Skip to main content

Recherche

Éléments taggés infosec


 
Des #hackers iraniens ont volé plus de 6 TB de #données à l'entreprise américaine Citrix

Les hackers ont infiltré le logiciel de la firme qui fournit sa solution a plusieurs agences gouvernementales américaines dont le FBI et la Nasa.

https://siecledigital.fr/2019/03/14/des-hackers-iraniens-ont-vole-plus-de-6-tb-de-donnees-a-lentreprise-americaine-citrix/
#infosec #cybersecurity #cybersecurite
Image/photo


 
Les #hackers n’ont pas à se fouler. Certaines données sensibles sont déjà en libre accès

Lundi 11 mars, l’entreprise de cybersécurité Adversis révélait que des documents, parfois sensibles, de 90 entreprises se trouvaient facilement en ligne. Un incident devenu banal. On vous explique pourquoi.

https://www.ladn.eu/tech-a-suivre/les-hackers-nont-pas-a-se-fouler-certaines-donnees-sensibles-sont-en-libre-acces/amp/

#infosec #securite #cybersecurity #cybersecurite
Image/photo


 
Comment améliorer sa #sécurité sur #internet ?

Alors que les gouvernements et les entreprises se préoccupent plus que jamais de #cybersécurité, à Je vote pour la science cette semaine, on passe en mode solution: quelques astuces pour améliorer votre sécurité sur Internet.

https://www.sciencepresse.qc.ca/baladodiffusion/2019/03/06/comment-ameliorer-securite-internet

#infosec #cybersecurity
Image/photo


 
Google Play–more than 200 apps contain "SimBad" adware, downloaded more than 150 million times:

https://techcrunch.com/2019/03/13/new-android-adware-google-play/

– the malware masquerades as an ad-serving platform
– SimBad is mostly contained in free games
– list of infected apps: https://assets.documentcloud.org/documents/5766854/SimBad-AppList-Package.txt

#simbad #malware #adware #android #google #googleplay #infosec #cybersecurity #security


 
WordPress 5.1–critical exploit chain that enables an unauthenticated attacker to gain remote code execution on any WordPress installation:

https://blog.ripstech.com/2019/wordpress-csrf-to-rce/

– exploit is possible due to a CSRF vulnerability in comment forms
– fixed in WordPress 5.1.1

#wordpress #rce #csrf #wordpress5 #infosec #cybersecurity #security


 
If you're in NZ and wanting to get into Information Security or are interested in it, in a safe/diverse environment, there's a new group starting up. Project Wednesday. https://www.linkedin.com/groups/10431979/ #infosec


 
"Une attaque identifiée et pratiquée depuis des années" : pourquoi la vague de piratage en cours sur internet ne doit pas nous faire paniquer - https://www.francetvinfo.fr/internet/securite-sur-internet/une-attaque-identifiee-et-pratiquee-depuis-des-annees-pourquoi-la-vague-de-piratage-en-cours-sur-internet-ne-doit-pas-nous-faire-paniquer_3204117.html

> L'organisme international qui attribue les noms de domaine alerte sur une vague d'attaques informatiques d'une ampleur inédite. Mais, selon un expert de la sécurité informatique, la réalité est moins alarmante.

cc @bortzmeyer

#Internet #Connerie #infosec #fakenews ?


 
Un gendarme #internet prévient d'une attaque de grande ampleur

San Francisco (AFP) - L'organisme international qui attribue les adresses internet (ICANN) a averti vendredi que des attaques informatiques massives étaient en cours contre des noms de domaine internet, qui définissent les adresses des sites, dans le monde.

https://www.nouvelobs.com/topnews/20190222.AFP2119/un-gendarme-internet-previent-d-une-attaque-de-grande-ampleur.html

#infosec #cybersecurity
Image/photo


 
Oh hey, I should do an #introductions post!

I love technology and struggle a lot with how it's being used under capitalism. I'm slowly trying to learn more about #infosec, because if I'm going to stay in tech as a career field that's the speciality that most interests me. I've 'also done devops-esque work, fixed server hardware, and risked my life in fun and exciting ways in datacenters.

I also do sci-fi/fantasy writing and tabletop game development, though the latter has been mostly on hold for some time.

Excited to meet new people on here and learn new things! You can expect many posts of me flailing as I learn various pieces of technology (I'm working on #Python right now), and excited cheerleading of other peoples' projects.


 
Comment sécuriser vos mots de passe sur tous vos appareils

Reprenez le contrôle de vos mots de passe en abandonnant les gestionnaires intégrés aux navigateurs Web et en migrant tous vos identifiants dans un gestionnaire tiers sécurisé, synchronisé sur tous vos appareils.

https://www.01net.com/astuces/comment-securiser-vos-mots-de-passe-sur-tous-vos-appareils-1630888.html

#motdepasse #password #bitwarden #securite #security #infosec
Image/photo


 
Hello les freelances! J'ai une mission qu'on m'a envoyée pour les gens qui veulent faire un peu de #sécurité. En gros, une startup aimerait avoir une vérification de leur code/installation. Ça intéresse quelqu'un ? Démarrage dès que possible. #mission #infosec #joffreunjob


 
How long should my #password be? - ProtonMail Blog

A strong password doesn’t have to be 30 characters long. But if you’re using an eight-character password, you have a good chance of being hacked. This article will help you understand how long your password should be. For decades, information #security experts have tried to get people to create stronger passwords by requiring a minimum …

https://protonmail.com/blog/how-long-should-my-password-be/

#infosec #securite #motdepasse
Image/photo


 
@mike it's important to be on top when it comes to #infosec


 
Do you set up a Turris Omnia or another OpenWrt-based router?

Check out our Home network security series:

https://infosec-handbook.eu/categories/home-network-security/

We cover first steps with Turris Omnia, HTTPS and TLS hardening, SMB/Nextcloud on the Omnia, Omnia as an ad blocker, and client-side DNS security features. There's more to come.

Ideas and feedback are welcome.

#homenetwork #turris #omnia #openwrt #networksecurity #security #cybersecurity #infosec #dns #nextcloud #adblocking


 
Many free mobile VPN apps are based in China:

https://www.zdnet.com/article/many-free-mobile-vpn-apps-are-based-in-china-or-have-chinese-ownership/

– 17 of the 30 apps analyzed had formal links to China, either being a legally registered Chinese entity or by having Chinese ownership
– 86 percent of the apps he analyzed had "unacceptable privacy policies"
– some VPN apps share data with third-parties, tracking users, and sending and sharing data with Chinese third-parties

#vpn #china #tracking #privacy #security #infosec


 
Apple désactive temporairement les conversations groupées sur Facetime à cause d’une faille - https://www.lemonde.fr/pixels/article/2019/01/29/apple-desactive-temporairement-les-conversations-groupees-sur-facetime-a-cause-d-une-faille_5416024_4408996.html

> Le problème permettait à une personne d’activer à distance le micro du téléphone, et dans certains cas, la caméra, en lançant une conversation groupée avant que le destinataire ne décroche. Facetime considérait alors que la conversation était active, et transmettait ce que le micro du destinataire captait.

#Apple #infosec #Facetime #sécurité


 
Publication de la mise à jour de Debian 9.7 - https://www.debian.org/News/2019/20190123

> Le projet Debian a l'honneur d'annoncer la septième mise à jour de sa distribution stable Debian 9 (nommée "Stretch"). Cette mise à jour intègre la récente mise à jour de sécurité pour APT, afin d'assurer que les nouvelles installations de Stretch ne sont pas vulnérables. Aucune autre mise à jour n'est incluse.

#Debian #APT #infosec


 
DNS flag day–changes affecting Extension mechanisms for DNS (EDNS):

https://dnsflagday.net/

– on or around Feb 1st, 2019, major open source resolver vendors will release updates that implement stricter EDNS handling, and public DNS provides will disable workarounds
– as a DNS server admin, check your EDNS compliance
– see also: https://www.isc.org/blogs/dns-flag-day/

#dns #security #infosec #cybersecurity #dnsflagday #edns #compliance


 
In saying #infosec there's two types of people that immediately spring to mind

Those who want to lock everything down, secure everything, then secure it more, then encrypt that shit. 15 methods of security when 13 are entirely surplus to requirements.

