Technologie : La raison ? Manque de temps et manque de gouvernance sur la sécurité des projets open-source. Avec des conséquences lourdes évidemment sur la logique de DevOps. Les failles de sécurité liées aux projets de sécurité open-source sont en augmentation. La raison ? Un manque de temps mis à la […]
Haythem Elmir
Research confirms rampant sale of SSL/TLS certificates on darkweb
A study conducted by academics discovered that SSL and TLS certificates and associated services can be easily acquired from dark web marketplaces. A study sponsored by Venafi and conducted by researchers from Georgia State University in the U.S. and the University of Surrey in the U.K. discovered that SSL and TLS certificates and associated […]
Authentification Le W3C finalise la norme Web Authentication (WebAuthn)
Technologie : WebAuthn est déjà pris en charge sur Windows 10, Android, Chrome, Edge, Firefox, et bientôt sur Safari. Le World Wide Web Consortium (W3C), l’organisation à l’origine de toutes les normes du Web, a officiellement promu l’API Web Authentication au titre de norme officielle du Web. Cette promotion signifie […]
90% des CMS piratés sont des sites WordPress
Sécurité : Les possesseurs de sites WordPress sont des cibles pour les pirates, et doivent donc à veiller à la sécurité de leur CMS, le plus attaqué en 2018. Les sites d’e-commerce sont souvent de mauvais élèves et tardent à déployer les correctifs. Environ 90% de tous les systèmes de […]
[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users
Over the last few days, a new ransomware campaign infected several users around the world as part of the #OpJerusalem campaign. SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate […]
New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild
You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google’s Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the […]
Phishers shift efforts to attack SaaS and webmail services
There was some good news and some bad news for the Internet-using public in early 2019. The good news is that the total number of conventional, spam-based phishing campaigns declined as 2018 came to a close, while the bad news is that users of software-as-a-service (SaaS) systems and webmail services […]
Google Launches Backstory — A New Cyber Security Tool for Businesses
Google’s one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats. Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on […]
Un hacker algérien pirate le site officiel du FLN pour y laisser un message
Un hacker algérien a piraté le site internet officiel du parti Front de Libération National (FLN) et a laissé un message des plus émouvant en langue anglaise. « Laissez-nous tranquilles ! Laissez l’Algérie tranquille ! », « Nous accordons le pardon », a-t-il conclu. « Leave us alone! Leave Algeria alone!… We forgive », a écrit […]
The Wireshark Foundation released Wireshark 3.0.0
The Wireshark Foundation released Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The Wireshark Foundation announced the release of Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The new version addresses several bugs and introduces tens of new features, it also improved existing features. The most important changes […]