chirp @minus@nanao.cybtex.fr

« Congress is debating, for a third time, the EARN IT Act (S.1207) - a bill that would threaten encryption, and instead seek to impose universal scanning of messages, photos, and files. » [ https://act.eff.org/action/the-earn-it-act-is-back-seeking-to-scan-us-all/ ] #internet #citizens #threats #informatique

In early May 2023, the Bl00dy #Ransomware gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 » #education #vuln #threats [ https://www.cisa.gov/sites/default/files/2023-05/aa23-131a_joint_csa_malicious_actors_exploit_cve-2023-27350_in_papercut_mf_and_ng_3.pdf ] #informatique

The attack forced the #city of Dallas to take offline the police and fire department's computer-aided dispatch system, the police department's website and the city's website. The city also closed its municipal court's system. The city's development #services, public works, permitting and zoning couldn't take applications or #payments, nor could permits be issued. « It's going to attract law enforcement attention on them. My guess is that #Royal as a brand is going to end after the Dallas incident and the hackers will start a new venture. » ( Brett Callow ) [ https://www.wfaa.com/article/news/local/dallas-ransomware-attack-progress-one-week-later/287-f0af11f2-1c52-4d33-a706-8fdfa1f0e5f1 ] #ransomware #informatique

Afecta ciberataque a cuatro direcciones de la alcaldía de Tulancingo - No habrá servicio en las direcciones de Predial, Catastro, Traslado de Dominio y Ejecución Fiscal [ https://criteriohidalgo.com/regiones/tulancingo/afecta-ciberataque-a-cuatro-direcciones-de-la-alcaldia-de-tulancingo ] #mexico #ransomware #city #threats #informatique

Swedish-Swiss multinational corporation ABB Ltd (global.abb), a leading electrification and automation technology provider, has suffered a #BlackBasta #ransomware attack, reportedly impacting #business operations. « ABB operates more than 40 U.S.-based engineering, manufacturing, research and service facilities with a proven track record serving a diversity of federal agencies including the Department of Defense, such as U.S. Army Corps of Engineers, and Federal Civilian agencies such as the Departments of Interior, Transportation, Energy, United States Coast Guard, as well as the U.S. Postal Service » - « BleepingComputer contacted ABB about the attack, but they declined to comment. » [ https://www.bleepingcomputer.com/news/security/multinational-tech-firm-abb-hit-by-black-basta-ransomware-attack/ ] #usa #suisse #sweden #informatique

Clarification sur le délai (max 72h) auquel sont soumis les éditeurs de logiciels pour informer les utilisateurs d'une vulnérabilité significative ou d'un incident informatique compromettant la sécurité de leur système d'information susceptible d'affecter un de leur produit ( Marie-France Lorho ) [https://www.youtube.com/watch?v=NyRk3Ixeeyc] #france #software #networks #threats #informatique

Portail de notification #suisse « DataBreach » [https://databreach.edoeb.admin.ch/]
Avec la Nouvelle Loi #suisse sur la Protection des Données (nLPD), les violations de la sécurité des données devront être obligatoirement signalées dès le 1er septembre 2023. #databreach #threats #informatique

Nuria Gorrite a présenté trois études sur le #cloud souverain et la souveraineté #numérique pour la #Suisse #solutions #informatique

Electronic #health record #software #provider NextGen Healthcare, Inc. has confirmed that hackers breached its systems and stole the personal data of 1,049,375 patients [https://www.infosecurity-magazine.com/news/nextgen-healthcare-breached/] #usa #databreach #informatique

Avis non contentieux du Conseil d'Etat sur le projet de loi « visant à sécuriser et réguler l'espace #numérique » [https://www.legifrance.gouv.fr/dossierlegislatif/JORFDOLE000047533100/] #france #informatique

« 🔥 New finding! We have confirmed that previously leaked Intel BootGuard private keys from Lenovo/LCFC in September 2022 are still relevant for numerous devices in the field : Lenovo, Supermicro, Intel ... » ( Alex Matrosov ) #threats #informatique

D'ici décembre 2023, FranceConnect+ sera appliqué à toutes les démarches « impliquant des flux financiers » des citoyens indique Élisabeth Borne. « Ca présage peut-être le lancement national de l'application « France Identité Numérique » du Ministère de l'Intérieur » ( Marzolf pour [https://acteurspublics.fr] ) #france #eidas #informatique

CVE-2023-23397 vulnerability allows an attacker to coerce an Outlook client to connect to the attacker's server. By doing so, the client sends NTLM credentials to the machine, which allows the attacker to crack the password offline, or to use it in a relay attack. This vulnerability can be exploited remotely over the internet without any user interaction (zero-click) [https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api] #software #vuln #informatique

« The scope of the money laundering law has been widened to include every person representing another person for certain activities » ( Rajat Mohan ) - On May 3, 2023, the 🇮🇳 government made further revisions to the PMLA Act of 2002. The changes broaden the #money laundering law's application to include practicing chartered accountants (CA), company secretaries (CS), and cost and works accountants (CWA) who conduct financial transactions on behalf of their clients. #india #government #justice #informatique

Alpine Linux* 3.18 has been released #informatique [https://www.alpinelinux.org/posts/Alpine-3.18.0-released.html]

« 30 years ago, the U.S military secret service proposed building backdoors into computers. » #threats #informatique [https://digit.site36.net/2023/05/03/30-years-of-crypto-wars-the-eu-chat-control-is-the-final-enemy-in-the-battle-over-encryption/]

spyware industry - The lead author of the report, Dutch centrist MEP Sophie in 't Veld, said all member states were guilty of silence on the issue : « This is a perfect illustration of how the European Commission is so afraid to piss off the national governments that it just refuses to enforce » ( Sophie in 't Veld ) #europe #espionage #threats #espionnage #informatique [https://www.theguardian.com/world/2023/may/09/eu-parliament-report-calls-for-tighter-regulation-of-spyware]

Les observations médicales des dossiers de patients perdues à cause d'un « simple bug » technique » corrigé en moins d'une heure. L'incident a été rendu public une semaine après, un délai bien trop tardif selon les professionnels de #santé. « On parle pour chaque médecin abonné à ce logiciel le plus coûteux du marché, de plus d’une dizaine de consultations perdues » ( Dr Jean-Jacques Fraslin ) [https://www.journaldugeek.com/2023/05/05/doctolib-perd-des-milliers-de-donnees-medicales-sensibles/] #online #informatique

Ghidra python script that calls OPENAI to give meaning to decompiled functions [https://github.com/securityjoes/AskJOE] #malware #python #opensource #ai #tools #informatique

#Linux kernel io_uring out-of-bounds access to physical memory [https://seclists.org/oss-sec/2023/q2/132] ; CVE assignment for this issue is pending ; A PoC can be found at [https://tholl.xyz/static/bugs/2023-io_uring-fixed-buffers/exploit.c] #vuln #informatique