Pornhub offering hackers $25,000 to penetrate its security
http://news.hitb.org/content/pornhub-offering-hackers-25000-penetrate-its-security
.... et l'excuse qui va avec : "Je t'assure, c'est pour le boulot, je n'y prends aucun plaisir ;-))"
==============================================================================================================================================
Cette semaine, ça fait un bail que je n'ai pas écrit et certains me l'ont fait remarqué à juste titre.
Donc allez hop, je me lance. Je livre ce que j'ai pu collecter. Il y a du lourd et du moins lourd. Dans le lourd, vous trouverez :
- la mise au point d'une intelligence artificielle pour lutter contre les cyberattaques. Derrière ces mots pompeux, il semble y avoir pas mal de boulot (MIT) et une petite dose de publicité (société PatternX). Ceci dit, c'est quand même une belle avancée même si nous n'en sommes qu'au début.
- les informations sur la stratégie "BeyondCorp" (pas Beyoncé hein attention !) de Google sur la défense non périmétrique. A mon avis, c'est une bonne piste à suivre car Google considère que tout doit être analysé dans la mesure où on ne peut plus avoir confiance dans la sécurité périmétrique. De ce fait, cela remonte le niveau de contrôle et apporte une vue sécurité plus complète.
- Chez Airbus, on parle sans tabou de ce qui se passe avec une phrase que j'aime entendre : ces pirates-là « existent, et ils entrent » en parlant des attaquants liés à un État. Ça change un peu des discours irréalistes et surtout, quand on lit les autres exemples cités, on voit bien que malgré l'avancée technologique certaine d'Airbus, ils sont aussi touchés par des codes malveillants ......comme tout le monde. Ça donnerait presque envie de bosser là-bas
- un très bon post sur le problème lié à un changement forcé et trop régulier de mot de passe (ça change aussi des discours toujours identiques)
- la section SCIENCES également contient des inventions et des recherches vraiment novatrices.
- la section DROIT pointe sur un vrai bon site pour comprendre de manière pratique le nouveau règlement européen sur la protection des données à caractère personnel.
Pour le moins lourd, il y a tout le reste.
Ah oui aussi !!! Pensez à patcher vos navigateurs. Entre Firefox et Chrome, ça peut valoir le coup.
ATTENTION SPOILER : Je ne suis pas l'inventeur du Bitcoin !!! D'autres essaient de se vendre comme tel. Info ou Intox ? A suivre
Bonne lecture
Tristan
==============================================================================================================================================
A LIRE SECURITE
---------------
Comment le MIT a entraîné une intelligence artificielle à détecter les cyberattaques
http://www.01net.com/actualites/detecter-les-cyberattaques-grace-a-l-intelligence-artificielle-967988.html
http://news.hitb.org/content/mit-builds-ai-bot-spots-85-cent-hacker-invasions
http://www.theregister.co.uk/2016/04/18/ai_bot_spots_hacking_attacks/
https://people.csail.mit.edu/kalyan/AI2_Paper.pdf
http://www.presse-citron.net/lintelligence-artificielle-et-les-humains-vont-travailler-ensemble-contre-les-cyberattaques/ (remonté par Yann Ga. merci)
BeyondCorp : Google détaille son approche de la sécurité sans périmètre
http://www.lemagit.fr/etude/BeyondCorp-Google-detaille-son-approche-de-la-securite-sans-perimetre
https://static.googleusercontent.com/media/research.google.com/fr//pubs/archive/44860.pdf [Le dernier en date, correction du lie, MAG IT]
http://static.googleusercontent.com/media/research.google.com/fr//pubs/archive/43231.pdf [date de 2014]
Google found 760,935 compromised web sites in a year
http://www.theregister.co.uk/2016/04/19/google_80000_sites_breached/?mt=1461091431022
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf
The problems with forcing regular password expiry
https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry
Neutrino Exploit Kit Analysis and Threat Indicators
https://www.sans.org/reading-room/whitepapers/malicious/neutrino-exploit-kit-analysis-threat-indicators-368924
Creating a Malware/Ransomware Defendable Network [Pas vraiment spécifique aux ransomwares, mais une bonne checklist]
http://www.tripwire.com/state-of-security/incident-detection/creating-a-malwarerasomware-defendable-network/
Airbus : cible alléchante pour pirates talentueux
http://www.lemagit.fr/actualites/450281229/Airbus-cible-allechante-pour-pirates-talentueux
Comptes à hauts privilèges : 6 raisons de s'en préoccuper
http://www.orange-business.com/fr/blogs/securite/bonnes-pratiques/comptes-hauts-privileges-6-raisons-de-s-en-preoccuper
How attackers are quietly creeping inside your perimeter
http://news.hitb.org/content/how-attackers-are-quietly-creeping-inside-your-perimeter
http://www.information-age.com/technology/security/123461309/how-attackers-are-quietly-creeping-inside-your-perimeter-using-covert-attack-communications
Detecting and dealing with the stealthiest cyberattacks
http://news.hitb.org/content/detecting-and-dealing-stealthiest-cyberattacks
http://www.itproportal.com/2016/04/25/detecting-and-dealing-with-the-stealthiest-cyberattacks/
DOSSIERS
--------
Details about Juniper's Firewall Backdoor
https://www.schneier.com/blog/archives/2016/04/details_about_j.html
L’armée américaine veut créer une messagerie ultrasécurisée inspirée du Bitcoin
http://www.01net.com/actualites/l-armee-americaine-veut-creer-une-messagerie-ultrasecurisee-inspiree-du-bitcoin-969528.html
BANQUES
-------
FOLLOW THE MONEY: DISSECTING THE OPERATIONS OF THE CYBER CRIME GROUP FIN6
https://www.fireeye.com/blog/threat-research/2016/04/follow_the_money.html
https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf
POS ATTACKS NET CROOKS 20 MILLION STOLEN BANK CARDS
https://threatpost.com/pos-attacks-net-crooks-20-million-stolen-bank-cards/117595/
BANGLADESH BANK HACKERS ACCESSED SWIFT SYSTEM TO STEAL, COVER TRACKS
https://threatpost.com/bangladesh-bank-hackers-accessed-swift-system-to-steal-cover-tracks/117637/
ATTACKERS BEHIND GOZNYM TROJAN SET SIGHTS ON EUROPE
https://threatpost.com/attackers-behind-goznym-trojan-set-sights-on-europe/117647/
Qatar National Bank claims customer data released by hackers is authentic
http://news.hitb.org/content/qatar-national-bank-claims-customer-data-released-hackers-authentic
How To Bolster Banking Technology Infrastructure and Address Cyber Risks
http://www.tripwire.com/state-of-security/featured/banking-tech-infrastructure-cyber-risks/
Les banques travaillent leur présence sur les réseaux sociaux
http://www.les-infostrateges.com/actu/16042179/les-banques-travaillent-leur-presence-sur-les-reseaux-sociaux
Banking and Cybersecurity: Can They Help Prevent the Next Terrorist Attack? [A mon avis pas si simple, mais la question est intéressante]
http://www.tripwire.com/state-of-security/featured/integrated-approach-ahead-criminal/
Marcher banking malware hitting Android phones in Australia
http://news.hitb.org/content/marcher-banking-malware-hitting-android-phones-australia
http://www.pcauthority.com.au/News/418933,marcher-banking-malware-hitting-android-phones-in-australia.aspx
Hacker who stole from banks ordered to pay $7 million [Arghhh le crime ne paie plus]
http://news.hitb.org/content/hacker-who-stole-banks-ordered-pay-7-million
BIG DATA
--------
Un guide pratique consacré à la révolution data
http://www.les-infostrateges.com/actu/16042174/un-guide-pratique-consacre-a-la-revolution-data
https://fr.calameo.com/read/004059613efc709cb5836 |Preview]
POPULISME ET CYBERSECURITE
--------------------------
Le flot montant de la cybercriminalité polonaise [Au delà du titre raccoleur, quelque informations pertinentes]
https://www.lexsi.com/securityhub/le-flot-montant-de-la-cybercriminalite-polonaise/
INSOLITE
--------
Il a hacké Facebook et découvert la présence… d’un autre hacker
http://www.01net.com/actualites/il-a-hacke-facebook-et-decouvert-la-presence-d-un-autre-hacker-969617.html
Researcher Compromises Facebook System, Finds Someone’s Already Been There
http://www.tripwire.com/state-of-security/latest-security-news/researcher-compromises-facebook-system-finds-someones-already-been-there/
UN PETIT GESTE POUR LA PLANETE
------------------------------
Eurocops get new cyber powers to hunt down terrorists, criminals
http://news.hitb.org/content/eurocops-get-new-cyber-powers-hunt-down-terrorists-criminals
FACEBOOK AND SOCIAL NETWORKS
----------------------------
A BOOKMARKER
------------
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
Retail Cyber Intelligence Summit: A Forum for Community and Security
http://www.tripwire.com/state-of-security/featured/retail-cyber-intelligence-summit-a-forum-for-community-and-security/
http://summit.r-cisc.org
Top Resources for Infosec Professionals – Retail Industry
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/top-resources-for-infosec-professionals-retail-industry/
Hacking Competition Challenged UK Cyber Security Students
http://www.tripwire.com/state-of-security/latest-security-news/hacking-competition-challenged-uk-information-security-students/
PRODUITS
--------
BON A SAVOIR
------------
Bientôt l’authentification des périphériques USB-C
http://www.lemagit.fr/actualites/450281278/Bientot-lauthentification-des-peripheriques-USB-C
SHORT URLS A BIG PROBLEM FOR CLOUD COLLABORATION, STORED DATA
https://threatpost.com/short-urls-a-big-problem-for-cloud-collaboration-stored-data/117447/
Australia says it can hack enemies as it invests $230 million in cyber security
http://news.hitb.org/content/australia-says-it-can-hack-enemies-it-invests-230-million-cyber-security
Cloud : de la découverte du Shadow IT à celle du Shadow Data
http://www.orange-business.com/fr/blogs/securite/securite-applicative/cloud-de-la-decouverte-du-shadow-it-celle-du-shadow-data
« Satoshi est mort », le prétendu inventeur du Bitcoin sort de l'ombre
http://www.01net.com/actualites/satoshi-est-mort-le-pretendu-inventeur-du-bitcoin-sort-de-l-ombre-971378.html
Craig Wright 'proves' he is Bitcoin creator Satoshi Nakamoto
http://news.hitb.org/content/craig-wright-proves-he-bitcoin-creator-satoshi-nakamoto
http://phys.org/news/2016-05-australian-entrepreneur-reveals-bitcoin-creator.html
SCIENCES
--------
Your brain’s reaction to celeb pics may create the most secure form of ID
http://news.hitb.org/content/your-brain’s-reaction-celeb-pics-may-create-most-secure-form-id
http://arstechnica.com/science/2016/04/your-brains-reaction-to-celeb-pics-may-create-the-most-secure-form-of-id/
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7435286
Des chercheurs créent par accident une batterie quasi increvable
http://www.01net.com/actualites/des-chercheurs-creent-par-accident-une-batterie-qui-tient-200-000-cycles-969632.html
Wisp, un ordinateur miniature alimenté seulement par des ondes électromagnétiques
http://www.01net.com/actualites/wisp-un-ordinateur-miniature-alimente-seulement-par-des-ondes-electromagnetiques-970366.html
Intelligence artificielle: après le jeu de Go, les chercheurs se penchent sur Doom
http://www.01net.com/actualites/intelligence-artificielle-apres-le-jeu-de-go-les-chercheurs-se-penchent-sur-doom-969918.html
CONSOMMATION
------------
RACHAT / UNION
--------------
DROIT
-----
Un site pour tout comprendre sur le nouveau Règlement général sur la protection des données de l'UE
http://www.les-infostrateges.com/actu/16042175/un-site-pour-tout-comprendre-sur-le-nouveau-reglement-general-sur-la-protection-des-donnees-de-l-ue
http://www.gdpr-expert.eu/
Android dans le viseur de la Commission européenne
http://www.01net.com/actualites/android-dans-le-collimateur-de-la-commission-europeenne-968357.html
EIDAS et la protection des données personnelles
http://www.orange-business.com/fr/blogs/securite/lois-reglementations-standards-et-certifications/eidas-et-la-protection-des-donnees-personnelles
MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
CARRIERE
--------
Why it’s easier to fix a broken product than a broken team
http://news.hitb.org/content/why-it’s-easier-fix-broken-product-broken-team
http://venturebeat.com/2016/04/27/hiring-to-win-why-its-easier-to-fix-a-broken-product-than-a-broken-team/
MICROSOFT
---------
Skype, désormais accessible sur le web et sans plug-in
http://www.01net.com/actualites/skype-desormais-accessible-sur-le-web-et-sans-plug-in-967698.html
Microsoft lance Flow, son service d’automatisation des tâches numériques
http://www.01net.com/actualites/microsoft-lance-flow-son-service-d-automatisation-des-taches-numeriques-970818.html
GOOGLE
------
APPLE / IPHONE
--------------
PALM / PRE
----------
FREE
----
GEEK POWER
----------
LIBRE / OPEN SOURCE
-------------------
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
Kovter Ad Fraud Trojan Evolves Into Ransomware
http://www.securityweek.com/kovter-ad-fraud-trojan-evolves-ransomware
How hackers eavesdropped on a US Congressman using only his phone number
http://news.hitb.org/content/how-hackers-eavesdropped-us-congressman-using-only-his-phone-number
http://arstechnica.com/security/2016/04/how-hackers-eavesdropped-on-a-us-congressman-using-only-his-phone-number/
New JavaScript attack infects your phone and changes your router's DNS settings
http://news.hitb.org/content/new-javascript-attack-infects-your-phone-and-changes-your-routers-dns-settings
http://www.digitaltrends.com/web/javascript-malware-mobile/
A look at Locky ransomware
https://www.zscaler.com/blogs/research/look-locky-ransomware
Hardware-Based Keyloggers Found in the Library of a Canadian University
http://news.hitb.org/content/hardware-based-keyloggers-found-library-canadian-university
Malware authors quickly adopt SHA-2 through stolen code-signing certificates
http://news.hitb.org/content/malware-authors-quickly-adopt-sha-2-through-stolen-code-signing-certificates
Stolen usernames and passwords still cause almost a quarter of all data breaches
http://news.hitb.org/content/stolen-usernames-and-passwords-still-cause-almost-quarter-all-data-breaches
Hacking Team : comment pirater une entreprise en 6 étapes
http://www.01net.com/actualites/hacking-team-comment-pirater-une-entreprise-en-6-etapes-968431.html
This Hacker's Account of How He Infiltrated Hacking Team Says a Lot About Digital Security
http://news.hitb.org/content/hackers-account-how-he-infiltrated-hacking-team-says-lot-about-digital-security
http://gizmodo.com/this-hackers-account-of-how-he-infiltrated-hacking-team-1771504896
http://pastebin.com/raw/0SNSvyjJ
PLATINUM APT GROUP ABUSES WINDOWS HOTPATCHING
https://threatpost.com/platinum-apt-group-abuses-windows-hotpatching/117692/
FAILLES
-------
ORACLE FIXES 136 VULNERABILITIES WITH APRIL CRITICAL PATCH UPDATE
https://threatpost.com/oracle-fixes-136-vulnerabilities-with-april-critical-patch-update/117548/
Windows 10 flaw lets hackers secretly run any app on your PC
http://news.hitb.org/content/windows-10-flaw-lets-hackers-secretly-run-any-app-your-pc
http://bgr.com/2016/04/25/windows-10-applocker-security-issue/
https://gist.github.com/subTee/24c7d8e1ff0f5602092f58cbb3f7d302
FIREFOX 46 PATCHES CRITICAL MEMORY VULNERABILITIES
https://threatpost.com/firefox-46-patches-critical-memory-vulnerabilities/117698/
GOOGLE PATCHES 9 SECURITY FLAWS IN NEW CHROME BROWSER BUILD
https://threatpost.com/google-patches-9-security-flaws-in-new-chrome-browser-build/117747/
OUTILS
------
Le navigateur Opera propose un VPN gratuit et sans limite de débit
http://www.01net.com/actualites/le-navigateur-opera-propose-un-vpn-gratuit-et-sans-limite-de-debit-968657.html
Opera browser gets a free VPN – but you’ll need more than this to stay safe online
http://www.tripwire.com/state-of-security/featured/opera-vpn/
DDoS Protection With iptables: The Ultimate Guide
https://javapipe.com/iptables-ddos-protection
New MIT Scanner Finds Web App Flaws in a Minute [Presentation à venir]
https://threatpost.com/new-mit-scanner-finds-web-app-flaws-in-a-minute/117482/
5 Best Linux Distros for Installation on a USB Stick
http://news.hitb.org/content/5-best-linux-distros-installation-usb-stick
http://www.makeuseof.com/tag/5-best-linux-distros-installation-usb-stick/
Decryption Tool Released for CryptXXX Ransomware
http://www.tripwire.com/state-of-security/latest-security-news/decryption-tool-released-for-cryptxxx-ransomware/
OnionScan, le traqueur de connexions non anonymisées
http://www.zataz.com/onionscan-tor/#1wth7wvkF70BuQbw.99
------------
01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml
==============================================================================================================================================
Un des effets pervers du droit à l'oubli et se son application partielle soyons honnête est la différence de résultats de recherches sur Google si vous êtes en France ou aux Etats-Unis. En bref, même si l'intention de départ est louable, cela provoque une recherche avec oeillère en Europe et une recherche pleine ailleurs. Et là ça me pose un vrai problème de qualité, pertinence de la recherche. Parce que cela démontre que Google peut vous ramener les informations qu'"on" lui a bien autorisé à remonter. Donc si "on" décide de ne pas autoriser un contenu légitime mais qui le dérange, Google est en capacité de le faire. Mais Google ne le fera pas bien sûr. Don't be evil.....
L'article sur le choix d'une app dans un store vaut le détour car elle part d'un cas concret et déroule une démarche raisonnée de choix d'application au regard de ses droits. A mon avis, bon exemple pour de la sensibilisation.
Sinon pas de commentaires en plus, je vais essayer d'être plus régulier dans mes publications. J'ai eu des critiques de la part d'un lecteur (et oui il en reste).
Pour ceux qui se perdent encore sur mon site allez aussi sur twitter, j'y suis un peu plus actif normalement : https://twitter.com/pseudonyme_ovb.
