ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Datenschutz: Chinesischer Tiktok-Betreiber hat vollen Zugriff auf Daten | #Privacy #SocialMedia 

Datenschutz: Chinesischer Tiktok-Betreiber hat vollen Zugriff auf Daten | #Privacy #SocialMedia  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - June 20, 2022 11:20 AM

Chinesischer Tiktok-Betreiber hat vollen Zugriff auf Daten
"Alles wird in China eingesehen", heißt es in einem geleakten Bericht des Tiktok-Konzerns Bytedance. Die Firma hat Zugriff auf US-Daten.

Tiktok-Daten sind nicht unbedingt vor einer Einsicht sicher.
(Bild: Bytedance/Montage: Golem.de)

Die Social-Media-Videoplattform Tiktok steht im Verdacht, persönliche Userdaten von US-Kunden an die Unternehmenszentrale in China weiterzuleiten. Dabei sei der Zugriff auf sämtliche Informationen möglich. "Alles wird in China eingesehen", sagt ein anonymisierter Angestellter bei Tiktok-Betreiber Bytedance in einem Meeting. Dieses und mehr als 80 weitere Aufzeichnungen wurden unter anderem vom Magazin Buzzfeed News eingesehen. Die Protokolle gehen demzufolge auf September 2021 bis Januar 2022 zurück.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Privacy

 

https://www.scoop.it/topic/social-media-and-its-influence

 

Gust MEES's insight:

Chinesischer Tiktok-Betreiber hat vollen Zugriff auf Daten
"Alles wird in China eingesehen", heißt es in einem geleakten Bericht des Tiktok-Konzerns Bytedance. Die Firma hat Zugriff auf US-Daten.

Tiktok-Daten sind nicht unbedingt vor einer Einsicht sicher.
(Bild: Bytedance/Montage: Golem.de)

Die Social-Media-Videoplattform Tiktok steht im Verdacht, persönliche Userdaten von US-Kunden an die Unternehmenszentrale in China weiterzuleiten. Dabei sei der Zugriff auf sämtliche Informationen möglich. "Alles wird in China eingesehen", sagt ein anonymisierter Angestellter bei Tiktok-Betreiber Bytedance in einem Meeting. Dieses und mehr als 80 weitere Aufzeichnungen wurden unter anderem vom Magazin Buzzfeed News eingesehen. Die Protokolle gehen demzufolge auf September 2021 bis Januar 2022 zurück.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Privacy

 

https://www.scoop.it/topic/social-media-and-its-influence

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Google, Apple et Microsoft promettent un « avenir sans mots de passe » | #CyberSecurity #Passwords #FIDO #PassKey 

Google, Apple et Microsoft promettent un « avenir sans mots de passe » | #CyberSecurity #Passwords #FIDO #PassKey  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.fr - May 5, 2022 3:18 PM

Résultat des courses : vous n'aurez bientôt plus besoin d'un mot de passe pour vous connecter à vos appareils, à des sites web ou à des applications.

Au lieu de cela, votre téléphone stockera un justificatif FIDO appelé "passkey", qui sera utilisé pour déverrouiller votre appareil – et l'ensemble de vos comptes en ligne. Il s'agit d'un dispositif plus sûr qu'un mot de passe, car cette clé est protégée par de la cryptographie et n'est montrée à votre compte en ligne que lorsque vous déverrouillez votre appareil. A contrario, les mots de passe nous rendent vulnérables aux tentatives d’hameçonnage et à nos propres mauvaises habitudes, comme l'utilisation du même mot de passe sur plusieurs comptes.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

Gust MEES's insight:

Résultat des courses : vous n'aurez bientôt plus besoin d'un mot de passe pour vous connecter à vos appareils, à des sites web ou à des applications.

Au lieu de cela, votre téléphone stockera un justificatif FIDO appelé "passkey", qui sera utilisé pour déverrouiller votre appareil – et l'ensemble de vos comptes en ligne. Il s'agit d'un dispositif plus sûr qu'un mot de passe, car cette clé est protégée par de la cryptographie et n'est montrée à votre compte en ligne que lorsque vous déverrouillez votre appareil. A contrario, les mots de passe nous rendent vulnérables aux tentatives d’hameçonnage et à nos propres mauvaises habitudes, comme l'utilisation du même mot de passe sur plusieurs comptes.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Bored Apes Yacht Club's Instagram hacked, resulting in theft of millions of dollars of NFTs | #CyberSecurity 

Bored Apes Yacht Club's Instagram hacked, resulting in theft of millions of dollars of NFTs | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it
From mashable.com - April 27, 2022 7:36 AM

The multibillion dollar valued Bored Ape Yacht Club NFT project's Instagram account was hacked, resulting in the loss in millions of dollars worth of NFTs.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=NFT

 

Gust MEES's insight:

The multibillion dollar valued Bored Ape Yacht Club NFT project's Instagram account was hacked, resulting in the loss in millions of dollars worth of NFTs.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=NFT

 

more...
THE OFFICIAL ANDREASCY's curator insight, April 27, 2022 8:24 AM

$2.5 Μillion of Bored Ape Yacht Club NFTs stolen.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Nasty Linux netfilter firewall security hole found | #CyberSecurity #NobodyIsPerfect 

Nasty Linux netfilter firewall security hole found | #CyberSecurity #NobodyIsPerfect  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - March 18, 2022 5:47 PM

Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
Gust MEES's insight:

Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Les malwares mobiles se multiplient sur nos smartphones | #CyberSecurity #MobileSecurity 

Les malwares mobiles se multiplient sur nos smartphones | #CyberSecurity #MobileSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.fr - March 10, 2022 1:10 PM

Les malwares mobiles se multiplient sur nos smartphones
Sécurité : Les experts en cybersécurité alertent sur une augmentation de 500 % des cyberattaques mobiles. Une flambée qui doit beaucoup à la multiplication des malwares destinés aux smartphones, qu'affectionnent les pirates.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Mobile-Security

 

Gust MEES's insight:

Les malwares mobiles se multiplient sur nos smartphones
Sécurité : Les experts en cybersécurité alertent sur une augmentation de 500 % des cyberattaques mobiles. Une flambée qui doit beaucoup à la multiplication des malwares destinés aux smartphones, qu'affectionnent les pirates.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Mobile-Security

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Dirty Pipe: Linux-Kernel-Lücke erlaubt Schreibzugriff mit Root-Rechten | #CyberSecurity

Dirty Pipe: Linux-Kernel-Lücke erlaubt Schreibzugriff mit Root-Rechten | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - March 7, 2022 9:13 AM

Linux-Kernel-Lücke erlaubt Schreibzugriff mit Root-Rechten
Ein Fehler bei der Verarbeitung von Pipes im Linux-Kernel lässt sich ausnutzen, um Root-Rechte zu erlangen.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Linux-Kernel-Lücke erlaubt Schreibzugriff mit Root-Rechten
Ein Fehler bei der Verarbeitung von Pipes im Linux-Kernel lässt sich ausnutzen, um Root-Rechte zu erlangen.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Devious phishing method bypasses MFA using remote access software | #CyberSecurity #2FA #MFA #NobodyIsPerfect

Devious phishing method bypasses MFA using remote access software | #CyberSecurity #2FA #MFA #NobodyIsPerfect | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - February 25, 2022 3:25 PM

A devious, new phishing technique allows adversaries to bypass multi-factor authentication (MFA) by secretly having victims log into their accounts directly on attacker-controlled servers using the VNC screen sharing system.

One of the biggest obstacles to successful phishing attacks is bypassing multi-factor authentication (MFA) configured on the targeted victim's email accounts.

Even if threat actors can convince users to enter their credentials on a phishing site, if MFA protects the account, fully compromising the account still requires the one-time passcode sent to the victim.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

Gust MEES's insight:

A devious, new phishing technique allows adversaries to bypass multi-factor authentication (MFA) by secretly having victims log into their accounts directly on attacker-controlled servers using the VNC screen sharing system.

One of the biggest obstacles to successful phishing attacks is bypassing multi-factor authentication (MFA) configured on the targeted victim's email accounts.

Even if threat actors can convince users to enter their credentials on a phishing site, if MFA protects the account, fully compromising the account still requires the one-time passcode sent to the victim.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Android: Selfie-App verkauft biometrische Daten der Nutzer | #MobileSecurity #Privacy #Apps 

Android: Selfie-App verkauft biometrische Daten der Nutzer | #MobileSecurity #Privacy #Apps  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - February 15, 2022 4:02 PM

Mit Selfie-Apps lassen sich die Größe von Mund, Nase oder Augen verändern und Make-up auftragen. Doch die Apps erheben teilweise nicht nur biometrische Daten, sondern verkaufen sie auch an Dritte, wie das Verbraucherschutzportal Mobilsicher.de herausgefunden hat.

Das Portal hat die sechs beliebtesten Selfie-Bearbeitungs-Apps aus Googles Play Store auf Datenschutzprobleme hin überprüft. Zusammen wurden die Apps bisher über 500 Millionen Mal heruntergeladen.

Insbesondere die Datenschutzerklärung der App Perfect365 hat es demnach in sich. Laut Mobilsicher.de gibt der Anbieter dort an, dass in den vergangenen zwölf Monaten umfangreiche Datensätze über die Nutzer an Dritte verkauft wurden. Enthalten waren demnach die vollen Namen, biometrische Daten, Standortdaten sowie alle weiteren Angaben, die in der App gemacht wurden.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android

 

Gust MEES's insight:

Mit Selfie-Apps lassen sich die Größe von Mund, Nase oder Augen verändern und Make-up auftragen. Doch die Apps erheben teilweise nicht nur biometrische Daten, sondern verkaufen sie auch an Dritte, wie das Verbraucherschutzportal Mobilsicher.de herausgefunden hat.

Das Portal hat die sechs beliebtesten Selfie-Bearbeitungs-Apps aus Googles Play Store auf Datenschutzprobleme hin überprüft. Zusammen wurden die Apps bisher über 500 Millionen Mal heruntergeladen.

Insbesondere die Datenschutzerklärung der App Perfect365 hat es demnach in sich. Laut Mobilsicher.de gibt der Anbieter dort an, dass in den vergangenen zwölf Monaten umfangreiche Datensätze über die Nutzer an Dritte verkauft wurden. Enthalten waren demnach die vollen Namen, biometrische Daten, Standortdaten sowie alle weiteren Angaben, die in der App gemacht wurden.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Lazarus hackers use Windows Update to deploy malware

Lazarus hackers use Windows Update to deploy malware | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - January 27, 2022 2:45 PM

North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.

The new malware deployment method was discovered by the Malwarebytes Threat Intelligence team while analyzing a January spearphishing campaign impersonating the American security and aerospace company Lockheed Martin.

After the victims open the malicious attachments and enable macro execution, an embedded macro drops a WindowsUpdateConf.lnk file in the startup folder and a DLL file (wuaueng.dll) in a hidden Windows/System32 folder.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows

 

Gust MEES's insight:

North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.

The new malware deployment method was discovered by the Malwarebytes Threat Intelligence team while analyzing a January spearphishing campaign impersonating the American security and aerospace company Lockheed Martin.

After the victims open the malicious attachments and enable macro execution, an embedded macro drops a WindowsUpdateConf.lnk file in the startup folder and a DLL file (wuaueng.dll) in a hidden Windows/System32 folder.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Major Linux PolicyKit security vulnerability uncovered: Pwnkit

Major Linux PolicyKit security vulnerability uncovered: Pwnkit | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - January 26, 2022 5:08 PM

If it's not one thing, it's another. After one real Linux problem -- the heap overflow bug in the Linux kernel's fs/fs_context.c program -- is found and fixed, then a new security problem is discovered. This time security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034. 

Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.


How dangerous is it? Very. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

If it's not one thing, it's another. After one real Linux problem -- the heap overflow bug in the Linux kernel's fs/fs_context.c program -- is found and fixed, then a new security problem is discovered. This time security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034. 

Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.


How dangerous is it? Very. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Les malware pour Linux sont en croissance, voici les trois principales menaces actuelles | #CyberSecurity

Les malware pour Linux sont en croissance, voici les trois principales menaces actuelles | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.fr - January 21, 2022 4:25 PM

Les appareils de l'internet des objets font augmenter le nombre de variantes de logiciels malveillants Linux.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Les appareils de l'internet des objets font augmenter le nombre de variantes de logiciels malveillants Linux.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Rechenfehler im Linux-Kernel erlaubt Rechteausweitung | #CyberSecurity 

Rechenfehler im Linux-Kernel erlaubt Rechteausweitung | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.heise.de - January 20, 2022 9:20 AM

Rechenfehler im Linux-Kernel erlaubt Rechteausweitung
Vor allem in Cloud-Systemen problematisch: An Linux-Systemen angemeldete Nutzer könnten aufgrund eines potenziellen Pufferüberlaufs ihre Rechte ausweiten.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Rechenfehler im Linux-Kernel erlaubt Rechteausweitung
Vor allem in Cloud-Systemen problematisch: An Linux-Systemen angemeldete Nutzer könnten aufgrund eines potenziellen Pufferüberlaufs ihre Rechte ausweiten.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Log4j update: Experts say log4shell exploits will persist for 'months if not years' | #CyberSecurity

Log4j update: Experts say log4shell exploits will persist for 'months if not years' | #CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - December 13, 2021 6:09 PM

Cybersecurity experts believe CVE-2021-44228, a remote code execution flaw in Log4j, will take months, if not years, to address due its ubiquity and ease of exploitation.

Steve Povolny, head of advanced threat research for McAfee Enterprise and FireEye, said Log4Shell "now firmly belongs in the same conversation as Shellshock, Heartbleed, and EternalBlue." 

"Attackers began by almost immediately leveraging the bug for illegal crypto mining, or using legitimate computing resources on the Internet to generate cryptocurrency for financial profit... Further exploitation appears to have pivoted towards theft of private information," Povolny told ZDNet.

"We fully expect to see an evolution of attacks."

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Log4j

 

 

 

Gust MEES's insight:

Cybersecurity experts believe CVE-2021-44228, a remote code execution flaw in Log4j, will take months, if not years, to address due its ubiquity and ease of exploitation.

Steve Povolny, head of advanced threat research for McAfee Enterprise and FireEye, said Log4Shell "now firmly belongs in the same conversation as Shellshock, Heartbleed, and EternalBlue." 

"Attackers began by almost immediately leveraging the bug for illegal crypto mining, or using legitimate computing resources on the Internet to generate cryptocurrency for financial profit... Further exploitation appears to have pivoted towards theft of private information," Povolny told ZDNet.

"We fully expect to see an evolution of attacks."

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Log4j

 

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Bluetooth is bad and you should stop using it | #CyberSecurity #Privacy

Bluetooth is bad and you should stop using it | #CyberSecurity #Privacy | ICT Security-Sécurité PC et Internet | Scoop.it
From mashable.com - June 16, 2022 4:26 PM

Everyone uses Bluetooth. Perhaps they shouldn't.

The technology that we've come to rely on to connect our phones, smart speakers, cars, vibrators, and toasters is problematic for reasons more serious than pairing issues. Bluetooth has been shown time and time again to be a security and privacy nightmare — albeit one that can be mostly solved with a simple toggling of an off switch.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=BLURtooth

 

Gust MEES's insight:

Everyone uses Bluetooth. Perhaps they shouldn't.

The technology that we've come to rely on to connect our phones, smart speakers, cars, vibrators, and toasters is problematic for reasons more serious than pairing issues. Bluetooth has been shown time and time again to be a security and privacy nightmare — albeit one that can be mostly solved with a simple toggling of an off switch.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=BLURtooth

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Microsoft points out privilege-escalation flaws in Linux | #CyberSecurity #Nimbuspwn

Microsoft points out privilege-escalation flaws in Linux | #CyberSecurity #Nimbuspwn | ICT Security-Sécurité PC et Internet | Scoop.it
From www.theregister.com - April 27, 2022 6:44 PM

Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.

It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire. It's just a little perplexing the biz went to all the effort of a big write-up and giving the flaws a catchy name, Nimbuspwn, when countless privilege-elevation holes are fixed in its Windows operating system each month, and we can't recall Microsoft lately making this much of a song and dance over them.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.

It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire. It's just a little perplexing the biz went to all the effort of a big write-up and giving the flaws a catchy name, Nimbuspwn, when countless privilege-elevation holes are fixed in its Windows operating system each month, and we can't recall Microsoft lately making this much of a song and dance over them.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Borat RAT malware: A 'unique' triple threat that is far from funny

Borat RAT malware: A 'unique' triple threat that is far from funny | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - April 4, 2022 2:41 PM

A new Remote Access Trojan (RAT) might have an amusing name to some, but its capabilities show the malware to be no laughing matter.

Dubbed Borat RAT, Cyble Research Labs said in a recent malware analysis that the new threat doesn't settle for standard remote access capabilities; instead, Borat RAT also includes spyware and ransomware functions.

According to the cybersecurity researchers, the Trojan, named after the character adopted by comedian Sacha Baron Cohen, is offered for sale to cybercriminals in underground forums.

Borat RAT has a centralized dashboard and is packaged up with a builder, feature modules, and a server certificate.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=RAT

 

Gust MEES's insight:

A new Remote Access Trojan (RAT) might have an amusing name to some, but its capabilities show the malware to be no laughing matter.

Dubbed Borat RAT, Cyble Research Labs said in a recent malware analysis that the new threat doesn't settle for standard remote access capabilities; instead, Borat RAT also includes spyware and ransomware functions.

According to the cybersecurity researchers, the Trojan, named after the character adopted by comedian Sacha Baron Cohen, is offered for sale to cybercriminals in underground forums.

Borat RAT has a centralized dashboard and is packaged up with a builder, feature modules, and a server certificate.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=RAT

 

more...
Anna Maria Przekwas's curator insight, December 14, 2022 3:04 PM

R.A.T. (Remote Access Trojans - trojany dające zdalny dostęp) są trojanami nowej generacji, służącymi hakerom do kontrolowania i nadzorowania komputerów swoich ofiar. Ta rodzina szkodników rozmnaża się równie szybko, jak jej odpowiednik ze świata zwierząt.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug | ICT Security-Sécurité PC et Internet | Scoop.it
From thehackernews.com - March 16, 2022 5:05 PM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.

"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network," the agencies said.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

 

Gust MEES's insight:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.

"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network," the agencies said.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Dozens of COVID passport apps put user's privacy at risk | #CyberSecurity #COVID19 #CoronaVirus 

Dozens of COVID passport apps put user's privacy at risk | #CyberSecurity #COVID19 #CoronaVirus  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - March 7, 2022 3:10 PM

Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.

The risks are substantial as these apps are required for large populations worldwide, allowing hackers an extensive target base.

Digital passports
Digital passport apps store proof of a person's COVID-19 vaccination status, full name, ID number, date of birth, and other personally identifiable information (PII) encoded in a QR code or displayed directly in the app.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus

 

 

Gust MEES's insight:

Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.

The risks are substantial as these apps are required for large populations worldwide, allowing hackers an extensive target base.

Digital passports
Digital passport apps store proof of a person's COVID-19 vaccination status, full name, ID number, date of birth, and other personally identifiable information (PII) encoded in a QR code or displayed directly in the app.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Scam artists swindle NFTs worth 'millions' in OpenSea phishing attack | #CyberSecurity 

Scam artists swindle NFTs worth 'millions' in OpenSea phishing attack | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - February 25, 2022 3:51 PM

Scam artists have taken advantage of a contract migration initiative to swindle NFTs out of users in an opportunistic phishing attack.

Last week, NFT marketplace OpenSea announced the rollout of contract migrations and an upgrade to make sure inactive, old NFT listings on Ethereum expire safely and to allow OpenSea to "offer new safety features in the future."

The contract migration timeline was set from February 18 to February 25. 

NFT holders are required to make the change, and OpenSea published a guide to assist them. After the deadline, any listings that were not migrated would expire, although they could be re-listed after this window without further fees. 

However, an attacker saw an opportunity to cash in. Check Point Research has suggested that phishing emails were sent to users, linking them to fraudulent websites.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

Gust MEES's insight:

Scam artists have taken advantage of a contract migration initiative to swindle NFTs out of users in an opportunistic phishing attack.

Last week, NFT marketplace OpenSea announced the rollout of contract migrations and an upgrade to make sure inactive, old NFT listings on Ethereum expire safely and to allow OpenSea to "offer new safety features in the future."

The contract migration timeline was set from February 18 to February 25. 

NFT holders are required to make the change, and OpenSea published a guide to assist them. After the deadline, any listings that were not migrated would expire, although they could be re-listed after this window without further fees. 

However, an attacker saw an opportunity to cash in. Check Point Research has suggested that phishing emails were sent to users, linking them to fraudulent websites.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Microsoft warns of emerging 'ice phishing' threat on blockchain, DeFi networks | #CyberSecurity #WEB3 #Blockchain #Metaverse  #CryptoCurrency

Microsoft warns of emerging 'ice phishing' threat on blockchain, DeFi networks | #CyberSecurity #WEB3 #Blockchain #Metaverse  #CryptoCurrency | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - February 19, 2022 8:24 AM

Microsoft has warned of new threats impacting blockchain technologies and Web3 including "ice phishing" campaigns. 

The blockchain, decentralized technologies, DeFi, smart contracts, the concept of a 'metaverse' and Web3 -- the decentralized foundation built on top of cryptographic systems that underlay blockchain projects -- all have the potential to produce radical changes in how we understand and experience connectivity today. 

Read on: What is Web3? Everything you need to know about the decentralized future of the internet

However, with every technological innovation, there may also be new avenues created for cyberattackers and Web3 is no exception. 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

Gust MEES's insight:

Microsoft has warned of new threats impacting blockchain technologies and Web3 including "ice phishing" campaigns. 

The blockchain, decentralized technologies, DeFi, smart contracts, the concept of a 'metaverse' and Web3 -- the decentralized foundation built on top of cryptographic systems that underlay blockchain projects -- all have the potential to produce radical changes in how we understand and experience connectivity today. 

Read on: What is Web3? Everything you need to know about the decentralized future of the internet

However, with every technological innovation, there may also be new avenues created for cyberattackers and Web3 is no exception. 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Hackers have begun adapting to wider use of multi-factor authentication | #CyberSecurity #2FA #MFA #NobodyIsPerfect 

Hackers have begun adapting to wider use of multi-factor authentication | #CyberSecurity #2FA #MFA #NobodyIsPerfect  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.techrepublic.com - February 15, 2022 3:11 PM

Proofpoint researchers have found that “phish kits” available for purchase online are beginning to adapt to MFA by adding transparent reverse proxies to their list of tools.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

 

Gust MEES's insight:

Proofpoint researchers have found that “phish kits” available for purchase online are beginning to adapt to MFA by adding transparent reverse proxies to their list of tools.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Pwnkit: Triviale Linux-Lücke ermöglicht Root-Rechte 

Pwnkit: Triviale Linux-Lücke ermöglicht Root-Rechte  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - January 26, 2022 5:11 PM

Triviale Linux-Lücke ermöglicht Root-Rechte
Zum Ausnutzen der Sicherheitslücke in Polkit muss der Dienst nur installiert sein. Das betrifft auch Serversysteme. Exploits dürften schnell genutzt werden.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Triviale Linux-Lücke ermöglicht Root-Rechte
Zum Ausnutzen der Sicherheitslücke in Polkit muss der Dienst nur installiert sein. Das betrifft auch Serversysteme. Exploits dürften schnell genutzt werden.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Linux malware is on the rise. Here are three top threats right now | #CyberSecurity 

Linux malware is on the rise. Here are three top threats right now | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - January 21, 2022 4:40 PM

Internet of Things devices are driving up the number of Linux malware variants.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Internet of Things devices are driving up the number of Linux malware variants.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

WordPress plugin flaw puts users of 20,000 sites at phishing risk | #CyberSecurity #Blogs 

WordPress plugin flaw puts users of 20,000 sites at phishing risk | #CyberSecurity #Blogs  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - January 20, 2022 11:51 AM

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.

'WP HTML Mail' is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send to their audience.

The plugin is compatible with WooCommerce, Ninja Forms, BuddyPress, and others. While the number of sites using it isn't large, many have a large audience, allowing the flaw to affect a significant number of Internet users.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress

 

 
Gust MEES's insight:

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.

'WP HTML Mail' is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send to their audience.

The plugin is compatible with WooCommerce, Ninja Forms, BuddyPress, and others. While the number of sites using it isn't large, many have a large audience, allowing the flaw to affect a significant number of Internet users.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Log4j vulnerability: Infosec industry goes to red alert • The Register

From www.theregister.com - December 13, 2021 6:14 PM

Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones.

Israel's Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail in a blog post.

Apache Log4j is a logging utility written in Java that is used all over the world in many software packages and online systems. Last week it emerged that Alibaba security engineer Chen Zhaojun had found and privately disclosed on November 24 details of a trivial-to-exploit remote code execution hole (CVE-2021-44228) in Log4j 2.x, specifically versions 2.14.1 and earlier.

Exploitation is possible by feeding a specially crafted snippet of text, such as a message or username, to an application that logs this information using Log4j 2.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Log4j

 

Gust MEES's insight:

Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones.

Israel's Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail in a blog post.

Apache Log4j is a logging utility written in Java that is used all over the world in many software packages and online systems. Last week it emerged that Alibaba security engineer Chen Zhaojun had found and privately disclosed on November 24 details of a trivial-to-exploit remote code execution hole (CVE-2021-44228) in Log4j 2.x, specifically versions 2.14.1 and earlier.

Exploitation is possible by feeding a specially crafted snippet of text, such as a message or username, to an application that logs this information using Log4j 2.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Log4j

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn