Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-09-16 18:30:05 |
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials (lien direct) |
The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign. |
|
|
|
|
2022-09-16 18:00:00 |
Keep Today\'s Encrypted Data From Becoming Tomorrow\'s Treasure (lien direct) |
Building quantum resilience requires C-suite commitment, but it doesn't have to mean tearing out existing infrastructure. |
|
|
|
|
2022-09-16 17:24:14 |
DDoS Attack Against Eastern Europe Target Sets New Record (lien direct) |
The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe. |
|
|
|
|
2022-09-16 14:21:55 |
Hacker Pwns Uber Via Compromised Slack Account (lien direct) |
A teen hacker reportedly social-engineered an Uber employee to hand over a Slack password, before burrowing deep into Uber's cloud and code repositories. |
|
Uber
Uber
|
|
|
2022-09-16 14:08:58 |
Highlights of the 2022 Pwnie Awards (lien direct) |
Since 2007, the Pwnies have celebrated the good, the bad, and the wacky in cybersecurity. Enjoy some of the best moments of this year's ceremony. |
|
|
★★★★
|
|
2022-09-16 14:00:00 |
Business Application Compromise & the Evolving Art of Social Engineering (lien direct) |
Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense. |
|
|
|
|
2022-09-15 20:31:16 |
Note to Security Vendors - Companies Are Picking Favorites (lien direct) |
A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition between cybersecurity vendors. |
|
|
|
|
2022-09-15 19:37:01 |
Malware on Pirated Content Sites a Major WFH Risk for Enterprises (lien direct) |
Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites - posing a real risk to enterprises from remote employees. |
|
|
|
|
2022-09-15 19:00:00 |
Will the Cloud End the Endpoint? (lien direct) |
When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality. |
|
|
|
|
2022-09-15 19:00:00 |
Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks (lien direct) |
Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption. |
Patching
|
|
|
|
2022-09-15 16:00:00 |
5 Steps to Strengthening Cyber Resilience (lien direct) |
Organizations are thinking about their cyber resilience. Here are five steps security teams should take. |
|
|
|
|
2022-09-15 14:40:15 |
Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government (lien direct) |
Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps. |
Threat
|
|
|
|
2022-09-15 14:22:31 |
Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security (lien direct) |
Solution addresses compliance challenges in complex landscapes |
|
|
|
|
2022-09-15 14:00:00 |
5 Best Practices for Building Your Data Loss Prevention Strategy (lien direct) |
The entire security team should share in the responsibility to secure sensitive data. |
|
|
|
|
2022-09-15 13:21:50 |
Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management to Accelerate Leadership in the Data Security Market (lien direct) |
Oversubscribed round validates company's data-first approach to solving cloud security and privacy issues for global businesses thwarting data breaches and ransomwar |
|
|
|
|
2022-09-15 13:00:00 |
Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish (lien direct) |
Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch. |
|
|
|
|
2022-09-14 20:00:00 |
White House Guidance Recommends SBOMs for Federal Agencies (lien direct) |
New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government. |
|
|
|
|
2022-09-14 18:39:00 |
How to Use SSH Keys and 1Password to Sign Git Commits (lien direct) |
This Tech Tip walks through the steps to set up signed commits with SSH keys stored in 1Password. |
|
|
|
|
2022-09-14 16:15:34 |
SparklingGoblin Updates Linux Version of SideWalk Backdoor in Ongoing Cyber Campaign (lien direct) |
Researchers link the APT to an attack on a Hong Kong university, which compromised multiple key servers using advanced Linux malware. |
|
|
|
|
2022-09-14 14:00:00 |
To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline (lien direct) |
With enough passion, intelligence, and effort, anyone can be a successful cybersecurity professional, regardless of education or background. |
|
|
★★★
|
|
2022-09-14 14:00:00 |
Cyberattacks Are Now Increasingly Hands-On, Break Out More Quickly (lien direct) |
Interactive intrusion campaigns jumped nearly 50%, while the breakout time between initial access and lateral movement shrank to less than 90 minutes, putting pressure on defenders to react quickly. |
|
|
★★★★★
|
|
2022-09-14 13:00:00 |
TeamTNT Hits 150K Docker Containers via Malicious Cloud Images (lien direct) |
Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says. |
Threat
|
|
★★★★
|
|
2022-09-14 00:59:31 |
Key Takeaways From the Twitter Whistleblower\'s Testimony (lien direct) |
Twitter did not know what data it had nor who had access to it, Peiter "Mudge" Zatko told Congressional lawmakers during a Senate panel hearing. |
|
|
|
|
2022-09-13 22:34:00 |
Bishop Fox Releases Cloud Enumeration Tool CloudFox (lien direct) |
CloudFox is a command-line tool to help penetration testers understand unknown cloud environments. |
Tool
|
|
|
|
2022-09-13 21:17:03 |
Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs (lien direct) |
In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn. |
|
|
|
|
2022-09-13 19:50:24 |
U-Haul Customer Contract Search Tool Compromised (lien direct) |
Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company. |