Bonne lecture
Tristan
==============================================================================================================================================
A LIRE SECURITE
---------------
Tor Users Can Be Tracked Based on Their Mouse Movements
http://news.hitb.org/content/tor-users-can-be-tracked-based-their-mouse-movements
http://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtml
http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html
LinkedIn: The Phone Book for Social Engineers
http://www.tripwire.com/state-of-security/security-awareness/linkedin-the-phone-book-for-social-engineers/
Hackers Breach DDoS Protection Firm Staminus, Leak Sensitive Data Online
http://www.tripwire.com/state-of-security/latest-security-news/hackers-breach-ddos-protection-firm-staminus-leak-sensitive-data-online/
Shining a Light on Mobile App Permissions
http://www.tripwire.com/state-of-security/security-awareness/shining-a-light-on-mobile-app-permissions/
CVE System Sees Huge Backlog, Researchers Propose Alternative
http://news.hitb.org/content/cve-system-sees-huge-backlog-researchers-propose-alternative
http://news.softpedia.com/news/cve-system-sees-huge-backlog-researchers-propose-alternative-501665.shtml
The ‘Human Firewall’ Is Dead – Long Live the People
http://www.tripwire.com/state-of-security/security-data-protection/the-human-firewall-is-dead-long-live-the-people/
Attaque par ransomware : remerciements à Alcino Pereira, RSSI de l’AFP
http://www.larevuedudigital.com/2016/03/22/attaque-par-ransomware-remerciements-a-alcino-pereira-rssi-de-lafp/
http://blogs.afp.com/makingof/?post/le-diable-se-cache-dans-la-piece-jointe
A Renewed Exigency for Cyber Essentials
http://www.tripwire.com/state-of-security/security-data-protection/a-renewed-exigency-for-cyber-essentials/
Hackers going corporate with new attack attitudes, research shows
http://news.hitb.org/content/hackers-going-corporate-new-attack-attitudes-research-shows
http://www.zdnet.com/article/hackers-going-corporate-with-new-attack-attitudes-research-shows/
Attention, les URL les plus courtes ne sont pas les meilleures
http://www.zdnet.fr/actualites/attention-les-url-les-plus-courtes-ne-sont-pas-les-meilleures-39835710.htm
BUG BOUNTY
----------
Hack the Pentagon
http://www.zataz.com/hack-the-pentagone/#axzz42frFk4K9
DOSSIERS
--------
A Government Error Just Revealed Snowden Was the Target in the Lavabit Case
http://news.hitb.org/content/government-error-just-revealed-snowden-was-target-lavabit-case
Google says 1 million Gmail accounts might have been targeted by government hackers
http://news.hitb.org/content/google-says-1-million-gmail-accounts-might-have-been-targeted-government-hackers
http://bgr.com/2016/03/25/gmail-warning-government-hackers/
INSOLITE
--------
UN PETIT GESTE POUR LA PLANETE
------------------------------
FACEBOOK AND SOCIAL NETWORKS
----------------------------
Facebook se paye l’application Masquerade
http://www.01net.com/actualites/facebook-se-paye-l-application-masquerade-958049.html
En 2098, il y aura plus de morts que de vivants sur Facebook
http://www.01net.com/mediaplayer/video/en-2098-il-y-aura-plus-de-morts-que-de-vivants-sur-facebook-773425.html
A BOOKMARKER
------------
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
Exercice DEFNET 2016 : la cyberdéfense en action
http://www.ssi.gouv.fr/actualite/exercice-defnet-2016-la-cyberdefense-en-action/
http://www.zataz.com/lutte-contre-menaces-cybernetiques/#axzz43x2BBmJL
BANQUES
-------
Android banking trojan uses Flash to pinch your money
http://news.hitb.org/content/android-banking-trojan-uses-flash-pinch-your-money
http://www.theinquirer.net/inquirer/news/2450434/android-banking-trojan-uses-flash-to-pinch-your-money
Sophisticated Android Malware Targeting Australian Banking Apps
http://www.tripwire.com/state-of-security/latest-security-news/researchers-warn-of-sophisticated-android-malware-targeting-australian-banking-apps/
The Trojan first spreads onto Android devices by imitating the Adobe Flash Player application, often required by websites to play streaming video.
“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future,” he warned.
POS MALWARE TOOL ‘TREASUREHUNT’ TARGETS SMALL US-BASED BANKS, RETAILERS
https://threatpost.com/pos-malware-tool-treasurehunt-targets-small-us-based-banks-retailers/117014/
https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
"FireEye estimates the vulnerability has been quietly in use since 2014, noting that attackers have tweaked it over the past several months, particularly in the way the malware stores encoded POS configuration data in the NTFS alternate data streams (ADS) of the file %USERPROFILE%\ntuser.ini."
IdiOTie
-------
Le loup dans les contrats de maintenance à l’heure de l’IoT : la propriété des données
http://www.larevuedudigital.com/2016/03/11/le-loup-dans-les-contrats-de-maintenance-a-lheure-de-liot-la-propriete-des-donnees/
PRODUITS
--------
BON A SAVOIR
------------
Dropbox gears up for new EU data protection rules
http://www.computerweekly.com/news/450280565/Dropbox-gears-up-for-new-EU-data-protection-rules
Découvrez la mappemonde des sites Internet
http://www.01net.com/actualites/decouvrez-la-mappemonde-des-sites-internet-958501.html
http://www.nominet.uk/mapping-the-online-world/
Former VW employee says he was fired after questioning deletion of documents
http://news.hitb.org/content/former-vw-employee-says-he-was-fired-after-questioning-deletion-documents
Le Ministère de la Défense américain migre 4 millions de PC sur Windows 10 [Chapeau]
http://www.larevuedudigital.com/2016/02/22/le-ministere-de-la-defense-americain-migre-4-millions-de-pc-sur-windows-10/
What To Do with That Found USB Stick
http://www.tripwire.com/state-of-security/security-awareness/what-to-do-with-that-found-usb-stick/
Les drones relèvent les données dans les carrières d’Eurovia
http://www.larevuedudigital.com/2016/04/04/les-drones-relevent-les-donnees-dans-les-carrieres-deurovia/
SCIENCES
--------
Des chercheurs ont créé un support de stockage… éternel
http://www.01net.com/actualites/des-chercheurs-creent-un-support-de-stockage-eternel-952089.html
Bientôt des disques durs de 100 To ?
http://www.01net.com/actualites/bientot-des-disques-durs-de-100-to-961392-1.html
Mathematicians shocked to find pattern in “random” prime numbers
http://news.hitb.org/content/mathematicians-shocked-find-pattern-“random”-prime-numbers
https://www.newscientist.com/article/2080613-mathematicians-shocked-to-find-pattern-in-random-prime-numbers/
http://arxiv.org/abs/1603.03720
Researchers close the final loophole in device encryption with the power of nanotubes
http://news.hitb.org/content/researchers-close-final-loophole-device-encryption-power-nanotubes
New molecular scissors cut out lingering HIV—maybe once and for all
http://news.hitb.org/content/new-molecular-scissors-cut-out-lingering-hiv—maybe-once-and-all
Scientists Search for Signatures of Alien Life Hidden in Gas
http://news.hitb.org/content/scientists-search-signatures-alien-life-hidden-gas
http://www.wired.com/2016/03/scientists-search-signatures-alien-life-hidden-gas/
CONSOMMATION
------------
RACHAT / UNION
--------------
Facebook se paye l’application Masquerade
http://www.01net.com/actualites/facebook-se-paye-l-application-masquerade-958049.html
DROIT
-----
Cybersurveillance : la Cour de cassation précise les contours messages professionnels / privés
http://www.les-infostrateges.com/actu/16022138/cybersurveillance-la-cour-de-cassation-precise-les-contours-messages-professionnels-prives
http://www.legifrance.gouv.fr/affichJuriJudi.do?&idTexte=JURITEXT000031949915
Loi sur le renseignement : chaque pays met en place son big brother
http://www.zataz.com/loi-renseignement-uk/#ULJOVRiOfO8S7lpd.99
Lex.be, un moteur de recherche pour le droit belge
http://www.les-infostrateges.com/actu/16032158/lexbe-un-moteur-de-recherche-pour-le-droit-belge
Cnil : record de plaintes reçues en 2015
http://www.les-infostrateges.com/actu/16042169/cnil-record-de-plaintes-recues-en-2015
MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
CARRIERE
--------
Getting a Foot in the Door of the Security Industry - See more at: http://blog.isc2.org/isc2_blog/2016/02/associate-security.html#sthash.75dhXVxE.dpuf
http://blog.isc2.org/isc2_blog/2016/02/associate-security.html
How to keep your highly skilled and paid security team happy and engaged
http://news.hitb.org/content/how-keep-your-highly-skilled-and-paid-security-team-happy-and-engaged
Sécurité : chaises musicales entre Deloitte, Devoteam et Ernst & Young
http://www.lemagit.fr/actualites/450281035/Securite-chaises-musicales-entre-Deloitte-Devoteam-et-Ernst-Young
MICROSOFT
---------
Microsoft va intégrer un bloqueur de pubs à son navigateur Edge
http://www.01net.com/actualites/microsoft-va-integrer-un-bloqueur-de-pubs-a-son-navigateur-edge-963328.html
Linux dans Windows 10, comment ça marche ?
http://www.tomshardware.fr/articles/linux-ubuntu-windows10,1-59163.html
GOOGLE
------
In Europe, You’ll Need a VPN to See Real Google Search Results
http://news.hitb.org/content/europe-you’ll-need-vpn-see-real-google-search-results
http://www.wired.com/2016/03/europe-youll-need-vpn-see-real-google-search-results/
Google has doubled its bounty for a Chromebook hack to US$100,000
http://news.hitb.org/content/google-has-doubled-its-bounty-chromebook-hack-us100000
Google Security Expert Criticizes Meaningless Antivirus Excellence Awards
http://news.hitb.org/content/google-security-expert-criticizes-meaningless-antivirus-excellence-awards
APPLE / IPHONE
--------------
PALM / PRE
----------
FREE
----
GEEK POWER
----------
eero: A Mesh WiFi Router Built for Security
http://news.hitb.org/content/eero-mesh-wifi-router-built-security
http://krebsonsecurity.com/2016/03/eero-a-mesh-wifi-router-built-for-security/
How I Stopped Studying to Make This Toy
http://www.tripwire.com/state-of-security/security-awareness/how-i-stopped-studying-to-make-this-toy/
Potato-Powered Security Device Is Unique
http://news.hitb.org/content/potato-powered-security-device-unique
http://www.ubergizmo.com/2016/04/potato-powered-security-device-is-unique/
LIBRE / OPEN SOURCE
-------------------
Opera propose un navigateur anti-pub pour Windows, Mac et Linux
http://www.01net.com/actualites/opera-propose-un-navigateur-anti-pub-pour-windows-mac-et-linux-958174.html
Mozilla campaign encourages people to understand encryption
http://news.hitb.org/content/mozilla-campaign-encourages-people-understand-encryption
Microsoft extends open source push with developer productivity tools
http://news.hitb.org/content/microsoft-extends-open-source-push-developer-productivity-tools
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
Dridex Botnet Spreading Locky Ransomware Via JavaScript Attachments
http://news.hitb.org/content/dridex-botnet-spreading-locky-ransomware-javascript-attachments
http://www.securityweek.com/dridex-botnet-spreading-locky-ransomware-javascript-attachments
Poseidon APT Group Identified As First Portuguese-Speaking Campaign
https://threatpost.com/10-year-poseidon-apt-group-identified-as-first-portuguese-speaking-campaign/116177/#sthash.bOgTzwVJ.dpuf
Marcher Trojan Morphs, Now Targets Porn Sites
https://threatpost.com/marcher-trojan-morphs-now-targets-porn-sites/116743/
MASSIVE MALVERTISING CAMPAIGN LANDS ON TOP WEBSITES
https://threatpost.com/massive-malvertising-campaign-lands-on-top-websites/116806/
Report: DDoS Attacks Grew in Number, Size, and Sophistication in Q4 2015
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/report-ddos-attacks-grew-in-number-size-and-sophistication-in-q4-2015/
L'infographie pour les plus pressés https://www.verisign.com/assets/infographic-ddos-trends-Q42015.pdf
A télécharger pour les plus courageux : https://www.verisign.com/en_US/security-services/ddos-protection/ddos-report/index.xhtml
Allez je vous donne le lien : https://www.verisign.com/assets/report-ddos-trends-Q42015.pdf
Lights, Camera, Disaster: DDoS Attack Scripts Are a Threat You Need to Know
http://www.tripwire.com/state-of-security/security-data-protection/lights-camera-disaster-ddos-attack-scripts-are-a-threat-you-need-to-know/
Docs With Malicious Macros Deliver Fileless Malware
http://news.hitb.org/content/docs-malicious-macros-deliver-fileless-malware
http://www.csoonline.com/article/3043571/security/documents-with-malicious-macros-deliver-fileless-malware-to-financial-transaction-systems.html
http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
The emails contained the recipients' names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. This attention to detail lent more credibility to spam messages and made it more likely that victims would open the attached documents, the researchers said.
Storing malicious code in the system registry, abusing the Windows PowerShell and adding malicious macros to documents are not new techniques. However, their combination can make for very potent and hard-to-detect attacks.
Big-name sites hit by rash of malicious ads spreading crypto ransomware
http://news.hitb.org/content/big-name-sites-hit-rash-malicious-ads-spreading-crypto-ransomware
Ransomware Propagation Tied to TeamViewer Account (UPDATED)
http://www.tripwire.com/state-of-security/latest-security-news/ransomware-propagation-tied-to-teamviewer-account/
TeslaCrypt 4.0: Bigger, Badder and Unbreakable
http://news.hitb.org/content/teslacrypt-40-bigger-badder-and-unbreakable
FILELESS POWERWARE RANSOMWARE FOUND ON HEALTHCARE NETWORK
https://threatpost.com/fileless-powerware-ransomware-found-on-healthcare-network/116998/
ESPIONAGE MALWARE, WATERING HOLE ATTACKS TARGET DIPLOMATS
https://threatpost.com/espionage-malware-watering-hole-attacks-target-diplomats/116600/
Former Employee Is Behind Devastating Ofcom Data Breach
http://news.hitb.org/content/former-employee-behind-devastating-ofcom-data-breach
Fraude au virement – Tentatives de détournement de 21 millions d’euros
http://www.zataz.com/tentatives-de-detournement-de-21-millions-deuros/#kcKzD5HB1RjcffPV.99
Augmentation significative du nombre de domaines malveillants
http://www.zataz.com/augmentation-significative-nombre-de-domaines-malveillants/#85p4Kis60sP7dSYm.99
Ransomware Hackers Are Coming For Your Health Records
http://europe.newsweek.com/ransomware-hackers-coming-your-health-records-445285
Ransomware: Locky, TeslaCrypt, Other Malware Families Use New Tool To Evade Detection
http://researchcenter.paloaltonetworks.com/2016/04/unit42-ransomware-locky-teslacrypt-other-malware-families-use-new-tool-to-evade-detection/
Jigsaw Ransomware Threatens to Delete Your Files, Free Decrypter Available
http://news.softpedia.com/news/jigsaw-ransomware-threatens-to-delete-your-files-free-decrypter-available-502824.shtml
Rokku Ransomware shows possible link with Chimera
https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/
Keygen alert: free password generator released for PETYA ransomware
http://betanews.com/2016/04/10/free-petya-password-generator/
http://download.bleepingcomputer.com/fabian-wosar/PetyaExtractor.zip
https://petya-pay-no-ransom.herokuapp.com/
ROOT SERVERS WERE NOT TARGETS OF 2015 DDOS ATTACK
https://threatpost.com/root-servers-were-not-targets-of-2015-ddos-attack/117082/
FAILLES
-------
Two-year-old Java flaw re-emerges due to broken patch
http://news.hitb.org/content/two-year-old-java-flaw-re-emerges-due-broken-patch
http://www.infoworld.com/article/3043064/security/two-year-old-java-flaw-re-emerges-due-to-broken-patch.html
D'innombrables extensions Firefox vulnérables à un nouveau type d’attaque
http://www.01net.com/actualites/un-grand-nombre-d-extensions-firefox-vulnerable-a-un-nouveau-type-d-attaque-964205.html
http://www.buyukkayhan.com/publications/ndss2016crossfire.pdf
iPhone : Apple corrige la faille de Siri qui permettait d’accéder à vos photos sans code
http://www.01net.com/actualites/siri-une-faille-permet-d-acceder-aux-contacts-et-aux-photos-d-un-iphone-sans-saisir-de-code-964433.html
DATA LEAKAGE
------------
1.5M Verizon Enterprise Customer Records Found For Sale on Dark Web
http://www.tripwire.com/state-of-security/latest-security-news/1-5m-verizon-enterprise-customer-records-found-for-sale-on-dark-web/
OUTILS
------
Has your network been compromised? Use RITA to find out
http://news.hitb.org/content/has-your-network-been-compromised-use-rita-find-out
https://www.helpnetsecurity.com/2016/03/11/network-compromised-use-rita/
CheckMyHTTPS, l’anti interception Man in the Middle SSL/TLS
http://www.zataz.com/checkmyhttps-lanti-interception-ssltls/#v8Pb7Kyqb6yiIKGO.99
https://checkmyhttps.net
GitHarvester: Finding Data on GitHub
http://www.tripwire.com/state-of-security/security-awareness/githarvester-finding-data-on-github/
YAHOO DEPLOYS PASSWORDLESS ACCOUNT KEY TOOL
https://threatpost.com/yahoo-deploys-passwordless-account-key-tool/116892/
Google rend gratuite une formidable suite d’outils pour la photographie
http://www.01net.com/actualites/google-offre-gratuitement-une-formidable-suite-d-outils-pour-la-photographie-962062.html
Comment créer un vaccin contre le ransomware Locky
https://www.lexsi.com/securityhub/comment-creer-un-vaccin-contre-le-ransomware-locky/
Surf anonyme et sécurisé pour votre smartphone et tablette
http://www.zataz.com/vpn-smartphone-tablette/#5euv2IrefPW6chAO.99
BinDiff Now Free, To Delight of Security Researchers
http://news.hitb.org/content/bindiff-now-free-delight-security-researchers
https://threatpost.com/bindiff-now-free-to-delight-of-security-researchers/116912/
Qubes OS 3.1 has been released
http://news.hitb.org/content/qubes-os-31-has-been-released
https://www.qubes-os.org/news/2016/03/09/qubes-os-3-1-has-been-released/
Vivaldi 1.0 : le nouveau navigateur pensé pour les internautes exigeants
http://www.01net.com/actualites/vivaldi-1-0-un-navigateur-pour-internautes-exigeants-965063.html
------------
01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml
Je n'avais vu le contexte exact, mais avais eu l'info. Je confirme, c'est quand même très "Ouate de Phoque comme explication.
