Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another...
ISC Stormcast For Tuesday, November 25th, 2025 https://isc.sans.edu/podcastdetail/9714, (Tue, Nov 25th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Is Your Android TV Streaming Box Part of a Botnet?
Date inconnueOn the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a...
Faire parler l’imprimante
Date inconnueJe ne suis pas très friand de mondanités et j’arrive à échapper à presque toutes les rencontres informelles entre experts de justice et magistrats. Je n’aime pas l’idée de me mettre en valeur pour me vendre, et les conversations sont souvent...
We continue to encounter high-profile vulnerabilities that relate to how URL mapping (or "aliases") interac\|zsh:1: parse error near `&' ts with URL-based access control. Last week, we wrote about the Oracle Identity Manager vulnerability. I...
IACR Nullifies Election Because of Lost Decryption Key
Date inconnueThe International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”) and Eurocrypt since the 1980s—had to nullify an online election when...
ISC Stormcast For Monday, November 24th, 2025 https://isc.sans.edu/podcastdetail/9712, (Mon, Nov 24th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
YARA-X 1.10.0 Release: Fix Warnings, (Sun, Nov 23rd)
Date inconnueYARA-X's 1.10.0 release brings a new command: fix warnings. If you have a rule that would generate a warning with a help section (explaining how to fix it), like this example rule: rule FixableCountWarning { strings: $a1 = "malicious" $a2 =...
Wireshark 4.4.1 Released, (Sun, Nov 23rd)
Date inconnueWireshark release 4.6.1 fixes 2 vulnerabilities and 20 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
HTB: Mirage
Date inconnueMirage is an Active Directory DC. I’ll start by finding a domain name in a report on an open NFS server. That name is not registered in DNS, so I’ll register it pointing to my host, and use that to capture NATS credentials. I’ll use those to...
Friday Squid Blogging: New “Squid” Sneaker
Date inconnueI did not know Adidas sold a sneaker called “Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
More on Rewiring Democracy
Date inconnueIt’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good. Some of the book’s forty-three chapters are available online: chapters 2, 12, 28, 34,...
AI as Cyberattacker
Date inconnueFrom Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree—using AI not...
From time to time, it can be instructive to look at generic phishing messages that are delivered to one’s inbox or that are caught by basic spam filters. Although one usually doesn’t find much of interest, sometimes these little excursions into...
ISC Stormcast For Friday, November 21st, 2025 https://isc.sans.edu/podcastdetail/9710, (Fri, Nov 21st)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Quickpost: Power Requirements Of A Keylogger
Date inconnueI did some tests with a Keelog keylogger, the AirDrive Forensic Keylogger: I wanted to find out how much power that keylogger requires. This is my test setup: This is the USB keyboard The USB cable of the keyboard is plugged into the USB breakout...
Mozilla Says It’s Finally Done With Two-Faced Onerep
Date inconnueIn March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity...
Cybersécurité assistée par IA
Date inconnueSi vous avez une machine de gamer (ou une machine de minage ^^) et que vous êtes autorisés à mener des tests de sécurité informatique sur un site web donné, alors cet article peut vous intéresser. J’insiste quand même sur l’aspect autorisation :...
Oracle Identity Manager Exploit Observation from September (CVE-2025-61757), (Thu, Nov 20th)
Date inconnueSearchlight Cyber today released a blog detailing CVE-2025-61757, a vulnerability they reported to Oracle. Oracle released a patch for the vulnerability as part of its October Critical Patch Update, which was released on October 21st. Based on...
Scam USPS and E-Z Pass Texts and Websites
Date inconnueGoogle has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a...
Aucun article de sécurité disponible