business analyst

A major security flaw in Dell’s firmware updating and operating recovery software, BIOSConnect, potentially exposes tens of millions of devices that Dell preinstalled it on.

BleepingComputer reported on Thursday that researchers with security firm Eclypsium discovered a flaw in BIOSConnect, which is part of Dell’s standard SupportAssist software and updates the firmware on a computer’s system board, that could allow attackers to remotely execute malicious code. In a report, the researchers wrote that the vulnerability was so severe it could “enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls,” which would give them control “over the most privileged code on the device.”

There are four separate vulnerabilities, one of which involves insecure connections between a BIOS being updated and Dell’s servers that allow an attacker to redirect the machine to a maliciously modified update package. The remaining three are classified as overflow vulnerabilities. Eclypsium rated the bugs as severe security threats.

Learn more / En savoir plus / Mehr erfahren: 

https://www.scoop.it/topic/securite-pc-et-internet

On pourrait croire que depuis les scandales liés à Superfish et Edellroot, les fabricants d’ordinateurs ont renforcé les contrôles sur les logiciels préinstallés vendus avec leurs machines. Mais si l’on croit les chercheurs des équipes de Duo Security, la lutte contre les bloatwares n’est pas prête de se terminer.

Rappelons que les constructeurs proposent effet tous leurs machines avec des logiciels préinstallés, généralement qualifiés de bloatware ou crapware. Ces utilitaires à l’utilité parfois relative permettent généralement de contrôler l’état de la machine ou proposent certains services annexes à l’utilisateur.

L’étude menée par Duo Security porte sur une dizaine de machines achetées dans le commerce auprès de différents constructeurs : Lenovo, Dell, HP ainsi que Acer et Asus. Toutes sont livrées avec des logiciels préinstallés, que les chercheurs ont analysés afin de déterminer lesquels pouvaient présenter des failles de sécurité.

La conclusion est sans appel « Tous les constructeurs livraient leurs machines avec un logiciel présentant au moins une faille de sécurité permettant à une attaque de type man in the middle d’exécuter du code sur la machine avec un haut niveau de privilège » expliquent ainsi les chercheurs dans un post de blog.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Bloatware

La CNPD prévient d’une fuite de données d’une grande envergure au départ des jouets VTech, en raison d’une faille de sécurité. 9.204 profils sont touchés pour le Grand-Duché. Mode d’emploi pour les parents concernés.

La protection des données et, à l’inverse, les fuites possibles en cas de lacune des installations informatiques peuvent prendre des proportions importantes. La Commission nationale de protection des données (CNPD) indique en effet mercredi soir, dans un communiqué commun avec Securitymadein.lu, qu’une importante fuite de données a été détectée auprès de la société VTech.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Vtech

 http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

If you're an avid video gamer, chances are that you know of Epic Games. They're the developers of popular games such as Infinity Blade, Gears of War, Unreal Tournament… and – if you’re as old as me – you might even remember their founder Tim Sweeney’s classic DOS era shareware gameZZT.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Phishing

Experts believe nations, rogue groups, and malicious individuals will step up their assaults on communications networks, targeting institutions, financial services agencies, utilities, and consumers over the next decade. Many also predict effective counter moves will generally contain the damage.

Learn more:

- https://gustmees.wordpress.com/2012/10/11/learning-basics-of-cyber-security-by-easy-to-follow-steps/

- https://gustmees.wordpress.com/2012/11/29/cyber-hygiene-ict-hygiene-for-population-education-and-business/

- https://gustmees.wordpress.com/2015/01/28/practice-learning-to-learn-example-2/

Ransomware developers have continued to evolve the sophistication of their malware by utilizing several levels of encryption, using the online anonymizer Tor for command and control (C&C) communications, employing droppers that use multiple exploits to infect targeted systems, and including anti-vm and anti-emulation functionalities which obfuscate the malware when sandboxed.

Now it appears they are also shifting their tactics and targets, as security researchers have detected several instances where ransomware operators are specifically targeting businesses as opposed to individuals by infiltrating websites and encrypting databases and auxiliary data backups, dubbing the attacks “RansomWeb.”