==============================================================================================================================================
Allez, une des dernières Veille sans commentaires. Enfin j'espère, il faut que je reprenne les bonnes habitudes et supprime les mauvaises.
Bonne lecture.
Tristan
==============================================================================================================================================
R.I.P
-----
Le père de l’email et re-découvreur de l'arobase est mort
http://www.01net.com/actualites/le-pere-de-l-email-et-re-decouvreur-de-l-arobase-est-mort-957020.html
A LIRE SECURITE
---------------
Classe et simplement expliqué
https://medium.com/@norsec0de/hunting-the-automated-pentesting-unicorn-eb1295b1e6c0#.49ajsywqm
RSA Conference Preview: Dreaming of Indicators of Compromise
http://www.tripwire.com/state-of-security/incident-detection/rsa-preview-dreaming-of-ioc/
The most vulnerable time for hacking revealed
http://news.hitb.org/content/most-vulnerable-time-hacking-revealed
http://www.stuff.co.nz/technology/digital-living/77226650/the-most-vulnerable-time-for-hacking-revealed
https://www.proofpoint.com/sites/default/files/human-factor-report-2016.pdf
Are you prepared to respond to ransomware the right way?
http://news.hitb.org/content/are-you-prepared-respond-ransomware-right-way
http://www.csoonline.com/article/3037018/leadership-management/are-you-prepared-to-respond-to-ransomware-the-right-way.html
Defending Your Network Against DDoS Attacks
http://www.tripwire.com/state-of-security/security-awareness/defending-your-network-against-ddos-attacks/
How Can we Remember all Those Passwords?
http://www.tripwire.com/state-of-security/security-awareness/38629/
Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group
https://threatpost.com/operation-blockbuster-coalition-ties-destructive-attacks-to-lazarus-group/116422/#sthash.W1jTxWoX.dpuf
#CyberChoices – How Parents Can Dissuade Their Children from Becoming Online Criminals
http://www.tripwire.com/state-of-security/security-awareness/cyberchoices-how-parents-can-dissuade-their-children-from-becoming-online-criminals/
DOSSIERS
--------
Obama to Appoint First Federal Chief Information Security Officer
http://www.tripwire.com/state-of-security/latest-security-news/obama-to-appoint-first-federal-chief-information-security-officer/
Chiffrement et informatique quantique: les mystères qui entourent les choix de la NSA
http://www.01net.com/actualites/chiffrement-et-informatique-quantique-un-mystere-entoure-la-nsa-955822.html
INSOLITE
--------
UN PETIT GESTE POUR LA PLANETE
------------------------------
FACEBOOK AND SOCIAL NETWORKS
----------------------------
Twitter Has a New App, But This One’s Just for Coders
http://news.hitb.org/content/twitter-has-new-app-one’s-just-coders
http://www.wired.com/2016/02/twitter-has-a-new-app-but-this-ones-just-for-coders/
Instagram rolls out two-factor authentication to improve security
http://news.hitb.org/content/instagram-rolls-out-two-factor-authentication-improve-security
A BOOKMARKER
------------
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
RSAC: Innovation Sandbox Presents Ten of the Best
http://news.hitb.org/content/rsac-innovation-sandbox-presents-ten-best
http://www.infosecurity-magazine.com/news-features/rsac-innovation-sandbox-presents/
IdiOTie
-------
The IoT industry needs an ID standard. Let’s name it id-IoT ;-))
Objets connectés : le réseau français Sigfox, une passoire en matière de sécurité ?
http://www.01net.com/actualites/objets-connectes-le-reseau-francais-sigfox-une-passoire-en-matiere-de-securite-957875.html
Ils ont hacké le réseau électrique avec… des climatiseurs
http://www.01net.com/actualites/ils-ont-hacke-le-reseau-electrique-avec-des-climatiseurs-950582.html
Bouygues Telecom veut connecter tous nos objets à son réseau LoRa
http://www.01net.com/actualites/bouygues-telecom-veut-connecter-tous-nos-objets-a-son-reseau-lora-951203.html
BANQUES
-------
MasterCard to roll out 'selfie' authentication
http://news.hitb.org/content/mastercard-roll-out-selfie-authentication
Source Code For Android Banking Malware Leaked
https://threatpost.com/source-code-for-android-banking-malware-leaked/116380/
Santiago Pontiroli and Roberto Martinez on ATM Jackpotting
https://threatpost.com/santiago-pontiroli-and-roberto-martinez-on-atm-jackpotting/116406/
Threat Detection Techniques – ATM Malware
http://blogs.rsa.com/threat-detection-techniques-atm-malware/?linkId=21412746
http://blogs.rsa.com/wp-content/uploads/2016/02/ATM-Paper_Feb-16_final.pdf
Weak Bank Password Policies Leave 350 Million Vulnerable, Say Researchers
https://threatpost.com/weak-bank-password-policies-leave-350-million-vulnerable-say-researchers/116574/
Challenger bank buys digital gaming specialist
http://www.computerweekly.com/news/4500278248/Challenger-bank-acquires-digital-gaming-specialist
PRODUITS
--------
Internet à 100 Mbit/s par satellite, c'est pour bientôt !
http://www.01net.com/actualites/l-internet-a-100-mbits-par-satellite-c-est-pour-bientot-950870.html
Startup PatternEx Launches AI Platform for Network Security
http://news.hitb.org/content/startup-patternex-launches-ai-platform-network-security
http://www.eweek.com/security/startup-patternex-launches-ai-platform-for-network-security.html
BON A SAVOIR
------------
VTech waves off security responsiblity after major 2015 breach
http://news.hitb.org/content/vtech-waves-security-responsiblity-after-major-2015-breach
http://www.digitaltrends.com/computing/vtech-disclaimer-of-responsibility-for-data-breach-losses/
Instagram va enfin lancer la double authentification sur vos comptes
http://www.01net.com/actualites/instagram-commence-a-doubler-la-securite-de-vos-comptes-952390.html
La double authentification est déjà de mise sur nombre de services, même si elle reste souvent optionnelle.
Twitter, Google, Facebook (propriétaire d’Instagram), LinkedIn ou encore Amazon l’ont tous déjà déployée.
Le Bitcoin est-il promis à une mort lente ?
http://www.01net.com/actualites/le-bitcoin-est-il-promis-a-une-mort-lente-956284.html
5 Reasons SAP Security Matters
http://news.hitb.org/content/5-reasons-sap-security-matters
http://www.darkreading.com/operations/5-reasons-sap-security-matters-/d/d-id/1324468
Opera Becomes First Major Web Browser to Introduce Native Ad-Blocking Feature
http://www.tripwire.com/state-of-security/latest-security-news/opera-becomes-first-major-web-browser-to-introduce-native-ad-blocking-feature/
SCIENCES
--------
Samsung veut nous identifier grâce à nos veines
http://www.01net.com/actualites/samsung-travaille-a-l-identification-par-la-forme-des-veines-949818.html
Samsung livre le plus grand SSD du monde, avec une capacité de 15 To
http://www.01net.com/actualites/samsung-livre-le-plus-grand-ssd-du-monde-avec-une-capacite-de-15-to-956202.html
Fujitsu établit la transmission sans fil la plus rapide du monde
http://www.01net.com/actualites/fujitsu-etablit-la-transmission-sans-fil-la-plus-rapide-du-monde-949376.html
Researchers create super-efficient Wi-Fi
http://news.hitb.org/content/researchers-create-super-efficient-wi-fi
http://arstechnica.com/information-technology/2016/02/researchers-create-super-low-power-wi-fi/
Des chercheurs inventent un Wi-Fi 10 000 fois plus économe en énergie
http://www.01net.com/actualites/un-wi-fi-basse-consommation-pour-l-internet-des-objets-954213.html
Des chercheurs ont créé un support de stockage… éternel
http://www.01net.com/actualites/des-chercheurs-creent-un-support-de-stockage-eternel-952089.html
CONSOMMATION
------------
RACHAT / UNION
--------------
DROIT
-----
La Cnil se dote d'un nouveau site web
http://www.les-infostrateges.com/actu/16022141/la-cnil-se-dote-d-un-nouveau-site-web
La pénurie d'adresses IPv4, un obstacle pour le flicage de la Hadopi
http://www.01net.com/actualites/la-penurie-d-adresses-ipv4-un-obstacle-pour-le-flicage-de-la-hadopi-952412.html
White House Wants to Renegotiate U.S. Implementation of Wassenaar
https://threatpost.com/white-house-wants-to-renegotiate-u-s-implementation-of-wassenaar/116531/
The Need for Encryption Legislation
http://blog.isc2.org/isc2_blog/2016/03/the-need-for-encryption-legislation.html
Données à caractère personnel : Nouvelle mouture du projet de Règlement européen
http://www.les-infostrateges.com/actu/16022146/donnees-a-caractere-personnel-nouvelle-mouture-du-projet-de-reglement-europeen
MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
9 opérateurs, principalement européens, créent une alliance contre les OTT