The other are people who talk about how secure everything they work on is, all the precautions they take even in their personal life, but oh yes they have every home appliance hooked up to the internet including the sink and alexa in every room.


 
Piratage : des données de cartes bancaires volées sur des sites marchands français

Un groupe de pirates a ciblé, en janvier, des sites d’e-commerce français avec Adverline, une régie publicitaire.

https://www.lemonde.fr/pixels/article/2019/01/21/piratage-des-donnees-de-cartes-bancaires-volees-en-france-a-travers-des-publicites-en-ligne_5412273_4408996.html

#infosec #hack #securite #CB #donnéesbancaires



 
Collection #1 : un gigantesque fichier révèle plus de 700 millions de comptes et mots de passe

le chercheur en sécurité Troy Hunt a signalé l’existence d’un méga fichier regroupant pas moins de 772 904 991 d’adresses mail uniques et 21 millions de mots de passe.

https://www.blogdumoderateur.com/gigantesque-fichier-revele-comptes/

#infosec #hack #Security #motdepasse #password


 
Hey #InfoSec #SysAdmin #FLOSS any good cross-platform backup solutions out there that would be usable by regular users?

Looking for something that supports incremental backups, has some form of a GUI, and good support for encrypted backups.

We tested Duplicati, but while it *runs* on different platforms, a backup created on one platform is not easily accessible from a different platform (because it stores drive letters and path OS-specific separators in the backups).

Halp?


 
#Coinbase suspend les transactions Ethereum Classic (ETC) après une attaque de « double dépense » - https://www.zdnet.fr/actualites/coinbase-suspend-les-transactions-ethereum-classic-etc-apres-une-attaque-de-double-depense-39878883.htm

> Les attaquants sont parvenus à mener onze attaques à bien et ont ainsi pu voler près de 88 500 ETC (environ 389.000 euros). En réaction, Coinbase a pris la décision de suspendre les transactions #Ethereum Classic (ETC).

#infosec #blockchain


 
35C3: Introducing OTR (Off-the-Record) version 4

https://github.com/otrv4/otrv4/blob/master/otrv4.md

– improved deniability properties by the use of a deniable authenticated key exchange (DAKE)
– improved forward secrecy through the use of double ratcheting
– works on top of an existing messaging protocol, such as XMPP

#otr #otrv4 #35c3 #xmpp #encryption #infosec #security #cybersecurity #dake #pfs


 
Pretty great talk about OTRv4 by @DrWhax at #35C3: "No Evidence of Communication and Morality in Protocols".

Watch it when you get the chance (and once it gets uploaded).

#InfoSec


 
Nearly 19,500 Orange LiveBox ADSL modems are leaking WiFi credentials:

https://www.zdnet.com/article/over-19000-orange-modems-are-leaking-wifi-credentials/

– vulnerability (CVE-2018-20377) allows a remote attacker to obtain the WiFi password and SSID for the modem's internal WiFi network just by accessing the modem's get_getnetworkconf.cgi
– nearly all modems are located in France and Spain
– see also https://github.com/zadewg/LIVEBOX-0DAY

#modem #adsl #orange #livebox #vulnerability #infosec #cybersecurity #security


 
This is really cool: Microsoft is embracing FIDO2 passwordless login using security keys for Microsoft accounts. The downside? It only works in Edge. https://www.pcmag.com/news/365053/microsoft-now-lets-you-unlock-your-accounts-with-security-ke #infosec
Image/photo


 
Instagram accidentally exposed some user passwords through its data download tool - https://www.theverge.com/2018/11/17/18100235/instagram-security-bug-exposed-user-passwords-data-download-tool

> Instagram has notified some of its users that their password might have been exposed due to a security bug, according to The Information (via Engadget). A spokesperson for the company says that the issue was “discovered internally and affected a very small number of people.”

