Cyberveille

How to Assess an E-voting System https://freedom-to-tinker.com/2022/06/27/how-to-assess-an-e-voting-system/

15/07/2022 22:25:29

If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several countries and several U.S. states have offered e-voting to some of their citizens. In many cases they plunge forward without much consideration of whether their e-voting system is really secure, or whether it could be hacked to subvert democracy. It’s not enough just to take the software vendor’s word for it.

The US military wants to understand the most important software on Earth https://www.technologyreview.com/2022/07/14/1055894/us-military-sofware-linux-kernel-open-source/

15/07/2022 22:19:12

Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted

A New Attack Can Unmask Anonymous Users on Any Major Browser https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/

14/07/2022 21:03:17

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

En Suisse, les Tesla filmant en permanence posent de gros problèmes https://www.letemps.ch/economie/suisse-tesla-filmant-permanence-posent-gros-problemes

14/07/2022 18:18:45

Francine Jeanprêtre, ancienne conseillère nationale et conseillère d’Etat vaudoise, a été dénoncée à la police après avoir été filmée par une Tesla qu’elle aurait endommagée sur un parking. Selon les autorités fédérales, cette pratique est illégale

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/

13/07/2022 21:44:52

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.

Europe’s PegasusGate: Countering spyware abuse https://epthinktank.eu/2022/07/07/europes-pegasusgate-countering-spyware-abuse/

13/07/2022 21:13:19

As civil society and media organisations expose EU Member States' use of the Pegasus commercial spyware, one of the most high-profile spying scandals of recent years is coming to light in Europe.

Russia, Killnet ha dichiarato guerra ai paesi che sostengono l'Ucraina https://www.wired.it/article/russia-ucraina-attacchi-hactivisti-paesi-occidentali-killnet-xaknet/

13/07/2022 19:36:10

Negli ultimi mesi il gruppi cyber e altre organizzazioni vicine al governo del paese hanno tempestato di attacchi i siti delle nazioni che si sono schierati a favore di Kiev

Retbleed – serious vulnerability discovered in microprocessors https://www.ncsc.admin.ch/retbleed-en

12/07/2022 21:32:11

12.07.2022 - Security researchers from the ETH Zürich have discovered a serious security vulnerability in Intel and AMD microprocessors. The vulnerability, called Retbleed, potentially allows an attacker to access any memory area. Initial countermeasures have already been defined. The NCSC has assigned the internationally valid CVE identifiers for the vulnerability of both manufacturers.

Verified Twitter accounts phished via hate speech warnings https://blog.malwarebytes.com/social-engineering/2022/07/verified-twitter-accounts-phished-via-hate-speech-warnings/

12/07/2022 18:55:28

We take a look at reports that verified Twitter accounts are being targeted by scammers with claims of hate speech.

Predatory Sparrow: Who are the hackers who say they started a fire in Iran? https://www.bbc.com/news/technology-62072480

11/07/2022 20:08:45

Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.

THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices https://www.cybereason.com/blog/threat-alert-raspberry-robin-worm-abuses-windows-installer-and-qnap-devices

11/07/2022 09:53:24

Raspberry Robin involves a worm that spreads over USB devices or shared folders, leveraging compromised QNAP (Network Attached Storage or NAS) devices as stagers and an old but still effective method of using “LNK” shortcut files to lure its victims...

Identifier les détenteurs de véhicules peut être dangereux, en Suisse comme aux Etats-Unis https://www.letemps.ch/node/1328240

11/07/2022 08:05:08

Aux Etats-Unis, l’identification des propriétaires de voitures via leur plaque d’immatriculation est un secteur commercial à part entière, faisant peser un risque sur les femmes désirant avorter. En Suisse, l’identification à la portée de tous peut aussi poser problème

The Danger of License Plate Readers in Post-Roe America | WIRED https://www.wired.com/story/license-plate-reader-alpr-surveillance-abortion/?bxid=607e80a181fb585c2f062a78&cndid=64722923&esrc=growl2-regGate-1120&mbid=mbid%3DCRMWIR012019%0A%0A&source=EDT_WIR_NEWSLETTER_0_DAILY_ZZ

11/07/2022 08:04:59

Known as ALPRs, this surveillance tech is pervasive across the US—and could soon be used by police and anti-abortion groups alike.

How Conti ransomware group crippled Costa Rica https://www.ft.com/content/9895f997-5941-445c-9572-9cef66d130f5

11/07/2022 07:47:59

Nation struggles in aftermath of president’s refusal to pay to end cyber attack, even as hacking group collapsed

'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang https://www.cnn.com/2022/03/30/politics/ukraine-hack-russian-ransomware-gang/index.html

10/07/2022 22:19:55

As Russian artillery began raining down on his homeland last month, one Ukrainian computer researcher decided to fight back the best way he knew how -- by sabotaging one of the most formidable ransomware gangs in Russia.

Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents https://www.cyberscoop.com/gonjeshke-darande-israel-hackers-iran-steel-hacktivist/

10/07/2022 22:02:04

Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.

Google Let Sberbank-Owned RuTarget Harvest User Data for Months https://www.propublica.org/article/google-russia-rutarget-sberbank-sanctions-ukraine

09/07/2022 18:43:48

The internet giant may have provided Sberbank-owned RuTarget with unique mobile phone IDs, IP addresses, location information and details about users’ interests and online activity.

Il malware EnvyScout (APT29) è stato veicolato anche in Italia https://cert-agid.gov.it/news/il-malware-envyscout-apt29-e-stato-veicolato-anche-in-italia/

09/07/2022 07:00:14

Il malware EnvyScout (APT29) è stato veicolato anche in Italia

This Is the Code the FBI Used to Wiretap the World https://www.vice.com/en/article/v7veg8/anom-app-source-code-operation-trojan-shield-an0m

08/07/2022 22:40:04

Motherboard is publishing parts of the code for the Anom encrypted messaging app, which was secretly managed by the FBI in order to monitor organized crime on a global scale.

Le NIST a choisi ses algorithmes de cryptographie post-quantiques https://www.bortzmeyer.org/nist-pq.html

08/07/2022 09:30:25

Ce mardi 5 juillet 2022, l'organisme de normalisation étatsunien NIST a annoncé qu'il avait choisi les algorithmes de cryptographie post-quantiques qu'il allait maintenant normaliser. Ce sont Kyber pour l'échange de clés et Dilithium pour les signatures.

Liens par page

Filtres