http://www.reseaux-telecoms.net/actualites/lire-9-operateurs-principalement-europeens-creent-une-alliance-contre-les-ott-27601.html
CARRIERE
--------
MICROSOFT
---------
Windows 10 se connecte dans votre dos aux serveurs de Microsoft
http://www.01net.com/actualites/windows-10-se-connecte-dans-votre-dos-aux-serveurs-de-microsoft-949808.html
GOOGLE
------
Google : du moteur de recherche au moteur de réponses ? [Très intéressant]
http://www.les-infostrateges.com/actu/16032148/google-du-moteur-de-recherche-au-moteur-de-reponses
https://www.youtube.com/watch?time_continue=9&v=4yrL9bgnqoU
APPLE / IPHONE
--------------
1er Janvier 1970 : la date qui tue les iPhone et iPad
http://www.01net.com/actualites/111970-la-date-qui-tue-les-iphone-et-ipad-951131.html
PALM / PRE
----------
FREE
----
GEEK POWER
----------
LIBRE / OPEN SOURCE
-------------------
Nous avons installé et testé Remix OS, l’Android pour PC
http://www.01net.com/actualites/nous-avons-installe-et-teste-remix-os-l-android-pour-pc-949334.html
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
The Pirate Bay devient le plus gros site de streaming illégal au monde
http://www.01net.com/actualites/pirate-bay-devient-le-plus-gros-site-de-streaming-au-monde-949793.html
WordPress Infections Leading to TeslaCrypt Ransomware
https://threatpost.com/wordpress-infections-leading-to-teslacrypt-ransomware/116149/
Exploiting WPA2 In a Citywide Wi-Fi
http://www.tripwire.com/state-of-security/security-awareness/exploiting-wpa2-in-a-city-wide-wi-fi/
Exploit Kits as a Service – How Automation Is Changing the Face of Cyber Crime
https://heimdalsecurity.com/blog/exploit-kits-service-automation-changing-face-cyber-crime/
New Silverlight Attacks Appear in Angler Exploit Kit
https://threatpost.com/new-silverlight-attacks-appear-in-angler-exploit-kit/116409/
Angler Exploit Kit updated to target PCs and Macs with Silverlight attack
http://www.hotforsecurity.com/blog/angler-exploit-kit-updated-to-target-pcs-and-macs-with-silverlight-attack-13449.html
IP Box : cracker le mot de passe d’un iPhone pour 200 dollars
http://www.zataz.com/ip-box-cracker-password-iphone/
PIGNOUFS
--------
Piratage et vol de données signés par des Anonymous pour un espace du Ministère de la Défense
http://www.zataz.com/piratage-et-vol-de-donnees-pour-un-espace-du-ministere-de-la-defense/#UXUU3HRF6EWDu4ZB.99
FAILLES
-------
Firefox 45 Fixes 40 Vulnerabilities, 22 Critical
https://threatpost.com/firefox-45-fixes-40-vulnerabilities-22-critical/116682/
Google Releases Security Update for Chrome 49
http://www.tripwire.com/state-of-security/latest-security-news/google-chrome-49-fixes-security-bugs-displays-extensions-in-toolbar/
Google lumps Malwarebytes with a bad security report and a lot of homework
http://news.hitb.org/content/google-lumps-malwarebytes-bad-security-report-and-lot-homework
Drupal Update Fixes 10 Vulnerabilities, One Critical......et c'est le dernier train de maintenance pour la version 6........
https://threatpost.com/drupal-update-fixes-10-vulnerabilities-one-critical/116466/
Un comble : la plupart des antivirus sont truffés de failles de sécurité !
http://www.01net.com/actualites/les-logiciels-de-securite-epingles-car-hautement-vulnerables-955474.html
Is Relying on Anti-virus Making You Insecure?
http://www.tripwire.com/state-of-security/security-awareness/relying-anti-virus-making-insecure/
OUTILS
------
Comment protéger ses objets connectés avec un Raspberry Pi
http://www.01net.com/actualites/comment-proteger-ses-objets-connectes-avec-un-raspberry-pi-955478.html
Best Open Source Software for Windows 10
http://news.hitb.org/content/best-open-source-software-windows-10
http://www.datamation.com/open-source/best-open-source-software-for-windows-10.html
------------
01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml
R.I.P.......................
1er Janvier 1970 : la date qui tue les iPhone et iPad
http://www.01net.com/actualites/111970-la-date-qui-tue-les-iphone-et-ipad-951131.html
Mon petit conseil c'est de vous assurer que votre NTP provient d'un serveur que vous connaissez, maitrisez.
Tristan
==============================================================================================================================================
Allez hop, de retour dans les bacs, bon sans commentaires, mais ça va revenir. L'important c'est d'alimenter le blog avec des informations si ce n'est utiles, au moins divertissantes.
Bonne lecture
Tristan
==============================================================================================================================================
A LIRE SECURITE
---------------
Baromètre de la cyber-sécurité des entreprises
http://www.les-infostrateges.com/actu/16012128/barometre-de-la-cyber-securite-des-entreprises
http://www.opinion-way.com/pdf/cesin_-_barometre_de_la_cyber-securite_des_entreprises_-_vague_1_-_janvier_2016.pdf
Cyber Crime Costs Projected To Reach $2 Trillion by 2019
http://news.hitb.org/content/cyber-crime-costs-projected-reach-2-trillion-2019
http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#2715e4857a0b2a10de433bb0
https://cybertab.boozallen.com
https://dflabs.leadpages.co/cost-per-data-breach/
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation
https://threatpost.com/sloth-attacks-up-ante-on-sha-1-md5-deprecation/115807/
http://www.mitls.org/downloads/transcript-collisions.pdf
5 Information Security Trends for 2016
http://www.tripwire.com/state-of-security/security-awareness/5-infosec-trends-for-this-year/
- ONLINE EXTORTION WILL BE MORE PREVALENT IN 2016
- THE INTERNET OF THINGS MAY HARM SOMEONE
- CHINA WILL DRIVE MOBILE MALWARE GROWTH AND GLOBALLY, MOBILE PAYMENT METHODS WILL BE ATTACKED
- DATA PROTECTION OFFICERS ARE A NECESSITY, BUT LESS THAN 50% OF ORGANIZATIONS WILL HAVE THEM BY THE END OF 2016
- CYBERCRIME LEGISLATION WILL EMBRACE GLOBALIZATION
Top 10 (ISC)² Secure Webinars of 2015
http://blog.isc2.org/isc2_blog/2016/01/top-10-isc²-secure-webinars-of-2015.html
Online Security Conferences
https://www.tunnelsup.com/online-security-conferences/
Cracking Ransomware
http://blog.cylance.com/cracking-ransomware
Security Slice: Diffusing DDoS Damage
http://www.tripwire.com/state-of-security/security-slice-podcast/security-slice-diffusing-ddos-damage/
Tackling Point-Of-Sale Threat From the Inside Out [Légèrement publi-communiqué, mais pertinent]
http://www.tripwire.com/state-of-security/regulatory-compliance/pci/tackling-point-of-sale-threat-from-the-inside-out/
http://www.tripwire.com/register/point-of-sale-or-point-of-compromise-securing-pos-systems/?registered [Ressources]
http://www.tripwire.com/register/retail-cyberthreat-summit-insights-and-strategies-from-industry-experts/ [Video]
https://labs.opendns.com/pos-breaches/ [Timeline]
Gestion de crise SSI
https://www.lexsi.com/securityhub/gestion-de-crise-ssi/
DDoS Attacks Increased by 180% Compared to 2014, Reveals Akamai Report
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/ddos-attacks-increased-by-180-compared-to-2014-reveals-akamai-report/
DOSSIERS
--------
Quand le chef hacker de la NSA explique comment se protéger des pirates
http://www.01net.com/actualites/quand-le-chef-hacker-de-la-nsa-explique-comment-se-proteger-des-hackers-947495.html
Les trois principaux vecteurs d’attaques sont – sans surprise – l’e-mail, les sites web et les clés USB.
Government Agencies Audit for Juniper Backdoor
https://threatpost.com/government-agencies-audit-for-juniper-backdoor/116021/
I(DI)OT(IE)
-----------
CANTACT: AN OPEN TOOL FOR AUTOMOTIVE EXPLOITATION
https://www.blackhat.com/asia-16/briefings.html#cantact-an-open-tool-for-automotive-exploitation
Feds don’t need crypto backdoors to spy—your TV and toothbrush will do
http://news.hitb.org/content/feds-don’t-need-crypto-backdoors-spy—your-tv-and-toothbrush-will-do
http://arstechnica.com/tech-policy/2016/02/feds-dont-need-crypto-backdoors-to-spy-your-tv-and-toothbrush-will-do/
Inexpensive Webcam Turned into Backdoor
https://threatpost.com/inexpensive-webcam-turned-into-backdoor/115854/
http://blog.vectranetworks.com/blog/turning-a-webcam-into-a-backdoor
Internet of Things security is so bad, there’s a search engine for sleeping kids
http://news.hitb.org/content/internet-things-security-so-bad-there’s-search-engine-sleeping-kids
Les Français face aux objets connectés et à l'usage des données
http://www.les-infostrateges.com/actu/16012119/les-francais-face-aux-objets-connectes-et-a-l-usage-des-donnees
http://ifop.fr/?option=com_publication&type=poll&id=3250
INSOLITE
--------
Le plus vieux fichier partagé avec BitTorrent est en ligne... depuis douze ans!
