Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet
|
Scooped by
Gust MEES
|
If you've been experiencing Tor network connectivity and performance issues lately, you're not the only one since many others have had problems with onion and i2p sites loading slower or not loading at all.
Tor Project's Executive Director Isabela Dias Fernandes revealed on Tuesday that a wave of distributed denial-of-service (DDoS) attacks has been targeting the network since at least July 2022.
"At some points, the attacks impacted the network severely enough that users could not load pages or access onion services," Fernandes said on Tuesday. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Attackers Are Already Exploiting ChatGPT to Write Malicious Code The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.
Since OpenAI released ChatGPT in late November, many security experts have predicted it would only be a matter of time before cybercriminals began using the AI chatbot for writing malware and enabling other nefarious activities. Just weeks later, it looks like that time is already here.
In fact, researchers at Check Point Research (CPR) have reported spotting at least three instances where black hat hackers demonstrated, in underground forums, how they had leveraged ChatGPT's AI-smarts for malicious purposes. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=ChatGPT
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas.
The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range.
"An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group said. "This may enable unauthorized access to devices in BLE-based proximity authentication systems. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth https://www.scoop.it/topic/securite-pc-et-internet/?&tag=BLURtooth
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.
It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire. It's just a little perplexing the biz went to all the effort of a big write-up and giving the flaws a catchy name, Nimbuspwn, when countless privilege-elevation holes are fixed in its Windows operating system each month, and we can't recall Microsoft lately making this much of a song and dance over them. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
Scooped by
Gust MEES
|
A new Remote Access Trojan (RAT) might have an amusing name to some, but its capabilities show the malware to be no laughing matter.
Dubbed Borat RAT, Cyble Research Labs said in a recent malware analysis that the new threat doesn't settle for standard remote access capabilities; instead, Borat RAT also includes spyware and ransomware functions.
According to the cybersecurity researchers, the Trojan, named after the character adopted by comedian Sacha Baron Cohen, is offered for sale to cybercriminals in underground forums.
Borat RAT has a centralized dashboard and is packaged up with a builder, feature modules, and a server certificate. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=RAT
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.
The risks are substantial as these apps are required for large populations worldwide, allowing hackers an extensive target base.
Digital passports Digital passport apps store proof of a person's COVID-19 vaccination status, full name, ID number, date of birth, and other personally identifiable information (PII) encoded in a QR code or displayed directly in the app. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus
|
Scooped by
Gust MEES
|
Scam artists have taken advantage of a contract migration initiative to swindle NFTs out of users in an opportunistic phishing attack.
Last week, NFT marketplace OpenSea announced the rollout of contract migrations and an upgrade to make sure inactive, old NFT listings on Ethereum expire safely and to allow OpenSea to "offer new safety features in the future."
The contract migration timeline was set from February 18 to February 25.
NFT holders are required to make the change, and OpenSea published a guide to assist them. After the deadline, any listings that were not migrated would expire, although they could be re-listed after this window without further fees.
However, an attacker saw an opportunity to cash in. Check Point Research has suggested that phishing emails were sent to users, linking them to fraudulent websites. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
|
A pervasive cyber-espionage group known as Iron Tiger, believed to be out of China, has updated one of its malware frameworks to attack Linux-based systems.
Researchers at Trend Micro recently discovered that Iron Tiger (aka Emissary Panda or APT27) had added new features to its so called SysUpdate malware family, which allows it to infect Linux platforms in addition to Windows. SysUpdate abuses system services, grabs screenshots, browses and terminates processes, retrieves drive information, executes commands, and can find, delete, rename, upload, and download files as well as peruse a victim's file directory. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
Scooped by
Gust MEES
|
As 2022 ended, OpenAI made ChatGPT live to the world. It is an artificially intelligent research and deployment chatbot that interacts through text using realistic human responses. Its deep learning techniques can generate conversations that convince anyone they are interacting with an actual human.
Like opening the jar and releasing the genie, its impact is relatively unknown, but grave intrigue and curiosity surrounded it. How will it be used; how does it work; is it for good or evil? No, this is not the next Terminator sequel…
Its intentions are certainly for positive use, and its articulate responses have led many to claim it as the best chatbot to be released. However, in a short period, ChatGPT has already been linked to cyber threats as cyber-criminals leverage its advanced capabilities for nefarious means. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=ChatGPT
|
Scooped by
Gust MEES
|
ChatGPT est déjà détourné pour écrire des logiciels malveillants Sécurité : L'analyse des discussions sur les forums du dark web montre que des efforts sont déjà en cours pour utiliser le chatbot d'OpenAI afin d'aider à la rédaction de logiciels malveillants. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=ChatGPT
|
Scooped by
Gust MEES
|
Une grave faille de sécurité affecte le noyau Linux Sécurité : La faille de sécurité affecte ksmbd, un serveur SMB intégré au noyau de Linux 5.15, et sa note de gravité avoisine le 10, selon la ZDI.
Joyeux Noël à tous les administrateurs de systèmes Linux ! Et en guise de cadeau : une grave faille de sécurité dans le noyau Linux.
C’est la Zero Day Initiative (ZDI), une société de recherche sur les failles zero-day, qui l’a découverte et annoncée juste avant le réveillon.
Cette vulnérabilité pourrait permettre à un attaquant à distance authentifié de divulguer des informations sensibles et d’exécuter du code sur les versions vulnérables du noyau Linux.
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.
Last month, BleepingComputer spoke to a threat actor who said that they were able to create a list of 5.4 million Twitter account profiles using a vulnerability on the social media site.
This vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. The threat actor then used this ID to scrape the public information for the account. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Twitter
|
Scooped by
Gust MEES
|
Zukünftig soll es möglich sein, sich von all seinen Geräten aus sicher und ohne Passwort bei Online-Diensten anzumelden, verspricht die Allianz für Fast IDentity Online (FIDO). Bei der Synchronisierung der FIDO-Identitäten über die Cloud zeichnet sich jetzt ein Paradigmenwechsel ab: Die könnte nämlich Ende-zu-Ende-verschlüsselt erfolgen – also, ohne dass die Cloud-Betreiber Zugriff darauf erhalten. Dazu hat sich nach Apple überraschend jetzt auch Google committet.
Die FIDO hat ein technisch ausgefeiltes Konzept zur Anmeldung bei Internet-Diensten auf Basis von asymmetrischer Kryptografie und Challenge-Response-Verfahren entworfen, das deutlich sicherer als Passwörter und noch dazu komfortabel ist. Um tatsächlich Passwörter ablösen zu können, will man, dass der Anwender zukünftig seine FIDO-Identität auf all seinen Geräten nutzen kann – auf dem Smartphone genauso wie auf dem PC. Dazu muss ein geheimer Schlüssel auf all diese Geräte verteilt werden, was gemäß FIDO über die Infrastruktur der großen Plattform-Provider – also primär Google, Apple und Microsoft geschehen soll. Alle drei haben sich auch bereits dazu bekannt, das umzusetzen. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=FIDO
|
Scooped by
Gust MEES
|
Résultat des courses : vous n'aurez bientôt plus besoin d'un mot de passe pour vous connecter à vos appareils, à des sites web ou à des applications.
Au lieu de cela, votre téléphone stockera un justificatif FIDO appelé "passkey", qui sera utilisé pour déverrouiller votre appareil – et l'ensemble de vos comptes en ligne. Il s'agit d'un dispositif plus sûr qu'un mot de passe, car cette clé est protégée par de la cryptographie et n'est montrée à votre compte en ligne que lorsque vous déverrouillez votre appareil. A contrario, les mots de passe nous rendent vulnérables aux tentatives d’hameçonnage et à nos propres mauvaises habitudes, comme l'utilisation du même mot de passe sur plusieurs comptes. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal.
|
Scooped by
Gust MEES
|
Les malwares mobiles se multiplient sur nos smartphones Sécurité : Les experts en cybersécurité alertent sur une augmentation de 500 % des cyberattaques mobiles. Une flambée qui doit beaucoup à la multiplication des malwares destinés aux smartphones, qu'affectionnent les pirates. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Mobile-Security
|
Scooped by
Gust MEES
|
|
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/securite-pc-et-internet