Tool
|
|
|
|
2022-09-13 19:43:44 |
ShadowPad Threat Actors Return With Fresh Government Strikes, Updated Tools (lien direct) |
Cyber spies are using legitimate apps for DLL sideloading, deploying an updated range of malware, including the new "Logdatter" info-stealer. |
Threat
|
|
|
|
2022-09-13 19:26:53 |
Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign (lien direct) |
Facebook lead-generation forms are being repurposed to collect passwords and credit card information from unsuspecting Facebook advertisers. |
Guideline
|
|
|
|
2022-09-13 17:15:00 |
(Déjà vu) Name That Toon: Shiver Me Timbers! (lien direct) |
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. |
|
|
★★
|
|
2022-09-13 17:02:17 |
Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes (lien direct) |
Siemplify veterans introduce Cloud Security Orchestration and Remediation platform, backed by high-profile investors including YL Ventures, Tiger Global, and CEOs of CrowdStrike and CyberArk |
|
|
|
|
2022-09-13 16:17:57 |
Arcserve Independent Global Study Finds Businesses Still Losing Mission-Critical Company Data (lien direct) |
. |
|
|
|
|
2022-09-13 14:13:03 |
Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems (lien direct) |
The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks. |
Ransomware
|
|
|
|
2022-09-13 14:00:00 |
Business Security Starts With Identity (lien direct) |
How identity-centric security can support business objectives. |
|
|
|
|
2022-09-13 13:46:51 |
Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022 (lien direct) |
. |
|
|
|
|
2022-09-13 13:00:00 |
Attackers Can Compromise Most Cloud Data in Just 3 Steps (lien direct) |
An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels. |
|
|
|
|
2022-09-12 21:28:40 |
How Machine Learning Can Boost Network Visibility for OT Teams (lien direct) |
Opswat says its new tool uses neural networks to protect critical environments through AI-assisted asset discovery, network visibility, and risk management. |
Tool
|
|
|
|
2022-09-12 21:01:20 |
Google Releases Pixel Patches for Critical Bugs (lien direct) |
Unpatched Pixel devices are at risk for escalation of privileges, Google warns. |
|
|
|
|
2022-09-12 19:46:23 |
Federal Privacy Bill That Would Preempt State Privacy Laws Faces Uncertain Future (lien direct) |
The American Data Privacy and Protection Act would provide federal-level protections that don't exist in most states, but override existing, stronger state protections. |
|
|
|
|
2022-09-12 19:05:42 |
Cisco Data Breach Attributed to Lapsus$ Ransomware Group (lien direct) |
Analysis shows attackers breached employee credentials with voice phishing and were preparing a ransomware attack against Cisco Systems. |
Ransomware
Data Breach
|
|
|
|
2022-09-12 16:48:35 |
Cybersecurity Awareness Campaigns: How Effective Are They in Changing Behavior? (lien direct) |
Your chance to be a part of a ground-breaking study. |
|
|
|
|
2022-09-12 14:05:47 |
Google Completes Acquisition of Mandiant (lien direct) |
The threat-intelligence and cyberdefense company company will join Google Cloud and retain its brand name. |
|
|
|
|
2022-09-12 14:00:00 |
Security Awareness Training Must Evolve to Align With Growing E-Commerce Security Threats (lien direct) |
Users must continually be made aware of new threats, including attacks targeting shipping, the supply chain, email, and hybrid workers. |
|
|
|
|
2022-09-12 13:13:22 |
Report Highlights Prevalence of Software Supply Chain Risks (lien direct) |
Multiclient research report shows organizations are significantly increasing efforts to secure their supply chains in response to software supply chain attacks. |
|
|
|
|
2022-09-09 20:18:37 |
Zane Lackey: \'Technology Is the Easy Bit\' (lien direct) |
Security Pro File: The DevOps evangelist and angel investor shares his expertise with the next generation of startups. If you're lucky, maybe he'll even share his Lagavulin. |
|
|
|
|
2022-09-09 19:00:00 |
Monti, the New Conti: Ransomware Gang Uses Recycled Code (lien direct) |
A new group, Monti, appears to have used leaked Conti code, TTPs, and infrastructure approaches to launch its own ransomware campaign. |
Ransomware
|
|
|
|
2022-09-09 17:56:48 |
Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy (lien direct) |
The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality. |
Vulnerability
|
|
|
|
2022-09-09 16:48:02 |
US Sanctions Iran Over APT Cyberattack Activity (lien direct) |
The Treasury Department links the MuddyWater APT and APT39 to Iran's intelligence apparatus, which is now blocked from doing business with US entities. |
Prediction
|
APT 39
|
|
|
2022-09-09 14:29:16 |
Microsoft, Cloud Providers Move to Ban Basic Authentication (lien direct) |
Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving - or have moved - to requiring more secure authentication as well. Is your company ready? |
|
|
|
|
2022-09-09 14:22:58 |
LockBit, ALPHV & Other Ransomware Gang Leak Sites Hit by DDoS Attacks (lien direct) |
A sweeping effort to prevent a raft of targeted cybercrime groups from posting ransomware victims' data publicly is hampering their operations, causing outages. |
Ransomware
|
|
|
|
2022-09-09 14:00:00 |
Why Ports Are at Risk of Cyberattacks (lien direct) |
More docked ships bring a new challenge. The longer a ship is docked, the more vulnerable the port is to a cyberattack. |
|
|
|