Overblog
Suivre ce blog
Administration Créer mon blog
8 août 2016 1 08 /08 /août /2016 21:28

==============================================================================================================================================

Le principe de la veille hebdomadaire c'est qu'elle parait toutes les semaines. Bon là, je dois l'avouer, on est plus sur une veille mensuelle voir bimestrielle....Mais j'ai quelques activités qui m'occupent un peu.

Bon alors je publie pour août et je vous souhaite une bonne lecture.

Tristan
==============================================================================================================================================


A LIRE SECURITE
---------------

PROJECTSAURON APT ON PAR WITH EQUATION, FLAME, DUQU
https://threatpost.com/projectsauron-apt-on-par-with-equation-flame-duqu/119725/
https://cdn.securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf

Intel embarque-t-il une porte dérobée dans toutes ses puces ?
http://www.01net.com/actualites/intel-embarque-t-il-une-porte-derobee-dans-ses-puces-985396.html

Fake Boarding Pass App Gets Hacker Into Fancy Airline Lounges
https://www.wired.com/2016/08/fake-boarding-pass-app-gets-hacker-fancy-airline-lounges/
https://www.youtube.com/watch?time_continue=95&v=7829-HtV3uo

Intel x86s hide another CPU that can take over your machine (you can't audit it)
http://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html

How to really fix the latest Adobe Flash security hole
http://news.hitb.org/content/how-really-fix-latest-adobe-flash-security-hole
http://www.zdnet.com/article/the-real-adobe-flash-fix-is-in/ [Un bon Tips and Tricks pour utilisateur]

So, Just Why Is 18atcskd2w Such a Popular Password? [La présence des bots....]
http://www.tripwire.com/state-of-security/featured/so-just-why-is-18atcskd2w-such-a-popular-password/

The curious tale of Ethereum: How a hacker stole $53m in digital currency and could legally keep it
http://news.hitb.org/content/curious-tale-ethereum-how-hacker-stole-53m-digital-currency-and-could-legally-keep-it
http://www.ibtimes.co.uk/curious-tale-ethereum-how-hacker-stole-53m-digital-currency-could-legally-keep-it-1566524

EMAIL SERVERS FOR MORE THAN HALF OF WORLD’S TOP SITES CAN BE SPOOFED
https://threatpost.com/email-servers-for-more-than-half-of-worlds-top-sites-can-be-spoofed/118840/
https://blog.detectify.com/2016/06/20/misconfigured-email-servers-open-the-door-to-spoofed-emails-from-top-domains/

VIDEO: Exploit Kits: Hunting The Hunters
http://news.hitb.org/content/video-exploit-kits-hunting-hunters

A starter guide for biometrics in security
http://news.hitb.org/content/starter-guide-biometrics-security
http://www.computerweekly.com/opinion/Security-Think-Tank-A-starter-guide-for-biometrics-in-security

The future of Node.js: Stable, secure, everywhere
http://news.hitb.org/content/future-nodejs-stable-secure-everywhere
http://www.javaworld.com/article/3103520/javascript/the-future-of-nodejs-stable-secure-everywhere.html#tk.rss_all

DOSSIERS
--------

The FBI Says Its Malware Isn’t Malware Because the FBI Is Good
http://news.hitb.org/content/fbi-says-its-malware-isn’t-malware-because-fbi-good

BANQUES
-------

Singapore banks adopt voice biometrics for user authentication
http://news.hitb.org/content/singapore-banks-adopt-voice-biometrics-user-authentication

Hackers hit central banks in Indonesia and South Korea
http://news.hitb.org/content/?hackers-hit-central-banks-indonesia-and-south-korea
http://www.zdnet.com/article/hackers-hit-central-banks-in-indonesia-and-south-korea/#ftag=RSSbaffb68

INSOLITE
--------

UN PETIT GESTE POUR LA PLANETE
------------------------------

PUBLIC, PRIVATE SECTOR TEAM TO FIGHT RANSOMWARE
https://threatpost.com/public-private-sector-team-to-fight-ransomware/119484/

FACEBOOK AND SOCIAL NETWORKS
----------------------------


A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

DARPA's Cyber Grand Challenge Aims To Beat Viruses for Good
http://news.hitb.org/content/darpas-cyber-grand-challenge-aims-beat-viruses-good

PRODUITS
--------

Avast Nitro, le nouvel antivirus qui dynamite les malwares grâce au cloud
http://www.01net.com/actualites/avast-nitro-dynamite-les-malwares-grace-au-cloud-991054.html

BON A SAVOIR
------------

How Your Smartwatch or Fitness Tracker Could Reveal Your ATM PIN
http://www.tripwire.com/state-of-security/featured/smartwatch-fitness-tracker-atm-pin/

New Internet Security Domains Debut
http://news.hitb.org/content/new-internet-security-domains-debut
http://www.darkreading.com/cloud/new-internet-security-domains-debut-/d/d-id/1326526?_mc=RSS_DR_EDT
=> .security and .protection

Four US firms rule the world's cloud infrastructure
http://news.hitb.org/content/four-us-firms-rule-worlds-cloud-infrastructure
http://www.infoworld.com/article/3102885/cloud-computing/four-us-firms-rule-the-worlds-cloud-infrastructure.html
https://www.srgresearch.com/articles/amazon-leads-microsoft-ibm-google-chase-others-trail

KASPERSKY LAB LAUNCHES BUG BOUNTY PROGRAM
https://threatpost.com/kaspersky-lab-launches-bug-bounty-program/119586/

La Cnil lance une consultation publique sur le règlement européen sur la protection des données
http://www.les-infostrateges.com/actu/16062205/la-cnil-lance-une-consultation-publique-sur-le-reglement-europeen-sur-la-protection-des-donnees

Apple Pay arrive en France : 20 questions pour tout savoir sur le service de paiement
http://www.01net.com/actualites/apple-pay-arrive-en-france-20-questions-pour-tout-savoir-sur-le-service-de-paiement-sans-contact-984903.html

Ex-Google engineer launches blockchain-based system for banks
http://news.hitb.org/content/ex-google-engineer-launches-blockchain-based-system-banks
http://www.reuters.com/article/us-tech-banks-blockchain-idUSKCN0ZT1S3

Social engineering: 3 golden rules to thwart hackers
http://news.hitb.org/content/social-engineering-3-golden-rules-thwart-hackers
http://www.information-age.com/technology/security/123461687/social-engineering-3-golden-rules-thwart-hackers

5 Steps Towards a Long-lasting Relationship With Your Security Data Scientist
http://www.tripwire.com/state-of-security/featured/5-steps-towards-a-long-lasting-relationship-with-your-security-data-scientist/

SCIENCES
--------

Des chercheurs allemands donnent un aperçu des disques durs du futur
http://www.01net.com/actualites/des-chercheurs-allemands-donnent-un-apercu-des-disques-durs-du-futur-990668.html

Two catalysts efficiently turn plastic trash into diesel
http://news.hitb.org/content/two-catalysts-efficiently-turn-plastic-trash-diesel
http://arstechnica.com/science/2016/06/turning-plastic-into-diesel-fuel-instead-of-trash/

Ce processeur fait battre 1000 cœurs de façon indépendante
http://www.01net.com/actualites/ce-processeur-fait-battre-1000-coeurs-de-facon-independante-990195.html

Le supercalculateur le plus puissant du monde est chinois, jusque dans ses processeurs
http://www.01net.com/actualites/le-supercalculateur-le-plus-du-monde-est-chinois-jusque-dans-ses-processeurs-990865.html

How archaeologists found the lost medieval megacity of Angkor
http://news.hitb.org/content/how-archaeologists-found-lost-medieval-megacity-angkor

Swarm, la puce du MIT qui pourrait rendre nos PC et smartphones 75 fois plus rapides
http://www.01net.com/actualites/swarm-la-puce-du-mit-qui-pourrait-rendre-nos-pc-et-smartphones-75-fois-plus-rapides-1001543.html


CONSOMMATION
------------



RACHAT / UNION
--------------



DROIT
-----

Firm pays $950,000 penalty for using Wi-Fi signals to secretly track phone users
http://news.hitb.org/content/firm-pays-950000-penalty-using-wi-fi-signals-secretly-track-phone-users

Dépôt du nom de domaine d'un client et abus de confiance
http://www.les-infostrateges.com/actu/16072217/depot-du-nom-de-domaine-d-un-client-et-abus-de-confiance

GDPR is Coming – Penalty Primer
http://www.tripwire.com/state-of-security/featured/gdpr-is-coming-penalty-primer/

Décryptage du nouveau règlement européen sur la protection des données personnelles
http://www.orange-business.com/fr/blogs/securite/lois-reglementations-standards-et-certifications/decryptage-du-nouveau-reglement-europeen-sur-la-protection-des-donnees-personnelles


MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------


MICROSOFT
---------



GOOGLE
------

Google's security princess talks cybersecurity
http://news.hitb.org/content/googles-security-princess-talks-cybersecurity
https://opensource.com/life/16/6/interview-parisa-tabriz-google

Google lance un groupe de recherche en Europe
http://www.les-infostrateges.com/actu/16062206/google-lance-un-groupe-de-recherche-en-europe

Google simplifie et sécurise l'accès à votre compte
http://www.01net.com/actualites/google-simplifie-la-double-authentification-d-acces-a-un-compte-990984.html

Google joue au docteur et vous aide à vous autodiagnostiquer
http://www.01net.com/actualites/google-joue-au-docteur-990943.html

Google notifies users of 4,000 state-sponsored cyber attacks per month: executive
http://news.hitb.org/content/google-notifies-users-4000-state-sponsored-cyber-attacks-month-executive

Google va blinder Chrome contre les attaques quantiques
http://www.01net.com/actualites/google-commence-a-proteger-ses-utilisateurs-contre-les-attaques-quantiques-1003041.html

Project Bloks, les petites briques Google qui vont apprendre la programmation aux enfants
http://www.01net.com/actualites/google-presente-project-bloks-les-petites-briques-qui-vont-apprendre-la-programmation-aux-enfants-997345.html
https://projectbloks.withgoogle.com

APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------

Git 2.9 Source Code Management System Is a Major Release with Many New Features
http://news.hitb.org/content/git-29-source-code-management-system-major-release-many-new-features
http://news.softpedia.com/news/git-2-9-source-code-management-system-is-a-major-release-with-many-new-features-505210.shtml

Firefox teste un système d’identités multiples pour protéger votre surf
http://www.01net.com/actualites/firefox-teste-un-systeme-d-identites-multiples-pour-surfer-sur-le-web-985318.html

New 'Hardened' Tor Browser Protects Users From FBI Hacking
http://news.hitb.org/content/new-hardened-tor-browser-protects-users-fbi-hacking
http://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to-protect-users-from-fbi-hacking
https://www.ics.uci.edu/~perl/pets16_selfrando.pdf

Interview : Opera prépare un navigateur dopé à l'intelligence artificielle
http://www.01net.com/actualites/krystian-kolondra-opera-nous-allons-lancer-un-nouveau-navigateur-pour-pc-983801.html

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Your monitor can be hacked, used to spy on you
http://news.hitb.org/content/your-monitor-can-be-hacked-used-spy-you
http://www.techspot.com/news/65878-monitor-can-hacked-used-spy-you.html
Avec le code de PoC : https://github.com/redballoonshenanigans/monitordarkly
Et la présentation : http://www.redballoonsecurity.com/presentation/Recon_0xA_A_Monitor_Darkly.pdf

Necurs botnet is back online after mysterious 3-week hiatus
http://news.hitb.org/content/necurs-botnet-back-online-after-mysterious-3-week-hiatus
http://www.ibtimes.co.uk/necurs-botnet-back-online-after-mysterious-3-week-hiatus-1566873

XDEDIC SCOPE MAY BE LARGER THAN ORIGINALLY THOUGHT
https://threatpost.com/xdedic-scope-may-be-larger-than-originally-thought/118771/

AGGRESSIVE TRIADA, HORDE VARIANTS UP MOBILE MALWARE THREAT
https://threatpost.com/aggressive-triada-horde-variants-up-mobile-malware-threat/118767/

New Android malware can secretly root your phone and install programs
http://news.hitb.org/content/new-android-malware-can-secretly-root-your-phone-and-install-programs
http://www.computerworld.com/article/3087003/security/new-android-malware-can-secretly-root-your-phone-and-install-programs.html
"Some apps are clean but have a corresponding malicious version that shares the same developer certificate. The danger there is that users install the clean app but are then upgraded to the malicious version without them knowing."

ACER ECOMMERCE SITE SPILLS CREDIT CARD INFORMATION OF THOUSANDS
https://threatpost.com/acer-ecommerce-site-spills-credit-card-information-of-thousands/118760/

RAA RANSOMWARE COMPOSED ENTIRELY OF JAVASCRIPT
https://threatpost.com/raa-ransomware-composed-entirely-of-javascript/118641/

RAA Ransomware Written Entirely in JScript
http://www.tripwire.com/state-of-security/latest-security-news/raa-ransomware-written-entirely-in-jscript/

NUCLEAR, ANGLER EXPLOIT KIT ACTIVITY HAS DISAPPEARED
https://threatpost.com/nuclear-angler-exploit-kit-activity-has-disappeared/118842/

SCARCRUFT APT GROUP USED LATEST FLASH ZERO DAY IN TWO DOZEN ATTACKS
https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/

GOTOMYPC SUFFERS MAJOR PASSWORD REUSE ATTACK
https://threatpost.com/gotomypc-suffers-major-password-reuse-attack/118781/

LOCK PICKING
------------

Hacker Unlocks ‘High Security’ Electronic Safes Without a Trace
http://news.hitb.org/content/hacker-unlocks-‘high-security’-electronic-safes-without-trace
https://www.wired.com/2016/08/hacker-unlocks-high-security-electronic-safes-without-trace/


FAILLES
-------

VERT Threat Alert: June 2016 Patch Tuesday Analysis
http://www.tripwire.com/state-of-security/featured/vert-june-2016-patch-tuesday/

ORACLE PATCHES RECORD 276 VULNERABILITIES WITH JULY CRITICAL PATCH UPDATE
https://threatpost.com/oracle-patches-record-276-vulnerabilities-with-july-critical-patch-update/119373/

GOOGLE FIXES 48 BUGS, SANDBOX ESCAPE, IN CHROME
https://threatpost.com/google-fixes-sandbox-escape-in-chrome-again/119428/

Bitdefender finds eavesdropping vulnerability in public cloud [Pas tout compris, mériterait une démo]
http://news.hitb.org/content/?bitdefender-finds-eavesdropping-vulnerability-public-cloud
http://www.zdnet.com/article/bitdefender-finds-eavesdropping-vulnerability-in-public-cloud/#ftag=RSSbaffb68

Drupal Lets Remote Authenticated Users Gain Elevated Privileges and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1036130

Comment votre Freebox peut être piratée à distance via... sa télécommande
http://www.01net.com/actualites/comment-pirater-a-distance-la-freebox-de-son-voisin-par-le-reseau-zigbee-1000111.html

OUTILS
------

MIT ANONYMITY NETWORK RIFFLE PROMISES EFFICIENCY, SECURITY
https://threatpost.com/mit-anonymity-network-riffle-promises-efficiency-security/119254/

Now it’s easy to see if leaked passwords work on other sites
http://news.hitb.org/content/now-it’s-easy-see-if-leaked-passwords-work-other-sites
http://arstechnica.com/security/2016/07/password-reuse-tool-makes-it-easy-to-id-vulnerable-accounts-on-other-sites/
https://github.com/philwantsfish/shard
------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
18 juin 2016 6 18 /06 /juin /2016 20:23

==============================================================================================================================================

Ce mois-ci pas de commentaires. Promis, je vais me rattraper sur les mois à venir...ou pas...

Tristan

==============================================================================================================================================


A LIRE SECURITE
---------------

Ransomware protection is futile, but all hope is not lost
http://searchwindowsserver.techtarget.com/feature/Ransomware-protection-is-futile-but-all-hope-is-not-lost

WEKBY APT GANG USING DNS TUNNELING FOR COMMAND AND CONTROL
https://threatpost.com/wekby-apt-gang-using-dns-tunneling-for-command-and-control/118303/
http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/

Malicious macro using a sneaky new trick [Assez joli, bon à savoir]
https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/

Understanding Prioritization – Patches and Vulnerabilities
http://www.tripwire.com/state-of-security/featured/understanding-prioritization/

Accéder directement au port USB via un site web
ZATAZ http://www.zataz.com/acceder-directement-port-usb-via-site-web/#ixzz480Tsjtyb
https://wicg.github.io/webusb/

IBM’S WATSON SUPERCOMPUTER TAKES ON SECURITY
https://threatpost.com/ibms-watson-supercomputer-takes-on-security/117999/

Les trackers publicitaires nous espionnent avec de plus en plus d’ingéniosité
http://www.01net.com/actualites/les-trackers-publicitaires-nous-espionnent-avec-plus-en-plus-d-ingeniosite-975647.html
https://webtransparency.cs.princeton.edu/webcensus/index.html
http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf

Financial Services: A Positive Shift in Cyber Security Posture
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/financial-services-a-positive-shift-in-cyber-security-posture/

Programmer sans coder ? Tout le monde peut le faire en entreprise [Ca va remuer les DSI et les RSSI et tout le monde en fait]
http://www.larevuedudigital.com/2016/05/12/programmer-sans-coder-tout-le-monde-peut-le-faire-en-entreprise/

DOSSIERS
--------

BANQUES
-------

SWIFT WARNS OF SECOND BANK ATTACK VIA PDF MALWARE
https://threatpost.com/swift-warns-of-second-bank-attack-via-pdf-malware/118078/
https://www.swift.com/insights/press-releases/swift-customer-communication_customer-security-issues

INSOLITE
--------

Software Update Destroys $286 Million Japanese Satellite
http://news.hitb.org/content/software-update-destroys-286-million-japanese-satellite

UN PETIT GESTE POUR LA PLANETE
------------------------------

MASTER DECRYPTION KEY RELEASED FOR TESLACRYPT RANSOMWARE
https://threatpost.com/master-decryption-key-released-for-teslacrypt-ransomware/118179/

Tor Browser passe en version 6.0 et privilégie le moteur de recherche DuckDuckGo
http://www.01net.com/actualites/tor-browser-passe-en-version-6-0-tout-en-honnissant-microsoft-bing-979048.html

FACEBOOK AND SOCIAL NETWORKS
----------------------------


A BOOKMARKER
------------

Open data : Liste de portails d'accès à la réutilisation des informations publiques dans le monde
http://www.les-infostrateges.com/actu/16052184/open-data-liste-de-portails-d-acces-a-la-reutilisation-des-informations-publiques-dans-le-monde
http://www.precisement.org/blog/Des-listes-de-portails-open-data.html


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Innorobo : le plus gros évènement robotique européen débarque à Paris
http://www.01net.com/actualites/innorobo-le-plus-gros-evenement-robotique-europeen-debarque-a-paris-976493.html

Innorobo : nos quatre coups de coeur du salon 2016
http://www.01net.com/actualites/innorobo-les-4-solutions-les-plus-innovantes-du-salon-977186.html

PRODUITS
--------


Going deeper with Project Infinite
https://blogs.dropbox.com/tech/2016/05/going-deeper-with-project-infinite/

Knocki transforme n’importe quelle surface en commande à distance
http://www.01net.com/actualites/knocki-transforme-n-importe-quelle-surface-en-commande-a-distance-975148.html


BON A SAVOIR
------------

Bitcoin : Craig Wright, le faux Satoshi Nakamoto, vous dit adieu
http://www.01net.com/actualites/bitcoin-craig-wright-le-faux-satoshi-nakamoto-vous-dit-adieu-972125.html

Une cartographie des initiatives et outils pour la vie privée sur internet
http://www.les-infostrateges.com/actu/16062196/une-cartographie-des-initiatives-et-outils-pour-la-vie-privee-sur-internet
http://linc.cnil.fr/design-de-la-privacy-une-cartographie-de-veille-enrichir

NASA releases dozens of patents into the public domain
http://news.hitb.org/content/nasa-releases-dozens-patents-public-domain

Les cyber attaques ont un impact sur la confiance des consommateurs envers les grandes marques
http://www.les-infostrateges.com/actu/16052186/les-cyber-attaques-ont-un-impact-sur-la-confiance-des-consommateurs-envers-les-grandes-marques

* Plus de la moitié des consommateurs interrogés (53%) déclarent prendre la sécurité de leurs données personnelles en considération lorsqu’ils achètent des produits et services ;
* 71% des consommateurs interrogés divulgueront dans l’avenir moins de données personnelles aux organisations qui leur fournissent des produits et des services, en conséquence des cyber attaques majeures qui ont eu lieu l’année dernière ;
* Près de la moitié (42%) des consommateurs seraient prêts à payer plus un fournisseur de service garantissant une meilleure sécurité des données ;
* 54% des consommateurs déclarent qu’ils engageraient des poursuites judiciaires contre leurs fournisseurs de produits et services si leurs données personnelles étaient volées ou utilisées à des fins criminelles à la suite d’une cyber attaque.
* 13% des personnes interrogées déclarent que la sécurité de leurs données personnelles est désormais leur principale préoccupation lorsqu’elles achètent des produits et services.

SCIENCES
--------

LG’s new fingerprint sensor can neither be felt nor seen
http://news.hitb.org/content/lg’s-new-fingerprint-sensor-can-neither-be-felt-nor-seen
http://www.androidauthority.com/screen-lgs-new-fingerprint-sensor-neither-felt-seen-690272/

ACADEMICS MAKE THEORETICAL BREAKTHROUGH IN RANDOM NUMBER GENERATION
https://threatpost.com/academics-make-theoretical-breakthrough-in-random-number-generation/118150/

Et si le futur de nos PC dépendait d’une technologie vieille de plus de cent ans ?
http://www.01net.com/actualites/le-futur-de-nos-pc-depend-peut-etre-d-une-technologie-vieille-de-plus-de-cent-ans-981423.html


CONSOMMATION
------------



RACHAT / UNION
--------------

Equinix cède huit de ses datacenters européens à Digital Realty
http://www.lemagit.fr/actualites/450296510/Equinix-cede-huit-de-ses-datacenters-europeens-a-Digital-Realty

Magic Leap Acquires Israeli Cyber Security Company NorthBit
http://news.hitb.org/content/magic-leap-acquires-israeli-cyber-security-company-northbit
http://www.bloomberg.com/news/articles/2016-04-18/magic-leap-acquires-israeli-cyber-security-company-northbit

DROIT
-----


MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Twitter : un réseau social de plus en plus prisé pour la recherche d'emploi
http://www.les-infostrateges.com/actu/16052188/twitter-un-reseau-social-de-plus-en-plus-prise-pour-la-recherche-d-emploi
http://fr.slideshare.net/PagePersonnel/infographie-twitter-lemploi-et-vous/1

MICROSOFT
---------

MICROSOFT SHA-1 DEPRECATION FINAL COUNTDOWN BEGINS
https://threatpost.com/microsoft-sha-1-deprecation-final-countdown-begins/117783/


GOOGLE
------

Google a-t-il enfin trouvé la solution pour nous débarrasser des mots de passe ?
http://www.01net.com/actualites/android-un-score-de-confiance-remplacera-vos-mots-de-passe-d-ici-la-fin-d-annee-976742.html

Google va vous autoriser à partager vos applications Android payantes
http://www.01net.com/actualites/google-autorise-les-familles-a-partager-leurs-applications-payantes-975456.html

Google lance Spaces, une application de partage en petit comité
http://www.01net.com/actualites/google-lance-spaces-une-application-de-partage-en-petit-groupe-974827.html

APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------


ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Utility Company Infected with Ransomware, Shuts Down Network, Email and Phone Lines
http://www.tripwire.com/state-of-security/latest-security-news/utility-company-infected-with-ransomware-shuts-down-network-email-and-phone-lines/

FBI Warns of a Rise in Ransomware Attacks
http://www.tripwire.com/state-of-security/latest-security-news/fbi-warns-of-a-rise-in-ransomware-attacks/

Hackers can break into your company using $700 worth of parts from Amazon and eBay
http://news.hitb.org/content/hackers-can-break-your-company-using-700-worth-parts-amazon-and-ebay
http://bgr.com/2016/05/02/hackers-rfid-badge-security/
http://www.amazon.com/RFID-Blocking-Sleeve-Protect-Yourself/dp/B00QXZLER4?tag=b0c55-20

Whaling: Tracing the Evolution of Phishing Attacks
http://www.tripwire.com/state-of-security/security-awareness/whaling-attacks-tracing-the-evolution-of-phishing-attacks/

CEO swindle – 43 personnes arrêtées dans un vaste réseau de piratage
http://www.zataz.com/ceo-swindle-arrestation-pirate-scam/#wIgrJyUCLbqbCWC2.99

BUCBI RANSOMWARE GETS A BIG MAKEOVER
https://threatpost.com/bucbi-ransomware-gets-a-big-makeover/117938/

CERBER RANSOMWARE ON THE RISE, FUELED BY DRIDEX BOTNETS
https://threatpost.com/cerber-ransomware-on-the-rise-fueled-by-dridex-botnets/118090/
“In the HTTP Request Headers, it sets the value of Range Header to: “bytes=11193-“. This indicates to the web server to return only the content starting at offset 11,193 of the JPG file,” FireEye wrote.

SWIFT WARNS OF SECOND BANK ATTACK VIA PDF MALWARE
https://threatpost.com/swift-warns-of-second-bank-attack-via-pdf-malware/118078/
https://www.swift.com/insights/press-releases/swift-customer-communication_customer-security-issues

LATEST PETYA RANSOMWARE STRAIN COMES WITH A FAILSAFE: MISCHA
https://threatpost.com/latest-petya-ransomware-strain-comes-with-a-failsafe-mischa/118072/

LINKEDIN IS LATEST CONTRIBUTOR TO BREACH FATIGUE
https://threatpost.com/linkedin-is-latest-contributor-to-breach-fatigue/118272/

Des hackers ont trouvé l'arme absolue pour pirater vos cartes bancaires
http://www.01net.com/actualites/des-pirates-ont-trouve-l-arme-absolue-pour-pirater-vos-cartes-bancaires-976389.html

Plus de 100 millions de mots de passe LinkedIn en vente sur le DarkWeb
http://www.01net.com/actualites/plus-de-100-millions-de-mots-de-passe-linkedin-en-vente-sur-le-darkweb-975506.html

UBIQUITI NETWORKS GEAR TARGETED BY WORM
https://threatpost.com/ubiquiti-networks-gear-targeted-by-worm/118185/

APT GROUPS FINDING SUCCESS WITH PATCHED MICROSOFT FLAW
https://threatpost.com/apt-groups-finding-success-with-patched-microsoft-flaw/118298/

Attraper un malware par un simple copier-coller, c'est possible!
http://www.01net.com/actualites/attraper-un-malware-par-un-simple-copier-coller-de-texte-c-est-possible-977920.html

CRYPTXXX RANSOMWARE JUMPS FROM ANGLER TO NEUTRINO EXPLOIT KIT
https://threatpost.com/cryptxxx-ransomware-jumps-from-angler-to-neutrino-exploit-kit/118570/

Neutrino EK and CryptXXX
https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/

FAILLES
-------

OPENSSL PATCHES TWO HIGH-SEVERITY VULNERABILITIES
https://threatpost.com/openssl-patches-two-high-severity-vulnerabilities/117792/

VERT Threat Alert: May 2016 Patch Tuesday Analysis
http://www.tripwire.com/state-of-security/featured/vert-threat-alert-may-2016-patch-tuesday-analysis/

Android : une faille vieille de 5 ans permet de lancer des attaques furtives
http://www.01net.com/actualites/android-une-faille-vieille-de-5-ans-permet-de-lancer-des-attaques-furtives-972897.html

OUTILS
------



------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
18 mai 2016 3 18 /05 /mai /2016 05:37

Très bon article de l'équipe TALOS de Cisco sur les ransomwares : l'historique, le présent et quelques spéculations loin d'être fantaisistes à mon avis. C'est bien écrit, clair et plutôt bien vu.

Ransomware: Past, Present, and Future
http://blog.talosintel.com/2016/04/ransomware.html

Très bonne lecture

Tristan

Published by pseudonyme
commenter cet article
17 mai 2016 2 17 /05 /mai /2016 20:01

Pornhub offering hackers $25,000 to penetrate its security
http://news.hitb.org/content/pornhub-offering-hackers-25000-penetrate-its-security

.... et l'excuse qui va avec : "Je t'assure, c'est pour le boulot, je n'y prends aucun plaisir ;-))"

Published by pseudonyme
commenter cet article
3 mai 2016 2 03 /05 /mai /2016 06:53

==============================================================================================================================================

Cette semaine, ça fait un bail que je n'ai pas écrit et certains me l'ont fait remarqué à juste titre.
Donc allez hop, je me lance. Je livre ce que j'ai pu collecter. Il y a du lourd et du moins lourd. Dans le lourd, vous trouverez :
- la mise au point d'une intelligence artificielle pour lutter contre les cyberattaques. Derrière ces mots pompeux, il semble y avoir pas mal de boulot (MIT) et une petite dose de publicité (société PatternX). Ceci dit, c'est quand même une belle avancée même si nous n'en sommes qu'au début.
- les informations sur la stratégie "BeyondCorp" (pas Beyoncé hein attention !) de Google sur la défense non périmétrique. A mon avis, c'est une bonne piste à suivre car Google considère que tout doit être analysé dans la mesure où on ne peut plus avoir confiance dans la sécurité périmétrique. De ce fait, cela remonte le niveau de contrôle et apporte une vue sécurité plus complète.
- Chez Airbus, on parle sans tabou de ce qui se passe avec une phrase que j'aime entendre : ces pirates-là « existent, et ils entrent » en parlant des attaquants liés à un État. Ça change un peu des discours irréalistes et surtout, quand on lit les autres exemples cités, on voit bien que malgré l'avancée technologique certaine d'Airbus, ils sont aussi touchés par des codes malveillants ......comme tout le monde. Ça donnerait presque envie de bosser là-bas
- un très bon post sur le problème lié à un changement forcé et trop régulier de mot de passe (ça change aussi des discours toujours identiques)
- la section SCIENCES également contient des inventions et des recherches vraiment novatrices.
- la section DROIT pointe sur un vrai bon site pour comprendre de manière pratique le nouveau règlement européen sur la protection des données à caractère personnel.

Pour le moins lourd, il y a tout le reste.

Ah oui aussi !!! Pensez à patcher vos navigateurs. Entre Firefox et Chrome, ça peut valoir le coup.

ATTENTION SPOILER : Je ne suis pas l'inventeur du Bitcoin !!! D'autres essaient de se vendre comme tel. Info ou Intox ? A suivre

Bonne lecture
Tristan
==============================================================================================================================================


A LIRE SECURITE
---------------

Comment le MIT a entraîné une intelligence artificielle à détecter les cyberattaques
http://www.01net.com/actualites/detecter-les-cyberattaques-grace-a-l-intelligence-artificielle-967988.html
http://news.hitb.org/content/mit-builds-ai-bot-spots-85-cent-hacker-invasions
http://www.theregister.co.uk/2016/04/18/ai_bot_spots_hacking_attacks/
https://people.csail.mit.edu/kalyan/AI2_Paper.pdf
http://www.presse-citron.net/lintelligence-artificielle-et-les-humains-vont-travailler-ensemble-contre-les-cyberattaques/ (remonté par Yann Ga. merci)

BeyondCorp : Google détaille son approche de la sécurité sans périmètre
http://www.lemagit.fr/etude/BeyondCorp-Google-detaille-son-approche-de-la-securite-sans-perimetre
https://static.googleusercontent.com/media/research.google.com/fr//pubs/archive/44860.pdf [Le dernier en date, correction du lie, MAG IT]
http://static.googleusercontent.com/media/research.google.com/fr//pubs/archive/43231.pdf [date de 2014]

Google found 760,935 compromised web sites in a year
http://www.theregister.co.uk/2016/04/19/google_80000_sites_breached/?mt=1461091431022
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf

The problems with forcing regular password expiry
https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry

Neutrino Exploit Kit Analysis and Threat Indicators
https://www.sans.org/reading-room/whitepapers/malicious/neutrino-exploit-kit-analysis-threat-indicators-368924

Creating a Malware/Ransomware Defendable Network [Pas vraiment spécifique aux ransomwares, mais une bonne checklist]
http://www.tripwire.com/state-of-security/incident-detection/creating-a-malwarerasomware-defendable-network/

Airbus : cible alléchante pour pirates talentueux
http://www.lemagit.fr/actualites/450281229/Airbus-cible-allechante-pour-pirates-talentueux

Comptes à hauts privilèges : 6 raisons de s'en préoccuper
http://www.orange-business.com/fr/blogs/securite/bonnes-pratiques/comptes-hauts-privileges-6-raisons-de-s-en-preoccuper

How attackers are quietly creeping inside your perimeter
http://news.hitb.org/content/how-attackers-are-quietly-creeping-inside-your-perimeter
http://www.information-age.com/technology/security/123461309/how-attackers-are-quietly-creeping-inside-your-perimeter-using-covert-attack-communications

Detecting and dealing with the stealthiest cyberattacks
http://news.hitb.org/content/detecting-and-dealing-stealthiest-cyberattacks
http://www.itproportal.com/2016/04/25/detecting-and-dealing-with-the-stealthiest-cyberattacks/

DOSSIERS
--------

Details about Juniper's Firewall Backdoor
https://www.schneier.com/blog/archives/2016/04/details_about_j.html

L’armée américaine veut créer une messagerie ultrasécurisée inspirée du Bitcoin
http://www.01net.com/actualites/l-armee-americaine-veut-creer-une-messagerie-ultrasecurisee-inspiree-du-bitcoin-969528.html

BANQUES
-------

FOLLOW THE MONEY: DISSECTING THE OPERATIONS OF THE CYBER CRIME GROUP FIN6
https://www.fireeye.com/blog/threat-research/2016/04/follow_the_money.html
https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf

POS ATTACKS NET CROOKS 20 MILLION STOLEN BANK CARDS
https://threatpost.com/pos-attacks-net-crooks-20-million-stolen-bank-cards/117595/

BANGLADESH BANK HACKERS ACCESSED SWIFT SYSTEM TO STEAL, COVER TRACKS
https://threatpost.com/bangladesh-bank-hackers-accessed-swift-system-to-steal-cover-tracks/117637/

ATTACKERS BEHIND GOZNYM TROJAN SET SIGHTS ON EUROPE
https://threatpost.com/attackers-behind-goznym-trojan-set-sights-on-europe/117647/

Qatar National Bank claims customer data released by hackers is authentic
http://news.hitb.org/content/qatar-national-bank-claims-customer-data-released-hackers-authentic

How To Bolster Banking Technology Infrastructure and Address Cyber Risks
http://www.tripwire.com/state-of-security/featured/banking-tech-infrastructure-cyber-risks/

Les banques travaillent leur présence sur les réseaux sociaux
http://www.les-infostrateges.com/actu/16042179/les-banques-travaillent-leur-presence-sur-les-reseaux-sociaux

Banking and Cybersecurity: Can They Help Prevent the Next Terrorist Attack? [A mon avis pas si simple, mais la question est intéressante]
http://www.tripwire.com/state-of-security/featured/integrated-approach-ahead-criminal/

Marcher banking malware hitting Android phones in Australia
http://news.hitb.org/content/marcher-banking-malware-hitting-android-phones-australia
http://www.pcauthority.com.au/News/418933,marcher-banking-malware-hitting-android-phones-in-australia.aspx

Hacker who stole from banks ordered to pay $7 million [Arghhh le crime ne paie plus]
http://news.hitb.org/content/hacker-who-stole-banks-ordered-pay-7-million

BIG DATA
--------

Un guide pratique consacré à la révolution data
http://www.les-infostrateges.com/actu/16042174/un-guide-pratique-consacre-a-la-revolution-data
https://fr.calameo.com/read/004059613efc709cb5836 |Preview]

POPULISME ET CYBERSECURITE
--------------------------

Le flot montant de la cybercriminalité polonaise [Au delà du titre raccoleur, quelque informations pertinentes]
https://www.lexsi.com/securityhub/le-flot-montant-de-la-cybercriminalite-polonaise/

INSOLITE
--------

Il a hacké Facebook et découvert la présence… d’un autre hacker
http://www.01net.com/actualites/il-a-hacke-facebook-et-decouvert-la-presence-d-un-autre-hacker-969617.html

Researcher Compromises Facebook System, Finds Someone’s Already Been There
http://www.tripwire.com/state-of-security/latest-security-news/researcher-compromises-facebook-system-finds-someones-already-been-there/

UN PETIT GESTE POUR LA PLANETE
------------------------------

Eurocops get new cyber powers to hunt down terrorists, criminals
http://news.hitb.org/content/eurocops-get-new-cyber-powers-hunt-down-terrorists-criminals

FACEBOOK AND SOCIAL NETWORKS
----------------------------


A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Retail Cyber Intelligence Summit: A Forum for Community and Security
http://www.tripwire.com/state-of-security/featured/retail-cyber-intelligence-summit-a-forum-for-community-and-security/
http://summit.r-cisc.org

Top Resources for Infosec Professionals – Retail Industry
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/top-resources-for-infosec-professionals-retail-industry/

Hacking Competition Challenged UK Cyber Security Students
http://www.tripwire.com/state-of-security/latest-security-news/hacking-competition-challenged-uk-information-security-students/

PRODUITS
--------



BON A SAVOIR
------------

Bientôt l’authentification des périphériques USB-C
http://www.lemagit.fr/actualites/450281278/Bientot-lauthentification-des-peripheriques-USB-C

SHORT URLS A BIG PROBLEM FOR CLOUD COLLABORATION, STORED DATA
https://threatpost.com/short-urls-a-big-problem-for-cloud-collaboration-stored-data/117447/

Australia says it can hack enemies as it invests $230 million in cyber security
http://news.hitb.org/content/australia-says-it-can-hack-enemies-it-invests-230-million-cyber-security

Cloud : de la découverte du Shadow IT à celle du Shadow Data
http://www.orange-business.com/fr/blogs/securite/securite-applicative/cloud-de-la-decouverte-du-shadow-it-celle-du-shadow-data

« Satoshi est mort », le prétendu inventeur du Bitcoin sort de l'ombre
http://www.01net.com/actualites/satoshi-est-mort-le-pretendu-inventeur-du-bitcoin-sort-de-l-ombre-971378.html

Craig Wright 'proves' he is Bitcoin creator Satoshi Nakamoto
http://news.hitb.org/content/craig-wright-proves-he-bitcoin-creator-satoshi-nakamoto
http://phys.org/news/2016-05-australian-entrepreneur-reveals-bitcoin-creator.html

SCIENCES
--------

Your brain’s reaction to celeb pics may create the most secure form of ID
http://news.hitb.org/content/your-brain’s-reaction-celeb-pics-may-create-most-secure-form-id
http://arstechnica.com/science/2016/04/your-brains-reaction-to-celeb-pics-may-create-the-most-secure-form-of-id/
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7435286

Des chercheurs créent par accident une batterie quasi increvable
http://www.01net.com/actualites/des-chercheurs-creent-par-accident-une-batterie-qui-tient-200-000-cycles-969632.html

Wisp, un ordinateur miniature alimenté seulement par des ondes électromagnétiques
http://www.01net.com/actualites/wisp-un-ordinateur-miniature-alimente-seulement-par-des-ondes-electromagnetiques-970366.html