#Instagram #Facebook #infosec


 
#Tinder : des millions de données intimes vendues par un Data Broker

Tinder, #OkCupid, Match.com, Plenty of Fish... les données personnelles de millions d'utilisateurs de sites de rencontre sont en vente sur le web.

https://www.lebigdata.fr/tinder-data-broker

#privacy #infosec #donneespersonnelles
Image/photo


 
Don't believe everything you read online about #ProtonMail - https://www.reddit.com/r/ProtonMail/comments/9xovso/dont_believe_everything_you_read_online_about/

> As many of you may be aware, earlier today, criminals attempted to extort ProtonMail by alleging a data breach, with zero evidence. An internal investigation turned up two messages from the criminals involved, which again repeated the allegations with zero evidence, and demanded payment. We have no indications of any breach from our internal infrastructure monitoring.

#infosec


 
#Protonmail compromis ? https://pastebin.com/bwvqHhbA

> Short Summary: We hacked Protonmail and have a significant amount of their data from the past few months. We are offering it back to Protonmail for a small fee, if they decline then we will publish or sell user data to the world.

#infosec #mail #security #zeroday


 
Is it just me or is Signal having some weird issues with message delivery and syncing messages between devices? #InfoSec


 
We are preparing our ethical and #security-focused technology products & services offering for your #business. You can help by taking a few minutes to fill out our survey or letting collaborators know about it! Check out https://puri.sm/enterprise/ #B2B #infosec
Image/photo


 
#podcast : "La cybersécurité est-elle vouée à l'échec ?"

Alors que les cyberattaques se succèdent et ne se ressemblent pas, les particuliers, les entreprises et les États ne sont pas toujours conscients des risques qu'ils encourent. Pourtant les règles de l’hygiène numérique sont relativement simples. Comment agir efficacement pour la #cybersécurité ?

https://www.franceculture.fr/emissions/du-grain-a-moudre/la-cybersecurite-est-elle-vouee-a-lechec

#sécurité #infosec
Image/photo


 
Hey #infosec I've some job interviews next week in the security industry, first time for me. Any good tips you might wanna share ? Reboost appreciated :)


 
#Facebook : les messages privés de 81.000 utilisateurs en vente sur Internet

Les données concernées auraient été volées grâce à des applications malicieuses installées sur le navigateur Internet des utilisateurs.

http://www.europe1.fr/technologies/facebook-les-messages-prives-de-81000-utilisateurs-en-vente-sur-internet-3792329

#privacy #vieprivee #donneespersonnelles #infosec #cybersecurite


 
Malicious Python libraries found on PyPI:

https://www.zdnet.com/article/twelve-malicious-python-libraries-found-and-removed-from-pypi/

– 12 libraries affected
– mainly typo-squatting is used
– libraries collect data, obtain boot persistence, try to open a reverse shell

#python #malware #library #infosec #cybersecurity #security #pypi


 
#InfoSec CVE-2018-14665 - Les distributions Linux et BSD qui utilisent le paquet X. Org Server sont vulnérables à une nouvelle faille dévoilée jeudi. https://www.zdnet.fr/actualites/nouvelle-faille-de-securite-sur-des-distributions-linux-et-bsd-39875633.htm (ZDNet France)
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html (Secure Patterns)


 
Mastodon :mastodon: security:

Additionally to the vulnerabilities discussed here [1], there are two other vulnerabilities fixed in Mastodon 2.5.2:

– nokogiri (1.8.5)
– XSS vulnerability

The remaining question: How many instances are vulnerable this time and remain vulnerable for weeks/months?

[1]https://mastodon.at/@infosechandbook/100940522638417331

#mastodon #security #vulnerability #infosec #security #cybersecurity #nokogiri #doorkeeper #xss


 
Mine de rien ça commence à faire un paquet de vidéos de moi "en plein onanisme" qui doivent circuler sur Internet !
(Rappel : Ne répondez JAMAIS à ce genre de mail, la menace est totalement fictive) #Cybersecurité #TousSecNum #Infosec
Image/photo


 
Simple Python3-based Signal :signal: APK downloader:

https://gist.github.com/infosec-handbook/0a20feef893376a7c1bbd9ff4c0216e3

It downloads the latest version which is directly available on signal.org and offers an integrity check.

(Improvements welcome.)

#signal #messenger #apk #infosec #security #cybersecurity


 
A five part article describing in detail the technical inaccuracies of the #Bloomberg #SuperMicro article and how implausible the attack was. Worth the read. #infosec #security #privacy
Investigating Implausible Bloomberg Supermicro Stories