http://www.01net.com/actualites/le-plus-vieux-fichier-partage-avec-bittorrent-est-en-ligne-depuis-douze-ans-946313.html
Le champion de l’année
http://www.zataz.com/le-champion-de-lannee/
Un utilisateur Mac visite une page porno et la retrouve… dans Diablo 3
http://www.01net.com/actualites/un-utilisateur-mac-visite-une-page-porno-et-la-retrouve-apres-dans-diablo-iii-942755.html
Partage automatique pornographique sur Facebook
http://www.zataz.com/partage-automatique-pornographique-sur-facebook/
BANQUE
------
HSBC Online Banking Services Shut Down Following DDoS Attacks
http://www.tripwire.com/state-of-security/latest-security-news/hsbc-online-banking-services-shut-down-following-ddos-attacks/
Attaque DDoS à l’encontre des serveurs de la banque HSBC
Read more at http://www.zataz.com/attaque-ddos-a-lencontre-des-serveurs-de-la-banque-hsbc/#p0IsvBEI3sDy6T7R.99
URLZone Back, Targeting Banks in Japan
https://threatpost.com/urlzone-back-targeting-banks-in-japan/116107/
Android.Bankosy malware targets 'voice' two-factor authorisation
http://www.scmagazineuk.com/androidbankosy-malware-targets-voice-two-factor-authorisation/article/465903/
Computers at three banks, pharmaceutical company hacked; hackers demand ransom in bitcoins
http://news.hitb.org/content/computers-three-banks-pharmaceutical-company-hacked-hackers-demand-ransom-bitcoins
Asacub Transitions from Spyware to Banking Malware
https://threatpost.com/asacub-transitions-from-spyware-to-banking-malware/115961/
The developers behind malware really kicked it into high gear during New Year’s week. From Dec. 28 to Jan. 4, Kaspersky Lab noted attempts to infect upwards of 7,000 users, but claims activity has declined since
Ransomware Attack Campaign Caused Millions of Dollars in Damages for Indian Banks, Pharma
http://www.tripwire.com/state-of-security/latest-security-news/ransomware-attack-caused-millions-of-dollars-in-damages-for-indian-banks-pharma/
La fin mystérieuse d'un gang de pirates de comptes bancaires
http://www.01net.com/actualites/fin-mysterieuse-du-gang-de-pirates-bancaires-dyreza-950244.html
DRONES
------
Spies in the Sky : drones israéliens piratés
Read more at http://www.zataz.com/spies-in-the-sky-drones-israeliens-pirates/#syWmEHyzKEKPwXCD.99
UN PETIT GESTE POUR LA PLANETE
------------------------------
FACEBOOK AND SOCIAL NETWORKS
----------------------------
A BOOKMARKER
------------
SALONS / CONFERENCES / EVENEMENTS
---------------------------------
FIC 2016
Ils notifient une faille sur un site web puis reçoivent la visite des gendarmes
http://www.01net.com/actualites/ils-notifient-une-faille-sur-un-site-web-puis-recoivent-la-visite-des-gendarmes-945669.html
PRODUITS
--------
Everykey, un bracelet connecté pour en finir avec la galère des mots de passe
http://www.01net.com/actualites/everykey-le-bracelet-qui-deverrouille-smartphones-ordinateurs-sites-web-942706.html
La mémoire vive la plus rapide au monde devrait doper nos PC dès cette année
http://www.01net.com/actualites/samsung-sa-memoire-vive-la-plus-rapide-au-monde-devrait-doper-nos-pc-gamers-des-cette-annee-944947.html
Sony : ce petit projecteur portable transforme une table ou un mur en écran
http://www.01net.com/actualites/sony-ce-petit-projecteur-portable-transforme-une-table-ou-un-mur-en-ecran-944900.html
TappLock is a padlock with a fingerprint sensor to open
http://news.hitb.org/content/tapplock-padlock-fingerprint-sensor-open
BON A SAVOIR
------------
Oracle deprecates the Java browser plugin, prepares for its demise
http://news.hitb.org/content/oracle-deprecates-java-browser-plugin-prepares-its-demise
Flash n'aurait plus que deux ans à vivre
http://www.01net.com/actualites/flash-n-aurait-plus-que-deux-ans-a-vivre-947149.html
Amazon Certificate Manager Brings Free SSL Certs to AWS Users
See more at: https://threatpost.com/amazon-certificate-manager-brings-free-ssl-certs-to-aws-users/116025/#sthash.si8gIkrb.dpuf
Amazon Certificate Manager Brings Free SSL Certs to AWS Users
https://threatpost.com/amazon-certificate-manager-brings-free-ssl-certs-to-aws-users/116025/#sthash.4Of2ZTpa.dpuf
In A UEFI World, "rm -rf /" Can Brick Your System
http://news.hitb.org/content/uefi-world-rm-rf-can-brick-your-system
http://www.phoronix.com/scan.php?page=news_item&px=UEFI-rm-root-directory
Cloud Security Alliance says infosec wonks would pay $1m ransoms
http://news.hitb.org/content/cloud-security-alliance-says-infosec-wonks-would-pay-1m-ransoms
“123456” and “password” Once Again Top Annual Worst Passwords Ranking
http://www.tripwire.com/state-of-security/latest-security-news/123456-and-password-once-again-top-annual-worst-passwords-ranking/
SCIENCES
--------
COBALT : un nouveau supercalculateur d'1,4 petaflops pour le CEA
http://www.01net.com/actualites/le-cea-investit-dans-un-nouveau-supercalculateur-de-14-pflops-949030.html
L’armée américaine développe la puce ultime pour la guerre électronique
http://www.01net.com/actualites/l-armee-americaine-developpe-la-puce-ultime-pour-la-guerre-electronique-943286.html
CONSOMMATION
------------
RACHAT / UNION
--------------
FireEye buys iSight Partners for $200 million
http://news.hitb.org/content/fireeye-buys-isight-partners-200-million
DROIT
-----
Liens hypertextes : la députée responsable de l’amendement défend sa position
http://www.01net.com/actualites/liens-hypertextes-la-deputee-responsable-de-l-amendement-defend-sa-position-944952.html
Un traitement est constitué avec une seule donnée personnelle
http://www.legalis.net/spip.php?page=breves-article&id_article=4871
Droit au déréférencement sur Google hors d'Europe : les choses bougent
http://www.les-infostrateges.com/actu/16012129/droit-au-dereferencement-sur-google-hors-d-europe-les-choses-bougent
Les Députés veulent protéger les lanceurs d’alertes… oui mais
Read more at http://www.zataz.com/les-deputes-veulent-proteger-les-lanceurs-dalertes-oui-mais/#UtdgUC5zr9ywPTQT.99
La Cour de cassation précise la notion de "traitement de donnée à caractère personnel"
http://www.les-infostrateges.com/actu/16012122/la-cour-de-cassation-precise-la-notion-de-traitement-de-donnee-a-caractere-personnel
MARCHE DE L'INFORMATIQUE ET DES TELECOMS (MAIS PAS QUE)
-------------------------------------------------------
Le prix d’un serveur dans le Cloud n’a jamais été aussi bas
http://www.larevuedudigital.com/2016/01/19/le-prix-dun-serveur-dans-le-cloud-na-jamais-ete-aussi-bas/
CARRIERE
--------
AGIR POUR LA SÉCURITÉ DU NUMÉRIQUE EN FRANCE AVEC L’ANSSI – 100 POSTES À POURVOIR D’ICI 2017
http://www.ssi.gouv.fr/actualite/agir-pour-la-securite-du-numerique-en-france-avec-lanssi-100-postes-a-pourvoir-dici-2017
Informaticiens : des salaires à la hausse en 2016 sauf pour les chefs de projet
http://www.larevuedudigital.com/2015/12/29/informaticiens-des-salaires-a-la-hausse-en-2016-sauf-pour-les-chefs-de-projet/
Les pratiques de recrutement génèrent une tension artificielle dans l’informatique
http://www.larevuedudigital.com/2016/01/02/les-pratiques-de-recrutement-generent-une-tension-artificielle-dans-linformatique/
Une faille béante dans l’antivirus Trend Micro rendait les PC 100% vulnérables
http://www.01net.com/actualites/une-faille-beante-dans-l-antivirus-trend-micro-rendait-les-pc-100percent-vulnerables-943028.html
MICROSOFT
---------
Microsoft Edge : son mode de navigation privée ne serait pas privé... du tout
http://www.01net.com/actualites/microsoft-edge-son-mode-de-navigation-privee-ne-serait-pas-prive-du-tout-947075.html
Surprise, il y a du code Linux dans la dernière version de Windows 10
http://www.01net.com/actualites/tiens-il-y-a-du-linux-dans-la-derniere-version-de-windows-10-948979.html
Windows 10 se connecte dans votre dos aux serveurs de Microsoft
http://www.01net.com/actualites/windows-10-se-connecte-dans-votre-dos-aux-serveurs-de-microsoft-949808.html
GOOGLE
------
Google teste une procédure d'authentification sans mot de passe
http://www.01net.com/actualites/google-teste-une-procedure-d-authentification-sans-mot-de-passe-939128.html
APPLE / IPHONE
--------------
Ce code en accès libre pourrait transformer une appli iOS en malware
http://www.01net.com/actualites/il-est-possible-d-inserer-des-malwares-dans-les-applis-ios-par-javascript-948111.html
PALM / PRE
----------
FREE
----
Free propose enfin l’accès distant et sécurisé au serveur FTP de la Freebox
http://www.01net.com/actualites/free-propose-enfin-l-acces-distant-au-serveur-ftp-de-la-freebox-948428.html
GEEK POWER
----------
Numbers don’t lie—it’s time to build your own router
http://news.hitb.org/content/numbers-don’t-lie—it’s-time-build-your-own-router
http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/
LIBRE / OPEN SOURCE
-------------------
Socle interministériel des logiciels libres 2016
https://references.modernisation.gouv.fr/sites/default/files/SILL-2016-socle-interministeriel-logiciels-libres.pdf
Chrome et Firefox seront bientôt plus rapides grâce à un nouvel algorithme de compression
http://www.01net.com/actualites/chrome-et-firefox-seront-bientot-dotes-d-un-nouvel-algorithme-de-compression-945038.html
NayuOS : Chrome OS sans Google et 100 % libre
http://www.01net.com/actualites/nayuos-le-chrome-os-sans-google-et-100-percent-libre-948400.html
ATTAQUES, PHISHING, PIRATAGE, VERS, VIRUS, ETC....
--------------------------------------------------
EE and O2 mobile networks hit by mystery outage
http://www.computerweekly.com/news/4500270602/EE-and-O2-mobile-networks-hit-by-mystery-outage
DRIDEX BORROWS TRICKS FROM DYRE, TARGETS U.K. USERS
https://threatpost.com/dridex-borrows-tricks-from-dyre-targets-u-k-users/115952/
Over 40% of UK Security Breaches in 2015 Involved Ransomware, Study Finds
http://www.tripwire.com/state-of-security/latest-security-news/over-40-of-uk-security-breaches-in-2015-involved-ransomware-study-finds/
Researchers Disclose Default Credentials for Over 100 ICS/SCADA Products
http://www.tripwire.com/state-of-security/latest-security-news/scada-researchers-disclose-default-credentials-for-over-100-ics-products/
https://github.com/scadastrangelove/SCADAPASS/blob/master/scadapass.csv
Plus d'un demi-miliard de terminaux Android vulnérables à une faille dans le noyau Linux
http://www.01net.com/actualites/plus-de-60-percent-des-terminaux-android-vulnerables-par-une-faille-dans-le-noyau-linux-944978.html
"La bonne nouvelle, c’est que l’exploitation de cette faille nécessite d’avoir déjà un premier accès au système, soit physiquement, soit au travers d’une application que l’utilisateur aura installée"
BlackEnergy APT Group Spreading Malware via Tainted Word Docs
See more at: https://threatpost.com/blackenergy-apt-group-spreading-malware-via-tainted-word-docs/116043/#sthash.ijfgmwkX.dpuf
4 Factors Behind the Rise of Exploit Kits as a Service
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/4-factors-behind-the-rise-of-exploit-kits-as-a-service/
Sénat, Assemblée Nationale, Parti Socialiste : Anonymous lance une cybermanif
http://www.zataz.com/senat-assemblee-nationale-parti-socialiste-anonymous-lance-une-cyber-manifestation-sur-le-web-francais/#vW3WLDHs56SPYXB3.99
Stolen Uber, PayPal Accounts More Coveted than Credit Cards on the Dark Web
http://www.tripwire.com/state-of-security/latest-security-news/stolen-uber-paypal-accounts-more-coveted-than-credit-cards-on-the-dark-web/
Attackers Dropping Kasidet Bot via Office Macros
https://threatpost.com/attackers-dropping-kasidet-bot-via-office-macros/116090/
Arnaque au président : les alertes se multiplient
http://www.zataz.com/arnaque-au-president-les-alertes-se-multiplient/
Bot Fraud to Cost Advertisers $7 Billion in 2016
https://threatpost.com/bot-fraud-to-cost-advertisers-7-billion-in-2016/115940/
https://www.tagtoday.net/aboutus/
DDoS Attacks Increased by 180% Compared to 2014, Reveals Akamai Report
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/ddos-attacks-increased-by-180-compared-to-2014-reveals-akamai-report/
Under the Hood of Cryptowall 4.0
http://www.tripwire.com/state-of-security/security-awareness/under-the-hood-of-cryptowall-4-0/
Neutrino, RIG Exploit Kits Ring in 2016 with New Servers, Tactics and Payloads
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/neutrino-rig-exploit-kits-ring-in-2016-with-new-servers-tactics-and-payloads/
FAILLES
-------
Bug in Magento puts millions of e-commerce sites at risk of takeover
http://news.hitb.org/content/bug-magento-puts-millions-e-commerce-sites-risk-takeover
http://arstechnica.com/security/2016/01/bug-in-magento-puts-millions-of-e-commerce-merchants-at-risk-of-takeover/
Hard-Coded Password Found in Lenovo File-Sharing App
https://threatpost.com/hard-coded-password-found-in-lenovo-file-sharing-app/115998/#sthash.1YaFNF38.dpuf
Chromodo Browser Disables Same-Origin Policy
https://threatpost.com/chromodo-browser-disables-same-origin-policy/116131/
OUTILS
------
routerkeygenAndroid
https://github.com/routerkeygen/routerkeygenAndroid
Router Keygen generate default WPA/WEP keys for many SOHO routers
VirusTotal Supports Firmware Scanning
https://threatpost.com/virustotal-supports-firmware-scanning/116072/
http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html
Dumping BIOS TOOLS
https://bitbucket.org/blackosx/darwindumper/downloads
https://github.com/chipsec/chipsec
https://www.blackhat.com/docs/us-13/US-13-Butterworth-BIOS-Security-Code.zip
https://flashrom.org/Flashrom
La protection des données proposée par Firefox
Read more at http://www.zataz.com/la-protection-des-donnees-proposee-par-firefox/#T2ltJAwsCWlEyzDf.99
Votre patron espionne-t-il vos communications chiffrées ? Faites le test !
http://www.01net.com/actualites/votre-patron-espionne-t-il-vos-flux-ssl-faites-le-test-612328.html
Chiffrement facile et rapide de vos données
Read more at http://www.zataz.com/chiffrement-facile-et-rapide-de-vos-donnees/#yOT9Quu4hPeY1HoT.99
EMET 5.5 – Update Released for Microsoft’s Best Kept Secret
http://www.tripwire.com/state-of-security/security-data-protection/microsoft-emet/
------------
01net. Actualités || http://feediz.01net.com/synd/2203.xml
01net. Les actualites Entreprise || http://feediz.01net.com/synd/2205.xml
A Day in the Life of an Information Security Investigator || http://rss.ittoolbox.com/rss/security-investigator.xml
Actualités intrusion/hacking || http://feeds.feedburner.com/idg_fr/rt2/intrusion-hacking/rss
Actualités Open Source || http://feeds.feedburner.com/idg_fr/rt2/open-source/rss
Actualités satellite || http://feeds.feedburner.com/idg_fr/rt2/satellite/rss
Black Hat Announcements || https://www.blackhat.com/BlackHatRSS.xml
Ciscomag || http://feeds.feedburner.com/ciscomag
Finjan MCRC Blog: Posts || http://www.finjan.com/MCRCblog_RSS_feed.aspx
Hack In The Box || http://www.hackinthebox.org/backend.php
Infosecurity Magazine || http://www.infosecurity-magazine.com/RSS/LiveFeed.xml
Latest Security Advisories || http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory
Le blog des experts || http://expert.01net.com/expert/feed/rss2
Ma petite parcelle d'Internet... || http://sid.rstack.org/blog/rss.php
McAfee Avert Labs || http://feeds.feedburner.com/McafeeAvertLabsBlog
Microsoft Security Bulletins || http://www.microsoft.com/technet/security/bulletin/secrss.aspx
OSVDB Most Recent Stable Entries || http://osvdb.org/backend/rss.php
Seb's guide || http://www.smtechnologie.com/backend.php
SecuriTeam.com || http://www.securiteam.com/securiteam.rss
SecurityFocus News || http://www.securityfocus.com/rss/news.xml
SecurityFocus Vulnerabilities || http://www.securityfocus.com/rss/vulnerabilities.xml
SecurityTracker Vulnerability Headlines || http://news.securitytracker.com/server/affiliate?61D319BD39309004
silicon.com : || http://feeds.silicon.com/0,39025093,40000024,00.htm
TaoSecurity || http://taosecurity.blogspot.com/atom.xml
TechNet Magazine RSS Feed || http://www.microsoft.com/technet/technetmag/rss/newrss.aspx?issue=true
Toute l'actualité sécurité informatique || http://feeds.vulnerabilite.com/vuln-actu
Toutes les actualités || http://www.reseaux-telecoms.net/rss/rss.xml
ZATAZ News || http://feeds.feedburner.com/ZatazNews
(ISC)2 Blog || http://feeds.feedburner.com/isc2Blog
Following The white Rabbit Blog || http://feeds.feedburner.com/RafalLos
Sécurité des réseaux et des Si - Orange Business Services || http://blogs.orange-business.com/securite/atom.xml
Les-infostrateges.com : flux général || http://www.les-infostrateges.com/rss/cat/?num=1
moxie's blog | http://blog.thoughtcrime.org/rss.xml
Merci à Zataz pour la remontée d'information.....Je ne l'avais pas vu. Et comme nul n'est censé ignorer la loi, je transmets aussi....
Punir la simple visite d’un site Internet Interdit
http://www.zataz.com/punir-la-simple-visite-dun-site-internet-interdit/#t1vocHGWsuBairCv.99
Tristan
/fdata%2F3623501%2Favatar-blog-1141323782-tmpphp3EdOiO.jpeg){kind=avatar}