Intelligence artificielle: après le jeu de Go, les chercheurs se penchent sur Doom
http://www.01net.com/actualites/intelligence-artificielle-apres-le-jeu-de-go-les-chercheurs-se-penchent-sur-doom-969918.html

CONSOMMATION
------------



RACHAT / UNION
--------------



DROIT
-----

Un site pour tout comprendre sur le nouveau Règlement général sur la protection des données de l'UE
http://www.les-infostrateges.com/actu/16042175/un-site-pour-tout-comprendre-sur-le-nouveau-reglement-general-sur-la-protection-des-donnees-de-l-ue
http://www.gdpr-expert.eu/

Android dans le viseur de la Commission européenne
http://www.01net.com/actualites/android-dans-le-collimateur-de-la-commission-europeenne-968357.html

EIDAS et la protection des données personnelles
http://www.orange-business.com/fr/blogs/securite/lois-reglementations-standards-et-certifications/eidas-et-la-protection-des-donnees-personnelles

MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Why it’s easier to fix a broken product than a broken team
http://news.hitb.org/content/why-it’s-easier-fix-broken-product-broken-team
http://venturebeat.com/2016/04/27/hiring-to-win-why-its-easier-to-fix-a-broken-product-than-a-broken-team/

MICROSOFT
---------

Skype, désormais accessible sur le web et sans plug-in
http://www.01net.com/actualites/skype-desormais-accessible-sur-le-web-et-sans-plug-in-967698.html

Microsoft lance Flow, son service d’automatisation des tâches numériques
http://www.01net.com/actualites/microsoft-lance-flow-son-service-d-automatisation-des-taches-numeriques-970818.html

GOOGLE
------


APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------


ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Kovter Ad Fraud Trojan Evolves Into Ransomware
http://www.securityweek.com/kovter-ad-fraud-trojan-evolves-ransomware

How hackers eavesdropped on a US Congressman using only his phone number
http://news.hitb.org/content/how-hackers-eavesdropped-us-congressman-using-only-his-phone-number
http://arstechnica.com/security/2016/04/how-hackers-eavesdropped-on-a-us-congressman-using-only-his-phone-number/

New JavaScript attack infects your phone and changes your router's DNS settings
http://news.hitb.org/content/new-javascript-attack-infects-your-phone-and-changes-your-routers-dns-settings
http://www.digitaltrends.com/web/javascript-malware-mobile/

A look at Locky ransomware
https://www.zscaler.com/blogs/research/look-locky-ransomware

Hardware-Based Keyloggers Found in the Library of a Canadian University
http://news.hitb.org/content/hardware-based-keyloggers-found-library-canadian-university

Malware authors quickly adopt SHA-2 through stolen code-signing certificates
http://news.hitb.org/content/malware-authors-quickly-adopt-sha-2-through-stolen-code-signing-certificates

Stolen usernames and passwords still cause almost a quarter of all data breaches
http://news.hitb.org/content/stolen-usernames-and-passwords-still-cause-almost-quarter-all-data-breaches

Hacking Team : comment pirater une entreprise en 6 étapes
http://www.01net.com/actualites/hacking-team-comment-pirater-une-entreprise-en-6-etapes-968431.html

This Hacker's Account of How He Infiltrated Hacking Team Says a Lot About Digital Security
http://news.hitb.org/content/hackers-account-how-he-infiltrated-hacking-team-says-lot-about-digital-security
http://gizmodo.com/this-hackers-account-of-how-he-infiltrated-hacking-team-1771504896
http://pastebin.com/raw/0SNSvyjJ

PLATINUM APT GROUP ABUSES WINDOWS HOTPATCHING
https://threatpost.com/platinum-apt-group-abuses-windows-hotpatching/117692/

FAILLES
-------

ORACLE FIXES 136 VULNERABILITIES WITH APRIL CRITICAL PATCH UPDATE
https://threatpost.com/oracle-fixes-136-vulnerabilities-with-april-critical-patch-update/117548/

Windows 10 flaw lets hackers secretly run any app on your PC
http://news.hitb.org/content/windows-10-flaw-lets-hackers-secretly-run-any-app-your-pc
http://bgr.com/2016/04/25/windows-10-applocker-security-issue/
https://gist.github.com/subTee/24c7d8e1ff0f5602092f58cbb3f7d302

FIREFOX 46 PATCHES CRITICAL MEMORY VULNERABILITIES
https://threatpost.com/firefox-46-patches-critical-memory-vulnerabilities/117698/

GOOGLE PATCHES 9 SECURITY FLAWS IN NEW CHROME BROWSER BUILD
https://threatpost.com/google-patches-9-security-flaws-in-new-chrome-browser-build/117747/

OUTILS
------

Le navigateur Opera propose un VPN gratuit et sans limite de débit
http://www.01net.com/actualites/le-navigateur-opera-propose-un-vpn-gratuit-et-sans-limite-de-debit-968657.html

Opera browser gets a free VPN – but you’ll need more than this to stay safe online
http://www.tripwire.com/state-of-security/featured/opera-vpn/

DDoS Protection With iptables: The Ultimate Guide
https://javapipe.com/iptables-ddos-protection

New MIT Scanner Finds Web App Flaws in a Minute [Presentation à venir]
https://threatpost.com/new-mit-scanner-finds-web-app-flaws-in-a-minute/117482/

5 Best Linux Distros for Installation on a USB Stick
http://news.hitb.org/content/5-best-linux-distros-installation-usb-stick
http://www.makeuseof.com/tag/5-best-linux-distros-installation-usb-stick/

Decryption Tool Released for CryptXXX Ransomware
http://www.tripwire.com/state-of-security/latest-security-news/decryption-tool-released-for-cryptxxx-ransomware/

OnionScan, le traqueur de connexions non anonymisées
http://www.zataz.com/onionscan-tor/#1wth7wvkF70BuQbw.99

------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
19 avril 2016 2 19 /04 /avril /2016 19:26

==============================================================================================================================================

Un des effets pervers du droit à l'oubli et se son application partielle soyons honnête est la différence de résultats de recherches sur Google si vous êtes en France ou aux Etats-Unis. En bref, même si l'intention de départ est louable, cela provoque une recherche avec oeillère en Europe et une recherche pleine ailleurs. Et là ça me pose un vrai problème de qualité, pertinence de la recherche. Parce que cela démontre que Google peut vous ramener les informations qu'"on" lui a bien autorisé à remonter. Donc si "on" décide de ne pas autoriser un contenu légitime mais qui le dérange, Google est en capacité de le faire. Mais Google ne le fera pas bien sûr. Don't be evil.....

L'article sur le choix d'une app dans un store vaut le détour car elle part d'un cas concret et déroule une démarche raisonnée de choix d'application au regard de ses droits. A mon avis, bon exemple pour de la sensibilisation.

Sinon pas de commentaires en plus, je vais essayer d'être plus régulier dans mes publications. J'ai eu des critiques de la part d'un lecteur (et oui il en reste).
Pour ceux qui se perdent encore sur mon site allez aussi sur twitter, j'y suis un peu plus actif normalement : https://twitter.com/pseudonyme_ovb.

Bonne lecture
Tristan
==============================================================================================================================================


A LIRE SECURITE
---------------

Tor Users Can Be Tracked Based on Their Mouse Movements
http://news.hitb.org/content/tor-users-can-be-tracked-based-their-mouse-movements
http://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtml
http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html

LinkedIn: The Phone Book for Social Engineers
http://www.tripwire.com/state-of-security/security-awareness/linkedin-the-phone-book-for-social-engineers/

Hackers Breach DDoS Protection Firm Staminus, Leak Sensitive Data Online
http://www.tripwire.com/state-of-security/latest-security-news/hackers-breach-ddos-protection-firm-staminus-leak-sensitive-data-online/

Shining a Light on Mobile App Permissions
http://www.tripwire.com/state-of-security/security-awareness/shining-a-light-on-mobile-app-permissions/

CVE System Sees Huge Backlog, Researchers Propose Alternative
http://news.hitb.org/content/cve-system-sees-huge-backlog-researchers-propose-alternative
http://news.softpedia.com/news/cve-system-sees-huge-backlog-researchers-propose-alternative-501665.shtml

The ‘Human Firewall’ Is Dead – Long Live the People
http://www.tripwire.com/state-of-security/security-data-protection/the-human-firewall-is-dead-long-live-the-people/

Attaque par ransomware : remerciements à Alcino Pereira, RSSI de l’AFP
http://www.larevuedudigital.com/2016/03/22/attaque-par-ransomware-remerciements-a-alcino-pereira-rssi-de-lafp/
http://blogs.afp.com/makingof/?post/le-diable-se-cache-dans-la-piece-jointe

A Renewed Exigency for Cyber Essentials
http://www.tripwire.com/state-of-security/security-data-protection/a-renewed-exigency-for-cyber-essentials/

Hackers going corporate with new attack attitudes, research shows
http://news.hitb.org/content/hackers-going-corporate-new-attack-attitudes-research-shows
http://www.zdnet.com/article/hackers-going-corporate-with-new-attack-attitudes-research-shows/

Attention, les URL les plus courtes ne sont pas les meilleures
http://www.zdnet.fr/actualites/attention-les-url-les-plus-courtes-ne-sont-pas-les-meilleures-39835710.htm

BUG BOUNTY
----------

Hack the Pentagon
http://www.zataz.com/hack-the-pentagone/#axzz42frFk4K9

DOSSIERS
--------

A Government Error Just Revealed Snowden Was the Target in the Lavabit Case
http://news.hitb.org/content/government-error-just-revealed-snowden-was-target-lavabit-case

Google says 1 million Gmail accounts might have been targeted by government hackers
http://news.hitb.org/content/google-says-1-million-gmail-accounts-might-have-been-targeted-government-hackers
http://bgr.com/2016/03/25/gmail-warning-government-hackers/

INSOLITE
--------

UN PETIT GESTE POUR LA PLANETE
------------------------------




FACEBOOK AND SOCIAL NETWORKS
----------------------------

Facebook se paye l’application Masquerade
http://www.01net.com/actualites/facebook-se-paye-l-application-masquerade-958049.html

En 2098, il y aura plus de morts que de vivants sur Facebook
http://www.01net.com/mediaplayer/video/en-2098-il-y-aura-plus-de-morts-que-de-vivants-sur-facebook-773425.html

A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

Exercice DEFNET 2016 : la cyberdéfense en action
http://www.ssi.gouv.fr/actualite/exercice-defnet-2016-la-cyberdefense-en-action/
http://www.zataz.com/lutte-contre-menaces-cybernetiques/#axzz43x2BBmJL

BANQUES
-------

Android banking trojan uses Flash to pinch your money
http://news.hitb.org/content/android-banking-trojan-uses-flash-pinch-your-money
http://www.theinquirer.net/inquirer/news/2450434/android-banking-trojan-uses-flash-to-pinch-your-money

Sophisticated Android Malware Targeting Australian Banking Apps
http://www.tripwire.com/state-of-security/latest-security-news/researchers-warn-of-sophisticated-android-malware-targeting-australian-banking-apps/
The Trojan first spreads onto Android devices by imitating the Adobe Flash Player application, often required by websites to play streaming video.
“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future,” he warned.

POS MALWARE TOOL ‘TREASUREHUNT’ TARGETS SMALL US-BASED BANKS, RETAILERS
https://threatpost.com/pos-malware-tool-treasurehunt-targets-small-us-based-banks-retailers/117014/
https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
"FireEye estimates the vulnerability has been quietly in use since 2014, noting that attackers have tweaked it over the past several months, particularly in the way the malware stores encoded POS configuration data in the NTFS alternate data streams (ADS) of the file %USERPROFILE%\ntuser.ini."



IdiOTie
-------

Le loup dans les contrats de maintenance à l’heure de l’IoT : la propriété des données
http://www.larevuedudigital.com/2016/03/11/le-loup-dans-les-contrats-de-maintenance-a-lheure-de-liot-la-propriete-des-donnees/


PRODUITS
--------



BON A SAVOIR
------------

Dropbox gears up for new EU data protection rules
http://www.computerweekly.com/news/450280565/Dropbox-gears-up-for-new-EU-data-protection-rules

Découvrez la mappemonde des sites Internet
http://www.01net.com/actualites/decouvrez-la-mappemonde-des-sites-internet-958501.html
http://www.nominet.uk/mapping-the-online-world/

Former VW employee says he was fired after questioning deletion of documents
http://news.hitb.org/content/former-vw-employee-says-he-was-fired-after-questioning-deletion-documents

Le Ministère de la Défense américain migre 4 millions de PC sur Windows 10 [Chapeau]
http://www.larevuedudigital.com/2016/02/22/le-ministere-de-la-defense-americain-migre-4-millions-de-pc-sur-windows-10/

What To Do with That Found USB Stick
http://www.tripwire.com/state-of-security/security-awareness/what-to-do-with-that-found-usb-stick/

Les drones relèvent les données dans les carrières d’Eurovia
http://www.larevuedudigital.com/2016/04/04/les-drones-relevent-les-donnees-dans-les-carrieres-deurovia/

SCIENCES
--------

Des chercheurs ont créé un support de stockage… éternel
http://www.01net.com/actualites/des-chercheurs-creent-un-support-de-stockage-eternel-952089.html

Bientôt des disques durs de 100 To ?
http://www.01net.com/actualites/bientot-des-disques-durs-de-100-to-961392-1.html

Mathematicians shocked to find pattern in “random” prime numbers
http://news.hitb.org/content/mathematicians-shocked-find-pattern-“random”-prime-numbers
https://www.newscientist.com/article/2080613-mathematicians-shocked-to-find-pattern-in-random-prime-numbers/
http://arxiv.org/abs/1603.03720

Researchers close the final loophole in device encryption with the power of nanotubes
http://news.hitb.org/content/researchers-close-final-loophole-device-encryption-power-nanotubes

New molecular scissors cut out lingering HIV—maybe once and for all
http://news.hitb.org/content/new-molecular-scissors-cut-out-lingering-hiv—maybe-once-and-all

Scientists Search for Signatures of Alien Life Hidden in Gas
http://news.hitb.org/content/scientists-search-signatures-alien-life-hidden-gas
http://www.wired.com/2016/03/scientists-search-signatures-alien-life-hidden-gas/

CONSOMMATION
------------



RACHAT / UNION
--------------

Facebook se paye l’application Masquerade
http://www.01net.com/actualites/facebook-se-paye-l-application-masquerade-958049.html

DROIT
-----

Cybersurveillance : la Cour de cassation précise les contours messages professionnels / privés
http://www.les-infostrateges.com/actu/16022138/cybersurveillance-la-cour-de-cassation-precise-les-contours-messages-professionnels-prives
http://www.legifrance.gouv.fr/affichJuriJudi.do?&idTexte=JURITEXT000031949915

Loi sur le renseignement : chaque pays met en place son big brother
http://www.zataz.com/loi-renseignement-uk/#ULJOVRiOfO8S7lpd.99

Lex.be, un moteur de recherche pour le droit belge
http://www.les-infostrateges.com/actu/16032158/lexbe-un-moteur-de-recherche-pour-le-droit-belge

Cnil : record de plaintes reçues en 2015
http://www.les-infostrateges.com/actu/16042169/cnil-record-de-plaintes-recues-en-2015

MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

CARRIERE
--------

Getting a Foot in the Door of the Security Industry - See more at: http://blog.isc2.org/isc2_blog/2016/02/associate-security.html#sthash.75dhXVxE.dpuf
http://blog.isc2.org/isc2_blog/2016/02/associate-security.html

How to keep your highly skilled and paid security team happy and engaged
http://news.hitb.org/content/how-keep-your-highly-skilled-and-paid-security-team-happy-and-engaged

Sécurité : chaises musicales entre Deloitte, Devoteam et Ernst & Young
http://www.lemagit.fr/actualites/450281035/Securite-chaises-musicales-entre-Deloitte-Devoteam-et-Ernst-Young

MICROSOFT
---------

Microsoft va intégrer un bloqueur de pubs à son navigateur Edge
http://www.01net.com/actualites/microsoft-va-integrer-un-bloqueur-de-pubs-a-son-navigateur-edge-963328.html

Linux dans Windows 10, comment ça marche ?
http://www.tomshardware.fr/articles/linux-ubuntu-windows10,1-59163.html

GOOGLE
------

In Europe, You’ll Need a VPN to See Real Google Search Results
http://news.hitb.org/content/europe-you’ll-need-vpn-see-real-google-search-results
http://www.wired.com/2016/03/europe-youll-need-vpn-see-real-google-search-results/

Google has doubled its bounty for a Chromebook hack to US$100,000
http://news.hitb.org/content/google-has-doubled-its-bounty-chromebook-hack-us100000

Google Security Expert Criticizes Meaningless Antivirus Excellence Awards
http://news.hitb.org/content/google-security-expert-criticizes-meaningless-antivirus-excellence-awards


APPLE / IPHONE
--------------

PALM / PRE
----------

FREE
----

GEEK POWER
----------

eero: A Mesh WiFi Router Built for Security
http://news.hitb.org/content/eero-mesh-wifi-router-built-security
http://krebsonsecurity.com/2016/03/eero-a-mesh-wifi-router-built-for-security/

How I Stopped Studying to Make This Toy
http://www.tripwire.com/state-of-security/security-awareness/how-i-stopped-studying-to-make-this-toy/

Potato-Powered Security Device Is Unique
http://news.hitb.org/content/potato-powered-security-device-unique
http://www.ubergizmo.com/2016/04/potato-powered-security-device-is-unique/

LIBRE / OPEN SOURCE
-------------------

Opera propose un navigateur anti-pub pour Windows, Mac et Linux
http://www.01net.com/actualites/opera-propose-un-navigateur-anti-pub-pour-windows-mac-et-linux-958174.html

Mozilla campaign encourages people to understand encryption
http://news.hitb.org/content/mozilla-campaign-encourages-people-understand-encryption

Microsoft extends open source push with developer productivity tools
http://news.hitb.org/content/microsoft-extends-open-source-push-developer-productivity-tools

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

Dridex Botnet Spreading Locky Ransomware Via JavaScript Attachments
http://news.hitb.org/content/dridex-botnet-spreading-locky-ransomware-javascript-attachments
http://www.securityweek.com/dridex-botnet-spreading-locky-ransomware-javascript-attachments

Poseidon APT Group Identified As First Portuguese-Speaking Campaign
https://threatpost.com/10-year-poseidon-apt-group-identified-as-first-portuguese-speaking-campaign/116177/#sthash.bOgTzwVJ.dpuf

Marcher Trojan Morphs, Now Targets Porn Sites
https://threatpost.com/marcher-trojan-morphs-now-targets-porn-sites/116743/

MASSIVE MALVERTISING CAMPAIGN LANDS ON TOP WEBSITES
https://threatpost.com/massive-malvertising-campaign-lands-on-top-websites/116806/

Report: DDoS Attacks Grew in Number, Size, and Sophistication in Q4 2015
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/report-ddos-attacks-grew-in-number-size-and-sophistication-in-q4-2015/
L'infographie pour les plus pressés https://www.verisign.com/assets/infographic-ddos-trends-Q42015.pdf
A télécharger pour les plus courageux : https://www.verisign.com/en_US/security-services/ddos-protection/ddos-report/index.xhtml
Allez je vous donne le lien : https://www.verisign.com/assets/report-ddos-trends-Q42015.pdf

Lights, Camera, Disaster: DDoS Attack Scripts Are a Threat You Need to Know
http://www.tripwire.com/state-of-security/security-data-protection/lights-camera-disaster-ddos-attack-scripts-are-a-threat-you-need-to-know/

Docs With Malicious Macros Deliver Fileless Malware
http://news.hitb.org/content/docs-malicious-macros-deliver-fileless-malware
http://www.csoonline.com/article/3043571/security/documents-with-malicious-macros-deliver-fileless-malware-to-financial-transaction-systems.html
http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/

The emails contained the recipients' names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. This attention to detail lent more credibility to spam messages and made it more likely that victims would open the attached documents, the researchers said.

Storing malicious code in the system registry, abusing the Windows PowerShell and adding malicious macros to documents are not new techniques. However, their combination can make for very potent and hard-to-detect attacks.

Big-name sites hit by rash of malicious ads spreading crypto ransomware
http://news.hitb.org/content/big-name-sites-hit-rash-malicious-ads-spreading-crypto-ransomware

Ransomware Propagation Tied to TeamViewer Account (UPDATED)
http://www.tripwire.com/state-of-security/latest-security-news/ransomware-propagation-tied-to-teamviewer-account/

TeslaCrypt 4.0: Bigger, Badder and Unbreakable
http://news.hitb.org/content/teslacrypt-40-bigger-badder-and-unbreakable

FILELESS POWERWARE RANSOMWARE FOUND ON HEALTHCARE NETWORK
https://threatpost.com/fileless-powerware-ransomware-found-on-healthcare-network/116998/

ESPIONAGE MALWARE, WATERING HOLE ATTACKS TARGET DIPLOMATS
https://threatpost.com/espionage-malware-watering-hole-attacks-target-diplomats/116600/

Former Employee Is Behind Devastating Ofcom Data Breach
http://news.hitb.org/content/former-employee-behind-devastating-ofcom-data-breach

Fraude au virement – Tentatives de détournement de 21 millions d’euros
http://www.zataz.com/tentatives-de-detournement-de-21-millions-deuros/#kcKzD5HB1RjcffPV.99

Augmentation significative du nombre de domaines malveillants
http://www.zataz.com/augmentation-significative-nombre-de-domaines-malveillants/#85p4Kis60sP7dSYm.99

Ransomware Hackers Are Coming For Your Health Records
http://europe.newsweek.com/ransomware-hackers-coming-your-health-records-445285

Ransomware: Locky, TeslaCrypt, Other Malware Families Use New Tool To Evade Detection
http://researchcenter.paloaltonetworks.com/2016/04/unit42-ransomware-locky-teslacrypt-other-malware-families-use-new-tool-to-evade-detection/

Jigsaw Ransomware Threatens to Delete Your Files, Free Decrypter Available
http://news.softpedia.com/news/jigsaw-ransomware-threatens-to-delete-your-files-free-decrypter-available-502824.shtml

Rokku Ransomware shows possible link with Chimera
https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/

Keygen alert: free password generator released for PETYA ransomware
http://betanews.com/2016/04/10/free-petya-password-generator/
http://download.bleepingcomputer.com/fabian-wosar/PetyaExtractor.zip
https://petya-pay-no-ransom.herokuapp.com/

ROOT SERVERS WERE NOT TARGETS OF 2015 DDOS ATTACK
https://threatpost.com/root-servers-were-not-targets-of-2015-ddos-attack/117082/

FAILLES
-------

Two-year-old Java flaw re-emerges due to broken patch
http://news.hitb.org/content/two-year-old-java-flaw-re-emerges-due-broken-patch
http://www.infoworld.com/article/3043064/security/two-year-old-java-flaw-re-emerges-due-to-broken-patch.html

D'innombrables extensions Firefox vulnérables à un nouveau type d’attaque
http://www.01net.com/actualites/un-grand-nombre-d-extensions-firefox-vulnerable-a-un-nouveau-type-d-attaque-964205.html
http://www.buyukkayhan.com/publications/ndss2016crossfire.pdf

iPhone : Apple corrige la faille de Siri qui permettait d’accéder à vos photos sans code
http://www.01net.com/actualites/siri-une-faille-permet-d-acceder-aux-contacts-et-aux-photos-d-un-iphone-sans-saisir-de-code-964433.html

DATA LEAKAGE
------------

1.5M Verizon Enterprise Customer Records Found For Sale on Dark Web
http://www.tripwire.com/state-of-security/latest-security-news/1-5m-verizon-enterprise-customer-records-found-for-sale-on-dark-web/

OUTILS
------

Has your network been compromised? Use RITA to find out
http://news.hitb.org/content/has-your-network-been-compromised-use-rita-find-out
https://www.helpnetsecurity.com/2016/03/11/network-compromised-use-rita/

CheckMyHTTPS, l’anti interception Man in the Middle SSL/TLS
http://www.zataz.com/checkmyhttps-lanti-interception-ssltls/#v8Pb7Kyqb6yiIKGO.99
https://checkmyhttps.net

GitHarvester: Finding Data on GitHub
http://www.tripwire.com/state-of-security/security-awareness/githarvester-finding-data-on-github/

YAHOO DEPLOYS PASSWORDLESS ACCOUNT KEY TOOL
https://threatpost.com/yahoo-deploys-passwordless-account-key-tool/116892/

Google rend gratuite une formidable suite d’outils pour la photographie
http://www.01net.com/actualites/google-offre-gratuitement-une-formidable-suite-d-outils-pour-la-photographie-962062.html

Comment créer un vaccin contre le ransomware Locky
https://www.lexsi.com/securityhub/comment-creer-un-vaccin-contre-le-ransomware-locky/

Surf anonyme et sécurisé pour votre smartphone et tablette
http://www.zataz.com/vpn-smartphone-tablette/#5euv2IrefPW6chAO.99

BinDiff Now Free, To Delight of Security Researchers
http://news.hitb.org/content/bindiff-now-free-delight-security-researchers
https://threatpost.com/bindiff-now-free-to-delight-of-security-researchers/116912/

Qubes OS 3.1 has been released
http://news.hitb.org/content/qubes-os-31-has-been-released
https://www.qubes-os.org/news/2016/03/09/qubes-os-3-1-has-been-released/

Vivaldi 1.0 : le nouveau navigateur pensé pour les internautes exigeants
http://www.01net.com/actualites/vivaldi-1-0-un-navigateur-pour-internautes-exigeants-965063.html

------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
13 mars 2016 7 13 /03 /mars /2016 23:16
Veille - La faille Microsoft avec une explication "Ouate de Phoque"....

Je n'avais vu le contexte exact, mais avais eu l'info. Je confirme, c'est quand même très "Ouate de Phoque comme explication.

Published by pseudonyme
commenter cet article
12 mars 2016 6 12 /03 /mars /2016 08:32

==============================================================================================================================================

Allez, une des dernières Veille sans commentaires. Enfin j'espère, il faut que je reprenne les bonnes habitudes et supprime les mauvaises.

Bonne lecture.
Tristan

==============================================================================================================================================


R.I.P
-----

Le père de l’email et re-découvreur de l'arobase est mort
http://www.01net.com/actualites/le-pere-de-l-email-et-re-decouvreur-de-l-arobase-est-mort-957020.html

A LIRE SECURITE
---------------

Classe et simplement expliqué
https://medium.com/@norsec0de/hunting-the-automated-pentesting-unicorn-eb1295b1e6c0#.49ajsywqm

RSA Conference Preview: Dreaming of Indicators of Compromise
http://www.tripwire.com/state-of-security/incident-detection/rsa-preview-dreaming-of-ioc/

The most vulnerable time for hacking revealed
http://news.hitb.org/content/most-vulnerable-time-hacking-revealed
http://www.stuff.co.nz/technology/digital-living/77226650/the-most-vulnerable-time-for-hacking-revealed
https://www.proofpoint.com/sites/default/files/human-factor-report-2016.pdf

Are you prepared to respond to ransomware the right way?
http://news.hitb.org/content/are-you-prepared-respond-ransomware-right-way
http://www.csoonline.com/article/3037018/leadership-management/are-you-prepared-to-respond-to-ransomware-the-right-way.html

Defending Your Network Against DDoS Attacks
http://www.tripwire.com/state-of-security/security-awareness/defending-your-network-against-ddos-attacks/

How Can we Remember all Those Passwords?
http://www.tripwire.com/state-of-security/security-awareness/38629/

Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group
https://threatpost.com/operation-blockbuster-coalition-ties-destructive-attacks-to-lazarus-group/116422/#sthash.W1jTxWoX.dpuf

#CyberChoices – How Parents Can Dissuade Their Children from Becoming Online Criminals
http://www.tripwire.com/state-of-security/security-awareness/cyberchoices-how-parents-can-dissuade-their-children-from-becoming-online-criminals/

DOSSIERS
--------

Obama to Appoint First Federal Chief Information Security Officer
http://www.tripwire.com/state-of-security/latest-security-news/obama-to-appoint-first-federal-chief-information-security-officer/

Chiffrement et informatique quantique: les mystères qui entourent les choix de la NSA
http://www.01net.com/actualites/chiffrement-et-informatique-quantique-un-mystere-entoure-la-nsa-955822.html

INSOLITE
--------

UN PETIT GESTE POUR LA PLANETE
------------------------------


FACEBOOK AND SOCIAL NETWORKS
----------------------------

Twitter Has a New App, But This One’s Just for Coders
http://news.hitb.org/content/twitter-has-new-app-one’s-just-coders
http://www.wired.com/2016/02/twitter-has-a-new-app-but-this-ones-just-for-coders/

Instagram rolls out two-factor authentication to improve security
http://news.hitb.org/content/instagram-rolls-out-two-factor-authentication-improve-security

A BOOKMARKER
------------


SALONS / CONFERENCES / EVENEMENTS
---------------------------------

RSAC: Innovation Sandbox Presents Ten of the Best
http://news.hitb.org/content/rsac-innovation-sandbox-presents-ten-best
http://www.infosecurity-magazine.com/news-features/rsac-innovation-sandbox-presents/

IdiOTie
-------
The IoT industry needs an ID standard. Let’s name it id-IoT ;-))

Objets connectés : le réseau français Sigfox, une passoire en matière de sécurité ?
http://www.01net.com/actualites/objets-connectes-le-reseau-francais-sigfox-une-passoire-en-matiere-de-securite-957875.html

Ils ont hacké le réseau électrique avec… des climatiseurs
http://www.01net.com/actualites/ils-ont-hacke-le-reseau-electrique-avec-des-climatiseurs-950582.html

Bouygues Telecom veut connecter tous nos objets à son réseau LoRa
http://www.01net.com/actualites/bouygues-telecom-veut-connecter-tous-nos-objets-a-son-reseau-lora-951203.html

BANQUES
-------

MasterCard to roll out 'selfie' authentication
http://news.hitb.org/content/mastercard-roll-out-selfie-authentication

Source Code For Android Banking Malware Leaked
https://threatpost.com/source-code-for-android-banking-malware-leaked/116380/

Santiago Pontiroli and Roberto Martinez on ATM Jackpotting
https://threatpost.com/santiago-pontiroli-and-roberto-martinez-on-atm-jackpotting/116406/

Threat Detection Techniques – ATM Malware
http://blogs.rsa.com/threat-detection-techniques-atm-malware/?linkId=21412746
http://blogs.rsa.com/wp-content/uploads/2016/02/ATM-Paper_Feb-16_final.pdf

Weak Bank Password Policies Leave 350 Million Vulnerable, Say Researchers
https://threatpost.com/weak-bank-password-policies-leave-350-million-vulnerable-say-researchers/116574/

Challenger bank buys digital gaming specialist
http://www.computerweekly.com/news/4500278248/Challenger-bank-acquires-digital-gaming-specialist

PRODUITS
--------

Internet à 100 Mbit/s par satellite, c'est pour bientôt !
http://www.01net.com/actualites/l-internet-a-100-mbits-par-satellite-c-est-pour-bientot-950870.html

Startup PatternEx Launches AI Platform for Network Security
http://news.hitb.org/content/startup-patternex-launches-ai-platform-network-security
http://www.eweek.com/security/startup-patternex-launches-ai-platform-for-network-security.html

BON A SAVOIR
------------

VTech waves off security responsiblity after major 2015 breach
http://news.hitb.org/content/vtech-waves-security-responsiblity-after-major-2015-breach
http://www.digitaltrends.com/computing/vtech-disclaimer-of-responsibility-for-data-breach-losses/

Instagram va enfin lancer la double authentification sur vos comptes
http://www.01net.com/actualites/instagram-commence-a-doubler-la-securite-de-vos-comptes-952390.html
La double authentification est déjà de mise sur nombre de services, même si elle reste souvent optionnelle.
Twitter, Google, Facebook (propriétaire d’Instagram), LinkedIn ou encore Amazon l’ont tous déjà déployée.

Le Bitcoin est-il promis à une mort lente ?
http://www.01net.com/actualites/le-bitcoin-est-il-promis-a-une-mort-lente-956284.html

5 Reasons SAP Security Matters
http://news.hitb.org/content/5-reasons-sap-security-matters
http://www.darkreading.com/operations/5-reasons-sap-security-matters-/d/d-id/1324468

Opera Becomes First Major Web Browser to Introduce Native Ad-Blocking Feature
http://www.tripwire.com/state-of-security/latest-security-news/opera-becomes-first-major-web-browser-to-introduce-native-ad-blocking-feature/

SCIENCES
--------

Samsung veut nous identifier grâce à nos veines
http://www.01net.com/actualites/samsung-travaille-a-l-identification-par-la-forme-des-veines-949818.html

Samsung livre le plus grand SSD du monde, avec une capacité de 15 To
http://www.01net.com/actualites/samsung-livre-le-plus-grand-ssd-du-monde-avec-une-capacite-de-15-to-956202.html

Fujitsu établit la transmission sans fil la plus rapide du monde
http://www.01net.com/actualites/fujitsu-etablit-la-transmission-sans-fil-la-plus-rapide-du-monde-949376.html

Researchers create super-efficient Wi-Fi
http://news.hitb.org/content/researchers-create-super-efficient-wi-fi
http://arstechnica.com/information-technology/2016/02/researchers-create-super-low-power-wi-fi/

Des chercheurs inventent un Wi-Fi 10 000 fois plus économe en énergie
http://www.01net.com/actualites/un-wi-fi-basse-consommation-pour-l-internet-des-objets-954213.html

Des chercheurs ont créé un support de stockage… éternel
http://www.01net.com/actualites/des-chercheurs-creent-un-support-de-stockage-eternel-952089.html

CONSOMMATION
------------



RACHAT / UNION
--------------



DROIT
-----

La Cnil se dote d'un nouveau site web
http://www.les-infostrateges.com/actu/16022141/la-cnil-se-dote-d-un-nouveau-site-web

La pénurie d'adresses IPv4, un obstacle pour le flicage de la Hadopi
http://www.01net.com/actualites/la-penurie-d-adresses-ipv4-un-obstacle-pour-le-flicage-de-la-hadopi-952412.html

White House Wants to Renegotiate U.S. Implementation of Wassenaar
https://threatpost.com/white-house-wants-to-renegotiate-u-s-implementation-of-wassenaar/116531/

The Need for Encryption Legislation
http://blog.isc2.org/isc2_blog/2016/03/the-need-for-encryption-legislation.html

Données à caractère personnel : Nouvelle mouture du projet de Règlement européen
http://www.les-infostrateges.com/actu/16022146/donnees-a-caractere-personnel-nouvelle-mouture-du-projet-de-reglement-europeen


MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------

9 opérateurs, principalement européens, créent une alliance contre les OTT
http://www.reseaux-telecoms.net/actualites/lire-9-operateurs-principalement-europeens-creent-une-alliance-contre-les-ott-27601.html

CARRIERE
--------


MICROSOFT
---------

Windows 10 se connecte dans votre dos aux serveurs de Microsoft
http://www.01net.com/actualites/windows-10-se-connecte-dans-votre-dos-aux-serveurs-de-microsoft-949808.html

GOOGLE
------

Google : du moteur de recherche au moteur de réponses ? [Très intéressant]
http://www.les-infostrateges.com/actu/16032148/google-du-moteur-de-recherche-au-moteur-de-reponses
https://www.youtube.com/watch?time_continue=9&v=4yrL9bgnqoU

APPLE / IPHONE
--------------

1er Janvier 1970 : la date qui tue les iPhone et iPad
http://www.01net.com/actualites/111970-la-date-qui-tue-les-iphone-et-ipad-951131.html

PALM / PRE
----------

FREE
----

GEEK POWER
----------

LIBRE / OPEN SOURCE
-------------------

Nous avons installé et testé Remix OS, l’Android pour PC
http://www.01net.com/actualites/nous-avons-installe-et-teste-remix-os-l-android-pour-pc-949334.html

ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------

The Pirate Bay devient le plus gros site de streaming illégal au monde
http://www.01net.com/actualites/pirate-bay-devient-le-plus-gros-site-de-streaming-au-monde-949793.html

WordPress Infections Leading to TeslaCrypt Ransomware
https://threatpost.com/wordpress-infections-leading-to-teslacrypt-ransomware/116149/

Exploiting WPA2 In a Citywide Wi-Fi
http://www.tripwire.com/state-of-security/security-awareness/exploiting-wpa2-in-a-city-wide-wi-fi/

Exploit Kits as a Service – How Automation Is Changing the Face of Cyber Crime
https://heimdalsecurity.com/blog/exploit-kits-service-automation-changing-face-cyber-crime/

New Silverlight Attacks Appear in Angler Exploit Kit
https://threatpost.com/new-silverlight-attacks-appear-in-angler-exploit-kit/116409/

Angler Exploit Kit updated to target PCs and Macs with Silverlight attack
http://www.hotforsecurity.com/blog/angler-exploit-kit-updated-to-target-pcs-and-macs-with-silverlight-attack-13449.html

IP Box : cracker le mot de passe d’un iPhone pour 200 dollars
http://www.zataz.com/ip-box-cracker-password-iphone/

PIGNOUFS
--------

Piratage et vol de données signés par des Anonymous pour un espace du Ministère de la Défense
http://www.zataz.com/piratage-et-vol-de-donnees-pour-un-espace-du-ministere-de-la-defense/#UXUU3HRF6EWDu4ZB.99

FAILLES
-------

Firefox 45 Fixes 40 Vulnerabilities, 22 Critical
https://threatpost.com/firefox-45-fixes-40-vulnerabilities-22-critical/116682/

Google Releases Security Update for Chrome 49
http://www.tripwire.com/state-of-security/latest-security-news/google-chrome-49-fixes-security-bugs-displays-extensions-in-toolbar/

Google lumps Malwarebytes with a bad security report and a lot of homework
http://news.hitb.org/content/google-lumps-malwarebytes-bad-security-report-and-lot-homework

Drupal Update Fixes 10 Vulnerabilities, One Critical......et c'est le dernier train de maintenance pour la version 6........
https://threatpost.com/drupal-update-fixes-10-vulnerabilities-one-critical/116466/

Un comble : la plupart des antivirus sont truffés de failles de sécurité !
http://www.01net.com/actualites/les-logiciels-de-securite-epingles-car-hautement-vulnerables-955474.html

Is Relying on Anti-virus Making You Insecure?
http://www.tripwire.com/state-of-security/security-awareness/relying-anti-virus-making-insecure/

OUTILS
------

Comment protéger ses objets connectés avec un Raspberry Pi
http://www.01net.com/actualites/comment-proteger-ses-objets-connectes-avec-un-raspberry-pi-955478.html

Best Open Source Software for Windows 10
http://news.hitb.org/content/best-open-source-software-windows-10
http://www.datamation.com/open-source/best-open-source-software-for-windows-10.html

------------

01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml

Published by pseudonyme
commenter cet article
10 mars 2016 4 10 /03 /mars /2016 20:54
Veille - Une grosse pensée.....

R.I.P.......................

Published by pseudonyme
commenter cet article
14 février 2016 7 14 /02 /février /2016 09:16

1er Janvier 1970 : la date qui tue les iPhone et iPad

http://www.01net.com/actualites/111970-la-date-qui-tue-les-iphone-et-ipad-951131.html

Mon petit conseil c'est de vous assurer que votre NTP provient d'un serveur que vous connaissez, maitrisez.

Tristan

Published by pseudonyme
commenter cet article