ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

#Awareness!!! Firefox and Tor users update now: 0-day exploit in the wild | #Updates #CyberSecurity #Anonymity 

#Awareness!!! Firefox and Tor users update now: 0-day exploit in the wild | #Updates #CyberSecurity #Anonymity  | ICT Security-Sécurité PC et Internet | Scoop.it
From nakedsecurity.sophos.com - December 1, 2016 8:03 PM
Firefox and Tor just received a patch to fix a 0-day exploit that is being used in the wild to strip away your anonymity.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=TOR

 

Gust MEES's insight:
Firefox and Tor just received a patch to fix a 0-day exploit that is being used in the wild to strip away your anonymity.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=TOR

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

1.5 billion Windows computers potentially affected by unpatched 0-day exploit | #CyberSecurity #Awareness

1.5 billion Windows computers potentially affected by unpatched 0-day exploit | #CyberSecurity #Awareness | ICT Security-Sécurité PC et Internet | Scoop.it
From www.scmagazineuk.com - June 1, 2016 11:54 AM
Information security bods at Trustwave have found a zero-day exploit affecting all versions of Microsoft's OS Windows, all the way from Windows 2000 up to a fully patched version of Windows 10 including all server editions. 

It estimates that this affects 1.5 billion computers around the world.

The company provides threat intelligence services and regularly monitors several forums, and it is through this it discovered the exploit which was found on a Russian speaking forum and is currently being offered for sale for £62,000 ($US 90,000).

Trustwave cautioned that there is currently no fix for the exploit and has recommended Windows users stay vigilant for phishing emails. In addition, it has also issued a more general warning about the rise of malware-as-a-service (MaaS). 

Ziv Mador, VP of security research at Trustwave, told SCMagazineUK.com, “This is a very serious exploit. From what we've seen in the past, exploits of this type tend to have somewhere in the region of a 10 percent success rate which spells bad news all around.”

According Trustwave, Microsoft has been notified of the zero day offering and is continuing to monitor the situation.

 

Gust MEES's insight:

Information security bods at Trustwave have found a zero-day exploit affecting all versions of Microsoft's OS Windows, all the way from Windows 2000 up to a fully patched version of Windows 10 including all server editions. 

It estimates that this affects 1.5 billion computers around the world.

The company provides threat intelligence services and regularly monitors several forums, and it is through this it discovered the exploit which was found on a Russian speaking forum and is currently being offered for sale for £62,000 ($US 90,000).

Trustwave cautioned that there is currently no fix for the exploit and has recommended Windows users stay vigilant for phishing emails. In addition, it has also issued a more general warning about the rise of malware-as-a-service (MaaS). 

Ziv Mador, VP of security research at Trustwave, told SCMagazineUK.com, “This is a very serious exploit. From what we've seen in the past, exploits of this type tend to have somewhere in the region of a 10 percent success rate which spells bad news all around.”

According Trustwave, Microsoft has been notified of the zero day offering and is continuing to monitor the situation.

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Microsoft warns users about 0-day behind PowerPoint attacks

Microsoft warns users about 0-day behind PowerPoint attacks | ICT Security-Sécurité PC et Internet | Scoop.it
From www.theregister.co.uk - October 22, 2014 10:28 AM

Might put out patch in update, might chuck it out sooner.

The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped files. "Currently, attacks using PowerPoint files are known to exist, but all Office file types can be used to carry out this attack," Jonathan Leopando, a technical communications staffer at Trend Micro, warns in a blog post.


Gust MEES's insight:

The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped files. "Currently, attacks using PowerPoint files are known to exist, but all Office file types can be used to carry out this attack," Jonathan Leopando, a technical communications staffer at Trend Micro, warns in a blog post.

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Vulnérabilité extrêmement critique dans Adobe Reader et Acrobat - Cases

Vulnérabilité extrêmement critique dans Adobe Reader et Acrobat - Cases | ICT Security-Sécurité PC et Internet | Scoop.it
From www.cases.lu - February 15, 2013 11:39 AM

Versions du document

 

14 février 2013: Publication intitiale

 

Description / Résumé

 

Une faille extrêmement critique a été détectée dans Adobe Reader et Acrobat. Découverte par les spécialistes au travers d’un document piégé sur Internet, elle est actuellement exploitée activement par des fraudeurs et  représente pour cette raison un risque pour l’utilisateur.


Le simple fait d’ouvrir à l’aide d’un logiciel d’Adobe un fichier PDF spécialement conçu suffit à exploiter cette vulnérabilité. Ceci vaut également pour les ajouts de navigateur installés automatiquement, rendant ainsi la consultation de pages web tout aussi hasardeuse.


En exploitant la faille,  l'attaquant peut prendre le contrôle de l’ordinateur de sa victime.

 

Gust MEES's insight:

                          ===> BEWARE of the MALWARE!!! <===

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Critical Flash Player Update Fixes 2 Zero-Days

Critical Flash Player Update Fixes 2 Zero-Days | ICT Security-Sécurité PC et Internet | Scoop.it
From krebsonsecurity.com - February 7, 2013 3:38 PM

Adobe today pushed out an emergency update that fixes at least two zero-day vulnerabilitiesin its ubiquitous Flash Player software — flaws that attackers are already exploiting to break into systems. Interestingly, Adobe warns that one of the exploits in use is designed to drop malware on both Windows and Mac OS X systems.


Gust MEES's insight:
Critical Flash Player Update Fixes 2 Zero-Days

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Vulnérabilité extrêmement critique dans Java

Vulnérabilité extrêmement critique dans Java | ICT Security-Sécurité PC et Internet | Scoop.it
From www.cases.lu - January 10, 2013 12:05 PM

10 janvier 2013: Publication intitiale

 

Description / Résumé

 

Une vulnérabilité extrêmement critique a été découverte dans le plugin Java pour votre navigateur. L'exploitation réussie de cette vulnérabilité autorise l'attaquant à prendre le contrôle de la machine victime.

 

La vulnérabilité a été introduite dans des kits d'exploitation communs, la rendant ainsi très répandue et de ce fait dangereuse. Le simple fait d'aller sur une page infectée peut mettre votre ordinateur en danger. Il est donc important d'éviter de cliquer sur des liens dans les e-mails. 

 

Faites aussi attention aux publicités des sites légitimes qui pourraient être piégées.

Gust MEES's insight:

                      ===> Be AWARE of the MALWARE! <===

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Nouvelle faille zéro-day dans Internet Explorer

Nouvelle faille zéro-day dans Internet Explorer | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.fr - December 31, 2012 5:43 AM
Cette vulnérabilité critique touche les versions 6, 7 et 8 du navigateur de Microsoft et permet une prise à contrôle à distance du poste infecté.
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Mystery Chrome 0-day exploit to be unveiled in India on Saturday

Mystery Chrome 0-day exploit to be unveiled in India on Saturday | ICT Security-Sécurité PC et Internet | Scoop.it
From www.theregister.co.uk - November 23, 2012 12:29 PM

A Georgian security researcher is due to present details of an unpatched vulnerability in Google's Chrome browser at the Malcon security conference in India over the weekend.

 

Years ago the circumstances of Ucha Gobejishvili's presentation would hardly have raised an eyebrow but that was before Google began offering up to $60,000 in bug bounties for the low-down on most serious, remotely exploitable bugs in its Chrome web browser software.

 

Gobejishvili has apparently forgone potential financial rewards by leaving Google in the dark before unwrapping a remotely exploitable hole in the Chrome web browser, which reportedly involves a critical vulnerability in a Chrome DLL. More details are due to emerge at a presentation by Gobejishvili at the International Malware Conference (MalCon) in New Delhi on Saturday (24 November).

 

Read more:

http://www.theregister.co.uk/2012/11/23/mystery_chrome_0_day/

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

New IE zero day exploit circulating, used to install Poison Ivy

New IE zero day exploit circulating, used to install Poison Ivy | ICT Security-Sécurité PC et Internet | Scoop.it
From nakedsecurity.sophos.com - September 17, 2012 12:20 PM
The gang behind that recent Java zero day attacks apparently hasn't packed up for the season. A researcher examining one of the servers used to launch attacks on vulnerable Java installations said ...

 

In a blog post, Romang, a Luxemborg-based IT security advisor at ZATAZ.com, said he discovered the exploit when analyzing a batch of files hosted on one of the servers used by the Nitro gang to distribute attacks that exploited the Java vulnerability.

 

Read more:

http://nakedsecurity.sophos.com/2012/09/17/new-ie-zero-day-exploit-poison-ivy/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Microsoft patches critical Windows zero-day bug that hackers are now exploiting

Microsoft patches critical Windows zero-day bug that hackers are now exploiting | ICT Security-Sécurité PC et Internet | Scoop.it
From www.computerworld.com - April 10, 2012 5:11 PM
Microsoft today delivered six security updates to patch 11 vulnerabilities in Windows, Internet Explorer, Office and several other products, including one bug that attackers are already exploiting.
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Exploit Code Released for ASP.NET Flaw | threatpost

Exploit Code Released for ASP.NET Flaw | threatpost | ICT Security-Sécurité PC et Internet | Scoop.it
From threatpost.com - January 9, 2012 3:10 PM
Someone has released exploit code for the ASP.NET hashdos vulnerability.
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Deux failles zero-day trouvées dans Flash Player d'Adobe