“We are probably facing a new emerging threat for websites that may outshine defacements and DDoS attacks. RansomWeb attacks may cause unrepairable (sic) damage, they are very easy to cause and pretty difficult to prevent,” said Ilia Kolochenko.

“Days when hackers were attacking websites for glory or fun are over, now financial profit drives them. The era of web blackmailing, racket and chantage is about to start.”

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=RANSOMWARE

Learn more:

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

- http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

This video provides an in depth look at web browsers, how they are utilized and the security concerns that go along with their usage. At the end of the video...

Learn more:

- https://gustmees.wordpress.com/

- https://gustmeesen.wordpress.com/

- https://gustmeesfr.wordpress.com/

Security researchers have released a report examining a social engineering operation designed to trick admins into installing backdoor malware called CrytoPHP by way of of tainted CMS plugins and themes for WordPress, Joomla and Drupal.

The attackers lure targets into publishing the pirated themes and plugins by providing them for free, offerings that usually incur a fee for use.

“After being installed on a webserver the backdoor has several options of being controlled which include command and control server communication, mail communication as well as manual control,”the researchers revealed.

Learn more:

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

- http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

Moreover, the team claims that the issue is present even on handsets and tablets that do not run under the affected platform iteration itself. 

They note that 273 applications in Google Play were found to be bundled with the standalone affected OpenSSL library, thus being vulnerable on any device on which they are installed.

“In this list, we see last year’s most popular games, some VPN clients, a security app, a popular video player, an instant message app, a VOIP phone app and many others,” the TrendLabs notes in the aforementioned blog post. 

Learn more:

• http://www.scoop.it/t/securite-pc-et-internet/?tag=Heartbleed

Tous les appareils utilisant la norme Bluetooth 4.0 à 5.0 sont vulnérables. Les correctifs ne sont pas disponibles pour l'heure.

Les organisations à l'origine de la technologie sans fil Bluetooth viennent de publier des conseils sur la manière dont les vendeurs d'appareils peuvent atténuer une nouvelle attaque contre les appareils compatibles Bluetooth. Nommée BLURtooth, il s'agit d'une vulnérabilité dans un composant de la norme Bluetooth nommé Cross-Transport Key Derivation (CTKD).

Ce composant est utilisé pour configurer les clés d'authentification lors de l'appairage de deux appareils compatibles Bluetooth. Ce composant fonctionne en établissant deux jeux de clés d'authentification différents pour la norme Bluetooth Low Energy (BLE) et la norme Basic Rate/Enhanced Data Rate (BR/EDR). Le rôle du CTKD est de préparer les clés et de laisser les appareils jumelés décider quelle version de la norme Bluetooth ils veulent utiliser. La fonction "bi-mode" de Bluetooth est la principale utilité de ce système.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=BLURtooth

Can you join the IoT craze without having your devices turned against you? Here are 7 tips for protecting yourself...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

Des chercheurs de Check Point ont identifié de nouvelles vulnérabilités dans les dispositifs Android. Certifi-gate permet à des hackers de prendre le contrôle d'un appareil.

Face it. The Internet is a hostile place for your reputation and your brand; whether that is personal, corporate or government. The control and management of your cyber security, reputation management; and social media appearance start and end with you.

Learn more:

- https://gustmees.wordpress.com/2014/03/29/practice-learning-to-learn/

- https://gustmees.wordpress.com/2015/01/28/practice-learning-to-learn-example-2/

- https://gustmees.wordpress.com/2014/10/03/design-the-learning-of-your-learners-students-ideas/

- https://gustmees.wordpress.com/2014/07/10/education-collaboration-and-coaching-the-future/

Around 16 million mobile devices worldwide was hit by malware as at the end of 2014, while attacks on communications networks rose during the year, according to new research by Alcatel-Lucent.

.

Less than 1 percent of infections came from iPhone and Blackberry smartphones. Although, new vulnerabilities, such as the 'Find My iPhone' exploit discovered last year, have emerged in the past 12 months, showing that they are not immune from malware threats.

The Federal Trade Commission (FTC) is aware we live in a connected world. Americans wear Fitbits, have Nest thermostats, use automated light systems from companies like Belkin and Philips, even have televisions that predict what they want to watch. But in a new report, the FTC has a warning: Existing privacy regulations don’t really cover the Internet of Things, and the Commission doesn’t really trust device manufacturers to do the right thing—or even be aware of the risks of collecting all that data.

In a staff report issued this week, the FTC warned that makers of connected health, home, and transportation devices could potentially leave their users vulnerable to data hacks. Most of all, the FTC is concerned that private information will be used to jack up users' insurance rates or deny them access to loans.

Learn more:

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=wearables

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

- http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

उत्तर प्रदेश और किसान :

उत्तर प्रदे‌श राज्य के लिए राजनितिक सर्वे मे हमने पाया है कि अब तक उत्तर

प्रदेश में ज्यादा विकास नही हो पाया है| जैसे: कृषि,शिक्षा,उधोग आदि क्षैत्र में|

यह राज्य कृषि उत्पादन मे भारत मे सर्व श्रेठ है| यहाँ की भूमि बहुँत उपजाऊ है

जिससे हमे बहुँत फसल प्राप्त होती है जैसे गैहू, धान ,सरसो ,दाले आदि| जिनहे

हम विदेश में निर्यात करे तो अच्छा धन कमा सकते हैं पर इस राज्य में शासन

करने वाले इसे कम कीमत पर खरीद कर अच्छी कीमत पर बेच देते है | लाभ

राशि यहाँ के लोग नही बल्कि यहाँ की भ्रष्ट सरकार की साहयता से पूंजीपति उठा

लेते है

जिस्से किसान अच्छी कीमत नही कमा पाते है और किसान आर्थिक रूप से ग्रस्त

होते जा रहे है

उत्तर प्रदेश की इन सभी कमियो को मध्यनजर रखते हुए भारतीय जनता पार्टी

विकास के लिए कुछ जरूरी कदम उठाएगी |

1. सभी किसानो के लिए कृषि धन योजना खाते खोले जाएँगे | जिससे वह

गन्ना अदि फसल का भुगतान अपने खाते में पा सकते है |

2. किसानो के लिए लोन की सुविधा कम दर पर रखी जाएंगी | जिस्से वह

ज्यादा समय में आसानी से चुका सके |

3. फसल के बारे मे शिक्षा प्रदान करने के लिए कृषि विशेषज्ञयो को भेजा जाय

जाएंगा |

4. शिक्षा का स्तर बाल व बालिकाओ का निगमन साक्षरता की ओर होगा

जिस्मे नए प्राइमरी व इंटर तक के स्कूल खोले जायंगे |

5. सभी व्यावसायिक को व्यवसाय प्रदान किये जायंगे वो भी एक अच्छी प्रति

दिन कीमत पर |

6. उत्तर प्रदेश वासियों को कम यूनिट दर पर बिजली परदान की जाएगी |

संजय सिंह जी को भारतीय जनता पार्टी दुआर जेवर छेत्र के लिए चुने गये है

जो इस छेत्र मे काफी सुधार करने के इच्छुक है |

1. किसानो का गन्ना तथा आदि कृषि सम्बन्धी मुद्दा सुलझेंगे |

2. किसानो को आर्थिक सहायताए देंगे |

3. जेवर में सड़क सम्बन्धि तथा आदि कार्य कराएंगे |

Gartner predicts 250 million connected vehicles with automated driving capabilities by 2020

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

- http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Quantum

- http://www.scoop.it/t/securite-pc-et-internet/?tag=cyberwar

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TAO

Take a below-the-surface look at Deloitte's 2015 Analytics Trends report.

Learn more:

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

- http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

A new year begins at midnight and Threatpost highlights seven things you're bound to contend with in 2015.

===> Forewarned is Forearmed!!! <===

How many of these hacker personas are you dueling with in your organization?

In most cases "DUELING" is not the word I would use!

Top...

Des ingénieurs en informatique ont décidé de résoudre ce problème et ont développé un outil permettant aux concepteurs de hardware de tester la sécurité des appareils électroniques de l’IoT.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things