Actus Sécurité Grand public 2015 S07

Une recherche, un ping, vous ont conduit ici ? Il s’agit d’un index d’actualités thématiques que j’ai trouvé intéressantes. Je vous invite à consulter le post d’introduction de cette ‘brève’ -veille perso- pour voir de quoi il s’agit. 

 

=> Pawn Storm Update: iOS Espionage App Found. 08/02/2015. «In our continued research on Operation Pawn Storm, we found one interesting poisoned pawn—spyware specifically designed for espionage on iOS devices. While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targeted attack (…).» En date du 04/02.
Source : blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/
Billets en relation :
22/10/2014. Pawn Storm Espionage Attacks Use Decoys, Deliver SEDNIT : www.trendmicro.com/vinfo/us/security/news/cyber-attacks/pawn-storm-espionage-attacks-use-decoys-deliver-sednit
09/02/2015. Un logiciel espion pour iPhone suspecté d’être lié à Moscou : www.lemonde.fr/pixels/article/2015/02/09/un-logiciel-espion-pour-iphone-suspecte-d-etre-lie-a-moscou_4572696_4408996.html

=> Sony Pictures, les nord-coréens, les russes : l’attribution quand on ne sait pas. 08/02/2015. «La société américaine Taia Global fondée et dirigée par Jeffrey Carr a publié le 4 février un rapport sur le piratage de Sony Pictures, l’une des cyber attaques les plus médiatisées de l’histoire. Elle a (re)mis le sujet de attribution sur le devant de la scène (…).»
Source : www.cyber-securite.fr/2015/02/08/sony-pictures-les-nord-coreens-les-russes-lattribution-quand-on-ne-sait-pas/

=> DoS : Attaque type Slowloris. 09/02/2015. «Aujourd’hui une attaque DoS – le Firewall ASA offert par OVH sature à 10 000 connexions. Plutôt habitué à ces attaques, loin d’être la première et surement loin d’être la dernière (…).»
Source : forum.malekal.com/dos-attaque-type-slowloris-t50729.html

=> A Week in Security. 09/02/2015. «Senior Security Researcher Jérôme Segura found significant threats last week. On one hand, there was a fake Google Chrome update that drops a nasty ransomware; on the other hand, there was another 0-day spotted for Adobe’s Flash Player, making it the third found these past few days (…).» Diverses veilles ‘sécu’.
Source : blog.malwarebytes.org/online-security/2015/02/a-week-in-security-feb-01-07/
Billets en relation :
09/02/2015. Veille Cyber du 9 février 2015 : cyberland.centerblog.net/187-Veille-Cyber-du-9-fevrier-2015
09/02/2015. CERTFR-2015-ACT-006 : www.cert.ssi.gouv.fr/site/CERTFR-2015-ACT-006/CERTFR-2015-ACT-006.html
10/02/2015. Security News #0x80 : cyberoperations.wordpress.com/2015/02/10/security-news-0x80/
13/02/2015. What a Week! : blog.fortinet.com/post/what-a-week
13/02/2015. Newsletter Sécurité N°110 : us5.campaign-archive1.com/?u=7984711c6610214deca369bee&id=000fbdbb97
13/02/2015. Friday Summary : securosis.com/blog/friday-summary-february-13-2015

=> Uber Apparently Left Part of Its Lost and Found Database Public. 09/02/2015. «It’s not a minor thing: Customer and driver names, along with some customer phone numbers, and internal identification numbers are on the site, as are specific route and ride identification information. Specific route information is hidden behind a password-protected site, but still, not a good look (…).»
Source : motherboard.vice.com/read/uber-apparently-left-part-of-its-lost-and-found-database-public
Billets en relation :
10/02/2015. Uber left its lost-and-found database open to anyone on the internet : grahamcluley.com/2015/02/uber-database-open/

=> Comment la police veut filtrer le web pour lutter contre la pédopornographie. 10/02/2015. «Interpol est en train de constituer une base de données internationale d’empreintes numériques qui sera mise à disposition des acteurs du Net pour bloquer l’accès aux contenus illégaux. Un filtrage bien plus fin que celui basé sur le DNS (…).»
Source : www.01net.com/editorial/645022/comment-la-police-veut-filtrer-le-web-pour-lutter-contre-la-pedopornographie/
Billets en relation :
10/02/2015. Bilan 2014 du Point de Contact de l’AFA : www.pointdecontact.net/actualites/bilan_2014_du_point_de_contact_de_lafa_1062_contenus_pedopornographiques_supprimes_contre
10/02/2015. Effet Charlie : explosion des signalements d’apologie du terrorisme en ligne : www.latribune.fr/technos-medias/20150210trib83405d360/effet-charlie-explosion-des-signalements-d-apologies-du-terrorisme-en-ligne.html
11/02/2015. Les signalements de contenus pédopornographiques sont en nette hausse : www.numerama.com/magazine/32190-les-signalements-de-contenus-pedopornographiques-sont-en-nette-hausse.html

=> February 2015 Updates. 10/02/2015. «Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. (…).»
Source : blogs.technet.com/b/msrc/archive/2015/01/26/february-2015-updates.aspx
Billets en relation :
10/02/2015. One-Bit To Rule Them All: Bypassing Windows’ 10 Protections using a Single Bit : breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
10/02/2015. Microsoft Security Bulletin Summary for February 2015 : technet.microsoft.com/library/security/ms15-feb
10/02/2015. 15-year-old bug allows malicious code execution in all versions of Windows : arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/
11/02/2015. Une vulnérabilité critique affectant Windows Server 2003 ne sera pas corrigée : www.developpez.com/actu/81245/Une-vulnerabilite-critique-affectant-Windows-Server-2003-ne-sera-pas-corrigee-le-patch-necessite-de-re-architecturer-l-OS/
11/02/2015. New Windows JASBUG vulnerability requires immediate attention from systems administrators : www.symantec.com/connect/blogs/new-windows-jasbug-vulnerability-requires-immediate-attention-systems-administrators
12/02/2015. Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change : threatpost.com/patched-windows-kernel-mode-driver-flaw-exploitable-with-one-bit-change/111020
13/02/2015. Un seul bit pour mettre à genoux Windows : korben.info/un-seul-bit-pour-mettre-genoux-windows.html

=> Le Parlement européen bannit les apps Outlook pour iOS et Android. 10/02/2015. «Pour la DSI du Parlement européen, la façon dont les dernières apps Outlook pour iOS et Android stockent les mots de passe et les courriels dans le cloud pose des problèmes de sécurité. Il en a interdit l’utilisation à ses membres. (…).» En echo à une actualité évoquée en détail la semaine dernière.
Source : www.lemondeinformatique.fr/actualites/lire-le-parlement-europeen-bannit-les-apps-outlook-pour-ios-et-android-60196.html

=> The ‘sophisticated attack’ myth. 10/02/2015. «Ometimes I wonder whether any company will ever fall victim to an unsophisticated cyberattack. Because after every attack that comes to light, we hear that same excuse: It was a sophisticated attack (…).»
Source : www.computerworld.com/article/2882202/the-sophisticated-attack-myth.html

=> La Ville de Besançon en quarantaine pour un redoutable virus informatique . 10/02/2015. «La Ville de Besançon a été victime d’un cryptolocker, un redoutable virus informatique arrivé via un simple courriel. Pendant vingt-quatre heures, l’ensemble du parc informatique municipal a été coupé du reste du monde (…).» Un cryptolocker encore.
Source : www.estrepublicain.fr/actualite/2015/02/10/en-quarantaine-pour-un-virus
Billets en relation :
12/02/2015. CTB-Locker Ransomware Spoofs Chrome and Facebook Emails as Lures, Linked to Phishing : blog.trendmicro.com/trendlabs-security-intelligence/ctb-locker-ransomware-spoofs-chrome-and-facebook-emails-as-lures-linked-to-phishing/
14/02/2015. Les demandes de rançon en vogue : www.quechoisir.org/telecom-multimedia/internet/actualite-escroquerie-en-ligne-les-demandes-de-rancon-en-vogue

=> New agency to sniff out threats in cyberspace. 10/02/2015. «The Obama administration is establishing a new agency to combat the deepening threat from cyberattacks, and its mission will be to fuse intelligence from around the government when a crisis occurs (…).»
Source : www.washingtonpost.com/world/national-security/white-house-to-create-national-center-to-counter-cyberspace-intrusions/2015/02/09/a312201e-afd0-11e4-827f-93f454140e2b_story.html
Billets en relation :
10/02/2015. Judge Nap on New Cybersecurity Agency: ‘Lost Liberties Don’t Come Back’ : insider.foxnews.com/2015/02/10/judge-napolitano-obamas-new-cybersecurity-agency-cant-get-back-liberty-you-give-govt
10/02/2015. New Cyber Threat Center May Face Challenges : threatpost.com/new-cyber-threat-center-may-face-challenges/110973
10/02/2015. Les Etats-Unis créent une nouvelle agence de sécurité informatique : www.lemonde.fr/pixels/article/2015/02/10/les-etats-unis-creent-une-nouvelle-agence-de-securite-informatique_4573261_4408996.html
10/02/2015. The new Cyber Threat Intelligence Integration Center : www.lawfareblog.com/2015/02/the-new-cyber-threat-intelligence-integration-center/
12/02/2015. Obama to sign executive order on sharing cybersecurity threat information : www.washingtonpost.com/blogs/post-politics/wp/2015/02/12/obama-to-sign-executive-order-on-cybersecurity-threats/
12/02/2015. CTIIC: Naissance d’une nouvelle agence de CyberSécurité aux USA : www.sd-magazine.com/article.php?page=283
13/02/2015. How cyber-cops are taking the fight to online fraudsters : www.bbc.com/news/business-31157990
13/02/2015. Cybersécurité : Barack Obama tend la main à la Silicon Valley méfiante : www.lemonde.fr/pixels/article/2015/02/13/cybersecurite-barack-obama-tend-la-main-a-la-silicon-valley-mefiante_4576356_4408996.html
13/02/2015. Cybersécurité : Washington veut que les sociétés partagent plus de données : www.numerama.com/magazine/32219-cybersecurite-washington-veut-que-les-societes-partagent-plus-de-donnees.html

=> Virustotal – A first shot at false positives. 10/02/2015. «Our first shot at this is a project that we call trusted source. The goal of this first stage is to have huge software developers share the files in their software catalogue (…) Please note that this initiative is not open to potentially unwanted applications and adware developers (…).»
Source : blog.virustotal.com/2015/02/a-first-shot-at-false-positives.html
Billets en relation :
11/02/2015. Microsoft steps up in industry efforts on mitigating false positives : blogs.technet.com/b/mmpc/archive/2015/02/11/microsoft-steps-up-in-industry-efforts-on-mitigating-false-positives.aspx
11/02/2015. VirusTotal Starts Marking Trusted Files to Reduce False Positives : www.securityweek.com/virustotal-starts-marking-trusted-files-reduce-false-positives
13/02/2015. Programme « Trusted Source » de VirusTotal : www.developpez.com/actu/81353/Microsoft-et-Google-main-dans-la-main-pour-reduire-les-faux-positifs-dans-le-cadre-du-programme-Trusted-Source-de-VirusTotal/

=> Report: Anthem may have up to $200M in cyber insurance . 10/02/2015. «In the wake of its massive data breach, Anthem may have a substantial safety net in the form of cyber coverage from insurers. According to a recent report in Business Insurance, Anthem has $150 million to $200 million in cyber insurance, including excess layers of cyber coverage, insurance market sources told the publication (…).»
Source : www.scmagazine.com/report-anthem-may-have-up-to-200m-in-cyber-insurance/article/397460/
Billets en relation :
06/02/2015. AIG unit leads Anthem’s cyber coverage : www.businessinsurance.com/article/20150206/NEWS06/150209857/aig-unit-leads-anthems-cyber-coverage?tags=|83|299|302|329
09/02/2015. Anthem Breach May Have Started in April 2014 : krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/
09/02/2015. Lawsuits filed against Anthem, phishing scams abound : www.scmagazine.com/anthem-accused-of-not-safeguarding-data-in-four-suits/article/397214/
10/02/2015. Anthem Breach Prompts New York To Conduct Cybersecurity Reviews Of All Insurers : www.darkreading.com/anthem-breach-prompts-new-york-to-conduct-cybersecurity-reviews-of-all-insurers/d/d-id/1319039
11/02/2015. Fuites subies par Anthem : une attaque lente et silencieuse : www.sd-magazine.com/article.php?page=277
12/02/2015. How Anthem Shared Key Markers Of Its Cyberattack : www.darkreading.com/analytics/threat-intelligence/how-anthem-shared-key-markers-of-its-cyberattack/d/d-id/1319083
13/02/2015. Electronic health records and data abuse: it’s about more than medical info : www.welivesecurity.com/2015/02/13/medical-data-theft-fraud-ehr/

=> Londres accueille le premier incubateur européen de start-ups dédiées à la Cyber Sécurité. 10/02/2015. «Dans un contexte où les problématiques de cybersécurité se font de plus en plus pressantes, le développement de nouvelles technologies permettant de protéger les infrastructures des entreprises, organismes gouvernementaux ou particuliers constitue un enjeu majeur (…).»
Source : www.bulletins-electroniques.com/actualites/77852.htm

=> Mozilla to Enforce Signing for Firefox Extensions Soon. 11/02/2015. «In an effort to head off the problem of malicious or misbehaving browser add-ons, Mozilla is planning to require developers to have their Firefox extensions signed by the company in the near future (…).»
Source : threatpost.com/mozilla-to-enforce-signing-for-firefox-extensions-soon/110995
Billets en relation :
11/02/2015. Mozilla interdira les extensions non signées dans Firefox : www.numerama.com/magazine/32192-mozilla-interdira-les-extensions-non-signees-dans-firefox.html
11/02/2015. Add-on guidelines : developer.mozilla.org/en-US/Add-ons/Add-on_guidelines
12/02/2015. Firefox sacrifie la liberté pour la sécurité, lui aussi… : lehollandaisvolant.net/?d=2015/02/12/17/45/54-firefox-sacrifie-la-liberte-pour-la-securite-lui-aussi

=> Qui se cache derrière le Label France Cybersecurity ?. 11/02/2015. «Lors du FIC 2015, Axelle Lemaire remettait en grande pompe les premiers labels France Cybersecurity à 17 heureux élus, récompensant ainsi la fine fleur de la cybersécurité à la française. Vraie certification ou outil marketing ? (…).» Quelques éclaircissements à des questions posées depuis quelques temps, mais il reste des interrogations. Sceptique sur l’avenir de ce ‘label’ tant le lancement et les conditions d’attribution sont restés opaques.
Source : www.zdnet.fr/actualites/qui-se-cache-derriere-le-label-france-cybersecurity-39814500.htm
Billets en relation :
13/02/2015. Orange, Capgemini, Atos… : les 7 mercenaires français de la cybersécurité : www.silicon.fr/orange-capgemini-atos-7-mercenaires-francais-cybersecurite-108368.html
13/02/2015. France Cyber Security : une idée française de la sécurité française… : reflets.info/france-cyber-security-une-idee-francaise-de-la-securite-francaise/

=> The War Against Tor: Russia Takes Aim At Popular Web Anonymizer . 11/02/2015. «The Russian authorities apparently have a new enemy in their crosshairs: web tools that give users online anonymity (…).»
Source : www.rferl.org/content/russia-blocking-tor-anonymous-internet/26842171.html
Billets en relation :
11/02/2015. Russia readying for attempt to ban Tor, VPNs and other anonymising tools : thestack.com/russia-ban-tor-vpn-roskomnadzor-110215

=> Facebook Unveils Tool For Sharing Data On Malicious Botnets. 11/02/2015. «Facebook noticed the attack first. But Mark Hammell and his team couldn’t stop it without help from Tumblr, Pinterest, and others. This was about a year ago, and basically, a new botnet was using various social networking services—including Facebook, Tumblr, and Pinterest—to push malicious software onto machines across the net (…).»
Source : www.wired.com/2015/02/facebook-unveils-tool-sharing-data-malicious-botnets/
Billets en relation :
11/02/2015. Facebook ThreatExchange Platform Latest Hope for Information Sharing : threatpost.com/facebook-threatexchange-platform-latest-hope-for-information-sharing/110993
11/02/2015. ThreatExchange : threatexchange.fb.com/
12/02/2015. Acebook veut organiser la lutte contre les menaces informatiques : www.numerama.com/magazine/32194-facebook-veut-organiser-la-lutte-contre-les-menaces-informatiques.html
12/02/2015. Facebook, Twitter and other web firms battle botnets with ThreatExchange : www.theguardian.com/technology/2015/feb/12/facebook-twitter-web-botnets-threatexchange
12/02/2015. Source : twitter.com/ClausHoumann/status/565519173825363968

=> Hackers Phishing Leakers: A new BitCoin phishing social technique. 11/02/2015. «Recently I’m playing with a simple pastebin bot, basicaly it’s a crawler for the pastebin.com website that applies a few regular expressions to new pastes and saves interesting ones. Services like this are all around the internet, one example is the leakedin website where you can find potential data leaks almost in real time and it’s not new that hackers are already crawling for this kind of contents waiting for dumps, leaks or any sort of interesting data to use for malicious purposes (…).»
Source : www.evilsocket.net/2015/02/11/hackers-phishing-leakers-a-new-bitcoin-phishing-social-technique/

=> Telnet!? Really!?. 11/02/2015. «I was recently analyzing data from the HITME project that was collected during the month of January. I noticed a significant spike in the observed attacks against Telnet. I was surprised to see that Telnet was being targeted at such a high rate. After all, there can’t be that many devices left with Telnet exposed to the internet, right? (…).»
Source : stateofsecurity.com/?p=3633

=> Une arnaque bien fichue. 12/02/2015. «Huit heures et demi du matin, téléphone. C’est Nathalie qui décroche. Grésillement pénible de call-center mal insonorisé, et interlocuteur à l’accent indien à couper au couteau, qui explique en anglais que son ordinateur Windows a un problème (…).» L’arnaque est ancienne, mais peut induire en erreur presque n’importe qui sur un moment où on est moins vigilant.
Source : hyperbate.fr/fatras/2015/02/
Billets en relation :
11/04/2013. What happens if you play along with a Microsoft ‘tech support’ scam? : www.wired.co.uk/news/archive/2013-04/11/malwarebytes
02/07/2013. Fake Microsoft Support Call : www.youtube.com/watch?v=8a_edowfgl8
25/08/2014. Scamming Fake Microsoft Support Scammers : www.forbes.com/sites/marcochiappetta/2014/08/25/scamming-fake-microsoft-support-scammers/

=> Yet another ransomware variant. 12/02/2015. «Recently we caught what seems to be a new ransomware variant in our nets. The mail contained a file called “Transferencia devuelta pago erroneo” (translated: “Transfer back erroneous payment”) with the .cmd extension and is actually just an executable (…).»
Source : www.pandasecurity.com/mediacenter/malware/yet-another-ransomware-variant/
Billets en relation :
13/02/2015. Adding some additional information : bartblaze.blogspot.fr/2015/02/yet-another-ransomware-variant.html

=> Exploiting DNS Poisoning in Brazilian Boleto Fraud Scheme. 12/02/2015. «In recent months Brazilian criminal crews have started using DNS poisoning technique to target Brazilian Boletos (…).»
Source : securityaffairs.co/wordpress/33405/cyber-crime/exploiting-dns-poisoning-boleto-fraud.html
Billets en relation :
09/02/2015. DNS Poisoning Used In Boleto Fraud : blogs.rsa.com/dns-poisoning-used-boleto-fraud/
10/02/2015. VB2014 paper: P0wned by a barcode: stealing money from offline users : www.virusbtn.com/blog/2015/02_10.xml?rss

=> Feedback and data-driven updates to Google’s disclosure policy . 13/02/2015. «Disclosure deadlines have long been an industry standard practice. They improve end-user security by getting security patches to users faster. As noted in CERT’s 45-day disclosure policy, they also “balance the need of the public to be informed of security vulnerabilities with vendors’ need for time to respond effectively” (…).»
Source : googleonlinesecurity.blogspot.fr/2015/02/feedback-and-data-driven-updates-to.html?m=1
Billets en relation :
13/02/2015. Google Adds Grace Period to Disclosure Policy : threatpost.com/google-adds-grace-period-to-disclosure-policy/111050
13/02/2015. Google updates disclosure policy after Windows, OS X zero-day controversy : arstechnica.com/security/2015/02/google-updates-disclosure-policy-after-windows-os-x-zero-day-controversy/
13/02/2015. Vulnerability Research and Disclosure: Evolving To Meet Targeted Attacks : blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-research-and-disclosure-evolving-to-meet-targeted-attacks/

=> TechDays 2015 : Aperçu de la « Digital Crime Unit » de Microsoft. 13/02/2015. «Si l’édition 2015 des TechDays avait pour thème les promesses de l’Ambient Intelligence, les questions de sécurité n’étaient pas absentes pour autant. Un stand était notamment dédié à une équipe un peu spéciale chez Microsoft : la Digital Crime Unit (DCU) (…).»
Source : www.rslnmag.fr/post/2015/02/13/TechDays-2015-Apercu-de-la-Digital-Crime-Unit-de-Microsoft.aspx

=> Patchs de sécurité en environnement industriel : état des lieux (1/2) . 13/02/2015. «Le 25 Novembre dernier, l’ICS-CERT a publié un avis de sécurité nommé « ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities ». Cet avis concerne deux vulnérabilités majeures identifiées dans l’applicatif WinCC qui pourraient permettre (…).»
Source : www.lexsi-leblog.fr/audit/patchs-securite-en-environnement-industriel-etat-lieux.html
Billets en relation :
10/02/2015. Is Anonymous Attacking Internet Exposed Gas Pump Monitoring Systems in the US? : blog.trendmicro.com/trendlabs-security-intelligence/is-anonymous-attacking-internet-exposed-gas-pump-monitoring-systems-in-the-us/
12/02/2015. (Known) SCADA Attacks Over The Years : blog.fortinet.com/post/known-scada-attacks-over-the-years
15/02/2015. Informatique industrielle (SCADA), cessons d’être naïfs ! : informatiques-orphelines.fr//index.php?post/2015/02/12/Informatique-industrielle-%28SCADA%29%2C-cessons-d-%C3%AAtre-na%C3%AFfs-!

=> Bank Hackers Steal Millions via Malware. 14/02/2015. «In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment (…).»
Source : www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html
Billets en relation :
14/02/2015. Report: Millions stolen from banks through sophisticated malware : arstechnica.com/security/2015/02/report-millions-stolen-from-banks-through-sophisticated-malware/

=> Steamstealer Attacks Victims via Chat. 14/02/2015. «During the last few months, McAfee Labs has seen an increase in Steamstealer samples. The following chart shows the recent trend (…).»
Source : blogs.mcafee.com/mcafee-labs/steamstealer-attacks-victims-via-chat

 

Publié par

Gof

Canard boiteux numérique ; juste intéressé, juste passionné.