La veille Sécurité (23 avril 2017) – Chrome, Firefox et Opera vulnérables à une attaque de phishing indétectable et les Shadow Brokers retrouvent la trace de Stuxnet

• Le bruit ambiant comme aide à l’authentification

  « Des chercheurs suisses ont découvert un moyen original pour s’authentifier : le bruit ambiant. Une application a été créée pour le mettre en oeuvre. »

  tags:Sécurité authentification

• Shadow Brokers data dump reveals yet another NSA-Stuxnet link

  « As days passed, other discoveries were made, and the latest one is yet another that links the Equation Group to the NSA: the dump contains a script (effectively a tool) that has been used to deploy the Stuxnet worm. »

  tags:Sécurité Shadow Brokers malware nsa

• Cybercrime ring dismantled with Europol’s support

  « A joint investigation by Spanish and British law enforcement authorities, coordinated by Europol and its Joint Cybercrime Action Taskforce (J-CAT), has resulted in the dismantling of an international cybercrime group involved in the design, development and selling of sophisticated software tools to render all types of malicious malware  infecting thousands of computers worldwide undetectable by security products. »

  tags:Sécurité Europol EC3 cybercriminalité

• Homeland Security warns of ‘BrickerBot’ malware that destroys unsecured internet-connected devices

  « Reminiscent of the Mirai botnet that brought down large swathes of the US internet last year, this new malware targets poorly secured Internet of Things devices and renders them useless. »

  tags:Sécurité IoT malware

• Chrome, Firefox, and Opera Vulnerable to Undetectable Phishing Attack

  « Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register and pass fake domains as the websites of legitimate services, such as Apple, Google, eBay, and others. »

  tags:Sécurité Google-Chrome firefox Opera faille phishing

• IHG data breach expands, affecting over 1,000 hotels

  « The data breach was first revealed in December, according to Krebs on Security. Fraud experts detected a pattern of a widespread credit card breach at IHG properties, but IHG claimed in February that the breach was limited to about a dozen properties. »

  tags:Sécurité hacking hotel

• SWIFT: System Unaffected Following Shadow Brokers Leak

  « SWIFT said yesterday that there are no signs of foul play in its network or messaging systems following last week’s data dump by the Shadow Brokers. »

  tags:Sécurité hacking swift Shadow Brokers

• Hotel Card Data Breach Hit 1,200 US Locations

  « InterContinental Hotel Group, the U.K.-based hospitality group which owns and operates brands like Crown Royale and Holiday Inn, recently reported finding malware in 1,200 of its U.S. franchise hotel locations. The malware looks to have been designed to steal guests’ payment card information. »

  tags:Sécurité usa hotel malware

• Swift and EastNets deny hacker claims that NSA infiltrated back doo…

  « Both Swift and EastNets have denied reports that the US National Security Agency accessed a backdoor to the bank network to plant spyware and monitor data traffic from a number of Middle East banks. »

  tags:Sécurité hacking nsa swift

• Russian hacker sentenced to 27 years in US prison

  « The son of a Russian lawmaker has been sentenced to 27 years in a US prison for hacking into retail POS systems and stealing millions of credit card numbers which he then sold on to other crooks. »

  tags:Sécurité russie prison

Posted from Diigo. The rest of my favorite links are here.