Recently, many frauds campaigns offering free Nike shoes here and IKEA vouchers of 500€ there have been going on. Last case in date, a fraudulent e-mails campaign announcing the winning of airline tickets with a nice value of 500€, graciously offered to the winners of a supposed contest proposed by Air France airline company. This scam has circulated around France and was shared on social networks, by e-mails and even relayed on WhatsApp. A misleading typography: typosquatting If we look at the... Read More
Category: Cybersecurity
Slamming: a scam still too common
The slamming is a fraud aiming to deceive companies in order to sell by emails unsolicited services for domain names. These slamming attempts are easily recognizable and play on their contacts lack of knowledge in some cases. The slammers propose services that you didn’t solicit with your official registrar (registration, whois’update, owner or registrar transfer…) at high prices. These emails are sources of anxiety and lead you to take a quick decision. For example, a standard slamming email w... Read More
PyeongChang Olympic Games: Cyberattack
It’s during the opening ceremony of the PyeongChang Winter Olympic Games that a cyberattack has aimed at the host infrastructure IT department. Around 45 minutes before the start of the event, the servers and WI-FI network have been hit by an attack, which fortunately has not impacted the ceremony. However, in the Olympic Village, the press zone has been deprived of Internet connection and television. Furthermore, the official website of the PyeongChang 2018 Olympic Games has been unreachable f... Read More
FIC 2018: Nameshield’s DNS Premium solution labelled France Cybersecurity
These 23 and 24 January, has taken place in Lille, the 10th edition of the International Cybersecurity Forum (FIC). With 7000 participants, 240 partners and 60 represented nationalities, it is a major event in terms of cybersecurity and digital confidence, gathering all the actors in France and in Europe. On this occasion, and for its first participation as a partner, Nameshield was given the France Cybersecurity label for its DNS Premium solution. The Nameshield’s labelled DNS Premium solution... Read More
SSL certificates reduction to 2 years maximum
The CAB forum, organization which defines the SSL certificates issuing and management rules approved the SSL certificates reduction to a duration of 2 years against 3 previously. Initiated by the browsers Chrome and Mozilla heading, this decision moves in the direction of an always more secured Internet by forcing the actors to renew more often their security keys and to stay on the last standards of the market. This decision will be applicable to all Certification Authorities from March 1st 20... Read More
A bad phishing story
A victim of phishing from 2015, asked her bank for a refund of 3300€, which was the amount diverted by a fraud author. However, during the legal procedure, the Justice has cancelled the judgement of the local court of October 2017, which has requested to the bank of the victim to refund the corresponding amounts of the phishing operation. The reason of this cancellation? The victim has deliberately communicated some confidential data regarding her credit card, by falling into the trap of a... Read More
A phishing attack more and more sophisticated
Recently, some Amazon users have been the victims of a quite sophisticated phishing attack. They received a fake e-mail from Amazon, alerting them that someone attempted to connect to their account by trying to change their password. A six digit code was transmitted with the instruction to call a number to verify the user’s identity. If the web users were not the source of these actions, they were invited to follow a specific procedure to secure their account. When they called the supposed Amaz... Read More
The continuation of the Equifax case or how the controls implemented in the context of an ISMS (ISO 27001) can help to prevent security incidents?
October 3rd, 2017, Equifax’s ex CEO, Rick Smith, had to explain to the American Congress how the private data of almost one out of two Americans could be hacked. Let us briefly recall the chronology of events (for more information, we invite you to read Adriana Lecerf’s complete article): March 9th, 2017: An Apache Struts flaw is detected. Less than a week after, the security patch is validated and planned, but the latter is not applied on all the servers. March 15th, 2017: a scan is carried o... Read More
The CAA becomes mandatory in the small SSL’s world
Or how to benefit from it to implement a certification strategy specific to your company? In January 2013, a new type of DNS Resource Record has appeared to improve the control chain in the SSL certificates issuing. This record, called CAA for Certificate Authority Authorization, allows to specify for a given domain name which Certification Authorities are authorized to issue certificates. It’s an extremely interesting creation, in particular for big companies and groups, which technical teams ... Read More
Equifax victim of a massive cyberattack
The American company Equifax, based in Atlanta, present in 24 countries, has been the prey of a particularly worrying cyberattack. Equifax collects and analyzes personal data of customers soliciting a credit. At the beginning of September, the company revealed an intrusion in its database. This IT hacking could have potentially concerned around 143 million American customers and many others customers soliciting a credit like Canada or Great Britain. The criminals have exploited a breakdown in a... Read More
