Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d’habitude, si vous avez raté l’enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio: Au sommaire de cette émission : Todo (00:01:30) { "options": { "theme": "default" }, "extensions": { "ChapterMarks": { "disabled": false }, "EpisodeInfo": {}, "Playlist": { "disabled": true }, "Transcript": { "disabled": true } }, "podcast": { "feed": "https://podcasts.comptoirsecu.fr/SECHebdo/CSEC.SECHebdo.2019-05-21.mp3" }, "episode": { "media": { "mp3": "https://podcasts.comptoirsecu.fr/SECHebdo/CSEC.SECHebdo.2019-05-21.mp3" }, "coverUrl": "https://www.comptoirsecu.fr/images/covers/2019-05-21-sechebdo-vignette.jpg", "title": "[SECHebdo] 21 Mai 2019", "subtitle": "MageCart strikes back, Intel again, Huawei vs USA saison 4, 0days in the wild, WhatsHack, RDP RCE, Citrix RCE, MegaCortex, etc.", "description": "Épisode du 21 05 2019 - SECHebdo est une revue de l'actualité cybersécurité réalisée en live sur Youtube, généralement le mardi soir." ,"chaptermarks": [ { "start": "00:01:30", "title": "Todo"} ] } } Notre discord : http://discord.comptoirsecu.fr A bientôt pour d’autres émissions/podcasts! Liste des sources : MageCart, ça continue Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site Polymorphic Magecart Skimmer Uses Over Fifty Payment Gateways GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores Handshake ciphers, plus un IoC ? Attackers Evade Detection By Randomizing TLS Handshake Ciphers Huawei vs USA : Saison 4 Department of Commerce Issues Limited Exemptions on Huawei Products | U.S. Department of Commerce Android sur Twitter Exclusive: Google suspends some business with Huawei after Trump blacklist - source - Reuters Exclusive: Huawei stockpiles 12 months of parts ahead of US ban - Nikkei Asian Review Huawei mogelijk betrokken bij Chinese spionage in Nederland | De Volkskrant Executive Order on Securing the Information and Communications Technology and Services Supply Chain | The White House RDP RCE https://pbs.twimg.com/media/D7Ay42dXsAALZSt.png:large GCHQ ICS Impact from Microsoft RDP Vulnerability | Dragos Cyber-Defence/2019_05_rdp_cve_2019_0708.txt at master · nccgroup/Cyber-Defence · GitHub Удаленное выполнение произвольного кода в протоколе RDP / Блог компании Инфосистемы Джет / Хабр Chaouki Bekrar sur Twitter Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) – MSRC Processeurs Intel, MDS CPU.fail RIDL: Rogue In-flight Data Load WhatsHack Attackers Exploit WhatsApp Flaw to Auto-Install Spyware WhatsApp Vulnerability Exploited to Spy on Users | SecurityWeek.Com The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research 0days in the wild 0day “In the Wild” MegaCortex MegaCortex, deconstructed: mysteries mount as analysis continues – Sophos News IoCs/Ransomware-MegaCortex at master · sophoslabs/IoCs · GitHub “MegaCortex” ransomware wants to be The One – Sophos News RCE Citrix Workspace / receiver technical-advisory-citrix-workspace-receiver-remote-code-execution-vulnerability