Recherche : [EN] - Cyberveille

How to Assess an E-voting System https://freedom-to-tinker.com/2022/06/27/how-to-assess-an-e-voting-system/

15/07/2022 22:25:29

If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several countries and several U.S. states have offered e-voting to some of their citizens. In many cases they plunge forward without much consideration of whether their e-voting system is really secure, or whether it could be hacked to subvert democracy. It’s not enough just to take the software vendor’s word for it.

The US military wants to understand the most important software on Earth https://www.technologyreview.com/2022/07/14/1055894/us-military-sofware-linux-kernel-open-source/

15/07/2022 22:19:12

Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted

A New Attack Can Unmask Anonymous Users on Any Major Browser https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/

14/07/2022 21:03:17

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/

13/07/2022 21:44:52

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.

Europe’s PegasusGate: Countering spyware abuse https://epthinktank.eu/2022/07/07/europes-pegasusgate-countering-spyware-abuse/

13/07/2022 21:13:19

As civil society and media organisations expose EU Member States' use of the Pegasus commercial spyware, one of the most high-profile spying scandals of recent years is coming to light in Europe.

Retbleed – serious vulnerability discovered in microprocessors https://www.ncsc.admin.ch/retbleed-en

12/07/2022 21:32:11

12.07.2022 - Security researchers from the ETH Zürich have discovered a serious security vulnerability in Intel and AMD microprocessors. The vulnerability, called Retbleed, potentially allows an attacker to access any memory area. Initial countermeasures have already been defined. The NCSC has assigned the internationally valid CVE identifiers for the vulnerability of both manufacturers.

Verified Twitter accounts phished via hate speech warnings https://blog.malwarebytes.com/social-engineering/2022/07/verified-twitter-accounts-phished-via-hate-speech-warnings/

12/07/2022 18:55:28

We take a look at reports that verified Twitter accounts are being targeted by scammers with claims of hate speech.

Predatory Sparrow: Who are the hackers who say they started a fire in Iran? https://www.bbc.com/news/technology-62072480

11/07/2022 20:08:45

Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.

THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices https://www.cybereason.com/blog/threat-alert-raspberry-robin-worm-abuses-windows-installer-and-qnap-devices

11/07/2022 09:53:24

Raspberry Robin involves a worm that spreads over USB devices or shared folders, leveraging compromised QNAP (Network Attached Storage or NAS) devices as stagers and an old but still effective method of using “LNK” shortcut files to lure its victims...

How Conti ransomware group crippled Costa Rica https://www.ft.com/content/9895f997-5941-445c-9572-9cef66d130f5

11/07/2022 07:47:59

Nation struggles in aftermath of president’s refusal to pay to end cyber attack, even as hacking group collapsed

'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang https://www.cnn.com/2022/03/30/politics/ukraine-hack-russian-ransomware-gang/index.html

10/07/2022 22:19:55

As Russian artillery began raining down on his homeland last month, one Ukrainian computer researcher decided to fight back the best way he knew how -- by sabotaging one of the most formidable ransomware gangs in Russia.

Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents https://www.cyberscoop.com/gonjeshke-darande-israel-hackers-iran-steel-hacktivist/

10/07/2022 22:02:04

Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.

Google Let Sberbank-Owned RuTarget Harvest User Data for Months https://www.propublica.org/article/google-russia-rutarget-sberbank-sanctions-ukraine

09/07/2022 18:43:48

The internet giant may have provided Sberbank-owned RuTarget with unique mobile phone IDs, IP addresses, location information and details about users’ interests and online activity.

This Is the Code the FBI Used to Wiretap the World https://www.vice.com/en/article/v7veg8/anom-app-source-code-operation-trojan-shield-an0m

08/07/2022 22:40:04

Motherboard is publishing parts of the code for the Anom encrypted messaging app, which was secretly managed by the FBI in order to monitor organized crime on a global scale.

Cybersecurity experts question Microsoft's Ukraine report https://www.cyberscoop.com/cybersecurity-experts-question-microsofts-ukraine-report/

08/07/2022 09:12:07

Leading cybersecurity experts and foreign policy scholars raise serious questions and concerns about Microsoft's report on the Ukraine war.

After invasion of Ukraine, a reckoning on Russian influence in Austria https://www.washingtonpost.com/national-security/2022/07/05/austria-russia-infuence/

07/07/2022 21:05:57

“Polizei!” barked the officers who stormed a third-floor apartment in the Austrian capital, moving to intercept a thickset man standing near a kitchen nook. The suspect — a long-serving official in Austria’s security services — sprang toward his cellphone and tried to break it in two, according to Austrian police reports.

China Police Database Was Left Open Online for Over a Year, Enabling Leak https://www.wsj.com/articles/china-police-database-was-left-open-online-for-over-a-year-enabling-leak-11657119903

07/07/2022 20:52:47

Cybersecurity experts say the error enabled the theft of records of nearly 1 billion people, including senior officials, leading to a $200,000 ransom note.

How a fake job offer took down the world’s most popular crypto game https://www.theblock.co/post/156038/how-a-fake-job-offer-took-down-the-worlds-most-popular-crypto-game

07/07/2022 20:12:14

An engineer’s interest in joining what turned out to be a fictitious company led to March’s $540 million Axie Infinity hack.

Why the Equation Group (EQGRP) is NOT the NSA | xorl %eax, %eax https://xorl.wordpress.com/2022/07/06/why-the-equation-group-eqgrp-is-not-the-nsa/

07/07/2022 19:07:22

I had covered this topic in my 2021 talk “In nation-state actor’s shoes” but after my recent blog post I saw again people referring to the EQGRP as the NSA which is not entirely c…

Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/

07/07/2022 18:45:17

Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine

Liens par page

Filtres