Podtranscript
Log out

Le Comptoir Sécu: [SECHebdo] 07 octobre 2020 - Publis du Comptoir, Microsoft Digital Defense Report, Hunt Andoid, Zero Trust impos par la Justice, ZeroLogon, Corner Vuln, etc.

L'équipe du Comptoir Sécu L'équipe du Comptoir Sécu 10/7/20 - Episode Page

<![CDATA[https://www.comptoirsecu.fr/images/covers/2020-10-07-sechebdo-vignette.jpg" />
]]>

<p><strong>ATTENTION :</strong> la vidéo YouTube ne comporte pas le son de Mii pendant toute la première partie. Nous vous recommandons fortement la version podcast.</p>

<p>Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d&rsquo;habitude, si vous avez raté l&rsquo;enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio:</p>

<p>
<strong>Au sommaire de cette émission :</strong>
<ul><li>Todo <strong><a href="#t=00:01:30" onclick="location.reload()">(00:01:30)</a></strong></li></ul>
</p>

<script type="application/ld+json" id="podigee-settings">
{
"options": {
"theme": "default"
},
"extensions": {
"ChapterMarks": {
"disabled": false
},
"EpisodeInfo": {},
"Playlist": {
"disabled": true
},
"Transcript": {
"disabled": true
}
},
"podcast": {
"feed": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2020-10-07.m4a"
},
"episode": {
"media": {
"mp3": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2020-10-07.m4a"
},
"coverUrl": "https://www.comptoirsecu.fr/images/covers/2020-10-07-sechebdo-vignette.jpg",
"title": "[SECHebdo] 07 octobre 2020",
"subtitle": "Publis du Comptoir, Microsoft Digital Defense Report, Hunt Andoid, Zero Trust impos par la Justice, ZeroLogon, Corner Vuln, etc.",
"description": "Épisode du 07 10 2020 - SECHebdo est une revue de l&#39;actualité cybersécurité réalisée en live sur Youtube, généralement le mardi soir."

,"chaptermarks": [





{ "start": "00:01:30", "title": "Todo"}


]

}
}
</script>

<script type="text/javascript" src="https://www.comptoirsecu.fr/js/podigee-get-settings.min.192d4afa439903f73345b15d3d1b7132598bb1d2238d1f1fc91d39b516bf2ed2.js" integrity="sha256-GS1K&#43;kOZA/czRbFdPRtxMlmLsdIjjR8fyR05tRa/LtI="></script>
<script class="podigee-podcast-player" src="//cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js" data-configuration="podigee"></script>


<p>Notre discord : <a href="http://discord.comptoirsecu.fr">http://discord.comptoirsecu.fr</a></p>

<p>A bientôt pour d&rsquo;autres émissions/podcasts!</p>

<h3 id="liste-des-sources">Liste des sources :</h3>

<ul>
<li>Cheminement XSS, SQLi, RCE Spip

<ul>
<li><a href="https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/">RCE on Spip and Root-Me • ThinkLoveShare</a></li>
</ul></li>
<li>Cheminement Artifactory

<ul>
<li><a href="https://www.errno.fr/artifactory/Attacking_Artifactory">Artifactory Hacking guide</a></li>
</ul></li>
<li>Nouvelle equipe secu Google sur les apps tiers Android

<ul>
<li><a href="https://www.zdnet.com/article/google-is-creating-a-special-android-security-team-to-find-bugs-in-sensitive-apps/#ftag=RSSbaffb68">Google is creating a special Android security team to find bugs in sensitive apps | ZDNet</a></li>
<li><a href="https://www.google.com/about/appsecurity/play-rewards/">Google Play Security Reward Program – Application Security – Google</a></li>
</ul></li>
<li>Zero Trust comme mesure d&rsquo;hygiene selon la justice?

<ul>
<li><a href="https://www.bankinfosecurity.com/anthem-hit-48-million-in-additional-breach-penalties-a-15091">Anthem Hit With $48 Million in Additional Breach Penalties</a></li>
</ul></li>
<li>Cloudflare API Shield &amp; CertAlert

<ul>
<li><a href="https://blog.cloudflare.com/introducing-api-shield/">Introducing API Shield</a></li>
<li><a href="https://www.certalert.net/">Cert Alert</a></li>
</ul></li>
<li>Trollveyance Phishing Assises

<ul>
<li><a href="https://www.lemondeinformatique.fr/actualites/lire-quand-les-exposants-des-assises-de-la-securite-se-font-hameconner-80608.html">Quand les exposants des Assises de la s?urit?se font hame?nner - Le Monde Informatique</a></li>
</ul></li>
<li>CornerVuln

<ul>
<li><a href="https://cymptom.com/cve-2020-17365-hotspot-shield-vpn-new-privilege-escalation-vulnerability/2020/10/">CVE-2020-17365 - Hotspot Shield VPN New Privilege Escalation Vulnerability - Cymptom</a></li>
<li><a href="https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html">Project Zero: Enter the Vault: Authentication Issues in HashiCorp Vault</a></li>
<li><a href="https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/">Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities</a></li>
<li><a href="https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2020/CSW-MS-Exchange-Server_061020.html">BSI - Presseinformationen des BSI - Sicherheitslücken bei Microsoft Exchange Servern – schnellstmöglich aktualisieren</a></li>
<li><a href="https://research.nccgroup.com/2020/10/06/technical-advisory-pulse-connect-secure-rce-via-template-injection-cve-2020-8243/">Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243) – NCC Group Research</a></li>
<li><a href="https://source.android.com/security/bulletin/2020-10-01">Android Security Bulletin—October 2020  |  Android Open Source Project</a></li>
<li><a href="https://twitter.com/MsftSecIntel/status/1313598440719355904/">https</a></li>
</ul></li>
<li>Rapport de renseignement MS

<ul>
<li><a href="https://www.microsoft.com/en/security/business/security-intelligence-report">Microsoft Digital Defense Report and Security Intelligence Reports</a></li>
</ul></li>
<li>IhavebeenEMOTET

<ul>
<li><a href="https://www.haveibeenemotet.com/">HOME - haveibeenEMOTET</a></li>
</ul></li>
</ul>