Vous êtes ici :   Accueil » RSS - net-security.org
 
Prévisualiser...  Imprimer...  Imprimer la page...
!Introduction
Technique
Outils
Base de connaissances
Visites

 1592090 visiteurs

 4 visiteurs en ligne

Contact

Notre site
griessenconsulting-Tag-Qrcode.png

info@griessenconsulting.ch

ch.linkedin.com/in/thierrygriessenCISA

Neuchâtel, Suisse


Mes coordonées
griessenconsulting-Tag-Vcard-OK.png

Crée votre Code

RSS - net-security.org

Help Net Security


Daily information security news with a focus on enterprise security.


Make-A-Wish website compromised to serve cryptojacking script  Voir?

Visitors of the international website of the US-based non-profit Make-A-Wish Foundation have had their computing power misused to covertly mine cryptocurrency, Trustwave researchers have found. The compromise In-browser cryptomining is not illegal and many website owners prefer using as a money-making substitute for ads, but they usually inform the visitors about it. In the majority of cases, though, covert cryptomining is a sign that cybercrooks have compromised the website, injected their own cryptomining script in … More

The post Make-A-Wish website compromised to serve cryptojacking script appeared first on Help Net Security.

... / ... Lire la suite

(20/11/2018 @ 15:53)

“Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack  Voir?

Cisco Talos researchers have flagged four serious vulnerabilities in TP-Link’s SafeStream Gigabit Broadband VPN Router (TL-R600VPN). All four affect the device’s HTTP server, and can lead to denial of service, information disclosure, and remote code execution. About the vulnerabilities The flaws affect TP-Link TL-R600VPN, hardware versions 2 and 3. Numbered CVE-2018-3948 and CVE-2018-3949, respectively, the flaws that can be exploited for DoS and information disclosure can be triggered via an unauthenticated web request and a … More

The post “Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack appeared first on Help Net Security.

... / ... Lire la suite

(20/11/2018 @ 13:51)

Privacy laws do not understand human error  Voir?

In a world of increasingly punitive regulations like GDPR, the combination of unstructured data and human error represents one of the greatest risks an organization faces. Understanding the differences between unstructured and structured data – and the different approaches needed to secure it – is critical to achieve compliance with the many data privacy regulations that businesses in the U.S. now face. Structured data is comprised of individual elements of information organized to be accessible, … More

The post Privacy laws do not understand human error appeared first on Help Net Security.

... / ... Lire la suite

(20/11/2018 @ 08:00)

66.1% of vulnerabilities published through Q3 2018 have a documented solution  Voir?

There have been 16,172 vulnerabilities disclosed through October 29th, which is a 7% decrease from the high record reported last year at this time. The 16,172 vulnerabilities cataloged through Q3 2018 by Risk Based Security’s research team eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by over 4,800. It’s also worth noting that NVD is still significantly behind in vulnerability scoring and creating the automation component. Vulnerabilities with a CVSSv2 score … More

The post 66.1% of vulnerabilities published through Q3 2018 have a documented solution appeared first on Help Net Security.

... / ... Lire la suite

(20/11/2018 @ 07:45)

Third parties: Fast-growing risk to an organization’s sensitive data  Voir?

The Ponemon Institute surveyed more than 1,000 CISOs and other security and risk professionals across the US and UK to understand the challenges companies face in protecting sensitive and confidential information shared with third-party vendors and partners. According to the findings, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent — up 5 … More

The post Third parties: Fast-growing risk to an organization’s sensitive data appeared first on Help Net Security.

... / ... Lire la suite

(20/11/2018 @ 07:30)

Only 14% have complete organizational awareness of IoT threats  Voir?

86 percent of IT and security decision makers across the globe believe their organization needs to improve its awareness of IoT threats, according to Trend Micro. This significant lack of knowledge accompanies rising threat levels and security challenges related to connected devices, which leaves organizations at great risk. The poll of 1,150 IT and security leaders1 reveals a worrying lack of cybersecurity maturity in many organizations around the world as they deploy IoT projects to … More

The post Only 14% have complete organizational awareness of IoT threats appeared first on Help Net Security.

... / ... Lire la suite

(20/11/2018 @ 07:15)

New security feature to prevent Amazon S3 bucket misconfiguration and data leaks  Voir?

Hardly a week goes by that we don’t hear about an organization leaving sensitive data exposed on the Internet because they failed to properly configure their Amazon S3 buckets. Amazon Web Services, to their credit, are trying to prevent this from happening. For one, all newly created S3 buckets and objects (files and directories in the bucket) are by default private, i.e. not publicly accesible by random people via the Internet. Secondly, changes implemented earlier … More

The post New security feature to prevent Amazon S3 bucket misconfiguration and data leaks appeared first on Help Net Security.

... / ... Lire la suite

(19/11/2018 @ 13:36)

Helping researchers with IoT firmware vulnerability discovery  Voir?

John Toterhi, a security researcher with IoT security company Finite State, believes that many of the security problems plaguing IoT devices are solvable problems through transparency. “Manufacturers who make their firmware public and follow GPL practices are doing themselves a huge favor: by making firmware public, manufacturers are enabling a world-wide network of the best security talent to find bugs, disclose them responsibly, and improve security for their customers. Without this transparency they exclude so … More

The post Helping researchers with IoT firmware vulnerability discovery appeared first on Help Net Security.

... / ... Lire la suite

(19/11/2018 @ 08:20)

Review: Specops Password Policy  Voir?

All who work in the information security industry agree that passwords are one of the worst security nightmares of the modern information security age. Having weak passwords – even as part of a multi-factor authentication scheme – degrades the security posture of an organization. Unfortunately, as passwords scale well, they are still present in practically every organization and even central authentication places like Active Directory. There are multiple security controls, even in core operating systems, … More

The post Review: Specops Password Policy appeared first on Help Net Security.

... / ... Lire la suite

(19/11/2018 @ 08:00)

Remote working may boost productivity, but also leave you vulnerable to attack  Voir?

New flexible working practices could pose a security risk to small businesses, with one in five of employees (21%) stating they are most productive when working in public spaces like a cafe or library, but only 18% concerned with the security implications this could have. SMBs therefore face the challenge of keeping their business secure, all the while adhering to the needs and expectations of the modern workforce, according to Avast. Concerns small business staff … More

The post Remote working may boost productivity, but also leave you vulnerable to attack appeared first on Help Net Security.

... / ... Lire la suite

(19/11/2018 @ 07:45)

Dernière mise à jour : 20/11/2018 @ 17:44