Deux failles zero-day trouvées dans Flash Player d'Adobe | ICT Security-Sécurité PC et Internet | Scoop.it
From www.lemondeinformatique.fr - December 10, 2011 7:46 AM
Deux failles zero-day trouvées dans Flash Player d'Adobe - Sécurité - Les dernières failles de sécurité du Flash Player d'Adobe ont...
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Zero-day flaws found in SCADA systems

Zero-day flaws found in SCADA systems | ICT Security-Sécurité PC et Internet | Scoop.it
From www.computerworld.com - October 10, 2011 6:06 AM
An Italian security researcher has disclosed details about several zero-day vulnerabilities in supervisory control and data acquisition products from several vendors.
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

0-Day: Nutzer des Tor-Browsers werden mit Javascript angegriffen | #Privacy #Anonymity #Awareness 

0-Day: Nutzer des Tor-Browsers werden mit Javascript angegriffen | #Privacy #Anonymity #Awareness  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - November 30, 2016 6:32 AM
Nutzer des Tor-Browsers werden mit Javascript angegriffen
Wer den Tor-Browsers nutzt, will meist vor allem eins: Anonymität. Eine aktuelle Schwachstelle im Firefox-Browser führt aber dazu, dass Nutzer identifiziert werden können. Das Problem betrifft auch Nutzer des regulären Firefox - ein Patch ist in Arbeit.
Nutzer des Tor-Browsers werden derzeit aktiv mit einer 0-Day-Lücke angegriffen, die einen Fehler im Speichermanagement des verwendeten Firefox-Browsers ausnutzt. Möglicherweise sind auch Nutzer von Firefox ohne Tor-Bundle betroffen. Die Sicherheitslücke soll es Angreifern ermöglichen, Code auf dem Rechner der Tor-Nutzer auszuführen. Mozilla arbeitet noch an einem Patch.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=TOR

 

Gust MEES's insight:
Nutzer des Tor-Browsers werden mit Javascript angegriffen
Wer den Tor-Browsers nutzt, will meist vor allem eins: Anonymität. Eine aktuelle Schwachstelle im Firefox-Browser führt aber dazu, dass Nutzer identifiziert werden können. Das Problem betrifft auch Nutzer des regulären Firefox - ein Patch ist in Arbeit.
Nutzer des Tor-Browsers werden derzeit aktiv mit einer 0-Day-Lücke angegriffen, die einen Fehler im Speichermanagement des verwendeten Firefox-Browsers ausnutzt. Möglicherweise sind auch Nutzer von Firefox ohne Tor-Bundle betroffen. Die Sicherheitslücke soll es Angreifern ermöglichen, Code auf dem Rechner der Tor-Nutzer auszuführen. Mozilla arbeitet noch an einem Patch.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=TOR

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Joomla victime d'une faille zero day exploitée

Joomla victime d'une faille zero day exploitée | ICT Security-Sécurité PC et Internet | Scoop.it
From www.silicon.fr - December 15, 2015 9:18 AM
Utilisée par des entreprises comme Peugeot, Citibank ou Honda, la plate-forme de gestion de sites web Joomla est victime d’une faille zero day. Patchée aujoud’hui.

Si WordPress fait (trop) souvent parler de lui pour les failles de sécurité de ses plug-in et les risques d’infection induits pour les visiteurs des sites qui les exploitent, un autre outil populaire de développement web est aujourd’hui victime d’une vulnérabilité infectieuse : Joomla. Le système de gestion de contenus web, également massivement utilisé par les développeurs, a alerté l’existence d’une vulnérabilité zero day « qui peut être facilement exploités », annonce la firme de sécurité Sucuri. « Si vous utilisez Joomla, vous devez mettre à jour [le correctif] immédiatement », poursuit-elle dans sa page de blog.
Gust MEES's insight:

Utilisée par des entreprises comme Peugeot, Citibank ou Honda, la plate-forme de gestion de sites web Joomla est victime d’une faille zero day. Patchée aujoud’hui.

Si WordPress fait (trop) souvent parler de lui pour les failles de sécurité de ses plug-in et les risques d’infection induits pour les visiteurs des sites qui les exploitent, un autre outil populaire de développement web est aujourd’hui victime d’une vulnérabilité infectieuse : Joomla. Le système de gestion de contenus web, également massivement utilisé par les développeurs, a alerté l’existence d’une vulnérabilité zero day « qui peut être facilement exploités », annonce la firme de sécurité Sucuri. « Si vous utilisez Joomla, vous devez mettre à jour [le correctif] immédiatement », poursuit-elle dans sa page de blog.


more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Zero-Day-Lücke in Windows veröffentlicht

Zero-Day-Lücke in Windows veröffentlicht | ICT Security-Sécurité PC et Internet | Scoop.it
From www.pcwelt.de - June 6, 2013 1:05 AM
Ohne vorherige Meldung an Microsoft hat ein Sicherheitsforscher Details einer Schwachstelle im Kernel aller gängigen Windows-Versionen mitsamt Exploit-Code veröffentlicht.
Gust MEES's insight:

 

Tavis Ormandy ist bereits dafür bekannt, "volle Offenlegung" zu favorisieren und dies auch zu praktizieren – zumindest, wenn es nicht um Google-Software geht.


more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Flaws in Adobe Reader and Flash exploited in the wild

Flaws in Adobe Reader and Flash exploited in the wild | ICT Security-Sécurité PC et Internet | Scoop.it
From www.scmagazineuk.com - February 13, 2013 6:32 AM
Fresh vulnerabilities, which are being exploited in the wild, have been detected for Adobes PDF Reader and Flash Player.
Gust MEES's insight:

According to researchers from FireEye, there is a PDF zero-day which is being exploited in the wild, with the company's researchers having observed successful exploitation on the Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1.


more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Critical flaw lets attackers control hospital, military buildings' systems

Critical flaw lets attackers control hospital, military buildings' systems | ICT Security-Sécurité PC et Internet | Scoop.it
From www.net-security.org - February 7, 2013 3:23 PM

A critical zero-day remote-access vulnerability in an industrial control system that is widely used in hospitals, military installations, manufacturing plants and other critical locations has been discovered and demonstrated by noted researchers Billy Rios and Terry McCorkle at the latest Kaspersky Security Analyst Summit, Wired reported.


Gust MEES's insight:

A critical zero-day remote-access vulnerability in an industrial control system that is widely used in hospitals, military installations, manufacturing plants and other critical locations has been discovered and demonstrated by noted researchers Billy Rios and Terry McCorkle at the latest Kaspersky Security Analyst Summit, Wired reported.



more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Zero-Day Java Exploit Debuts in Crimeware

Zero-Day Java Exploit Debuts in Crimeware | ICT Security-Sécurité PC et Internet | Scoop.it
From krebsonsecurity.com - January 10, 2013 11:08 AM
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
Gust MEES's insight:
===> Be AWARE of the MALWARE! <===
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Attackers Target Internet Explorer Zero-Day Flaw — Krebs on Security

Attackers Target Internet Explorer Zero-Day Flaw — Krebs on Security | ICT Security-Sécurité PC et Internet | Scoop.it
From krebsonsecurity.com - December 31, 2012 3:46 AM
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Adobe Reader zero-day exploit thwarts sandboxing-Never ending story

Adobe Reader zero-day exploit thwarts sandboxing-Never ending story | ICT Security-Sécurité PC et Internet | Scoop.it
From nakedsecurity.sophos.com - November 9, 2012 7:16 AM
The vulnerability is selling for up to $50K on the black market, security researchers say, and has been included in a package of banking Trojans called the Blackhole Exploit Kit, which is the most ...

 

 

 

 

Read more:

http://nakedsecurity.sophos.com/2012/11/08/adobe-reader-zero-day-exploit-thwarts-sandboxing/?utm_source=facebook&amp;amp;utm_medium=status+message&amp;amp;utm_campaign=naked+security

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Technical paper: The ZeroAccess rootkit under the microscope

Technical paper: The ZeroAccess rootkit under the microscope | ICT Security-Sécurité PC et Internet | Scoop.it
From nakedsecurity.sophos.com - April 11, 2012 11:04 AM
The ZeroAccess rootkit is quickly becoming one of the most widespread malware threats. SophosLabs' James Wyke takes a look at how ZeroAccess works and what its ultimate goal is.
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Researchers hack into newest Firefox with zero-day flaw

Researchers hack into newest Firefox with zero-day flaw | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - March 9, 2012 7:21 PM
The exploit was triggered against a use-after-free vulnerability in the open-source browser and successfully evaded DEP and ALSR, two anti-exploit mit...
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Critical Windows 7 zero-day vulnerability could lead to iFrame attacks

Critical Windows 7 zero-day vulnerability could lead to iFrame attacks | ICT Security-Sécurité PC et Internet | Scoop.it
From searchsecurity.techtarget.com - December 21, 2011 8:42 AM
Learn critical information about a warning of a highly dangerous memory corruption zero-day vulnerability from a clearinghouse Secunia. This weakness could be targeted by attackers.
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Targeted emails exploit new Acrobat Reader vulnerability | Naked Security

Targeted emails exploit new Acrobat Reader vulnerability | Naked Security | ICT Security-Sécurité PC et Internet | Scoop.it
From nakedsecurity.sophos.com - December 10, 2011 4:06 AM
Attackers are taking advantage of the latest zero-day vulnerability in Adobe's Reader software sending malicious attachments to specific targets.
more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn