ICT Security-Sécurité PC et Internet

VW bugs: "Unpatchable" remote code pwnage

Two security researchers have excoriated Volkswagen Group for selling insecure cars. As in: hackable-over-the-internet insecure.

They broke into a recent-model VW and an Audi, via the cars’ internet connections, and were able to jump from system to system, running arbitrary code. Worryingly, they fully pwned the unauthenticated control bus connected to some safety-critical systems—such as the cruise control.

But VW has no way to push updates to its cars, and won’t alert owners to visit a dealer for an update.

Yes, it’s the internet of **** again: Potentially safety-critical bugs caused by the conflict between convenience and security. In this week’s Security Blogwatch, we prefer classic, analog vehicles.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Globfinity War…

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cars

https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot

Selon Threat Post, deux chercheurs en sécurité de l'entreprise hollandaise Computest,  Daan Keuper et Thijs Alkemade, ont découvert des vulnérabilités dans le logiciel embarqué de la Volkswagen Golf GTE et de l'Audi3 Sportback e-tron

Ces vulnérabilités offrent pas mal d'amusements aux pirates : ouvrir le microphone pour écouter les conversation à l'intérieur du véhicule, accéder au carnet d'adresses complet, à l'historique des conversations, tracer le véhicule à travers son système de navigation, modifier l'affichage de l'écran du système..

Ce n'est pas tout... Poussant leurs investigations, les chercheurs ont constaté qu'il est possible de lire n'importe quel fichier sur le disque du système et même d'exécuter du code arbitraire à distance.

Volswagen commente l'affaire ainsi auprès de Threatpost : "Nous sommes en contact avec Computest depuis la mi-2017", la correction de bugs - en d'autres termes, l'élimination de la vulnérabilité - avait déjà eu lieu début mai 2016."

Fort bien... Toutefois en ce qui concerne les corrections des bugs, les chercheurs sont beaucoup plus nuancés : "Le système que nous avons étudié ne peut pas être mis à jour par l'utilisateur final, un utilisateur doit se rendre chez un revendeur officiel pour recevoir une mise à jour. Cependant, d'après notre expérience, il semble que les voitures qui ont été produites auparavant ne sont pas automatiquement mises à jour lorsqu'elles sont réparées chez un concessionnaire, elles sont donc toujours vulnérables à l'attaque décrite.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cars

https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot

IoT attacks are on the rise. As the technology becomes more relevant to our lives, we take a look at what the state of play is.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Cyberattacks

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Amnesia

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Amnesia&tag=BrickerBot

Der renommierte Sicherheits-Experte warnte auf dem Security-Kongress der Telekom vor einer grenzenlosen Vernetzung. Staatliche Regulierung sei unausweichlich.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Der Großangriff hält die Telekom in Atem. Hacker übernehmen die Kontrolle über zahlreiche Router der Kunden. Auch ein Neustart hilft nichts. So funktioniert die Attacke auf die Telekom.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Attack could be a warm-up for a larger scale disruption during US election

A massive cyber attack has brought down Liberia's entire internet network, using the same Mirai botnet that knocked a number of US sites offline last month. 

In a series of attacks over the course of this week, hackers have been able to take advantage of Liberia's basic internet infrastructure to intermittently take down websites.

Although the identity of the attackers remains unclear, the hacks made use of the botnet known as Mirai, the same one that targeted domain name system provider Dyn, leaving millions unable to access sites like Github, Reddit, Twitter, Spotify across the US and Europe last month.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

The Mirai botnet has certainly has made its presence felt - hijacking control over poorly-protected Internet of Things devices across the globe...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Are the Days of “Booter” Services Numbered?

It may soon become easier for Internet service providers to anticipate and block certain types of online assaults launched by Web-based attack-for-hire services known as “booter” or “stresser” services, new research released today suggests.

The findings come from researchers in Germany who’ve been studying patterns that emerge when miscreants attempt to mass-scan the entire Internet looking for systems useful for launching these digital sieges — known as “distributed denial-of-service” or DDoS attacks.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

Nobody knows for sure who launched a massive Mirai botnet attack against parts of the internet on Friday, but there’s no denying that they made themselves felt.

Hundreds of thousands, if not millions, of devices are thought to have been compromised by Mirai and recruited into the botnet. That botnet was then put to work, launching a distributed denial-of-service attack against the Dyn domain name service that had a dramatic impact on some of the world’s most popular websites, making them inaccessible to many internet users.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DDos...

Security researchers have been warning for years that poor security for internet of things devices could have serious consequences. We’re now seeing those warnings come true, with botnets made up of compromised IoT devices capable of launching distributed denial-of-service attacks of unprecedented scale.

Octave Klaba, the founder and CTO of French hosting firm OVH, sounded the alarm on Twitter last week when his company was hit with two concurrent DDoS attacks whose combined bandwidth reached almost 1 terabit per second. One of the two attacks peaked at 799Gbps alone, making it the largest ever reported.

According to Klaba, the attack targeted Minecraft servers hosted on OVH’s network, and the source of the junk traffic was a botnet made up of 145,607 hacked digital video recorders and IP cameras.

With the ability to generate traffic of 1Mbps to 30Mbps from every single Internet Protocol (IP) address, this botnet is able to launch DDoS attacks that exceed 1.5Tbps, Klaba warned.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Vulnerable in-vehicle infotainment systems have left some Volkswagen cars open to remote hacking, researchers warn.

Over the last few years, automakers like Ford, Jeep, Nissan and Toyota have all suffered car-hacking vulnerabilities in their vehicles. Now,  it looks like Volkswagen has been pulled into the mix after researchers discovered that in-vehicle infotainment (IVI) systems in certain Volkswagen-manufactured cars could be remotely hacked.

Not only that, but it’s possible to pivot to more critical systems.

The vulnerability was discovered in the Volkswagen Golf GTE and an Audi3 Sportback e-tron, which were both manufactured in 2015. Computest researchers Daan Keuper and Thijs Alkemade, who discovered the flaw, said that under certain conditions the IVI vulnerability could enable attackers to commandeer the on-board microphone to listen in on the conversations of the driver, turn the microphone on and off, and access the system’s complete address book and the conversation history. There is also a possibility of hackers tracking the car through the navigation system at any given time, they said.

A Volkswagen spokesperson told Threatpost that the vehicles impacted are those produced with Discover Pro infotainment systems – Golf GTE and Audi A3 e-tron.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cars

https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot

SCMagazine.com is the IT security source for news on cybersecurity, cybercrime, ransomware. privacy and product reviews.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things

Deutsche Telekom a confirmé la thèse d’un malware ayant infecté plus de 900.000 de ses routeurs. Selon Flashpoint, environ 5 millions de routeurs...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Telekom

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

A new version of Mirai -- a malware that’s been enslaving poorly secured IoT devices -- has found a new victim: vulnerable internet routers from Germany’s Deutsche Telekom.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Not all Internet-of-Things botnets take down the Internet like Mirai did, but that doesn't necessarily mean they should be allowed to perpetuate. Yet that seems to be the case for Linux/Moose, a malware program that recruits IoT devices to engage in social media fraud, according to a pair of reports from ESET and GoSecure.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

One of the largest distributed denial-of-service attacks happened this week and almost nobody noticed.

Since the cyberattack on Dyn two weeks ago, the internet has been on edge, fearing another massive attack that would throw millions off the face of the web. The attack was said to be upwards of 1.1 Tbps -- more than double the attack a few weeks earlier on security reporter Brian Krebs' website, which was about 620 Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things devices.

This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country, sending it almost entirely offline each time.

Security researcher Kevin Beaumont, who was one of the first to notice the attacks and wrote about what he found, said that the attack was one of the largest capacity botnets ever seen.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Ein Hacker hat eine Sicherheitslücke im Quellcode des Mirai-Botnets gefunden, mit der infizierte IoT-Geräte lahmgelegt werden könnten - allerdings würden auch legitime Nutzer...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Mirai+Botnet

The Mirai Internet of Things botnet is making its unpleasant presence felt. Yasin Soliman reports on how you should defend your IoT devices.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

Now anyone can try to duplicate the attack.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DDos

http://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Brian Krebs' Blog ist nach DDoS-Angriff wieder erreichbar
Der größte bislang bekannte DDoS-Angriff hat Brian Krebs nur kurzzeitig offline genommen. Das Blog des Sicherheitsforschers wird künftig von Googles Project Shield geschützt.

Das Blog des Sicherheitsforschers Brian Krebs ist nach einem enormen DDoS-Angriff wieder online. Damit das auch so bleibt, wird Krebs künftig von Googles Project Shield geschützt. Krebs hatte in der Vergangenheit regelmäßig über DDoS-Angriffe berichtet und zuletzt den in Israel beheimateten DDoS-Booter Vdos geoutet.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars