Tout ce qu’il ne fallait pas manquer cette semaine dans votre veille #Cybersécurité. Bonne lecture !
—
Cybersecurity hiring crisis: Rockstars, anger and the billion dollar problem
At no time in history has there been a greater need to hire security professionals to protect and defend infrastructures from an inexhaustible onslaught of organized crime, industrial espionage, and nation-state attacks.
http://www.zdnet.com/cybersecurity-hiring-crisis-rockstars-anger-and-the-billion-dollar-problem-7000032924/
Pakistan is a FinFisher customer, leak confirms
In the first week of this month, someone hacked into the servers of FinFisher, the notorious surveillance software maker, which was reported to have two command and control servers inside Pakistan last year. The hackers got hold of whatever they could find on the server and leaked it as a torrent.
http://digitalrightsfoundation.pk/2014/08/pakistan-is-a-finfisher-customer-leak-confirms/
Snowden: The Deception Question
Epstein, Edward Jay. James Jesus Angleton: Was He Right? Even Angleton’s harshest critics at the CIA, such as William Colby, recognized that the KGB planted misleading clues in intelligence channels.
http://cryptome.org/2014/08/snowden-deception-question.htm
Gouvernance d’Internet : est-ce le bon mot ?
C’est d’ailleurs l’ambiguïté du mot « gouvernance » qui est problématique. Mais le débat s’est trop focalisé sur la question de la tutelle de l’ICANN.
http://www.egeablog.net/index.php?post%2F2014%2F08%2F28%2FGouvernance-d-Internet
Why Pay for AV When It’s Free?
I was at my local supermarket the other day, walking down the canned food aisle, and I saw 21 different brands of peas. Yes, peas. They are all grown under essentially the same conditions in the same way, yet there are dozens of brands all of which vary in price.
https://blogs.rsa.com/13893/
L’escroquerie «au président» fait des ravages en entreprises
L’escroquerie aux faux ordres de paiement a causé, selon un document de la police, «aux entreprises françaises un préjudice global supérieur à 200 millions d’euros».
http://www.lefigaro.fr/actualite-france/2014/08/27/01016-20140827ARTFIG00358-l-escroquerie-au-president-fait-des-ravages-en-entreprises.php
Espionnage chinois en France : le rapport qui acccuse
Dans son numéro de septembre, Vanity Fair dévoile le contenu d’un rapport secret remis à l’Élysée, qui dresse un panorama détaillé des menées de l’espionnage industriel chinois contre les intérêts français.
http://m.vanityfair.fr/actualites/france/articles/espionnage-chinois-en-france-le-rapport-qui-acccuse/15402
Le FBI enquête sur des cyberattaques peut-être en provenance de Russie
Une attaque informatique sophistiquée qui aurait permis de voler plusieurs gigaoctets de données à des banques américaines intrigue le FBI.
http://www.lemonde.fr/ameriques/article/2014/08/28/le-fbi-enquete-sur-des-cyberattaques-peut-etre-en-provenance-de-russie_4477865_3222.html
Cybersecurity official uses Tor but still gets caught with child porn
The former acting cybersecurity director for the US Department of Health and Human Services, Tim DeFoggi, was convicted yesterday on three child porn charges.
http://arstechnica.com/tech-policy/2014/08/federal-cybersecurity-official-going-to-jail-on-child-porn-charges/
We Must Secure America’s Cell Networks—From Criminals and Cops
This month, FCC Chairman Tom Wheeler revealed, in response to a letter from Congressman Alan Grayson, that his agency is assembling a task force “to combat the illicit and unauthorized use of IMSI catchers.
http://www.wired.com/2014/08/we-must-secure-americas-cell-networks-from-criminals-and-cops-alike/
50 confirmed, possibly more Norwegian oil companies hacked
50 Norwegian oil and energy companies have been hacked, and 250 more have been warned to check their networks and systems for evidence of a breach, The Local reports. Among the likely targets is Statoil, Norway’s largest oil company.
http://www.net-security.org/secworld.php
Firewalls seem like a fixture of IT security, having been used for more than 15 years in most business environments to protect our internal assets from the scary nasties that are out there on the big bad internet. Of course, the origin of the term comes from the automotive business.
http://nakedsecurity.sophos.com/2014/08/27/there-is-no-inside-how-to-get-the-most-from-your-firewall/
Fortinet establishes R&D lab in Singapore
Fortinet is setting up a research and development (R&D) lab in Singapore to provide global threat intelligence and emergency threat response to its customers.
http://www.zdnet.com/sg/fortinet-establishes-r-and-d-lab-in-singapore-7000033006/#ftag=RSS14dc6a9
Cybersécurité au cinéma : la fiction est-elle à la hauteur de la réalité ?
Extrait du synopsis du film Firewall : « Cadre supérieur d’une grande banque de Seattle, il a mis au point un « pare-feu » ultrasophistiqué, qu’aucun hacker n’a jamais réussi à pénétrer.
http://www.solucominsight.fr/2014/08/cybersecurite-au-cinema-fiction-hauteur-realite/
Facts on cybercrime threats in Turkey
CSIS Security Group A/S has briefly engaged with IT Security specialist Stefan Frei, PhD, in order to analyze the volume of Big Data that CSIS stores and which highlights different persistent malware families targeting Turkey. The report is now being made publicly available.
http://www.csis.dk/en/csis/news/4351/
How to Avoid 10 Common Active Directory Mistakes
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
http://www.cio.com/article/2599128/application-security/how-to-avoid-10-common-active-directory-mistakes.html#tk.rss_all
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Beginning next year, if you buy a cell phone in California that gets lost or stolen, you’ll have a built-in ability to remotely deactivate the phone under a new “kill switch” feature being mandated by California law—but the feature will make it easier for police and others to disable th
http://www.wired.com/2014/08/how-cops-and-hackers-could-abuse-californias-new-phone-kill-switch-law/
Air Force looks to get proactive on cyber defense
The Air Force has put out a call for a range of proactive cyber defenses, including self-healing software and deceptive capabilities that could fool cyber attackers.
http://defensesystems.com/articles/2014/08/12/air-force-cyber-resilience.aspx
INDE • Gouvernement recrute hackers, 18 ans si possible
New Delhi s’apprête à employer des dizaines de milliers de pirates informatiques pour sécuriser ses installations stratégiques. La condition : être jeune et patriote.
http://www.courrierinternational.com/article/2014/08/26/gouvernement-recrute-hackers-18-ans-si-possible
Great Ambitions: Canada’s SIGINT Agency Tries to Cover the Globe
Who better to take on the grunt work of finding vulnerable machines than machines? According to the Landmark slides, the next step for CSEC was to essentially built an app.
http://www.matthewaid.com/post/95813297731
Surveillance : la NSA a créé son propre « Google »
Un véritable « Google made in NSA » : c’est ainsi que le site The Intercept, fondé par le journaliste Glenn Greenwald, qui a divulgué les documents secrets d’Edward Snowden, décrit le programme ICReach, dont il a dévoilé l’existence ce lundi.
http://www.lemonde.fr/pixels/article/2014/08/26/surveillance-la-nsa-a-cree-son-propre-google_4476822_4408996.html
Researcher details how malware gives AV the slip
Researcher James Wyke has discovered throw-off tactics used by malware to frustrate investigators.
http://www.theregister.co.uk/2014/08/26/researcher_details_how_malware_gives_av_the_slip/
To deter cyberattacks, build a public-private partnership
Cyberattacks loom as an increasingly dire threat to privacy, national security and the global economy, and the best way to blunt their impact may be a public-private partnership between government and business, researchers say.
http://phys.org/news/2014-08-deter-cyberattacks-public-private-partnership.html
ICREACH : How the NSA Built Its Own Secret Google -The Intercept
The National Security Agency is secretly providing data to nearly two dozen U.S.
https://firstlook.org/theintercept/article/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton/
Does the White House’s cybersecurity czar need to be a coder? He says no.
Many cybersecurity experts vented frustrations on Twitter yesterday about a recent interview by White House cybersecurity coordinator Michael Daniel published by Gov Info Security.
http://www.washingtonpost.com/blogs/the-switch/wp/2014/08/22/does-the-white-houses-cybersecurity-czar-need-to-be-a-coder-he-says-no/
Données de clients piratées : la CNIL juge Orange coupable, et puis c’est tout
Condamnée au pilori. En avril dernier, Orange avait alerté ses abonnés d’une nouvelle intrusion dans ses fichiers clients, qui a concerné les noms, prénoms, dates de naissance, adresse e-mail et numéros de téléphones de 1,3 millions de clients et prospects.
http://www.numerama.com/magazine/30336-donnees-de-clients-piratees-la-cnil-juge-orange-coupable-et-puis-c-est-tout.html
Secret Service estimates type of malware that led to Target breach is affecting over 1,000 U.S. businesses
The type of point of sale, or PoS, malware that resulted in massive credit card breaches from Target and other retailers over the past year is more widespread than previously reported, an advisory from the Department of Homeland Security and the Secret Service revealed Friday.
http://www.washingtonpost.com/blogs/the-switch/wp/2014/08/22/secret-service-estimates-type-of-malware-that-led-to-target-breach-is-affecting-over-1000-u-s-businesses/
Le Premier ministre dote l’Etat de sa première Politique globale de sécurité des systèmes d’information (PSSIE)
Portée par une circulaire du Premier ministre signée le 17 juillet 2014, la PSSIE fixe les règles de protection applicables aux systèmes d’information de l’État.
http://www.ssi.gouv.fr/fr/menu/actualites/le-premier-ministre-dote-l-etat-de-sa-premiere-politique-globale-de-securite.html
The Sabu Effect: An Interview with Jay Leiderman
The knock at the door. The blinding lights, the shouted orders, the helmets, the uniforms, the guns, the confusion, the melee. The raid.
http://thecryptosphere.com/2014/08/22/the-sabu-effect-an-interview-with-jay-leiderman/
L’escroc fabriquait de fausses façades de distributeurs
Pour se livrer à ses escroqueries, il avait recours à du matériel de pointe… A l’aide d’une imprimante 3D dernier cri, un homme de 34 ans est parvenu à modéliser puis fabriquer des fausses façades de distributeurs automatiques de billets (DAB).
http://www.leparisien.fr/faits-divers/l-escroc-fabriquait-de-fausses-facades-de-distributeurs-22-08-2014-4079261.php
Sécurité : pourquoi ça ne marche pas
Oksana, Erol et Yeshe sont tous trois journalistes, respectivement en Ukraine, en Turquie et au Tibet. Jeudi 26 juin, ils étaient à Paris pour raconter à un public de hackers et bidouilleurs leur travail quotidien face aux menaces, à la censure et à la surveillance en ligne.
http://blog.barbayellow.com/2014/08/16/securite-pourquoi-ca-ne-marche-pas/
—
Vous pouvez également vous abonner à cette veille #Cybersécurité via un flux RSS dédié :
https://www.cyber-securite.fr/category/veille-cyber/feed
Vous aimerez aussi cet article: