ICT Security-Sécurité PC et Internet

Luxembourg, a tiny country with ONLY 590.667 inhabitants (January 2017) in the heart of Europe and one of the smallest countries in the world, WHERE MOST persons don’t even know where to find it on the map, shows up as an international country well known and recognized for its Cyber Security knowledge, as well as its skills in ICT.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/luxembourg-europe/?tag=Digital+L%C3%ABtzebuerg

Uber sind bereits vor gut einem Jahr Daten von rund 50 Millionen Fahrgästen gestohlen worden. Der Fahrdienst-Vermittler informierte die Öffentlichkeit aber erst am Dienstag über den Vorfall.

Es gehe um Namen, E-Mail-Adressen und Telefonnummern von Nutzern rund um die Welt, erklärte Uber dem Finanzdienst Bloomberg. Außerdem hätten sich die Angreifer auch Zugriff auf Daten von etwa sieben Millionen Uber-Fahrern verschafft.

Es seien aber keine Kreditkarten-Daten oder Informationen zu Fahrten gestohlen worden, betonte die Firma.

Uber räumte nun ein, dass über die Attacke weder Behörden noch Betroffene informiert worden seien. Stattdessen seien den Hackern 100.000 Dollar (rund 85.000 Euro) bezahlt worden, damit sie die gestohlenen Daten vernichten.

„Nichts davon hätte passieren dürfen“

Uber gehe davon aus, dass die Informationen nicht verwendet worden seien, hieß es. Die Hacker seien durch eine schlecht geschützte Datenbank an die Daten gekommen. Der Uber-Sicherheitschef Joe Sullivan wurde diese Woche entlassen, wie Uber weiter mitteilte.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Uber concealed a hack that affected 57 million customers and drivers, the company has confirmed.

The 2016 breach was hidden by the ride-sharing firm which paid hackers $100,000 (£75,000) to delete the data.
The company's former chief executive Travis Kalanick knew about the breach over a year ago, according to Bloomberg, which first broke the news.

The hackers found 57 million names, email addresses and mobile phone numbers, Uber said.
Within that number, 600,000 drivers had their names and license details exposed. A resource page for those affected has been set up.

Drivers have been offered free credit monitoring protection, but per Uber's statement, affected customers will not be given the same.
"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," Uber's chief executive Dara Khosrowshahi said.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Le cabinet d’audit Deloitte a annoncé avoir été victime d’une attaque informatique ayant visé l’un des serveurs de mails utilisés pour échanger avec ses clients. Plus de 240.000 emails d’employés auraient été potentiellement affectés par l’attaque.

Dans sa communication, la société confirme le piratage annoncé par le Guardian, mais explique que le nombre de victimes est une « fraction » des chiffres avancés dans les médias. Pour l’instant, la portée réelle de l’attaque et le nombre de sociétés touchées restent donc impossibles à déterminer : Deloitte doit sûrement avoir une petite idée, vu que ses équipes enquêtent discrètement sur l’affaire depuis maintenant six mois.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

Which countries afford their citizens the most & least internet freedom? Where are ransomware, DDoS attacks & the cost of cyber crime highest and lowest?

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Infographic

ENISA’s Threat Landscape 2016 (ETL 2016) released today is the fifth consecutive yearly report summarizing the top cyber threats encountered in 2016.

Le bilan comptable a parlé. Android se positionne à la première place pour le nombre de vulnérabilités de sécurité référencées en 2016.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet

Am Tag nach dem mutmaßlichen Anschlag auf einen Berliner Weihnachtsmarkt ist das Hinweisportal des Bundeskriminalamts mehr als zwei Stunden durch einen DDoS-Angriff lahmgelegt worden. Inzwischen ist es wieder erreichbar.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=BKA

Kurz nach dem Anschlag in Berlin bat die Polizei Augenzeugen, Fotos und Videos auf einem speziellen Hinweisportal hochzuladen. Dieses wurde nun lahmgelegt, wie das Bundeskriminalamt der ARD bestätigte. Die Angreifer gingen professionell vor. Von Matthias Deiß.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cyberattacks

Russian hackers are stealing between $3 million to $5 million per day from US brands and media companies in one of the most lucrative botnet operations ever discovered.

On December 20, researchers from White Ops said the scheme, dubbed "Methbot," is a Russian operation set up to watch up to 300 million video-based adverts automatically every day.

These adverts, displayed on legitimate domains owned by companies including the Huffington Post, Economist, Fortune, ESPN, Vogue, CBS Sports, and Fox News, are used to generate additional revenue through advertising sponsors which help keep these businesses afloat.

However, White Ops says Methbot capitalizes on this revenue generation by targeting the most expensive advertising on the web -- such as full-blown video adverts on branded websites -- and is programmed to show signs of "engagement" to fool ad providers into thinking the content is being watched legitimately.

Faked clicks, mouse movements, social network login information, and typical "working hours" are all methods to keep the operation under wraps.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=cybercrime

The records of more than one billion Yahoo users, secretly stolen from the site in 2013 but only brought to the world's attention this month...

The records of more than one billion Yahoo users, secretly stolen from the site in 2013 but only brought to the world’s attention this month, have reportedly been sold on the computer underground.

InfoArmor’s Andrew Komarov told the New York Times that his firm has uncovered that the valuable data has been sold to three buyers – “two known spammers and an entity that appeared more interested in espionage”, the paper reports – for about US $300,000 each.

That means, if you are an affected Yahoo user, that personal information (including your backup email addresses, security questions & answers, and – potentially – passwords) are in the hands of criminals.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

http://www.scoop.it/t/securite-pc-et-internet/?tag=Yahoo..

Un chercheur en sécurité du nom de Donncha O'Cearbhaill annonce avoir découvert des vulnérabilités critiques, notamment CVE-2016-9949 et CVE-2016-9950, dans le système d'exploitation Ubuntu de Linux. Ces failles ont été localisées au niveau de l'outil en charge du reporting des bogues identifiés dans le système. Donncha O'Cearbhaill soutient que lesdites vulnérabilités affectent toutes les versions d'Ubuntu 12.10 et supérieures.Selon l'expert en sécurité, une exploitation réussie de ces failles...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Linux

Following in the footsteps of other major browser makers, Microsoft announced plans to enable Click-to-Run functionality for Flash-based content in the next public release of its default web browser for Windows 10.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Flash-Player-Vulnerabilities

Bloomberg reports on what seems to be a security scandal at Uber.

The ride-sharing firm concealed the theft of personal information related to 57 million customers and drivers, and rather than inform the concerned parties "paid hackers $100,000 to delete the data and keep the breach quiet."

The hack which Uber says is said to have happened in October 2016, and included the names, email addresses and phone numbers of 50 million Uber customers across the globe.

Bloomberg has the skinny on how the hack occurred, and it doesn't portray Uber in a good light, being the latest example of careless developers leaving internal login passwords lying around online:

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

Joe Sullivan, Uber's chief security officer (and at one time the main security honcho at Facebook), spearheaded the company's response to the breach alongside one other employee. Both are said to have left their positions at Uber this week.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Uber concealed a massive data breach for more than a year, according to a report by Bloomberg.

Hackers stole names, email addresses, and phone numbers of 57 million Uber riders around the world in a breach dating back to October 2016. Data on more than 7 million drivers was also stolen, including over 600,000 drivers' license records.

Trip records, location data, and social security numbers were not stolen in the breach, the company said.

But instead of alerting users of the breach, the company paid the hackers $100,000 to delete the data and to keep details of the breach quiet.

The company confirmed the breach, in a lengthy statement posted on Tuesday.

"As Uber's CEO, it's my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of," said Dara Khosrowshahi. "For that to happen, we have to be honest and transparent as we work to repair our past mistakes."

According to Bloomberg, two hackers broke into a private GitHub repo used by Uber software engineers, and were able to gain access to an Amazon Web Services account that handled and controlled tasks by the ride-sharing service. The hackers found a trove of rider and driver data, downloaded it, and reportedly emailed the company demanding money.

Uber has said, however, that individual riders do not need to take "any action," following the announcement.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Deloitte, one of the world's biggest accounting, auditing, and corporate finance consulting firms, has suffered a data breach.

Third hack at a financial institution this month

The company is one of the so-called "Big Four" accounting firms, together with Ernst & Young, KPMG, and PricewaterhouseCoopers. The Big Four provide accounting and other financial services to almost all major businesses across the globe.

The Deloitte hack is the third security breach at a major financial agency this month alone, after similar incidents at Equifax and the US Securities and Exchange Commission (SEC).

Entwarnung aufgrund sinkender Malware-Zahlen? Weit gefehlt. Denn die Formel der 2016 neu entwickelten Angriffsstrategien lautet: Klasse statt Masse! Ob mit immer ausgefeilterer Ransomware wie WannaCry oder aktuell Petya sowie Banking-Trojanern oder durch gezielte Attacken auf das quasi ungeschützte Internet der Dinge: Cyberkriminelle sind technisch auf Höhe der Zeit – und im Bereich IoT sogar deutlich weiter.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/

The number of malicious installation packages found striking mobile devices more than tripled in 2016 resulting in almost 40 million attacks by malicious mobile malware, according to Kaspersky Labs.

Kaspersky's Mobile Malware Evolution 2016 report noted several trends that exploded last year, including the overall growth of mobile malware with 8.5 million malicious installation packages detected and the continued rapid development of mobile banking trojans with 128,886 being spotted. In addition, there were 261,214 non-banking mobile trojans found.
“As a comparison, from 2004 to 2013 we detected over 10,000,000 malicious installation packages; in 2014 the figure was nearly 2.5 million,” said Kaspersky Labs researcher Roman Unuchek, noting the number of attacks increased dramatically staring in late June – a trend that lasted through the end of the year.

One reason behind the large number of attacks is the fact that most smart phones and other mobile devices either receive no or late operating system updates leaving the device vulnerable to attack, particularly to the number one threat of 2016, advertising trojans that exploit super-user rights.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Mobile-Security

The U.S. Energy Department says the electricity system "faces imminent danger" from cyber-attacks, which are growing more frequent and sophisticated, but grid operators say they are already on top of the problem.

In the department’s landmark Quadrennial Energy Review, it warned that a widespread power outage caused by a cyber-attack could undermine "critical defense infrastructure" as well as much of the economy and place at risk the health and safety of millions of citizens. The report comes amid increased concern over cybersecurity risks as U.S. intelligence agencies say Russian hacking was aimed at influencing the 2016 presidential election.

"Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency," it said in the 494-page report. "The current cybersecurity landscape is characterized by rapidly evolving threats and vulnerabilities, juxtaposed against the slower-moving deployment of defense measures."

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/

Hacker haben sich Zugang in das Computersystem der OSZE verschafft. Vermutungen, dass eine russische Gruppe dahinter steckt, nannte eine Sprecherin der Organisation Spekulation.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cyberattacks

Pour 2017, Trend Micro prévoit que les cybercriminels intensifieront leurs attaques à partir des vulnérabilités logicielles d'Adobe et Apple.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/

Le système de rapport de bugs d’Ubuntu était touché par des failles. Des vulnérabilités promptement corrigées par les développeurs.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Linux

A hacker who phished the login credentials of LA County employees is believed to have compromised the personal data of over 750,000 people.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Online training sitey Lynda.com has suffered a security incident which saw a user database accessed by unauthorised parties.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Emsisoft lässt Sie auch in der Weihnachtszeit nicht im Stich: Mit unserer Aufstellung der zwölf häufigsten Weihnachtsbetrügereien zeigen wir Ihnen, worauf Sie...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Naivety