attacks, How to Stay (Almost) Anonymous Online. In episode 97 of our monthly show we discuss how Chinese hackers caused the Equifax data breach, new coronavirus phishing attacks to be aware of, and how to stay (almost) anonymous online. ** Show notes and links mentioned on the show ** U.
  • High-risk vulnerabilities and public cloud-based attacks on the rise
    Sorin Mustaca's IT Security news and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. High-risk vulnerabilities and public cloud-based attacks on the rise.
  • 加密挖掘威胁研究报告(上)
    起源. 在90年代,研究科学家Stuart Haber和W. Scott Stornetta提出了一个用时间戳的方法保证数字文件安全的协议,协议要求在文件创建后,其时间戳不能改动,这就使得文件被篡改的可能性为零。这项安全协议后来也成为了比特币区块链协议的原型,但此原型中还需要依赖受托人签名,让解决方案的完整性存在了一定缺陷。 2008年,一个以Satoshi Nakamoto化名的个人或团体将区块链背后的想法概念化,他(们)通过实施加密签名来为数字文档添加时间戳,改进了上述的解决方案,从而消除了依赖信任的风险。 为了了解社会对加密货币的需求,我们需要回顾一下2007年和2009年初的全球金融危机....
  • CodeQL 若干问题思考及 CVE-2019-3560 审计详解
    CodeQL 的这些能力是它独有的吗? 当然不是。白盒代码审计并不是新的领域,业界已经有非常多的工具。老牌商业软件如 Fortify SCA, Coverity,开源软件如 Cobra,各大互联网公司也都会建设自己的源代码安全审计平台,这里就不一一列举了。以 Fortify 为例, 其产品白皮书中就说明了它的五大主要分析引擎:数据流、语义、结构、控制流、配置流。各家也都在做,学术界研究的也不少。 CodeQL 有什么优势? 简单说就是免费、开源、Semmle 团队强大的研究能力。Semmle 孵化于牛津大学, 其投资者包括 Google, Microsoft, NASA 等,现在又加入了....
  • [Bug 1805006] Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
    Eclipse Mojarra before version 2.3.14 is vulnerable to a path traversal flaw via either the loc parameter or the con parameter. An attacker could exploit this to read arbitrary files. It was reported as CVE-2019-0199, but it was an incomplete fix. Eclipse Mojarra before version 2.3.

RSS Cyber Crime

  • Sophos: Fleeceware blijft blok aan been
    Bij fleeceware krijgen gebruikers een app in een gratis proefperiode aangeboden maar zit er een betaald abonnement verborgen in de kleine lettertjes ('de vacht'= fleece). Deze truc komt vooral voor bij gratis of goedkope apps. Fleeceware past in de categorie ongewenste apps - pua's - waartoe ook....
  • Sophos Commentary on ISS World hack
    Its websites have been down since 17 February. And This Week in Facilities Management said 43,000 staff at London’s Canary Wharf and its Weybridge HQ, in Surrey, still had no email. Ransomware attacks encrypt IT systems, locking users out and demanding money.
  • iPhone Perverts On A Train: 94% Increase In Cyber-Flashers Sending Explicit Selfies - Forbes
    iPhones are being used to 'flash' women with sexually explicit selfies flickr Editorial/Getty Images. Cases of cyber-flashing, where perverts send sexually explicit images, often of their own genitals, to young women they don't know, have increased year on year. At least they have as far as cyber-flashing on trains is concerned .
  • Kenya, South Africa more concerned about cyber attacks than Nigeria, others - Guardian
    Kenya and South Africa have been found to be more concerned about the risks posed by cybercrimes compared to Nigeria and other countries in Africa. Specifically, a report by KnowBe4African Report disclosed that of all the countries surveyed, 75 per cent of Kenyans, and 74 per cent South Africans....
  • Survey: Trump Not as Smart as the IT Director
    , an early-stage VC firm investing in cybersecurity startups, surveyed 1,000 U.S. adults to better understand consumer opinions and understanding of cybersecurity. The report, which was released the day before Valentine’s Day, offered some very interesting insights.
  • What We’re Reading: The Winners of the Inaugural Sigma Awards for Data Journalism
    The Friday 5 , where we round up our favorite reads from around the online world in English each week, includes the Sigma Award winners for data journalism, a story from the Columbia Journalism Review about increased surveillance on journalists, and an interview with BuzzFeed’s Craig Silverman. (DataJournalism.
  • Remote code execution in Rockwell Automation FactoryTalk Diagnostics
    . Security Advisory. This security advisory describes one high risk vulnerability. 1) Deserialization of Untrusted Data. Severity: High. CVSSv3: [PCI] CVE-ID: CVE-2020-6967. CWE-ID: Description. CWE-502 - Deserialization of Untrusted Data The vulnerability allows a remote attacker to execute arbitrary code on the target system.
  • En 2019, Snap a été le réseau social le plus populaire chez les Français de 11 à 24 ans
    Toute l’actualité Cyber sur la société digitale par Jean-Paul Pinte, cybercriminologue Publié par : pintejp | février 21, 2020 En 2019, Snap a été le réseau social le plus populaire chez les Français de 11 à 24 ans. Avertissez-moi par e-mail des nouveaux commentaires. Avertissez-moi par e-mail des nouveaux articles.
  • Ransomware attack forces 2-day shutdown of natural gas pipeline – Naked Security
    Category: computer security The US Department of Homeland Security (DHS) on Tuesday said that an infection by an unidentified ransomware strain forced the shutdown of a natural-gas pipeline for two days. Fortunately, nothing blew up. The attacker never got control of the facility’s operations, the....
  • #nationalcybersecuritymonth | Kentucky’s Election Machinery Regularly Scanned by Foreign Hackers, Official Says
    by DH Kass • Feb 20, 2020. News The state of Kentucky’s election systems are “routinely scanned” by foreign hackers, including North Korea, Russia and Venezuela, a senior election official told legislators in a state House budget subcommittee hearing. “This is not something that is in the past, that....
Если требуется вам срочно провести пентест, Вы при этом не хотите по затылку получать, То...
Volgens de Britse ict-beveiliger Sophos blijft fleeceware een hardnekkig probleem in app stores, met name...
A cyber-attack has hit the major facilities company ISS World, which has half a million...
iPhones are being used to ‘flash’ women with sexually explicit selfies flickr Editorial/Getty Images Cases...
A recent survey by Blumberg Capital reveals that a majority of consumers think their IT...
Image: Canva The Friday 5, where we round up our favorite reads from around the...
A recent survey by Blumberg Capital reveals that a majority of consumers think their IT...